diff options
| author | Quentin <quentin@deuxfleurs.fr> | 2019-06-01 16:02:49 +0200 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2019-07-11 09:33:07 +0200 |
| commit | 61d009f18d5886db8b22ae41e04bb41a4ba2fddb (patch) | |
| tree | e44bb326caf3107653c7a48749527cfd77f02cf2 /nomad | |
| download | infrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.tar.gz infrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.zip | |
Initial commit
Diffstat (limited to 'nomad')
| -rw-r--r-- | nomad/bottin.hcl | 58 | ||||
| -rw-r--r-- | nomad/chat.hcl | 230 | ||||
| -rw-r--r-- | nomad/email.hcl | 437 | ||||
| -rw-r--r-- | nomad/mariadb.hcl | 69 | ||||
| -rw-r--r-- | nomad/postgres-amd64.hcl | 144 | ||||
| -rw-r--r-- | nomad/seafile.hcl | 144 | ||||
| -rw-r--r-- | nomad/traefik.hcl | 71 | ||||
| -rw-r--r-- | nomad/web_static.hcl | 95 | ||||
| -rw-r--r-- | nomad/webcap.hcl | 56 |
9 files changed, 1304 insertions, 0 deletions
diff --git a/nomad/bottin.hcl b/nomad/bottin.hcl new file mode 100644 index 0000000..281fabc --- /dev/null +++ b/nomad/bottin.hcl @@ -0,0 +1,58 @@ +job "directory" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "ldap" { + count = 2 + task "server" { + driver = "docker" + config { + image = "superboum/amd64_bottin:v10" + readonly_rootfs = true + port_map { + ldap_port = 1389 + } + } + + env { + TRIGGER = 2 + BOTTIN_PORT = 1389 + BOTTIN_SUFFIX = "dc=deuxfleurs,dc=fr" + BOTTIN_CONSUL = "consul.service.2.cluster.deuxfleurs.fr" + } + + resources { + memory = 100 + network { + port "ldap_port" { + static = "389" + } + } + } + + service { + tags = ["bottin"] + port = "ldap_port" + address_mode = "host" + name = "bottin" + check { + type = "tcp" + port = "ldap_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/nomad/chat.hcl b/nomad/chat.hcl new file mode 100644 index 0000000..2940840 --- /dev/null +++ b/nomad/chat.hcl @@ -0,0 +1,230 @@ +job "chat" { + datacenters = ["dc1"] + type = "service" + + group "matrix" { + count = 1 + task "synapse" { + driver = "docker" + + config { + image = "superboum/amd64_synapse:v20" + readonly_rootfs = true + port_map { + client_port = 8008 + } + command = "python" + args = [ + "-m", "synapse.app.homeserver", + "-n", + "-c", "/etc/matrix-synapse/homeserver.yaml" + ] + volumes = [ + "secrets/conf:/etc/matrix-synapse", + "/mnt/glusterfs/chat/matrix/synapse/media:/var/lib/matrix-synapse/media", + "/mnt/glusterfs/chat/matrix/synapse/uploads:/var/lib/matrix-synapse/uploads", + "/tmp/synapse-logs:/var/log/matrix-synapse", + "/tmp/synapse:/tmp" + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/chat/synapse/homeserver.yaml?raw&a=a" + destination = "secrets/tpl/homeserver.yaml.tpl" + mode = "file" + } + template { + source = "secrets/tpl/homeserver.yaml.tpl" + destination = "secrets/conf/homeserver.yaml" + } + template { + data = "{{ key \"configuration/chat/synapse/log.yaml\" }}" + destination = "secrets/conf/log.yaml" + } + template { + data = "{{ key \"configuration/chat/synapse/conf.d/server_name.yaml\" }}" + destination = "secrets/conf/server_name.yaml" + } + template { + data = "{{ key \"configuration/chat/synapse/conf.d/report_stats.yaml\" }}" + destination = "secrets/conf/report_stats.yaml" + } + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}" + destination = "secrets/conf/homeserver.tls.crt" + } + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}" + destination = "secrets/conf/homeserver.tls.dh" + } + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}" + destination = "secrets/conf/homeserver.tls.key" + } + template { + data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}" + destination = "secrets/conf/homeserver.signing.key" + } + + env { + SYNAPSE_CACHE_FACTOR = 1 + } + + resources { + cpu = 1000 + memory = 4000 + network { + port "client_port" { } + } + } + + service { + name = "synapse" + port = "client_port" + address_mode = "host" + tags = [ + "matrix", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:im.deuxfleurs.fr,deuxfleurs.fr;PathPrefix:/_matrix" + ] + check { + type = "tcp" + port = "client_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + + group "riotweb" { + count = 1 + + task "server" { + driver = "docker" + config { + image = "superboum/amd64_riotweb:v4" + port_map { + web_port = 8043 + } + volumes = [ + "secrets/config.json:/srv/http/config.json" + ] + } + + template { + data = "{{ key \"configuration/chat/riot_web/config.json\" }}" + destination = "secrets/config.json" + } + + resources { + memory = 21 + network { + port "web_port" {} + } + } + + service { + tags = [ + "webstatic", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:im.deuxfleurs.fr,riot.deuxfleurs.fr;PathPrefix:/" + ] + port = "web_port" + address_mode = "host" + name = "webstatic" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + +/* + group "turn_stun" { + count=1 + task "coturn" { + driver = "docker" + config { + image = "registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1" + port_map { + main_port = 3478 + alt_port = 3479 + } + command = "/usr/bin/turnserver" + args = [ + "-X", "82.253.205.190", + "-v", + "-f", + "-a" + ] + volumes = [ + "secrets/turnserver.conf:/etc/turnserver.conf" + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/chat/coturn/turnserver.conf.tpl?raw" + destination = "secrets/turnserver.conf.tpl" + mode = "file" + } + + template { + source = "secrets/turnserver.conf.tpl" + destination = "secrets/turnserver.conf" + } + + resources { + memory = 50 + network { + port "main_port" { + static = "3478" + } + port "alt_port" { + static = "3479" + } + } + } + + service { + tags = [ + "coturn", + "matrix" + ] + port = "main_port" + address_mode = "host" + name = "coturn" + check { + type = "tcp" + port = "main_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + } + } +*/ + +} + diff --git a/nomad/email.hcl b/nomad/email.hcl new file mode 100644 index 0000000..17ae613 --- /dev/null +++ b/nomad/email.hcl @@ -0,0 +1,437 @@ +job "email" { + datacenters = ["dc1"] + type = "service" + + group "dovecot" { + count = 1 + task "server" { + driver = "docker" + + config { + image = "superboum/amd64_dovecot:v2" + readonly_rootfs = false + port_map { + auth_port = 1337 + imaps_port = 993 + imap_port = 143 + lmtp_port = 24 + } + command = "dovecot" + args = [ "-F" ] + volumes = [ + "secrets/ssl/certs:/etc/ssl/certs", + "secrets/ssl/private:/etc/ssl/private", + "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf", + "/mnt/glusterfs/email/mail:/var/mail/", + ] + } + + env { + TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" + } + + resources { + cpu = 100 + memory = 200 + network { + port "auth_port" { + static = "1337" + } + port "imap_port" { + static = "143" + } + port "imaps_port" { + static = "993" + } + port "lmtp_port" { + static = "24" + } + } + } + + service { + name = "dovecot-auth" + port = "auth_port" + address_mode = "host" + tags = [ + "dovecot", + ] + check { + type = "tcp" + port = "auth_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "dovecot-imap" + port = "imap_port" + address_mode = "host" + tags = [ + "dovecot", + ] + check { + type = "tcp" + port = "imap_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "dovecot-imaps" + port = "imaps_port" + address_mode = "host" + tags = [ + "dovecot", + ] + + check { + type = "tcp" + port = "imaps_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "dovecot-lmtp" + port = "lmtp_port" + address_mode = "host" + tags = [ + "dovecot", + ] + + check { + type = "tcp" + port = "lmtp_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + template { + data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}" + destination = "secrets/ssl/certs/dovecot.crt" + perms = "400" + } + template { + data = "{{ key \"configuration/email/dovecot/dovecot.key\" }}" + destination = "secrets/ssl/private/dovecot.key" + perms = "400" + } + template { + data = "{{ key \"configuration/email/dovecot/dovecot-ldap.conf\" }}" + destination = "secrets/conf/dovecot-ldap.conf" + perms = "400" + } + } + } + + group "opendkim" { + count = 1 + task "server" { + driver = "docker" + + config { + image = "superboum/amd64_opendkim:v1" + readonly_rootfs = false + port_map { + dkim_port = 8999 + } + command = "opendkim" + args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ] + volumes = [ + "secrets/dkim:/etc/dkim", + "/dev/log:/dev/log", + ] + } + + resources { + cpu = 100 + memory = 50 + network { + port "dkim_port" { + static = "8999" + } + } + } + + service { + name = "opendkim" + port = "dkim_port" + address_mode = "host" + tags = [ + "opendkim", + ] + check { + type = "tcp" + port = "dkim_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + template { + data = "{{ key \"configuration/email/dkim/keytable\" }}" + destination = "secrets/dkim/keytable" + } + template { + data = "{{ key \"configuration/email/dkim/signingtable\" }}" + destination = "secrets/dkim/signingtable" + } + template { + data = "{{ key \"configuration/email/dkim/smtp.private\" }}" + destination = "secrets/dkim/smtp.private" + perms = "600" + } + template { + data = "{{ key \"configuration/email/dkim/smtp.txt\" }}" + destination = "secrets/dkim/smtp.txt" + } + template { + data = "{{ key \"configuration/email/dkim/trusted\" }}" + destination = "secrets/dkim/trusted" + } + } + } + + group "postfix" { + count = 1 + task "server" { + driver = "docker" + + config { + image = "superboum/amd64_postfix:v1" + readonly_rootfs = false + port_map { + smtp_port = 25 + smtps_port = 465 + submission_port = 587 + } + command = "postfix" + args = [ "start-fg" ] + volumes = [ + "secrets/ssl/certs:/etc/ssl/certs", + "secrets/ssl/private:/etc/ssl/private", + "secrets/postfix:/etc/postfix-conf", + "/dev/log:/dev/log" + ] + } + + env { + TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" + MAILNAME = "smtp.deuxfleurs.fr", + } + + resources { + cpu = 100 + memory = 50 + network { + port "smtp_port" { + static = "25" + } + port "smtps_port" { + static = "465" + } + port "submission_port" { + static = "587" + } + } + } + + service { + name = "postfix-smtp" + port = "smtp_port" + address_mode = "host" + tags = [ + "postfix", + ] + check { + type = "tcp" + port = "smtp_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "postfix-smtps" + port = "smtps_port" + address_mode = "host" + tags = [ + "postfix", + ] + + check { + type = "tcp" + port = "smtps_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "postfix-submission" + port = "submission_port" + address_mode = "host" + tags = [ + "postfix", + ] + + check { + type = "tcp" + port = "submission_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + template { + data = "{{ key \"configuration/email/postfix/postfix.crt\" }}" + destination = "secrets/ssl/certs/postfix.crt" + perms = "400" + } + template { + data = "{{ key \"configuration/email/postfix/postfix.key\" }}" + destination = "secrets/ssl/private/postfix.key" + perms = "400" + } + template { + data = "{{ key \"configuration/email/postfix/dynamicmaps.cf\" }}" + destination = "secrets/postfix/dynamicmaps.cf" + } + template { + data = "{{ key \"configuration/email/postfix/header_checks\" }}" + destination = "secrets/postfix/header_checks" + } + template { + data = "{{ key \"configuration/email/postfix/ldap-account.cf\" }}" + destination = "secrets/postfix/ldap-account.cf" + } + template { + data = "{{ key \"configuration/email/postfix/ldap-alias.cf\" }}" + destination = "secrets/postfix/ldap-alias.cf" + } + template { + data = "{{ key \"configuration/email/postfix/main.cf\" }}" + destination = "secrets/postfix/main.cf" + } + template { + data = "{{ key \"configuration/email/postfix/master.cf\" }}" + destination = "secrets/postfix/master.cf" + } + template { + data = "{{ key \"configuration/email/postfix/transport\" }}" + destination = "secrets/postfix/transport" + } + template { + data = "{{ key \"configuration/email/postfix/transport.db\" }}" + destination = "secrets/postfix/transport.db" + } + } + } + + group "sogo" { + count = 1 + task "bundle" { + + driver = "docker" + + config { + image = "superboum/amd64_sogo:v6" + readonly_rootfs = false + port_map { + sogo_web_port = 8080 + } + volumes = [ + "secrets/sogo.conf:/etc/sogo/sogo.conf", + ] + } + + /* Workaround as there is no consul source and no way to template recursively... */ + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/email/sogo/sogo.conf.tpl?raw" + destination = "secrets/tpl/sogo.conf.tpl" + mode = "file" + } + template { + source = "secrets/tpl/sogo.conf.tpl" + destination = "secrets/sogo.conf" + } + + resources { + cpu = 200 + memory = 1000 + network { + port "sogo_web_port" {} + } + } + + service { + name = "sogo" + port = "sogo_web_port" + address_mode = "host" + tags = [ + "sogo", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:sogo.deuxfleurs.fr;PathPrefix:/" + ] + check { + type = "tcp" + port = "sogo_web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "5m" + ignore_warnings = false + } + } + } + + } + } +} diff --git a/nomad/mariadb.hcl b/nomad/mariadb.hcl new file mode 100644 index 0000000..9b97d7a --- /dev/null +++ b/nomad/mariadb.hcl @@ -0,0 +1,69 @@ +job "mariadb" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + count = 1 + task "server" { + driver = "docker" + config { + image = "superboum/amd64_mariadb:v2" + port_map { + mariadb_port = 3306 + } + command = "tail" + args = [ + "-f", "/var/log/mysql/error.log", + ] + volumes = [ + "/mnt/glusterfs/mariadb/main/server:/var/lib/mysql", + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/mariadb/main/env.tpl?raw" + destination = "secrets/env.tpl" + mode = "file" + } + template { + source = "secrets/env.tpl" + destination = "secrets/env" + env = true + } + + + resources { + memory = 800 + network { + port "mariadb_port" { + static = "3306" + } + } + } + + service { + tags = ["mariadb"] + port = "mariadb_port" + address_mode = "host" + name = "mariadb" + check { + type = "tcp" + port = "mariadb_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/nomad/postgres-amd64.hcl b/nomad/postgres-amd64.hcl new file mode 100644 index 0000000..9065d10 --- /dev/null +++ b/nomad/postgres-amd64.hcl @@ -0,0 +1,144 @@ +job "dbx86" { + datacenters = ["dc1"] + type = "system" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "postgres" { + task "sentinel" { + driver = "docker" + + config { + image = "superboum/amd64_postgres:v3" + readonly_rootfs = false + command = "/usr/local/bin/stolon-sentinel" + args = [ + "--cluster-name", "pissenlit", + "--store-backend", "consul", + "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", + ] + } + resources { + memory = 100 + } + } + + task "proxy" { + driver = "docker" + + config { + image = "superboum/amd64_postgres:v3" + readonly_rootfs = false + command = "/usr/local/bin/stolon-proxy" + args = [ + "--cluster-name", "pissenlit", + "--store-backend", "consul", + "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", + "--port", "5432", + "--listen-address", "0.0.0.0" + ] + port_map { + psql_proxy_port = 5432 + } + } + + resources { + memory = 100 + network { + port "psql_proxy_port" { + static = 5432 + } + } + } + + service { + tags = ["sql"] + port = "psql_proxy_port" + address_mode = "host" + name = "psql-proxy" + check { + type = "tcp" + port = "psql_proxy_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "10m" + ignore_warnings = false + } + } + } + } + + task "keeper" { + driver = "docker" + + config { + network_mode = "host" + image = "superboum/amd64_postgres:v3" + readonly_rootfs = false + command = "/usr/local/bin/stolon-keeper" + args = [ + "--cluster-name", "pissenlit", + "--store-backend", "consul", + "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", + "--data-dir", "/mnt/persist", + "--pg-su-password", "${PG_SU_PWD}", + "--pg-repl-username", "${PG_REPL_USER}", + "--pg-repl-password", "${PG_REPL_PWD}", + "--pg-listen-address", "${attr.unique.network.ip-address}", + "--pg-port", "5433", + "--pg-bin-path", "/usr/lib/postgresql/9.6/bin/" + ] + port_map { + psql_port = 5433 + } + volumes = [ + "/mnt/ssd/postgres:/mnt/persist" + ] + } + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/postgres/keeper/env.tpl?raw" + destination = "secrets/env.tpl" + mode = "file" + } + template { + source = "secrets/env.tpl" + destination = "secrets/env" + env = true + } + + resources { + memory = 500 + network { + port "psql_port" { + static = "5433" + } + } + } + + service { + tags = ["sql"] + port = "psql_port" + address_mode = "host" + name = "keeper" + check { + type = "tcp" + port = "psql_port" + interval = "60s" + timeout = "5s" + + check_restart { + limit = 3 + grace = "60m" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/nomad/seafile.hcl b/nomad/seafile.hcl new file mode 100644 index 0000000..574f6bc --- /dev/null +++ b/nomad/seafile.hcl @@ -0,0 +1,144 @@ +job "seafile" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + count = 1 + task "server" { + driver = "docker" + config { + image = "superboum/amd64_seafile:v4" + port_map { + seahub_port = 8000 + seafdav_port = 8084 + seafhttp_port = 8082 + } + + volumes = [ + "/mnt/glusterfs/seafile:/mnt/seafile-data", + "secrets/conf:/srv/webstore/conf", + "secrets/ccnet:/srv/webstore/ccnet" + ] + } + + resources { + memory = 2048 + network { + port "seahub_port" {} + port "seafhttp_port" {} + port "seafdav_port" {} + } + } + + service { + tags = [ + "seafile", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/" + ] + port = "seahub_port" + address_mode = "host" + name = "seahub" + check { + type = "tcp" + port = "seahub_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + tags = [ + "seafile", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp" + + ] + port = "seafhttp_port" + address_mode = "host" + name = "seafhttp" + check { + type = "tcp" + port = "seafhttp_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + tags = [ + "seafile", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav" + + ] + port = "seafdav_port" + address_mode = "host" + name = "seafdav" + check { + type = "tcp" + port = "seafdav_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + template { + data = "{{ key \"configuration/seafile/ccnet/mykey.peer\" }}" + destination = "secrets/ccnet/mykey.peer" + } + template { + data = "{{ key \"configuration/seafile/ccnet/seafile.ini\" }}" + destination = "secrets/ccnet/seafile.ini" + } + template { + data = "{{ key \"configuration/seafile/conf/ccnet.conf\" }}" + destination = "secrets/conf/ccnet.conf" + } + template { + data = "{{ key \"configuration/seafile/conf/mykey.peer\" }}" + destination = "secrets/conf/mykey.peer" + } + template { + data = "{{ key \"configuration/seafile/conf/seafdav.conf\" }}" + destination = "secrets/conf/seafdav.conf" + } + template { + data = "{{ key \"configuration/seafile/conf/seafile.conf\" }}" + destination = "secrets/conf/seafile.conf" + } + template { + data = "{{ key \"configuration/seafile/conf/seahub_settings.py\" }}" + destination = "secrets/conf/seahub_settings.py" + } + template { + data = "{{ key \"configuration/seafile/conf/gunicorn.conf\" }}" + destination = "secrets/conf/gunicorn.conf" + } + } + } +} + diff --git a/nomad/traefik.hcl b/nomad/traefik.hcl new file mode 100644 index 0000000..f383090 --- /dev/null +++ b/nomad/traefik.hcl @@ -0,0 +1,71 @@ +job "frontend" { + datacenters = ["dc1"] + type = "service" + + group "traefik" { + task "server" { + driver = "docker" + + config { + image = "amd64/traefik:1.7.9" + readonly_rootfs = true + port_map { + https_port = 443 + http_port = 80 + adm_port = 8082 + synapse_federation_frontend = 8448 + } + volumes = [ + "secrets/traefik.toml:/etc/traefik/traefik.toml", + ] + } + + resources { + memory = 101 + network { + port "synapse_federation_frontend" { + static = "8448" + } + port "https_port" { + static = "443" + } + port "http_port" { + static = "80" + } + port "adm_port" { + static = "8082" + } + } + } + + service { + tags = ["https"] + port = "https_port" + address_mode = "host" + name = "traefik" + check { + type = "tcp" + port = "https_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + template { + data = "{{ key \"configuration/traefik/traefik.toml\" }}" + destination = "secrets/traefik.toml" + } + template { + data = "{{ key \"configuration/traefik/cloudflare.env\" }}" + destination = "secrets/cloudflare.env" + env = true + } + } + } +} + diff --git a/nomad/web_static.hcl b/nomad/web_static.hcl new file mode 100644 index 0000000..3cf97c3 --- /dev/null +++ b/nomad/web_static.hcl @@ -0,0 +1,95 @@ +job "web_static" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "landing" { + task "server" { + driver = "docker" + config { + image = "superboum/amd64_landing:v5" + port_map { + web_port = 8043 + } + } + + resources { + memory = 20 + network { + port "web_port" {} + } + } + + service { + tags = [ + "webstatic", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr;PathPrefix:/" + ] + port = "web_port" + address_mode = "host" + name = "landing" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + + /* To be replaced by a static site manager */ + group "quentin" { + task "server" { + driver = "docker" + config { + image = "superboum/amd64_blog:v18" + port_map { + web_port = 8043 + } + } + + resources { + memory = 20 + network { + port "web_port" {} + } + } + + service { + tags = [ + "webstatic", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:quentin.dufour.io,www.quentin.dufour.io;PathPrefix:/" + ] + port = "web_port" + address_mode = "host" + name = "blog-quentin" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/nomad/webcap.hcl b/nomad/webcap.hcl new file mode 100644 index 0000000..1246b76 --- /dev/null +++ b/nomad/webcap.hcl @@ -0,0 +1,56 @@ +job "webcap" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + task "flask" { + driver = "docker" + config { + image = "superboum/amd64_webcap:v7" + port_map { + web_port = 3000 + } + } + env { + FLASK_APP = "/usr/local/bin/webcap" + } + + resources { + cpu = 1000 + memory = 2000 + network { + port "web_port" {} + } + } + + service { + tags = [ + "webcap", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:webcap.deuxfleurs.fr;PathPrefix:/" + ] + port = "web_port" + address_mode = "host" + name = "webcap" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + |