hjess/tink-demo
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity
Files
bf6179046562c4fc3c15de5da072b2829a10a9b6
tink-demo/moneycapp-tink-demo.nomad
Henrik Jess Nielsen bf61790465 fix: production deployment — Docker, Nomad, Consul KV, SHA tags 
- Dockerfile: multi-stage build, non-root user, src/static tracked with .gitkeep
- Nomad job: force_pull=true, Traefik router fixed to tink-demo.i80.dk,
  loadbalancer.server.port=8000, job renamed from moneycapp-tink-demo
- CI/CD: git SHA image tags (deterministic deploys), removed .env.production
  baking — secrets injected at runtime via Consul KV template stanza
- Session security: asyncio lock prevents duplicate code exchange on callback,
  guard for already-stored token, api_log moved server-side (cookie overflow fix)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-23 02:08:27 +02:00

56 lines
1.2 KiB
HCL
Raw Blame History

job "tink-demo" {
datacenters = ["dc1"]
type = "service"
group "demo" {
count = 1
network {
port "http" { to = 8000 }
}
service {
name = "tink-demo"
port = "http"
tags = ["traefik.enable=true",
"traefik.http.routers.tink-demo.rule=Host(`tink-demo.i80.dk`)",
"traefik.http.routers.tink-demo.tls=true",
"traefik.http.routers.tink-demo.tls.certresolver=le",
"traefik.http.services.tink-demo.loadbalancer.server.port=8000"]
check {
type = "http"
path = "/"
interval = "30s"
timeout = "5s"
}
}
task "app" {
driver = "docker"
config {
image = "registry.i80.dk/gitea/tink-demo:latest"
force_pull = true
ports = ["http"]
}
template {
data = <<EOH
TINK_CLIENT_ID="{{ key "tink-demo/TINK_CLIENT_ID" }}"
TINK_CLIENT_SECRET="{{ key "tink-demo/TINK_CLIENT_SECRET" }}"
TINK_REDIRECT_URI="https://tink-demo.i80.dk/callback"
APP_BASE_URL="https://tink-demo.i80.dk"
DEMO_MODE="false"
EOH
destination = "secrets/app.env"
env = true
}
resources {
cpu = 256
memory = 256
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink