dotfiles/terranix/containers/gitea/job.hcl

140 lines
2.6 KiB
HCL
Raw Normal View History

variable "flake_ref" {
type = string
}
variable "flake_sha" {
type = string
}
job "gitea" {
datacenters = [ "homelab-1" ]
type = "service"
constraint {
attribute = "${attr.unique.hostname}"
value = "blowhole"
}
group "svc" {
count = 1
volume "gitea-data" {
type = "csi"
source = "gitea-data"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "gitea-db" {
type = "csi"
source = "gitea-db"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
service {
name = "gitea"
port = "3000"
check {
type = "http"
address_mode = "alloc"
path = "/"
port = "3000"
interval = "2s"
timeout = "2s"
}
connect {
sidecar_service {}
}
}
task "app" {
driver = "docker"
volume_mount {
volume = "gitea-data"
destination = "/data/gitea"
read_only = false
}
volume_mount {
volume = "gitea-db"
destination = "/var/lib/mysql"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngConfigurations.gitea.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
# mounts = [
# {
# type = "bind"
# target = "/var/nfs/gitea-data"
# source = "/data/gitea"
# options = ["rbind","rw","x-mount.mkdir"]
# }
# ]
}
env {
USER_UID = "5001"
USER_GID = "5001"
}
resources {
cpu = 500
memory = 1024
}
vault {
policies = ["gitea-policy"]
}
template {
data = <<EOF
{{ with secret "kv/data/gitea" }}{{ .Data.data.secret_key }}{{ end }}
EOF
destination = "secrets/secret_key"
}
template {
data = <<EOF
{{ with secret "kv/data/gitea" }}{{ .Data.data.internal_token }}{{ end }}
EOF
destination = "secrets/internal_token"
}
template {
data = <<EOF
{{ with secret "kv/data/gitea" }}{{ .Data.data.jwt_secret }}{{ end }}
EOF
destination = "secrets/jwt_secret"
}
template {
data = <<EOF
{{ with secret "kv/data/gitea" }}{{ .Data.data.lfs_jwt_secret }}{{ end }}
EOF
destination = "secrets/lfs_jwt_secret"
}
}
}
}