feat: initial iLSP project scaffolding

- Python LSP (pylsp + pylsp_i80 plugin): i80 pypi package completions - Bicep LSP (asyncio TCP proxy → Bicep.LangServer.dll): LRU module injection - Health HTTP endpoint (:2089) for Consul/Nomad checks - Startup catalog fetch from pypi-server.i80.dk + DevOpsMCP (no volume needed) - Multi-stage Dockerfile: downloads Bicep LS at build time, dotnet-runtime-8.0 + python3.12 - Nomad job: static TCP ports 2087/2088, health check on 2089 - Gitea Actions CI: build + push + deploy pipeline - Editor configs: Helix / nvim / LSP4IJ / VS Code
2026-05-10 12:23:05 +02:00
parent e8708191f6
commit d8536468ab
14 changed files with 808 additions and 95 deletions
--- a/ilsp.nomad
+++ b/ilsp.nomad
@@ -1,11 +1,11 @@
 variable "service_name" {
-  description = "Service name for consistent naming"
+  description = "Service name"
  type        = string
  default     = "ilsp"
 }

 variable "image_tag" {
-  description = "Docker image tag — override in CI with commit SHA: -var=\"image_tag=$SHA\""
+  description = "Docker image tag — override in CI: -var=\"image_tag=$SHA\""
  type        = string
  default     = "latest"
 }
@@ -16,9 +16,8 @@ job "ilsp" {
  type        = "service"

  meta {
-    uuid = uuidv4()
+    uuid        = uuidv4()
    deployed_at = "[[ timeNowUTC ]]"
-    service_name = var.service_name
  }

  update {
@@ -31,26 +30,27 @@ job "ilsp" {
  group "ilsp-group" {
    count = 1

-    # Deploy specifically on the 'autobox.i80.dk' node
    constraint {
      attribute = "${node.unique.name}"
      value     = "autobox.i80.dk"
    }

-    # Zero-downtime update strategy: canary ensures new alloc is healthy
-    # before old alloc is stopped. Both run briefly during transition.
    update {
-      canary           = 1       # Start 1 new alloc before stopping old
-      auto_promote     = true    # Promote automatically when healthy
-      min_healthy_time = "15s"
-      healthy_deadline = "20m"
+      canary            = 1
+      auto_promote      = true
+      min_healthy_time  = "15s"
+      healthy_deadline  = "20m"
      progress_deadline = "25m"
-      auto_revert      = true
+      auto_revert       = true
    }

+    # Static ports: LSP uses raw TCP — Traefik isn't involved for 2087/2088.
+    # DNS: lsp.i80.dk → autobox.i80.dk (A record)
+    # Editors connect directly: nc lsp.i80.dk 2087  /  nc lsp.i80.dk 2088
    network {
-      port "http" {
-      }
+      port "python_lsp" { static = 2087 }
+      port "bicep_lsp"  { static = 2088 }
+      port "health"     { static = 2089 }
    }

    reschedule {
@@ -62,43 +62,24 @@ job "ilsp" {
      unlimited      = false
    }

-    # Volumes disabled for quick deployment
-    # volume "ssl-certs" {
-    #   type      = "host"
-    #   source    = "certs"
-    #   read_only = true
-    # }
-
-    volume "refactor-data" {
-      type      = "host"
-      source    = "refactor-data"
-      read_only = false
-    }
-
-    # Register the service with Consul
+    # Health check only — Traefik not used for LSP TCP traffic
    service {
      provider = "consul"
      name     = var.service_name
-      port     = "http"
+      port     = "health"

-      # Traefik-specific tags for routing
      tags = [
        "traefik.enable=true",
        "traefik.http.routers.${var.service_name}.rule=Host(`${var.service_name}.i80.dk`)",
        "traefik.http.routers.${var.service_name}.tls=true",
-        # Rate limiting for refactoring operations
-        "traefik.http.middlewares.${var.service_name}-limit.ratelimit.burst=10",
-        "traefik.http.middlewares.${var.service_name}-limit.ratelimit.period=1m",
-        "traefik.http.routers.${var.service_name}.middlewares=${var.service_name}-limit"
      ]

