aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@dufour.io>2021-07-02 13:11:29 +0200
committerQuentin Dufour <quentin@dufour.io>2021-07-02 13:11:29 +0200
commit0a6ffcacd209a1693677f3839d427f471f8fd639 (patch)
tree17de3675d17568aa1e357939794e17a561ed83a4
parent2d61f1449dbcb502ba07bda6bdea387fdef2cbda (diff)
parent80c2f1f7013266335e17d2f5be7096dc25b7206a (diff)
downloadinfrastructure-0a6ffcacd209a1693677f3839d427f471f8fd639.tar.gz
infrastructure-0a6ffcacd209a1693677f3839d427f471f8fd639.zip
Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/infrastructure into main
-rw-r--r--app/directory/deploy/directory.hcl2
-rw-r--r--app/garage/deploy/garage.hcl14
-rw-r--r--app/im/config/synapse/homeserver.yaml21
-rw-r--r--app/im/deploy/im.hcl84
-rw-r--r--app/postgres/deploy/postgres.hcl2
-rw-r--r--os/config/roles/common/tasks/main.yml1
-rw-r--r--os/config/roles/nomad/templates/nomad.hcl.j211
7 files changed, 46 insertions, 89 deletions
diff --git a/app/directory/deploy/directory.hcl b/app/directory/deploy/directory.hcl
index c4dd5c6..ec37a7a 100644
--- a/app/directory/deploy/directory.hcl
+++ b/app/directory/deploy/directory.hcl
@@ -69,7 +69,7 @@ job "directory" {
task "guichet" {
driver = "docker"
config {
- image = "lxpz/guichet_amd64:10"
+ image = "lxpz/guichet_amd64:11"
readonly_rootfs = true
ports = [ "web_port" ]
volumes = [
diff --git a/app/garage/deploy/garage.hcl b/app/garage/deploy/garage.hcl
index 41e36a0..c3d730e 100644
--- a/app/garage/deploy/garage.hcl
+++ b/app/garage/deploy/garage.hcl
@@ -35,6 +35,9 @@ job "garage" {
"secrets/garage.crt:/garage/garage.crt",
"secrets/garage.key:/garage/garage.key",
]
+ logging {
+ type = "journald"
+ }
}
template {
@@ -61,8 +64,8 @@ job "garage" {
cpu = 1000
}
- kill_signal = "SIGINT"
- kill_timeout = "20s"
+ kill_signal = "SIGINT"
+ kill_timeout = "20s"
service {
tags = [
@@ -106,6 +109,13 @@ job "garage" {
}
}
}
+
+ restart {
+ interval = "30m"
+ attempts = 10
+ delay = "15s"
+ mode = "delay"
+ }
}
}
}
diff --git a/app/im/config/synapse/homeserver.yaml b/app/im/config/synapse/homeserver.yaml
index 9e141d4..6482772 100644
--- a/app/im/config/synapse/homeserver.yaml
+++ b/app/im/config/synapse/homeserver.yaml
@@ -314,7 +314,7 @@ bcrypt_rounds: 12
# Allows users to register as guests without a password/email/etc, and
# participate in rooms hosted on this server which have been made
# accessible to anonymous users.
-allow_guest_access: True
+allow_guest_access: False
# The list of identity servers trusted to verify third party
# identifiers by this server.
@@ -469,5 +469,20 @@ report_stats: false
suppress_key_server_warning: true
enable_group_creation: true
-experimental_features:
- spaces_enabled: true
+#experimental_features:
+# spaces_enabled: true
+
+presence:
+ enabled: false
+limit_remote_rooms:
+ enabled: true
+ complexity: 3.0
+ complexity_error: "Ce salon de discussion a trop d'activité, le serveur n'est pas assez puissant pour le rejoindre. N'hésitez pas à remonter l'information à l'équipe technique, nous pourrons ajuster la limitation au besoin."
+ admins_can_join: false
+retention:
+ enabled: true
+ # no default policy for now, this is intended.
+ # DO NOT ADD ONE BECAUSE THIS IS DANGEROUS AND WILL DELETE CONTENT WE WANT TO KEEP!
+ purge_jobs:
+ - interval: 1d
+
diff --git a/app/im/deploy/im.hcl b/app/im/deploy/im.hcl
index b53645c..68eb9fd 100644
--- a/app/im/deploy/im.hcl
+++ b/app/im/deploy/im.hcl
@@ -86,7 +86,7 @@ job "im" {
resources {
cpu = 1000
- memory = 4000
+ memory = 2000
}
service {
@@ -97,7 +97,7 @@ job "im" {
"matrix",
"traefik.enable=true",
"traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix",
+ "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix,/_synapse",
"traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *",
"traefik.frontend.priority=100"
]
@@ -129,86 +129,6 @@ job "im" {
}
}
- group "easybridge" {
- count = 1
-
- network {
- port "api_port" {
- static = 8321
- to = 8321
- }
- port "web_port" { to = 8281 }
- }
-
- task "easybridge" {
- driver = "docker"
- config {
- image = "lxpz/easybridge_amd64:35"
- ports = [ "api_port", "web_port" ]
- volumes = [
- "secrets/conf:/data"
- ]
- args = [ "./easybridge", "-config", "/data/config.json" ]
- }
-
- template {
- data = file("../config/easybridge/registration.yaml.tpl")
- destination = "secrets/conf/registration.yaml"
- }
-
- template {
- data = file("../config/easybridge/config.json.tpl")
- destination = "secrets/conf/config.json"
- }
-
- resources {
- memory = 250
- cpu = 100
- }
-
- service {
- name = "easybridge-api"
- tags = ["easybridge-api"]
- port = "api_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "api_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "easybridge-web"
- tags = [
- "easybridge-web",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
group "riotweb" {
count = 1
diff --git a/app/postgres/deploy/postgres.hcl b/app/postgres/deploy/postgres.hcl
index 5ce68a4..075a77f 100644
--- a/app/postgres/deploy/postgres.hcl
+++ b/app/postgres/deploy/postgres.hcl
@@ -110,7 +110,7 @@ job "postgres9.6" {
}
resources {
- memory = 500
+ memory = 1000
}
service {
diff --git a/os/config/roles/common/tasks/main.yml b/os/config/roles/common/tasks/main.yml
index 3898c8f..e817451 100644
--- a/os/config/roles/common/tasks/main.yml
+++ b/os/config/roles/common/tasks/main.yml
@@ -29,6 +29,7 @@
- iftop
- iotop
- docker.io
+ - locales
- unzip
- tar
- tcpdump
diff --git a/os/config/roles/nomad/templates/nomad.hcl.j2 b/os/config/roles/nomad/templates/nomad.hcl.j2
index d1c0720..12acbd3 100644
--- a/os/config/roles/nomad/templates/nomad.hcl.j2
+++ b/os/config/roles/nomad/templates/nomad.hcl.j2
@@ -39,3 +39,14 @@ telemetry {
publish_allocation_metrics = true
publish_node_metrics = true
}
+
+plugin "docker" {
+ config {
+ pull_activity_timeout = "15m"
+ volumes {
+ enabled = true
+ }
+ allow_privileged = true
+ }
+}
+