job "gitea" { datacenters = ["dc1"] group "gitea" { count = 1 volume "gitea-data" { type = "host" read_only = false source = "gitea-data" } network { mode = "bridge" port "http" { to = 3000 } port "ssh" { to = 22 } } service { name = "gitea-frontend" port = "http" # check { # name = "alive" # type = "tcp" # interval = "10s" # timeout = "2s" # } } service { name = "gitea-ssh" port = "ssh" # check { # name = "alive" # type = "tcp" # interval = "10s" # timeout = "2s" # } } service { name = "gitea-db" connect { sidecar_service { proxy { upstreams { # Required destination_name = "postgres" local_bind_port = "5432" # Optional # local_bind_address = "127.0.0.1" } } } } } task "gitea" { driver = "docker" config { # Exposes the http & ssh ports from the container to the host. # Lame because anyone can access gitea bypassing nginx from :3000 # Necessary because without further mesh-net config, # nginx can't access the container's port. ports = ["http", "ssh"] image = "gitea/gitea:1.14.2" volumes = [ "/etc/timezone:/etc/timezone:ro", "/etc/localtime:/etc/localtime:ro" ] } volume_mount { volume = "gitea-data" destination = "/data" read_only = false } template { # Consul Template only works in template stanza. # We need it to fetch secret values from Consul. # The "env = true" parameter sets the environment with the data. # "destination" key is required but its value doesn't matter. data = <