~damien/infrastructure

7c17e2749977f19b02198191d72edc9b733716a0 — Damien Radtke 1 year, 4 months ago 5038244
Fix radtke.family
7 files changed, 69 insertions(+), 12 deletions(-)

R config/server/consul.d/{server.hcl => server.hcl.erb}
M jobs/acme-renewer.nomad
M jobs/fabio.nomad
M jobs/radtkefamily.nomad
R scripts/{client-data.jq => deploy-data.jq}
R scripts/{deploy-new-client.sh => deploy.sh}
R stackscripts/{cluster-client.sh => cluster-member.sh}
R config/server/consul.d/server.hcl => config/server/consul.d/server.hcl.erb +0 -0
M jobs/acme-renewer.nomad => jobs/acme-renewer.nomad +51 -0
@@ 61,6 61,7 @@ job "acme-renewer" {
			env {
				LINODE_V4_API_KEY = "5636941d15f2c1a3ecd6ed3bb1904c77eedfc1a66d1cae6236aba2a5d84d3380"
				VAULT_CAPATH = "/etc/ssl/vault/ca.pem"
				VAULT_ADDR = "https://vault.service.consul:8200"
			}
		}
	}


@@ 108,6 109,7 @@ job "acme-renewer" {
			env {
				LINODE_V4_API_KEY = "5636941d15f2c1a3ecd6ed3bb1904c77eedfc1a66d1cae6236aba2a5d84d3380"
				VAULT_CAPATH = "/etc/ssl/vault/ca.pem"
				VAULT_ADDR = "https://vault.service.consul:8200"
			}
		}
	}


@@ 155,6 157,55 @@ job "acme-renewer" {
			env {
				LINODE_V4_API_KEY = "5636941d15f2c1a3ecd6ed3bb1904c77eedfc1a66d1cae6236aba2a5d84d3380"
				VAULT_CAPATH = "/etc/ssl/vault/ca.pem"
				VAULT_ADDR = "https://vault.service.consul:8200"
			}
		}
	}

	group "radtke.family" {
		// Disable automatic restarts because otherwise it's easy to be rate-limited.
		restart {
			attempts = 0
		}

		task "renew" {
			// Network issues using plain exec?
			driver = "raw_exec"
			config {
				command = "renew-https-cert.sh"
				args = ["radtke.family", "--issue", "--log"]  # add --force if needed
			}

			user = "nobody"

			artifact {
				source = "https://github.com/Neilpang/acme.sh/archive/2.8.2.tar.gz"
				options {
					checksum = "sha256:9c97ae15db3fc65200db462b3304aa082b1367f1ba4af5a86693b014a991c990"
				}
			}

			artifact {
				source = "s3::http://${MINIO_HOST}:9000/artifacts/renew-https-cert.sh"
				options {
					aws_access_key_id = "${MINIO_ACCESS_KEY}"
					aws_access_key_secret = "${MINIO_SECRET_KEY}"
				}
			}

			resources {
				cpu = 20  // MHz, the minimum value
				memory = 30  // MB
			}

			vault {
				policies = ["acme-renewer"]
			}

			env {
				LINODE_V4_API_KEY = "5636941d15f2c1a3ecd6ed3bb1904c77eedfc1a66d1cae6236aba2a5d84d3380"
				VAULT_CAPATH = "/etc/ssl/vault/ca.pem"
				VAULT_ADDR = "https://vault.service.consul:8200"
			}
		}
	}

M jobs/fabio.nomad => jobs/fabio.nomad +1 -0
@@ 25,6 25,7 @@ job "fabio" {

			env {
				VAULT_CAPATH = "/etc/ssl/vault/ca.pem"
				VAULT_ADDR = "https://vault.service.consul:8200"
			}

			resources {

M jobs/radtkefamily.nomad => jobs/radtkefamily.nomad +17 -12
@@ 10,18 10,23 @@ job "radtkefamily" {
		task "server" {
			driver = "exec"
			config {
				command = "hugo"
				// command = "hugo"
				// args = [
				// 	"server",
				// 	"--config=local/site/config.toml",
				// 	"--baseURL=https://radtke.family/",
				// 	"--appendPort=false",
				// 	"--watch=false",
				// 	"--bind=0.0.0.0",
				// 	"--port=${NOMAD_PORT_http}",
				// 	"--contentDir=local/site/content",
				// 	"--layoutDir=local/site/layouts",
				// 	"--themesDir=local/site/themes",
				// ]
				command = "/bin/sh"
				args = [
					"server",
					"--config=local/site/config.toml",
					"--baseURL=https://radtke.family/",
					"--appendPort=false",
					"--watch=false",
					"--bind=0.0.0.0",
					"--port=${NOMAD_PORT_http}",
					"--contentDir=local/site/content",
					"--layoutDir=local/site/layouts",
					"--themesDir=local/site/themes",
					"-c",
					"cd local/site && exec ../hugo server --baseURL=https://radtke.family/ --appendPort=false --watch=false --bind=0.0.0.0 --port=${NOMAD_PORT_http}",
				]
			}



@@ 54,7 59,7 @@ job "radtkefamily" {
				source = "git::https://git.sr.ht/~damien/radtke-family-site"
				destination = "local/site/"
				options {
					ref = "eb80412984895814038a82a397e73deee2ca73b1"
					ref = "5c150709c4808dd2a1a7d1a544dbe5d4c9b74e2b"
				}
			}


R scripts/client-data.jq => scripts/deploy-data.jq +0 -0
R scripts/deploy-new-client.sh => scripts/deploy.sh +0 -0
R stackscripts/cluster-client.sh => stackscripts/cluster-member.sh +0 -0