infrastructure/hammerhead/app/gitea/deploy/gitea.hcl

job "gitea" {
  datacenters = ["dc1"]

  group "gitea" {
    count = 1

    volume "gitea-data" {
      type      = "host"
      read_only = false
      source    = "gitea-data"
    }

    network {
      mode = "bridge"
      port "http" { 
        static = 3000
        to = 3000 
      }
      port "ssh" { to = 22 }
    }

    service {
      name = "gitea-frontend"
      port = "http"

      # check {
      #   name     = "alive"
      #   type     = "tcp"
      #   interval = "10s"
      #   timeout  = "2s"
      # }
    }

    service {
      name = "gitea-ssh"
      port = "ssh"

      # check {
      #   name     = "alive"
      #   type     = "tcp"
      #   interval = "10s"
      #   timeout  = "2s"
      # }
    }

    service {
      name = "gitea-db"

      connect {
        sidecar_service {
          proxy {
            upstreams {
              # Required
              destination_name = "postgres"
              local_bind_port = "5432"
              # Optional
              local_bind_address = "127.0.0.1"
            }
          }
        }
      }
    }

    task "gitea" {
      driver = "docker"

      config {
        # Exposes the http & ssh ports from the container to the host.
        # Lame because anyone can access gitea bypassing nginx from :3000
        # Necessary because without further mesh-net config, 
        # nginx can't access the container's port.
        ports = ["http", "ssh"]
        image = "gitea/gitea:1.14.2"

        volumes = [
          "/etc/timezone:/etc/timezone:ro",
          "/etc/localtime:/etc/localtime:ro"
        ]
      }

      volume_mount {
        volume      = "gitea-data"
        destination = "/data"
        read_only   = false
      }

      template {
        # Consul Template only works in template stanza.
        # We need it to fetch secret values from Consul.
        # The "env = true" parameter sets the environment with the data.
        # "destination" key is required but its value doesn't matter.
        data = <<EOH
DB_TYPE   = "postgres"
DB_USER   = "{{ key "secrets/postgres/gitea/user" }}"
DB_PASSWD = "{{ key "secrets/postgres/gitea/password" }}"
DB_NAME   = "{{ key "secrets/postgres/gitea/db_name" }}"
EOH

        destination = "secrets/env.env"
        env         = true
        change_mode = "restart"
      }

      env {
        DOMAIN     = "gitea.hammerhead.luxeylab.net"
        SSH_DOMAIN = "gitea.hammerhead.luxeylab.net"
        DB_HOST    = "${NOMAD_UPSTREAM_ADDR_postgres}"
      }
    }
  }
}
added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`job "gitea" {`
			`datacenters = ["dc1"]`

			`group "gitea" {`
			`count = 1`

			`volume "gitea-data" {`
			`type = "host"`
			`read_only = false`
			`source = "gitea-data"`
			`}`

			`network {`
WIP: working on sidecars, it fails 2021-06-06 11:40:04 +00:00			`mode = "bridge"`
gitea works with Postgre which is not exposed publicly, thanks to Consul Connect - the bug was that Nomad could not reach Consul's gRPC due to IPv4/6 mis-configuration 2021-06-06 16:59:20 +00:00			`port "http" {`
			`static = 3000`
			`to = 3000`
			`}`
added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`port "ssh" { to = 22 }`
			`}`

			`service {`
			`name = "gitea-frontend"`
			`port = "http"`

			`# check {`
			`# name = "alive"`
			`# type = "tcp"`
			`# interval = "10s"`
			`# timeout = "2s"`
			`# }`
			`}`
WIP: working on sidecars, it fails 2021-06-06 11:40:04 +00:00
added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`service {`
			`name = "gitea-ssh"`
			`port = "ssh"`

			`# check {`
			`# name = "alive"`
			`# type = "tcp"`
			`# interval = "10s"`
			`# timeout = "2s"`
			`# }`
			`}`

WIP: working on sidecars, it fails 2021-06-06 11:40:04 +00:00			`service {`
			`name = "gitea-db"`

			`connect {`
			`sidecar_service {`
			`proxy {`
			`upstreams {`
			`# Required`
			`destination_name = "postgres"`
			`local_bind_port = "5432"`
			`# Optional`
gitea works with Postgre which is not exposed publicly, thanks to Consul Connect - the bug was that Nomad could not reach Consul's gRPC due to IPv4/6 mis-configuration 2021-06-06 16:59:20 +00:00			`local_bind_address = "127.0.0.1"`
WIP: working on sidecars, it fails 2021-06-06 11:40:04 +00:00			`}`
			`}`
			`}`
			`}`
			`}`

added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`task "gitea" {`
			`driver = "docker"`

			`config {`
			`# Exposes the http & ssh ports from the container to the host.`
			`# Lame because anyone can access gitea bypassing nginx from :3000`
			`# Necessary because without further mesh-net config,`
			`# nginx can't access the container's port.`
			`ports = ["http", "ssh"]`
			`image = "gitea/gitea:1.14.2"`

			`volumes = [`
			`"/etc/timezone:/etc/timezone:ro",`
			`"/etc/localtime:/etc/localtime:ro"`
			`]`
			`}`

			`volume_mount {`
			`volume = "gitea-data"`
			`destination = "/data"`
			`read_only = false`
			`}`

			`template {`
			`# Consul Template only works in template stanza.`
			`# We need it to fetch secret values from Consul.`
			`# The "env = true" parameter sets the environment with the data.`
			`# "destination" key is required but its value doesn't matter.`
			`data = <<EOH`
			`DB_TYPE = "postgres"`
			`DB_USER = "{{ key "secrets/postgres/gitea/user" }}"`
			`DB_PASSWD = "{{ key "secrets/postgres/gitea/password" }}"`
			`DB_NAME = "{{ key "secrets/postgres/gitea/db_name" }}"`
			`EOH`

WIP: working on sidecars, it fails 2021-06-06 11:40:04 +00:00			`destination = "secrets/env.env"`
added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`env = true`
			`change_mode = "restart"`
			`}`

			`env {`
gitea works with Postgre which is not exposed publicly, thanks to Consul Connect - the bug was that Nomad could not reach Consul's gRPC due to IPv4/6 mis-configuration 2021-06-06 16:59:20 +00:00			`DOMAIN = "gitea.hammerhead.luxeylab.net"`
added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`SSH_DOMAIN = "gitea.hammerhead.luxeylab.net"`
gitea works with Postgre which is not exposed publicly, thanks to Consul Connect - the bug was that Nomad could not reach Consul's gRPC due to IPv4/6 mis-configuration 2021-06-06 16:59:20 +00:00			`DB_HOST = "${NOMAD_UPSTREAM_ADDR_postgres}"`
added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`}`
			`}`
			`}`
			`}`