màj config gitea

This commit is contained in:
Alex 2023-06-02 15:40:43 +02:00
parent c31de0e94f
commit 14b59ba4b0
6 changed files with 75 additions and 8 deletions

View file

@ -1,4 +1,4 @@
job "core:bottin" {
job "core-bottin" {
datacenters = ["orion", "neptune", "scorpio"]
type = "system"
priority = 90

View file

@ -1,4 +1,4 @@
job "core:d53" {
job "core-d53" {
datacenters = ["neptune", "orion", "bespin"]
type = "service"
priority = 90
@ -61,4 +61,42 @@ EOH
}
}
}
# Dummy task for Gitea (still on an external VM), runs on any bespin node
# and allows D53 to automatically update the A record for git.deuxfleurs.fr
# to the IPv4 address of the bespin site (that changes occasionnaly)
group "gitea-dummy" {
count = 1
network {
port "dummy" {
to = 999
}
}
task "main" {
driver = "docker"
constraint {
attribute = "${meta.site}"
operator = "="
value = "bespin"
}
config {
image = "alpine"
command = "sh"
args = ["-c", "while true; do echo x; sleep 60; done"]
ports = [ "dummy" ]
}
service {
name = "gitea-dummy"
port = "dummy"
tags = [
"d53-a git.deuxfleurs.fr",
]
}
}
}
}

View file

@ -1,4 +1,4 @@
job "core:diplonat" {
job "core-diplonat" {
datacenters = ["orion", "neptune", "scorpio", "bespin"]
type = "system"
priority = 90
@ -53,9 +53,6 @@ DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
{{ if env "meta.site" | eq "bespin" }}
DIPLONAT_IPV6_ONLY=true
{{ end }}
RUST_LOG=debug
EOH
destination = "secrets/env"

View file

@ -1,5 +1,9 @@
job "core:tricot" {
datacenters = ["orion", "neptune", "scorpio", "bespin"]
job "core-tricot" {
# bespin pas pour l'instant, on a des soucis de SSL avec gitea
# on pourra mettre bespin quand on aura migré gitea de la vm vers le cluster
# en attendant, les deux ne sont pas capables de partager les certificats SSL
# donc on laisse la VM gitea gérer les certifs et prendre tout le trafic http(s)
datacenters = ["orion", "neptune", "scorpio"]
type = "system"
priority = 90

View file

@ -60,6 +60,24 @@ curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: app
}
EOF
curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
{
"Datacenter": "prod",
"Node": "lindy",
"Address": "192.168.1.184",
"NodeMeta": {
"site": "neptune",
"cname_target": "neptune.site.deuxfleurs.fr."
},
"Service": {
"Service": "lx-apimtest",
"Tags": ["tricot apimtest.adnab.me"],
"Address": "192.168.1.184",
"Port": 8920
}
}
EOF
curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
{

View file

@ -4,4 +4,14 @@
deuxfleurs.siteName = "bespin";
deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254";
deuxfleurs.cnameTarget = "bespin.site.deuxfleurs.fr.";
# Allow all ports from gateway for janky UPnP/IGD daemon
# networking.firewall = {
# extraCommands = ''
# iptables -A INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
# '';
# extraStopCommands = ''
# iptables -D INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
# '';
# };
}