add teabag (for static cms)

2023-02-27 18:42:38 +01:00 · 2023-02-27 18:42:38 +01:00 · 4ef04f7971
commit 4ef04f7971
parent a4eb0b2b56
3 changed files with 102 additions and 0 deletions
--- a/cluster/prod/app/cms/config/teabag.env
+++ b/cluster/prod/app/cms/config/teabag.env
@ -0,0 +1,11 @@
+HOST=0.0.0.0
+PORT={{ env "NOMAD_PORT_web_port" }}
+SESSION_SECRET={{ key "secrets/cms/teabag/session" | trimSpace }}
+
+GITEA_KEY={{ key "secrets/cms/teabag/gitea_key" | trimSpace }}
+GITEA_SECRET={{ key "secrets/cms/teabag/gitea_secret" | trimSpace }}
+GITEA_BASE_URL=http://git.deuxfleurs.fr
+GITEA_AUTH_URI=login/oauth/authorize
+GITEA_TOKEN_URI=login/oauth/access_token
+GITEA_USER_URI=api/v1/user
+CALLBACK_URI=http://teabag.deuxfleurs.fr/callback
--- a/cluster/prod/app/cms/deploy/cms.hcl
+++ b/cluster/prod/app/cms/deploy/cms.hcl
@ -0,0 +1,74 @@
+job "cms" {
+  datacenters = ["neptune", "orion"]
+  type = "service"
+
+  priority = 100
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  group "auth" {
+    count = 1
+
+    network {
+      port "web_port" { }
+    }
+
+    task "teabag" {
+      driver = "docker"
+      config {
+        # Using a digest to pin the container as no tag is provided
+        # https://github.com/denyskon/teabag/pkgs/container/teabag
+        image = "ghcr.io/denyskon/teabag@sha256:d5af7c6caf172727fbfa047c8ee82f9087ef904f0f3bffdeec656be04e9e0a14"
+        ports = [ "web_port" ]
+        volumes = [
+          "secrets/teabag.env:/etc/teabag/teabag.env",
+        ]
+      }
+
+      template {
+        data = file("../config/teabag.env")
+        destination = "secrets/teabag.env"
+      }
+
+      resources {
+        memory = 20
+        memory_max = 50
+        cpu = 50
+      }
+
+      service {
+        name = "teabag"
+        tags = [
+          "teabag",
+          "tricot teabag.deuxfleurs.fr",
+          "d53-cname teabag.deuxfleurs.fr",
+        ]
+        port = "web_port"
+        check {
+          type = "http"
+          protocol = "http"
+          port = "web_port"
+          path = "/"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "600s"
+            ignore_warnings = false
+          }
+        }
+      }
+
+      restart {
+        interval = "30m"
+        attempts = 20
+        delay    = "15s"
+        mode     = "delay"
+      }
+    }
+  }
+}
+
--- a/cluster/prod/app/cms/secrets.toml
+++ b/cluster/prod/app/cms/secrets.toml
@ -0,0 +1,17 @@
+# HTTP Session Encryption Key
+[secrets."cms/teabag/session"]
+type = 'command'
+rotate = true
+command = 'openssl rand -base64 32'
+
+# Gitea Application Token
+[secrets."cms/teabag/gitea_key"]
+type = 'user'
+description = 'Gitea Application Key'
+example = '4fea0...'
+
+[secrets."cms/teabag/gitea_secret"]
+type = 'user'
+description = 'Gitea Secret Key'
+example = 'gto_bz6f...'
+