Run Tricot as Nix flake instead of Docker image

2022-12-01 16:04:47 +01:00 · 2022-12-01 16:04:47 +01:00 · 9d0a2d8914
commit 9d0a2d8914
parent e4684ae169
1 changed files with 9 additions and 10 deletions
--- a/cluster/staging/app/frontend/deploy/frontend-tricot.hcl
+++ b/cluster/staging/app/frontend/deploy/frontend-tricot.hcl
@ -15,17 +15,16 @@ job "frontend" {
    }

    task "server" {
-      driver = "docker"
+      driver = "nix2"

      config {
-        image = "lxpz/amd64_tricot:41"
-        network_mode = "host"
-        readonly_rootfs = true
-        ports = [ "http_port", "https_port" ]
-        volumes = [
-          "secrets:/etc/tricot",
+        packages = [
+          "git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=0ae7f5fbd924a293dcd3f1b6b61fc3cc46bd3876"
        ]
+        command = "tricot"
+        # cap_add = [ "net_bind_service" ]  # this doesn't work for whatever reason, so we need to put user = "root" instead
      }
+      user = "root"

      resources {
        cpu = 2000
@ -41,17 +40,17 @@ job "frontend" {

      template {
        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
-        destination = "secrets/consul-ca.crt"
+        destination = "etc/tricot/consul-ca.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
-        destination = "secrets/consul-client.crt"
+        destination = "etc/tricot/consul-client.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.key\" }}"
-        destination = "secrets/consul-client.key"
+        destination = "etc/tricot/consul-client.key"
      }

      template {