-      # Primary health check - HTTP
      check {
-        name     = "http_health_check"
+        name     = "health_http"
        type     = "http"
-        port     = "http"
+        port     = "health"
        path     = "/health"
-        interval = "10s"
+        interval = "15s"
        timeout  = "5s"
      }
    }
@@ -107,8 +88,8 @@ job "ilsp" {
      driver = "docker"

      config {
-        image = "registry.i80.dk/gitea/ilsp:${var.image_tag}"
-        ports = ["http"]
+        image      = "registry.i80.dk/gitea/ilsp:${var.image_tag}"
+        ports      = ["python_lsp", "bicep_lsp", "health"]
        force_pull = true
        auth {
          username = "robot$gitserver"
@@ -117,77 +98,34 @@ job "ilsp" {
      }

      restart {
-        attempts = 10
+        attempts = 5
        interval = "10m"
-        delay    = "15s"
+        delay    = "30s"
        mode     = "fail"
      }

-      # Volume mounts disabled for quick deployment
-      # volume_mount {
-      #   volume      = "ssl-certs"
-      #   destination = "/certs"
-      #   read_only   = true
-      # }
-
-      volume_mount {
-        volume      = "refactor-data"
-        destination = "/app/data"
-        read_only   = false
-      }
-
      env {
-        # DevOpsMCP Configuration
-       # Server Configuration
+        PYTHON_LSP_PORT  = "${NOMAD_PORT_python_lsp}"
+        BICEP_LSP_PORT   = "${NOMAD_PORT_bicep_lsp}"
+        HEALTH_PORT      = "${NOMAD_PORT_health}"
+        DEVOPS_MCP_URL   = "https://devops-mcp.i80.dk"
        PYTHONUNBUFFERED = "1"
-        PORT = "${NOMAD_PORT_http}"
-        HOST = "0.0.0.0"
-        
-        # Gitea (gea.i80.dk) API token for server-side CI/Actions queries
-        GITEA_TOKEN = "441b0e1f3f23d2b29984c970743ec8f7fc4081fa"
-        GITEA_URL = "https://gea.i80.dk"
-
-        # LanguageTool — self-hosted grammar/spell-check (autobox.i80.dk:8010)
-        LANGUAGETOOL_URL = "http://192.168.15.124:8010"
-       # SSL certificate paths (available but not required for app)
-        SSL_CERT_PATH = "/certs/wildcard.i80.dk.crt_cert.crt"
-        SSL_KEY_PATH  = "/certs/wildcard.i80.dk.key"
-        SSL_FULLCHAIN_PATH = "/certs/wildcard.i80.dk.crt_fullchain.crt"
-
-        # External MCP servers — tokens loaded from Consul (see template block below)
-        # Servers start automatically in entrypoint.sh when tokens are present
      }

-      # Registry authentication template
+      # Secrets from Consul KV
      template {
        data = <<EOH
 HARBOR_ROBOT_TOKEN="{{ key "harbor/robot/token" }}"
 EOH
        destination = "secrets/registry.env"
-        env = true
+        env         = true
      }

-      # External MCP server tokens (from Consul KV)
-      template {
-        data = <<EOH
-EOH
-        destination = "secrets/external-mcp.env"
-        env = true
-      }
-
-      # Context7 API key disabled for now (can be added via env vars)
-      # template {
-      #   data = <<EOH
-      # CONTEXT7_API_KEY="{{ key "ilsp/context7/api_key" }}"
-      # EOH
-      #   destination = "secrets/context7.env"
-      #   env = true
-      # }
-
      resources {
-        cpu        = 1000  # MHz - Higher CPU for code analysis
-        memory     = 1024  # MB - reserved for scheduling (canary needs 2x)
-        memory_max = 2048  # MB - can burst up to 2GB for Playwright/Chromium
+        # dotnet runtime (Bicep LS) + pylsp both in one container
+        cpu        = 1000   # MHz
+        memory     = 1536   # MB — dotnet needs headroom
+        memory_max = 2560   # MB burst
      }
    }
  }