moneycapp-tink-demo.nomad

job "tink-demo" {
  datacenters = ["dc1"]
  type        = "service"

  group "demo" {
    count = 1

    network {
      port "http" { to = 8000 }
    }

    service {
      name = "tink-demo"
      port = "http"
      tags = ["traefik.enable=true",
              "traefik.http.routers.tink-demo.rule=Host(`tink-demo.i80.dk`)",
              "traefik.http.routers.tink-demo.tls=true",
              "traefik.http.routers.tink-demo.tls.certresolver=le",
              "traefik.http.services.tink-demo.loadbalancer.server.port=8000"]
      check {
        type     = "http"
        path     = "/"
        interval = "30s"
        timeout  = "5s"
      }
    }

    task "app" {
      driver = "docker"

      config {
        image      = "registry.i80.dk/gitea/tink-demo:latest"
        force_pull = true
        ports      = ["http"]
      }

      template {
        data = <<EOH
TINK_CLIENT_ID="{{ key "tink-demo/TINK_CLIENT_ID" }}"
TINK_CLIENT_SECRET="{{ key "tink-demo/TINK_CLIENT_SECRET" }}"
TINK_REDIRECT_URI="https://tink-demo.i80.dk/callback"
APP_BASE_URL="https://tink-demo.i80.dk"
DEMO_MODE="false"
EOH
        destination = "secrets/app.env"
        env         = true
      }

      resources {
        cpu    = 256
        memory = 256
      }
    }
  }
}
fix: production deployment — Docker, Nomad, Consul KV, SHA tags - Dockerfile: multi-stage build, non-root user, src/static tracked with .gitkeep - Nomad job: force_pull=true, Traefik router fixed to tink-demo.i80.dk, loadbalancer.server.port=8000, job renamed from moneycapp-tink-demo - CI/CD: git SHA image tags (deterministic deploys), removed .env.production baking — secrets injected at runtime via Consul KV template stanza - Session security: asyncio lock prevents duplicate code exchange on callback, guard for already-stored token, api_log moved server-side (cookie overflow fix) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-23 02:08:27 +02:00			`job "tink-demo" {`
feat: Tink open banking demo — 6-step API walkthrough Demonstrates the full Tink integration flow for open banking: Step 1 — Client credentials auth (app token) Step 2 — Create Tink user with external_user_id Step 3 — Connect bank via Tink Link OAuth redirect Step 4 — List accounts (v2 endpoint) Step 5 — List transactions (v2 endpoint, cursor pagination) Step 6 — Webhooks (register endpoint, receive events) Built with Python / FastAPI + Jinja2 templates. Each step shows live JSON responses, cURL examples and API version badges. Includes server-side token store (prevents session cookie overflow), asyncio lock on OAuth callback, and demo mode with realistic mock data. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-23 02:08:27 +02:00			`datacenters = ["dc1"]`
			`type = "service"`

