forked from Deuxfleurs/infrastructure
111 lines
No EOL
2.5 KiB
HCL
111 lines
No EOL
2.5 KiB
HCL
job "gitea" {
|
|
datacenters = ["dc1"]
|
|
|
|
group "gitea" {
|
|
count = 1
|
|
|
|
volume "gitea-data" {
|
|
type = "host"
|
|
read_only = false
|
|
source = "gitea-data"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
port "http" {
|
|
static = 3000
|
|
to = 3000
|
|
}
|
|
port "ssh" { to = 22 }
|
|
}
|
|
|
|
service {
|
|
name = "gitea-frontend"
|
|
port = "http"
|
|
|
|
# check {
|
|
# name = "alive"
|
|
# type = "tcp"
|
|
# interval = "10s"
|
|
# timeout = "2s"
|
|
# }
|
|
}
|
|
|
|
service {
|
|
name = "gitea-ssh"
|
|
port = "ssh"
|
|
|
|
# check {
|
|
# name = "alive"
|
|
# type = "tcp"
|
|
# interval = "10s"
|
|
# timeout = "2s"
|
|
# }
|
|
}
|
|
|
|
service {
|
|
name = "gitea-db"
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
upstreams {
|
|
# Required
|
|
destination_name = "postgres"
|
|
local_bind_port = "5432"
|
|
# Optional
|
|
local_bind_address = "127.0.0.1"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "gitea" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
# Exposes the http & ssh ports from the container to the host.
|
|
# Lame because anyone can access gitea bypassing nginx from :3000
|
|
# Necessary because without further mesh-net config,
|
|
# nginx can't access the container's port.
|
|
ports = ["http", "ssh"]
|
|
image = "gitea/gitea:1.14.2"
|
|
|
|
volumes = [
|
|
"/etc/timezone:/etc/timezone:ro",
|
|
"/etc/localtime:/etc/localtime:ro"
|
|
]
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "gitea-data"
|
|
destination = "/data"
|
|
read_only = false
|
|
}
|
|
|
|
template {
|
|
# Consul Template only works in template stanza.
|
|
# We need it to fetch secret values from Consul.
|
|
# The "env = true" parameter sets the environment with the data.
|
|
# "destination" key is required but its value doesn't matter.
|
|
data = <<EOH
|
|
DB_TYPE = "postgres"
|
|
DB_USER = "{{ key "secrets/postgres/gitea/user" }}"
|
|
DB_PASSWD = "{{ key "secrets/postgres/gitea/password" }}"
|
|
DB_NAME = "{{ key "secrets/postgres/gitea/db_name" }}"
|
|
EOH
|
|
|
|
destination = "secrets/env.env"
|
|
env = true
|
|
change_mode = "restart"
|
|
}
|
|
|
|
env {
|
|
DOMAIN = "gitea.hammerhead.luxeylab.net"
|
|
SSH_DOMAIN = "gitea.hammerhead.luxeylab.net"
|
|
DB_HOST = "${NOMAD_UPSTREAM_ADDR_postgres}"
|
|
}
|
|
}
|
|
}
|
|
} |