2022-06-01 08:41:51 +02:00
|
|
|
variable "flake_ref" {
|
|
|
|
type = string
|
|
|
|
}
|
|
|
|
|
|
|
|
variable "flake_sha" {
|
|
|
|
type = string
|
|
|
|
}
|
|
|
|
|
2021-02-18 20:59:11 +01:00
|
|
|
job "gitea" {
|
|
|
|
datacenters = [ "homelab-1" ]
|
|
|
|
type = "service"
|
|
|
|
|
2021-05-12 12:23:14 +02:00
|
|
|
constraint {
|
|
|
|
attribute = "${attr.unique.hostname}"
|
|
|
|
value = "blowhole"
|
|
|
|
}
|
|
|
|
|
2021-02-18 20:59:11 +01:00
|
|
|
group "svc" {
|
|
|
|
count = 1
|
|
|
|
|
|
|
|
volume "gitea-data" {
|
|
|
|
type = "csi"
|
|
|
|
source = "gitea-data"
|
|
|
|
read_only = false
|
2021-06-23 11:41:06 +02:00
|
|
|
|
|
|
|
attachment_mode = "file-system"
|
|
|
|
access_mode = "single-node-writer"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
volume "gitea-db" {
|
|
|
|
type = "csi"
|
|
|
|
source = "gitea-db"
|
|
|
|
read_only = false
|
2021-06-23 11:41:06 +02:00
|
|
|
|
|
|
|
attachment_mode = "file-system"
|
|
|
|
access_mode = "single-node-writer"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
restart {
|
|
|
|
attempts = 5
|
|
|
|
delay = "5s"
|
|
|
|
}
|
|
|
|
|
|
|
|
network {
|
2021-06-23 11:41:06 +02:00
|
|
|
mode = "bridge"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
service {
|
|
|
|
name = "gitea"
|
2021-06-23 11:41:06 +02:00
|
|
|
port = "3000"
|
2022-07-30 23:27:40 +02:00
|
|
|
|
2021-02-18 20:59:11 +01:00
|
|
|
check {
|
2022-07-30 23:27:40 +02:00
|
|
|
type = "http"
|
|
|
|
address_mode = "alloc"
|
|
|
|
path = "/"
|
|
|
|
port = "3000"
|
|
|
|
interval = "2s"
|
|
|
|
timeout = "2s"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
2021-06-23 11:41:06 +02:00
|
|
|
|
|
|
|
connect {
|
2022-07-30 23:27:40 +02:00
|
|
|
sidecar_service {}
|
2021-06-23 11:41:06 +02:00
|
|
|
}
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
task "app" {
|
2022-06-01 08:41:51 +02:00
|
|
|
driver = "containerd-driver"
|
2021-02-18 20:59:11 +01:00
|
|
|
|
|
|
|
volume_mount {
|
2022-07-30 23:27:40 +02:00
|
|
|
volume = "gitea-data"
|
|
|
|
destination = "/data/gitea"
|
|
|
|
read_only = false
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
2021-10-18 00:11:30 +02:00
|
|
|
volume_mount {
|
2022-07-30 23:27:40 +02:00
|
|
|
volume = "gitea-db"
|
|
|
|
destination = "/var/lib/mysql"
|
|
|
|
read_only = false
|
2021-10-18 00:11:30 +02:00
|
|
|
}
|
2021-02-18 20:59:11 +01:00
|
|
|
|
2021-10-18 00:11:30 +02:00
|
|
|
config {
|
2022-07-30 23:27:40 +02:00
|
|
|
flake_ref = "${var.flake_ref}#nixngSystems.gitea.config.system.build.toplevel"
|
|
|
|
flake_sha = var.flake_sha
|
|
|
|
entrypoint = [ "init" ]
|
2022-08-26 20:51:11 +02:00
|
|
|
|
|
|
|
# mounts = [
|
|
|
|
# {
|
|
|
|
# type = "bind"
|
|
|
|
# target = "/var/nfs/gitea-data"
|
|
|
|
# source = "/data/gitea"
|
|
|
|
# options = ["rbind","rw","x-mount.mkdir"]
|
|
|
|
# }
|
|
|
|
# ]
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
env {
|
2022-07-30 23:27:40 +02:00
|
|
|
USER_UID = "5001"
|
|
|
|
USER_GID = "5001"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
2022-07-30 23:27:40 +02:00
|
|
|
cpu = 500
|
|
|
|
memory = 1024
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
vault {
|
2022-07-30 23:27:40 +02:00
|
|
|
policies = ["gitea-policy"]
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
2022-07-30 23:27:40 +02:00
|
|
|
data = <<EOF
|
2021-10-18 00:11:30 +02:00
|
|
|
{{ with secret "kv/data/gitea" }}{{ .Data.data.secret_key }}{{ end }}
|
|
|
|
EOF
|
2022-07-30 23:27:40 +02:00
|
|
|
destination = "secrets/secret_key"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
2021-10-18 00:11:30 +02:00
|
|
|
template {
|
2022-07-30 23:27:40 +02:00
|
|
|
data = <<EOF
|
2021-10-18 00:11:30 +02:00
|
|
|
{{ with secret "kv/data/gitea" }}{{ .Data.data.internal_token }}{{ end }}
|
|
|
|
EOF
|
2022-07-30 23:27:40 +02:00
|
|
|
destination = "secrets/internal_token"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
2021-10-18 00:11:30 +02:00
|
|
|
template {
|
2022-07-30 23:27:40 +02:00
|
|
|
data = <<EOF
|
2021-10-18 00:11:30 +02:00
|
|
|
{{ with secret "kv/data/gitea" }}{{ .Data.data.jwt_secret }}{{ end }}
|
|
|
|
EOF
|
2022-07-30 23:27:40 +02:00
|
|
|
destination = "secrets/jwt_secret"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
|
2021-10-18 00:11:30 +02:00
|
|
|
template {
|
2022-07-30 23:27:40 +02:00
|
|
|
data = <<EOF
|
2021-10-18 00:11:30 +02:00
|
|
|
{{ with secret "kv/data/gitea" }}{{ .Data.data.lfs_jwt_secret }}{{ end }}
|
|
|
|
EOF
|
2022-07-30 23:27:40 +02:00
|
|
|
destination = "secrets/lfs_jwt_secret"
|
2021-02-18 20:59:11 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|