infrastructure/hammerhead/app/gitea/deploy/gitea.hcl

111 lines
No EOL
2.5 KiB
HCL

job "gitea" {
datacenters = ["dc1"]
group "gitea" {
count = 1
volume "gitea-data" {
type = "host"
read_only = false
source = "gitea-data"
}
network {
mode = "bridge"
port "http" {
static = 3000
to = 3000
}
port "ssh" { to = 22 }
}
service {
name = "gitea-frontend"
port = "http"
# check {
# name = "alive"
# type = "tcp"
# interval = "10s"
# timeout = "2s"
# }
}
service {
name = "gitea-ssh"
port = "ssh"
# check {
# name = "alive"
# type = "tcp"
# interval = "10s"
# timeout = "2s"
# }
}
service {
name = "gitea-db"
connect {
sidecar_service {
proxy {
upstreams {
# Required
destination_name = "postgres"
local_bind_port = "5432"
# Optional
local_bind_address = "127.0.0.1"
}
}
}
}
}
task "gitea" {
driver = "docker"
config {
# Exposes the http & ssh ports from the container to the host.
# Lame because anyone can access gitea bypassing nginx from :3000
# Necessary because without further mesh-net config,
# nginx can't access the container's port.
ports = ["http", "ssh"]
image = "gitea/gitea:1.14.2"
volumes = [
"/etc/timezone:/etc/timezone:ro",
"/etc/localtime:/etc/localtime:ro"
]
}
volume_mount {
volume = "gitea-data"
destination = "/data"
read_only = false
}
template {
# Consul Template only works in template stanza.
# We need it to fetch secret values from Consul.
# The "env = true" parameter sets the environment with the data.
# "destination" key is required but its value doesn't matter.
data = <<EOH
DB_TYPE = "postgres"
DB_USER = "{{ key "secrets/postgres/gitea/user" }}"
DB_PASSWD = "{{ key "secrets/postgres/gitea/password" }}"
DB_NAME = "{{ key "secrets/postgres/gitea/db_name" }}"
EOH
destination = "secrets/env.env"
env = true
change_mode = "restart"
}
env {
DOMAIN = "gitea.hammerhead.luxeylab.net"
SSH_DOMAIN = "gitea.hammerhead.luxeylab.net"
DB_HOST = "${NOMAD_UPSTREAM_ADDR_postgres}"
}
}
}
}