			`group "demo" {`
			`count = 1`

			`network {`
			`port "http" { to = 8000 }`
			`}`

			`service {`
fix: production deployment — Docker, Nomad, Consul KV, SHA tags - Dockerfile: multi-stage build, non-root user, src/static tracked with .gitkeep - Nomad job: force_pull=true, Traefik router fixed to tink-demo.i80.dk, loadbalancer.server.port=8000, job renamed from moneycapp-tink-demo - CI/CD: git SHA image tags (deterministic deploys), removed .env.production baking — secrets injected at runtime via Consul KV template stanza - Session security: asyncio lock prevents duplicate code exchange on callback, guard for already-stored token, api_log moved server-side (cookie overflow fix) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-23 02:08:27 +02:00			`name = "tink-demo"`
feat: Tink open banking demo — 6-step API walkthrough Demonstrates the full Tink integration flow for open banking: Step 1 — Client credentials auth (app token) Step 2 — Create Tink user with external_user_id Step 3 — Connect bank via Tink Link OAuth redirect Step 4 — List accounts (v2 endpoint) Step 5 — List transactions (v2 endpoint, cursor pagination) Step 6 — Webhooks (register endpoint, receive events) Built with Python / FastAPI + Jinja2 templates. Each step shows live JSON responses, cURL examples and API version badges. Includes server-side token store (prevents session cookie overflow), asyncio lock on OAuth callback, and demo mode with realistic mock data. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-23 02:08:27 +02:00			`port = "http"`
			`tags = ["traefik.enable=true",`
			"traefik.http.routers.tink-demo.rule=Host(`tink-demo.i80.dk`)",
			`"traefik.http.routers.tink-demo.tls=true",`
fix: production deployment — Docker, Nomad, Consul KV, SHA tags - Dockerfile: multi-stage build, non-root user, src/static tracked with .gitkeep - Nomad job: force_pull=true, Traefik router fixed to tink-demo.i80.dk, loadbalancer.server.port=8000, job renamed from moneycapp-tink-demo - CI/CD: git SHA image tags (deterministic deploys), removed .env.production baking — secrets injected at runtime via Consul KV template stanza - Session security: asyncio lock prevents duplicate code exchange on callback, guard for already-stored token, api_log moved server-side (cookie overflow fix) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-23 02:08:27 +02:00			`"traefik.http.routers.tink-demo.tls.certresolver=le",`
			`"traefik.http.services.tink-demo.loadbalancer.server.port=8000"]`
feat: Tink open banking demo — 6-step API walkthrough Demonstrates the full Tink integration flow for open banking: Step 1 — Client credentials auth (app token) Step 2 — Create Tink user with external_user_id Step 3 — Connect bank via Tink Link OAuth redirect Step 4 — List accounts (v2 endpoint) Step 5 — List transactions (v2 endpoint, cursor pagination) Step 6 — Webhooks (register endpoint, receive events) Built with Python / FastAPI + Jinja2 templates. Each step shows live JSON responses, cURL examples and API version badges. Includes server-side token store (prevents session cookie overflow), asyncio lock on OAuth callback, and demo mode with realistic mock data. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-23 02:08:27 +02:00			`check {`
			`type = "http"`
			`path = "/"`
			`interval = "30s"`
			`timeout = "5s"`
			`}`
			`}`

			`task "app" {`
			`driver = "docker"`

			`config {`
fix: production deployment — Docker, Nomad, Consul KV, SHA tags - Dockerfile: multi-stage build, non-root user, src/static tracked with .gitkeep - Nomad job: force_pull=true, Traefik router fixed to tink-demo.i80.dk, loadbalancer.server.port=8000, job renamed from moneycapp-tink-demo - CI/CD: git SHA image tags (deterministic deploys), removed .env.production baking — secrets injected at runtime via Consul KV template stanza - Session security: asyncio lock prevents duplicate code exchange on callback, guard for already-stored token, api_log moved server-side (cookie overflow fix) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-23 02:08:27 +02:00			`image = "registry.i80.dk/gitea/tink-demo:latest"`
			`force_pull = true`
			`ports = ["http"]`
			`}`

			`template {`
			`data = <<EOH`
			`TINK_CLIENT_ID="{{ key "tink-demo/TINK_CLIENT_ID" }}"`
			`TINK_CLIENT_SECRET="{{ key "tink-demo/TINK_CLIENT_SECRET" }}"`
			`TINK_REDIRECT_URI="https://tink-demo.i80.dk/callback"`
			`APP_BASE_URL="https://tink-demo.i80.dk"`
			`DEMO_MODE="false"`
			`EOH`
			`destination = "secrets/app.env"`
			`env = true`
feat: Tink open banking demo — 6-step API walkthrough Demonstrates the full Tink integration flow for open banking: Step 1 — Client credentials auth (app token) Step 2 — Create Tink user with external_user_id Step 3 — Connect bank via Tink Link OAuth redirect Step 4 — List accounts (v2 endpoint) Step 5 — List transactions (v2 endpoint, cursor pagination) Step 6 — Webhooks (register endpoint, receive events) Built with Python / FastAPI + Jinja2 templates. Each step shows live JSON responses, cURL examples and API version badges. Includes server-side token store (prevents session cookie overflow), asyncio lock on OAuth callback, and demo mode with realistic mock data. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> 2026-05-23 02:08:27 +02:00			`}`

			`resources {`
			`cpu = 256`
			`memory = 256`
			`}`
			`}`
			`}`
			`}`