staging: run bottin as nix job

2022-12-01 22:49:55 +01:00 · 2022-12-01 22:49:55 +01:00 · e67b460ae2
commit e67b460ae2
parent bc88622ea2
1 changed files with 9 additions and 14 deletions
--- a/cluster/staging/app/directory/deploy/directory.hcl
+++ b/cluster/staging/app/directory/deploy/directory.hcl
@ -14,22 +14,18 @@ job "directory" {
    network {
      port "ldap_port" {
        static = 389
-        to = 389
      }
    }

    task "bottin" {
-      driver = "docker"
+      driver = "nix2"
      config {
-        image = "superboum/bottin_amd64:22"
-        network_mode = "host"
-        readonly_rootfs = true
-        ports = [ "ldap_port" ]
-        volumes = [
-          "secrets/config.json:/config.json",
-          "secrets:/etc/bottin",
+        packages = [
+          "git+https://git.deuxfleurs.fr/Deuxfleurs/bottin.git?ref=main&rev=9cab98d2cee386ece54b000bbdf2346da8b55eed"
        ]
+        command = "bottin"
      }
+      user = "root" # needed to bind port 389

      resources {
        memory = 100
@ -37,22 +33,22 @@ job "directory" {

      template {
        data = file("../config/bottin/config.json.tpl")
-        destination = "secrets/config.json"
+        destination = "config.json"
      }

      template {
        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
-        destination = "secrets/consul-ca.crt"
+        destination = "etc/bottin/consul-ca.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
-        destination = "secrets/consul-client.crt"
+        destination = "etc/bottin/consul-client.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.key\" }}"
-        destination = "secrets/consul-client.key"
+        destination = "etc/bottin/consul-client.key"
      }

      template {
@ -70,7 +66,6 @@ EOH
      service {
        tags = ["bottin"]
        port = "ldap_port"
-        address_mode = "host"
        name = "bottin"
        check {
          type = "tcp"