forked from Deuxfleurs/nixcfg
141 lines
2.9 KiB
HCL
141 lines
2.9 KiB
HCL
job "directory" {
|
|
datacenters = ["dc1", "neptune"]
|
|
type = "service"
|
|
priority = 90
|
|
|
|
constraint {
|
|
attribute = "${attr.cpu.arch}"
|
|
value = "amd64"
|
|
}
|
|
|
|
group "bottin" {
|
|
count = 1
|
|
|
|
network {
|
|
port "ldap_port" {
|
|
static = 389
|
|
to = 389
|
|
}
|
|
}
|
|
|
|
task "bottin" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/bottin_amd64:22"
|
|
network_mode = "host"
|
|
readonly_rootfs = true
|
|
ports = [ "ldap_port" ]
|
|
volumes = [
|
|
"secrets/config.json:/config.json",
|
|
"secrets:/etc/bottin",
|
|
]
|
|
}
|
|
|
|
resources {
|
|
memory = 100
|
|
}
|
|
|
|
template {
|
|
data = file("../config/bottin/config.json.tpl")
|
|
destination = "secrets/config.json"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
|
|
destination = "secrets/consul-ca.crt"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
|
destination = "secrets/consul-client.crt"
|
|
}
|
|
|
|
template {
|
|
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
|
destination = "secrets/consul-client.key"
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
CONSUL_HTTP_ADDR=https://localhost:8501
|
|
CONSUL_HTTP_SSL=true
|
|
CONSUL_CACERT=/etc/bottin/consul-ca.crt
|
|
CONSUL_CLIENT_CERT=/etc/bottin/consul-client.crt
|
|
CONSUL_CLIENT_KEY=/etc/bottin/consul-client.key
|
|
EOH
|
|
destination = "secrets/env"
|
|
env = true
|
|
}
|
|
|
|
service {
|
|
tags = ["bottin"]
|
|
port = "ldap_port"
|
|
address_mode = "host"
|
|
name = "bottin"
|
|
check {
|
|
type = "tcp"
|
|
port = "ldap_port"
|
|
interval = "60s"
|
|
timeout = "5s"
|
|
check_restart {
|
|
limit = 3
|
|
grace = "90s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
group "guichet" {
|
|
count = 1
|
|
|
|
network {
|
|
port "web_port" { to = 9991 }
|
|
}
|
|
|
|
task "guichet" {
|
|
driver = "docker"
|
|
config {
|
|
image = "superboum/guichet_amd64:15"
|
|
readonly_rootfs = true
|
|
ports = [ "web_port" ]
|
|
volumes = [
|
|
"secrets/config.json:/config.json"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = file("../config/guichet/config.json.tpl")
|
|
destination = "secrets/config.json"
|
|
}
|
|
|
|
resources {
|
|
memory = 200
|
|
}
|
|
|
|
service {
|
|
name = "guichet"
|
|
tags = [
|
|
"guichet",
|
|
"tricot guichet-staging.home.adnab.me",
|
|
"tricot guichet.staging.deuxfleurs.org",
|
|
]
|
|
port = "web_port"
|
|
address_mode = "host"
|
|
check {
|
|
type = "tcp"
|
|
port = "web_port"
|
|
interval = "60s"
|
|
timeout = "5s"
|
|
check_restart {
|
|
limit = 3
|
|
grace = "90s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|