mirror of
https://git.sr.ht/~magic_rb/cluster
synced 2024-11-29 11:36:16 +01:00
93 lines
1.6 KiB
HCL
93 lines
1.6 KiB
HCL
|
job "ingress" {
|
||
|
datacenters = [ "homelab-1" ]
|
||
|
type = "service"
|
||
|
|
||
|
constraint {
|
||
|
attribute = "${attr.unique.hostname}"
|
||
|
value = "blowhole"
|
||
|
}
|
||
|
|
||
|
group "ingress" {
|
||
|
count = 1
|
||
|
|
||
|
network {
|
||
|
port "http" {
|
||
|
to = "80"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
service {
|
||
|
name = "ingress"
|
||
|
port = "http"
|
||
|
}
|
||
|
|
||
|
task "nginx" {
|
||
|
driver = "docker"
|
||
|
|
||
|
config {
|
||
|
image = "nixng-ingress:local"
|
||
|
ports = ["http"]
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOF
|
||
|
upstream gitea {
|
||
|
{{ range service "gitea" }}
|
||
|
server {{ .Address }}:{{ .Port }};
|
||
|
{{ else }}server 127.0.0.1:65535; # force a 502
|
||
|
{{ end }}
|
||
|
}
|
||
|
|
||
|
upstream hydra {
|
||
|
{{ range service "hydra" }}
|
||
|
server {{ .Address }}:{{ .Port }};
|
||
|
{{ else }}server 127.0.0.1:65535; # force a 502
|
||
|
{{ end }}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 80;
|
||
|
|
||
|
server_name _;
|
||
|
|
||
|
return 404;
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 80;
|
||
|
|
||
|
server_name gitea.redalder.org;
|
||
|
|
||
|
add_header X-Frame-Options "SAMEORIGIN";
|
||
|
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
||
|
|
||
|
location / {
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_pass http://gitea;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 80;
|
||
|
|
||
|
server_name hydra.redalder.org;
|
||
|
|
||
|
add_header X-Frame-Options "SAMEORIGIN";
|
||
|
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
||
|
|
||
|
location / {
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_pass http://hydra;
|
||
|
}
|
||
|
}
|
||
|
EOF
|
||
|
destination = "local/upstreams.conf"
|
||
|
change_mode = "signal"
|
||
|
change_signal = "SIGHUP"
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|