diff options
| author | Quentin <quentin@deuxfleurs.fr> | 2020-09-12 10:03:48 +0200 |
|---|---|---|
| committer | Quentin <quentin@deuxfleurs.fr> | 2020-09-12 10:03:48 +0200 |
| commit | c4a6cf1534b864d3941c839d4a4dca7e505bd828 (patch) | |
| tree | 3e866768cf39ae947def5b205f74fddfb435725d /nomad | |
| parent | 0550647b9348d1e36431400e0832b4340564c658 (diff) | |
| download | infrastructure-c4a6cf1534b864d3941c839d4a4dca7e505bd828.tar.gz infrastructure-c4a6cf1534b864d3941c839d4a4dca7e505bd828.zip | |
Rebase first step
Diffstat (limited to 'nomad')
| -rw-r--r-- | nomad/bottin2.hcl | 116 | ||||
| -rw-r--r-- | nomad/core.hcl | 43 | ||||
| -rw-r--r-- | nomad/email.hcl | 475 | ||||
| -rw-r--r-- | nomad/garage.hcl | 99 | ||||
| -rw-r--r-- | nomad/im.hcl | 361 | ||||
| -rw-r--r-- | nomad/jitsi.hcl | 258 | ||||
| -rw-r--r-- | nomad/mariadb.hcl | 69 | ||||
| -rw-r--r-- | nomad/nextcloud.hcl | 67 | ||||
| -rw-r--r-- | nomad/object_storage.hcl | 159 | ||||
| -rw-r--r-- | nomad/platoo.hcl | 64 | ||||
| -rw-r--r-- | nomad/postgres.hcl | 145 | ||||
| -rw-r--r-- | nomad/science.hcl | 58 | ||||
| -rw-r--r-- | nomad/seafile.hcl | 174 | ||||
| -rw-r--r-- | nomad/traefik.hcl | 68 | ||||
| -rw-r--r-- | nomad/web_static.hcl | 113 | ||||
| -rw-r--r-- | nomad/webcap.hcl | 56 |
16 files changed, 0 insertions, 2325 deletions
diff --git a/nomad/bottin2.hcl b/nomad/bottin2.hcl deleted file mode 100644 index 85bda59..0000000 --- a/nomad/bottin2.hcl +++ /dev/null @@ -1,116 +0,0 @@ -job "directory2" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "bottin" { - count = 1 - task "bottin" { - driver = "docker" - config { - image = "lxpz/bottin_amd64:14" - readonly_rootfs = true - port_map { - ldap_port = 1389 - } - volumes = [ - "secrets/config.json:/config.json" - ] - } - - resources { - memory = 100 - network { - port "ldap_port" { - static = "389" - } - } - } - - template { - data = "{{ key \"configuration/directory/bottin/config.json\" }}" - destination = "secrets/config.json" - } - - service { - tags = ["bottin"] - port = "ldap_port" - address_mode = "host" - name = "bottin2" - check { - type = "tcp" - port = "ldap_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - - group "guichet" { - count = 1 - task "guichet" { - driver = "docker" - config { - image = "lxpz/guichet_amd64:10" - readonly_rootfs = true - port_map { - web_port = 9991 - } - volumes = [ - "secrets/config.json:/config.json" - ] - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/directory/guichet/config.json.tpl?raw" - destination = "secrets/config.json.tpl" - mode = "file" - } - template { - source = "secrets/config.json.tpl" - destination = "secrets/config.json" - } - - resources { - memory = 200 - network { - port "web_port" {} - } - } - - service { - name = "guichet" - tags = [ - "guichet", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:guichet.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/nomad/core.hcl b/nomad/core.hcl deleted file mode 100644 index 43774a6..0000000 --- a/nomad/core.hcl +++ /dev/null @@ -1,43 +0,0 @@ -job "core" { - datacenters = ["dc1"] - type = "system" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - update { - max_parallel = 1 - stagger = "1m" - } - - group "network" { - task "diplonat" { - driver = "docker" - - config { - image = "darkgallium/amd64_diplonat:v2" - network_mode = "host" - readonly_rootfs = true - privileged = true - } - - template { - data = <<EOH -DIPLONAT_PRIVATE_IP={{ env "attr.unique.network.ip-address" }} -DIPLONAT_REFRESH_TIME=60 -DIPLONAT_EXPIRATION_TIME=300 -DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} -RUST_LOG=debug -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 40 - } - } - } -} diff --git a/nomad/email.hcl b/nomad/email.hcl deleted file mode 100644 index 86c4d87..0000000 --- a/nomad/email.hcl +++ /dev/null @@ -1,475 +0,0 @@ -job "email" { - datacenters = ["dc1"] - type = "service" - - group "dovecot" { - count = 1 - task "server" { - driver = "docker" - - config { - image = "superboum/amd64_dovecot:v2" - readonly_rootfs = false - port_map { - auth_port = 1337 - imaps_port = 993 - imap_port = 143 - lmtp_port = 24 - } - command = "dovecot" - args = [ "-F" ] - volumes = [ - "secrets/ssl/certs:/etc/ssl/certs", - "secrets/ssl/private:/etc/ssl/private", - "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf", - "/mnt/glusterfs/email/mail:/var/mail/", - ] - } - - env { - TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" - } - - resources { - cpu = 100 - memory = 200 - network { - mbits = 1 - port "auth_port" { - static = "1337" - } - port "imap_port" { - static = "143" - } - port "imaps_port" { - static = "993" - } - port "lmtp_port" { - static = "24" - } - } - } - - service { - name = "dovecot-auth" - port = "auth_port" - address_mode = "host" - tags = [ - "dovecot", - ] - check { - type = "tcp" - port = "auth_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "dovecot-imap" - port = "imap_port" - address_mode = "host" - tags = [ - "dovecot" - ] - check { - type = "tcp" - port = "imap_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "dovecot-imaps" - port = "imaps_port" - address_mode = "host" - tags = [ - "dovecot", - "(diplonat (tcp_port 993))" - ] - - check { - type = "tcp" - port = "imaps_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "dovecot-lmtp" - port = "lmtp_port" - address_mode = "host" - tags = [ - "dovecot", - ] - - check { - type = "tcp" - port = "lmtp_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw" - destination = "secrets/conf/dovecot-ldap.conf.tpl" - mode = "file" - } - template { - source = "secrets/conf/dovecot-ldap.conf.tpl" - destination = "secrets/conf/dovecot-ldap.conf" - perms = "400" - } - - template { - data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}" - destination = "secrets/ssl/certs/dovecot.crt" - perms = "400" - } - template { - data = "{{ key \"configuration/email/dovecot/dovecot.key\" }}" - destination = "secrets/ssl/private/dovecot.key" - perms = "400" - } - } - } - - group "opendkim" { - count = 1 - task "server" { - driver = "docker" - - config { - image = "superboum/amd64_opendkim:v1" - readonly_rootfs = false - port_map { - dkim_port = 8999 - } - command = "opendkim" - args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ] - volumes = [ - "secrets/dkim:/etc/dkim", - "/dev/log:/dev/log", - ] - } - - resources { - cpu = 100 - memory = 50 - network { - mbits = 1 - port "dkim_port" { - static = "8999" - } - } - } - - service { - name = "opendkim" - port = "dkim_port" - address_mode = "host" - tags = [ - "opendkim", - ] - check { - type = "tcp" - port = "dkim_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - template { - data = "{{ key \"configuration/email/dkim/keytable\" }}" - destination = "secrets/dkim/keytable" - } - template { - data = "{{ key \"configuration/email/dkim/signingtable\" }}" - destination = "secrets/dkim/signingtable" - } - template { - data = "{{ key \"configuration/email/dkim/smtp.private\" }}" - destination = "secrets/dkim/smtp.private" - perms = "600" - } - template { - data = "{{ key \"configuration/email/dkim/smtp.txt\" }}" - destination = "secrets/dkim/smtp.txt" - } - template { - data = "{{ key \"configuration/email/dkim/trusted\" }}" - destination = "secrets/dkim/trusted" - } - } - } - - group "postfix" { - count = 1 - task "server" { - driver = "docker" - - config { - image = "superboum/amd64_postfix:v1" - readonly_rootfs = false - port_map { - smtp_port = 25 - smtps_port = 465 - submission_port = 587 - } - command = "postfix" - args = [ "start-fg" ] - volumes = [ - "secrets/ssl/certs:/etc/ssl/certs", - "secrets/ssl/private:/etc/ssl/private", - "secrets/postfix:/etc/postfix-conf", - "/dev/log:/dev/log" - ] - } - - env { - TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" - MAILNAME = "smtp.deuxfleurs.fr", - } - - resources { - cpu = 100 - memory = 200 - network { - mbits = 1 - port "smtp_port" { - static = "25" - } - port "smtps_port" { - static = "465" - } - port "submission_port" { - static = "587" - } - } - } - - service { - name = "postfix-smtp" - port = "smtp_port" - address_mode = "host" - tags = [ - "postfix", - "(diplonat (tcp_port 25 465 587))" - ] - check { - type = "tcp" - port = "smtp_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "postfix-smtps" - port = "smtps_port" - address_mode = "host" - tags = [ - "postfix", - ] - - check { - type = "tcp" - port = "smtps_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "postfix-submission" - port = "submission_port" - address_mode = "host" - tags = [ - "postfix", - ] - - check { - type = "tcp" - port = "submission_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-account.cf.tpl?raw" - destination = "secrets/postfix/ldap-account.cf.tpl" - mode = "file" - } - template { - source = "secrets/postfix/ldap-account.cf.tpl" - destination = "secrets/postfix/ldap-account.cf" - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-alias.cf.tpl?raw" - destination = "secrets/postfix/ldap-alias.cf.tpl" - mode = "file" - } - template { - source = "secrets/postfix/ldap-alias.cf.tpl" - destination = "secrets/postfix/ldap-alias.cf" - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-virtual-domains.cf.tpl?raw" - destination = "secrets/postfix/ldap-virtual-domains.cf.tpl" - mode = "file" - } - template { - source = "secrets/postfix/ldap-virtual-domains.cf.tpl" - destination = "secrets/postfix/ldap-virtual-domains.cf" - } - - - template { - data = "{{ key \"configuration/email/postfix/postfix.crt\" }}" - destination = "secrets/ssl/certs/postfix.crt" - perms = "400" - } - template { - data = "{{ key \"configuration/email/postfix/postfix.key\" }}" - destination = "secrets/ssl/private/postfix.key" - perms = "400" - } - template { - data = "{{ key \"configuration/email/postfix/dynamicmaps.cf\" }}" - destination = "secrets/postfix/dynamicmaps.cf" - } - template { - data = "{{ key \"configuration/email/postfix/header_checks\" }}" - destination = "secrets/postfix/header_checks" - } - template { - data = "{{ key \"configuration/email/postfix/main.cf\" }}" - destination = "secrets/postfix/main.cf" - } - template { - data = "{{ key \"configuration/email/postfix/master.cf\" }}" - destination = "secrets/postfix/master.cf" - } - template { - data = "{{ key \"configuration/email/postfix/transport\" }}" - destination = "secrets/postfix/transport" - } - template { - data = "{{ key \"configuration/email/postfix/transport.db\" }}" - destination = "secrets/postfix/transport.db" - } - } - } - - group "sogo" { - count = 1 - task "bundle" { - - driver = "docker" - - config { - image = "superboum/amd64_sogo:v7" - readonly_rootfs = false - port_map { - sogo_web_port = 8080 - } - volumes = [ - "secrets/sogo.conf:/etc/sogo/sogo.conf", - ] - } - env { - FAKE = 2 - } - - /* Workaround as there is no consul source and no way to template recursively... */ - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/sogo/sogo.conf.tpl?raw" - destination = "secrets/tpl/sogo.conf.tpl" - mode = "file" - } - template { - source = "secrets/tpl/sogo.conf.tpl" - destination = "secrets/sogo.conf" - } - - resources { - cpu = 200 - memory = 1000 - network { - mbits = 1 - port "sogo_web_port" {} - } - } - - service { - name = "sogo" - port = "sogo_web_port" - address_mode = "host" - tags = [ - "sogo", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:www.sogo.deuxfleurs.fr,sogo.deuxfleurs.fr;PathPrefix:/" - ] - check { - type = "tcp" - port = "sogo_web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "5m" - ignore_warnings = false - } - } - } - - } - } -} diff --git a/nomad/garage.hcl b/nomad/garage.hcl deleted file mode 100644 index 3478706..0000000 --- a/nomad/garage.hcl +++ /dev/null @@ -1,99 +0,0 @@ -job "garage" { - datacenters = ["dc1", "belair", "saturne"] - type = "system" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "garage" { - task "server" { - driver = "docker" - config { - image = "lxpz/garage_amd64:4" - port_map { - rpc_port = 3901 - api_port = 3900 - } - volumes = [ - "/mnt/storage/garage/data:/garage/data", - "/mnt/ssd/garage/meta:/garage/meta", - "secrets/garage.toml:/garage/config.toml", - "secrets/garage-ca.crt:/garage/garage-ca.crt", - "secrets/garage.crt:/garage/garage.crt", - "secrets/garage.key:/garage/garage.key", - ] - } - - template { - data = "{{ key \"configuration/garage/garage.toml\" }}" - destination = "secrets/garage.toml" - } - template { - data = "{{ key \"secrets/garage/garage-ca.crt\" }}" - destination = "secrets/garage-ca.crt" - } - template { - data = "{{ key \"secrets/garage/garage.crt\" }}" - destination = "secrets/garage.crt" - } - template { - data = "{{ key \"secrets/garage/garage.key\" }}" - destination = "secrets/garage.key" - } - - resources { - memory = 500 - cpu = 1000 - network { - port "rpc_port" { - static = "3901" - } - port "api_port" {} - } - } - - service { - tags = [ - "garage_api", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:garage.deuxfleurs.fr" - ] - port = "api_port" - address_mode = "host" - name = "garage-api" - check { - type = "tcp" - port = "api_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - tags = ["garage-rpc"] - port = "rpc_port" - address_mode = "host" - name = "garage-rpc" - check { - type = "tcp" - port = "rpc_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} diff --git a/nomad/im.hcl b/nomad/im.hcl deleted file mode 100644 index 53b81d1..0000000 --- a/nomad/im.hcl +++ /dev/null @@ -1,361 +0,0 @@ -job "im" { - datacenters = ["dc1"] - type = "service" - - group "matrix" { - count = 1 - task "synapse" { - driver = "docker" - - config { - image = "superboum/amd64_synapse:v33" - readonly_rootfs = true - port_map { - client_port = 8008 - federation_port = 8448 - } - command = "python" - args = [ - "-m", "synapse.app.homeserver", - "-n", - "-c", "/etc/matrix-synapse/homeserver.yaml" - ] - volumes = [ - "secrets/conf:/etc/matrix-synapse", - "/mnt/glusterfs/chat/matrix/synapse/media:/var/lib/matrix-synapse/media", - "/mnt/glusterfs/chat/matrix/synapse/uploads:/var/lib/matrix-synapse/uploads", - "/tmp/synapse-logs:/var/log/matrix-synapse", - "/tmp/synapse:/tmp" - ] - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/synapse/homeserver.yaml?raw" - destination = "secrets/tpl/homeserver.yaml.tpl" - mode = "file" - } - template { - source = "secrets/tpl/homeserver.yaml.tpl" - destination = "secrets/conf/homeserver.yaml" - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/registration.yaml.tpl?raw" - destination = "secrets/tpl/easybridge_registration.yaml.tpl" - mode = "file" - } - template { - source = "secrets/tpl/easybridge_registration.yaml.tpl" - destination = "secrets/conf/easybridge_registration.yaml" - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/fb2mx/registration.yaml?raw" - destination = "secrets/tpl/fb2mx_registration.yaml.tpl" - mode = "file" - } - template { - source = "secrets/tpl/fb2mx_registration.yaml.tpl" - destination = "secrets/conf/fb2mx_registration.yaml" - } - - template { - data = "{{ key \"configuration/chat/synapse/log.yaml\" }}" - destination = "secrets/conf/log.yaml" - } - template { - data = "{{ key \"configuration/chat/synapse/conf.d/server_name.yaml\" }}" - destination = "secrets/conf/server_name.yaml" - } - template { - data = "{{ key \"configuration/chat/synapse/conf.d/report_stats.yaml\" }}" - destination = "secrets/conf/report_stats.yaml" - } - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}" - destination = "secrets/conf/homeserver.tls.crt" - } - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}" - destination = "secrets/conf/homeserver.tls.dh" - } - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}" - destination = "secrets/conf/homeserver.tls.key" - } - template { - data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}" - destination = "secrets/conf/homeserver.signing.key" - } - - env { - SYNAPSE_CACHE_FACTOR = 1 - } - - resources { - cpu = 1000 - memory = 4000 - network { - port "client_port" { } - port "federation_port" { } - } - } - - service { - name = "synapse-client" - port = "client_port" - address_mode = "host" - tags = [ - "matrix", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix", - "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *", - "traefik.frontend.priority=100" - ] - check { - type = "tcp" - port = "client_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "synapse-federation" - port = "federation_port" - address_mode = "host" - tags = [ - "matrix", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:deuxfleurs.fr;PathPrefix:/_matrix", - "traefik.frontend.priority=100" - ] - } - - } - } - - group "easybridge" { - count = 1 - task "easybridge" { - driver = "docker" - config { - image = "lxpz/easybridge_amd64:27" - port_map { - api_port = 8321 - web_port = 8281 - } - volumes = [ - "secrets/conf:/data" - ] - args = [ "./easybridge", "-config", "/data/config.json" ] - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/registration.yaml.tpl?raw" - destination = "secrets/tpl/registration.yaml.tpl" - mode = "file" - } - template { - source = "secrets/tpl/registration.yaml.tpl" - destination = "secrets/conf/registration.yaml" - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/config.json.tpl?raw" - destination = "secrets/tpl/config.json.tpl" - mode = "file" - } - template { - source = "secrets/tpl/config.json.tpl" - destination = "secrets/conf/config.json" - } - - resources { - memory = 500 - cpu = 1000 - network { - port "api_port" { - static = "8321" - } - port "web_port" {} - } - } - - service { - name = "easybridge-api" - tags = ["easybridge-api"] - port = "api_port" - address_mode = "host" - check { - type = "tcp" - port = "api_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "easybridge-web" - tags = [ - "easybridge-web", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - - - group "riotweb" { - count = 1 - - task "server" { - driver = "docker" - config { - image = "superboum/amd64_riotweb:v15" - port_map { - web_port = 8043 - } - volumes = [ - "secrets/config.json:/srv/http/config.json" - ] - } - - template { - data = "{{ key \"configuration/chat/riot_web/config.json\" }}" - destination = "secrets/config.json" - } - - resources { - memory = 21 - network { - port "web_port" {} - } - } - - service { - tags = [ - "webstatic", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:im.deuxfleurs.fr,riot.deuxfleurs.fr;PathPrefix:/", - "traefik.frontend.priority=10" - ] - port = "web_port" - address_mode = "host" - name = "webstatic" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - -/* - group "turn_stun" { - count=1 - task "coturn" { - driver = "docker" - config { - image = "registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1" - port_map { - main_port = 3478 - alt_port = 3479 - } - command = "/usr/bin/turnserver" - args = [ - "-X", "82.253.205.190", - "-v", - "-f", - "-a" - ] - volumes = [ - "secrets/turnserver.conf:/etc/turnserver.conf" - ] - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/coturn/turnserver.conf.tpl?raw" - destination = "secrets/turnserver.conf.tpl" - mode = "file" - } - - template { - source = "secrets/turnserver.conf.tpl" - destination = "secrets/turnserver.conf" - } - - resources { - memory = 50 - network { - port "main_port" { - static = "3478" - } - port "alt_port" { - static = "3479" - } - } - } - - service { - tags = [ - "coturn", - "matrix" - ] - port = "main_port" - address_mode = "host" - name = "coturn" - check { - type = "tcp" - port = "main_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - } - } -*/ - -} - diff --git a/nomad/jitsi.hcl b/nomad/jitsi.hcl deleted file mode 100644 index 4ef2f98..0000000 --- a/nomad/jitsi.hcl +++ /dev/null @@ -1,258 +0,0 @@ -/* - * WIP WIP WIP WIP - * - * + NEED TO SET ENV VARIABLES - */ - -job "jitsi" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "core" { - task "xmpp" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_xmpp:v1" - network_mode = "host" - port_map { - xmpp_port = 5222 - ext_port = 5347 - bosh_port = 5280 - } - } - - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" - } - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key" - } - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" - } - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.key" - } - artifact { - source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" - destination = "secrets/global_env.tpl" - mode = "file" - } - template { - source = "secrets/global_env.tpl" - destination = "secrets/global_env" - env = true - } - - resources { - cpu = 300 - memory = 200 - network { - port "xmpp_port" { - static = "5222" - } - port "ext_port" { - static = "5347" - } - port "bosh_port" { - static = "5280" - } - } - } - - service { - tags = [ - "jitsi" - ] - port = "bosh_port" - address_mode = "host" - name = "jitsi-xmpp-bosh" - check { - type = "tcp" - port = "bosh_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - - task "front" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_front:v5" - network_mode = "host" - port_map { - https_port = 443 - } - } - - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" - } - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.key" - } - artifact { - source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" - destination = "secrets/global_env.tpl" - mode = "file" - } - template { - source = "secrets/global_env.tpl" - destination = "secrets/global_env" - env = true - } - - resources { - cpu = 300 - memory = 200 - network { - port "https_port" { - static = "443" - } - } - } - - service { - tags = [ - "jitsi", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/", - "traefik.protocol=https" - ] - port = "https_port" - address_mode = "host" - name = "jitsi-front-https" - check { - type = "tcp" - port = "https_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - - task "jicofo" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_conference_focus:v2" - network_mode = "host" - } - - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" - } - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" - } - artifact { - source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" - destination = "secrets/global_env.tpl" - mode = "file" - } - template { - source = "secrets/global_env.tpl" - destination = "secrets/global_env" - env = true - } - - resources { - cpu = 300 - memory = 400 - } - } - - task "videobridge" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_videobridge:v9" - network_mode = "host" - port_map { - video1_port = 8080 - video2_port = 10000 - } - ulimit { - nofile = "1048576:1048576" - nproc = "65536:65536" - } - } - - env { - #JITSI_DEBUG = 1 - JITSI_VIDEO_TCP = 8080 - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" - destination = "secrets/global_env.tpl" - mode = "file" - } - template { - source = "secrets/global_env.tpl" - destination = "secrets/global_env" - env = true - } - - resources { - cpu = 900 - memory = 1500 - network { - port "video1_port" { - static = "8080" - } - port "video2_port" { - static = "10000" - } - } - - } - - service { - tags = [ - "jitsi", - "(diplonat (tcp_port 8080) (udp_port 10000))" - ] - port = "video1_port" - address_mode = "host" - name = "jitsi-videobridge-video1" - check { - type = "tcp" - port = "video1_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - - } -} - diff --git a/nomad/mariadb.hcl b/nomad/mariadb.hcl deleted file mode 100644 index 2b9be7e..0000000 --- a/nomad/mariadb.hcl +++ /dev/null @@ -1,69 +0,0 @@ -job "mariadb" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "main" { - count = 1 - task "server" { - driver = "docker" - config { - image = "superboum/amd64_mariadb:v3" - port_map { - mariadb_port = 3306 - } - command = "tail" - args = [ - "-f", "/var/log/mysql/error.log", - ] - volumes = [ - "/mnt/glusterfs/mariadb/main/server:/var/lib/mysql", - ] - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/mariadb/main/env.tpl?raw" - destination = "secrets/env.tpl" - mode = "file" - } - template { - source = "secrets/env.tpl" - destination = "secrets/env" - env = true - } - - - resources { - memory = 800 - network { - port "mariadb_port" { - static = "3306" - } - } - } - - service { - tags = ["mariadb"] - port = "mariadb_port" - address_mode = "host" - name = "mariadb" - check { - type = "tcp" - port = "mariadb_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/nomad/nextcloud.hcl b/nomad/nextcloud.hcl deleted file mode 100644 index 2cc4f5f..0000000 --- a/nomad/nextcloud.hcl +++ /dev/null @@ -1,67 +0,0 @@ -job "nextcloud" { - datacenters = ["dc1", "belair"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "nextcloud" { - count = 1 - task "nextcloud" { - driver = "docker" - config { - image = "lxpz/deuxfleurs_nextcloud_amd64:8" - port_map { - web_port = 80 - } - volumes = [ - "secrets/config.php:/var/www/html/config/config.php" - ] - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/nextcloud/config.php.tpl?raw" - destination = "secrets/config.php.tpl" - mode = "file" - } - template { - source = "secrets/config.php.tpl" - destination = "secrets/config.php" - } - - resources { - memory = 1000 - cpu = 2000 - network { - port "web_port" {} - } - } - - service { - name = "nextcloud" - tags = [ - "nextcloud", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/nomad/object_storage.hcl b/nomad/object_storage.hcl deleted file mode 100644 index fa40c4b..0000000 --- a/nomad/object_storage.hcl +++ /dev/null @@ -1,159 +0,0 @@ -job "not_safe_object_storage" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "not_safe_pithos" { - count = 2 - task "not_safe_server" { - driver = "docker" - config { - image = "superboum/amd64_pithos:v1" - readonly_rootfs = true - port_map { - s3_port = 8080 - } - volumes = [ - "secrets/pithos.yaml:/etc/pithos/pithos.yaml" - ] - } - - resources { - memory = 500 - network { - port "s3_port" { - static = "8080" - } - } - } - - template { - data = <<EOH -service: - host: '0.0.0.0' - port: 8080 - - -## logging configuration -## --------------------- -logging: - level: info - console: true - files: [] - -# overrides: -# io.exo.pithos: debug - - -## global options -## -------------- -options: - service-uri: 's3.esir.deuxfleurs.fr' - reporting: true - server-side-encryption: true - multipart-upload: true - masterkey-provisioning: true - masterkey-access: true - default-region: 'FR-RN1' - - -## keystore configuration -## ---------------------- -# -# Keystores associate an access key with -# an organization and secret key. -# -# They may offer provisioning capacities with the -# masterkey. The default provider relies on keys -# being defined inline. -# generate access key: openssl rand -base64 24 -# generate secret key: openssl rand -base64 39 -# (size is arbitrary) -keystore: - keys: - NHu3glGc0lj5FL5AZPTvgjB20tb9w4Eo: - master: true - tenant: 'pyr@spootnik.org' - secret: 'fpyehmZsimMHeYScjwTUREzvIOICeRZiO01Dck0JIKEifKdwOT3T' - rXNoqKXY45RcxpBOKy8i4H8fqGzlHIZu: - tenant: 'exoscale' - secret: 'qtQlWujN70Ukh9IvIbqIM3Zqos/5aU72hOhLCXblQ0PmfYsGO8lU' - - -## bucketstore configuration -## ------------------------- -# -# The bucketstore is ring global and contains information -# on bucket location and global parameters. -# -# Its primary aim is to hold bucket location and ownership -# information. -# -# The default provider relies on cassandra. -bucketstore: - default-region: 'FR-RN1' - cluster: - - 148.60.11.181 - - 148.60.11.183 - - 148.60.11.237 - keyspace: 'storage' - - -## regions -## ------- -# -# Regions are composed of a metastore and an arbitrary number -# of named storage classes which depend on a blobstore. -# -# The metastore holds metadata for the full region, as well as -# object storage-class placement information. -# -# The default implementation of both metastore and blobstore -# rely on cassandra. -# -regions: - FR-RN1: - metastore: - cluster: - - 148.60.11.181 - - 148.60.11.183 - - 148.60.11.237 - keyspace: 'storage' - storage-classes: - standard: - cluster: - - 148.60.11.181 - - 148.60.11.183 - - 148.60.11.237 - keyspace: 'storage' - max-chunk: '128k' - max-block-chunks: 1024 -EOH - destination = "secrets/pithos.yaml" - } - - service { - tags = ["pithos"] - port = "s3_port" - address_mode = "host" - name = "pithos" - check { - type = "tcp" - port = "s3_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "300s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/nomad/platoo.hcl b/nomad/platoo.hcl deleted file mode 100644 index 0502934..0000000 --- a/nomad/platoo.hcl +++ /dev/null @@ -1,64 +0,0 @@ -job "platoo" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "core" { - task "nodejs" { - driver = "docker" - config { - image = "victormoi/platoo:v1" - force_pull = true - port_map { - web_port = 8080 - } - } - - template { - data = <<EOH -user=platoo -host=psql-proxy.service.2.cluster.deuxfleurs.fr -database=platoodb -password={{ key "secrets/platoo/bddpw" | trimSpace }} -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 400 - network { - port "web_port" {} - } - } - - service { - tags = [ - "platoo", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:platoo.deuxfleurs.fr;PathPrefix:/" - ] - port = "web_port" - address_mode = "host" - name = "platoo" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/nomad/postgres.hcl b/nomad/postgres.hcl deleted file mode 100644 index 456156e..0000000 --- a/nomad/postgres.hcl +++ /dev/null @@ -1,145 +0,0 @@ -job "postgres" { - datacenters = ["dc1"] - type = "system" - priority = 90 - - update { - max_parallel = 1 - stagger = "5m" - } - - group "postgres" { - task "sentinel" { - driver = "docker" - - config { - image = "superboum/amd64_postgres:v3" - readonly_rootfs = false - command = "/usr/local/bin/stolon-sentinel" - args = [ - "--cluster-name", "pissenlit", - "--store-backend", "consul", - "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", - ] - } - resources { - memory = 100 - } - } - - task "proxy" { - driver = "docker" - - config { - image = "superboum/amd64_postgres:v3" - readonly_rootfs = false - command = "/usr/local/bin/stolon-proxy" - args = [ - "--cluster-name", "pissenlit", - "--store-backend", "consul", - "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", - "--port", "5432", - "--listen-address", "0.0.0.0" - ] - port_map { - psql_proxy_port = 5432 - } - } - - resources { - memory = 100 - network { - port "psql_proxy_port" { - static = 5432 - } - } - } - - service { - tags = ["sql"] - port = "psql_proxy_port" - address_mode = "host" - name = "psql-proxy" - check { - type = "tcp" - port = "psql_proxy_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "10m" - ignore_warnings = false - } - } - } - } - - task "keeper" { - driver = "docker" - - config { - network_mode = "host" - image = "superboum/amd64_postgres:v3" - readonly_rootfs = false - command = "/usr/local/bin/stolon-keeper" - args = [ - "--cluster-name", "pissenlit", - "--store-backend", "consul", - "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", - "--data-dir", "/mnt/persist", - "--pg-su-password", "${PG_SU_PWD}", - "--pg-repl-username", "${PG_REPL_USER}", - "--pg-repl-password", "${PG_REPL_PWD}", - "--pg-listen-address", "${attr.unique.network.ip-address}", - "--pg-port", "5433", - "--pg-bin-path", "/usr/lib/postgresql/9.6/bin/" - ] - port_map { - psql_port = 5433 - } - volumes = [ - "/mnt/ssd/postgres:/mnt/persist" - ] - } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/postgres/keeper/env.tpl?raw" - destination = "secrets/env.tpl" - mode = "file" - } - template { - source = "secrets/env.tpl" - destination = "secrets/env" - env = true - } - - resources { - memory = 500 - network { - port "psql_port" { - static = "5433" - } - } - } - - service { - tags = ["sql"] - port = "psql_port" - address_mode = "host" - name = "keeper" - check { - type = "tcp" - port = "psql_port" - interval = "60s" - timeout = "5s" - - check_restart { - limit = 3 - grace = "60m" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/nomad/science.hcl b/nomad/science.hcl deleted file mode 100644 index 81e398a..0000000 --- a/nomad/science.hcl +++ /dev/null @@ -1,58 +0,0 @@ -job "science" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "diagnet" { - task "main" { - driver = "docker" - config { - image = "lesterpig/diagnet-landmark:latest" - args = [ - "-name", "landmark-deuxfleurs", - "-chrome", "-chrome-interval", "60m", - "-http", ":8000" - ] - port_map { - web_port = 8000 - } - } - - resources { - cpu = 1000 - memory = 1200 - network { - port "web_port" {} - } - } - - service { - tags = [ - "diagnet", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/" - ] - port = "web_port" - address_mode = "host" - name = "diagnet" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/nomad/seafile.hcl b/nomad/seafile.hcl deleted file mode 100644 index e22699c..0000000 --- a/nomad/seafile.hcl +++ /dev/null @@ -1,174 +0,0 @@ -job "seafile" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "main" { - count = 1 - task "server" { - driver = "docker" - config { - image = "superboum/amd64_seafile:v6" - - ## cmd + args are used for running an instance attachable for update - # command = "/bin/sleep" - # args = ["999999"] - - port_map { - seahub_port = 8000 - seafdav_port = 8084 - seafhttp_port = 8082 - } - - mounts = [ - { - type = "bind" - source = "/mnt/glusterfs/seafile" - target = "/mnt/seafile-data" - } - ] - - volumes = [ - "secrets/conf:/srv/webstore/conf", - "secrets/ccnet:/srv/webstore/ccnet" - ] - } - - resources { - memory = 512 - network { - port "seahub_port" {} - port "seafhttp_port" {} - port "seafdav_port" {} - } - } - - service { - tags = [ - "seafile", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/" - ] - port = "seahub_port" - address_mode = "host" - name = "seahub" - check { - type = "tcp" - port = "seahub_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - tags = [ - "seafile", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp" - - ] - port = "seafhttp_port" - address_mode = "host" - name = "seafhttp" - check { - type = "tcp" - port = "seafhttp_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - tags = [ - "seafile", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav" - - ] - port = "seafdav_port" - address_mode = "host" - name = "seafdav" - check { - type = "tcp" - port = "seafdav_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/ccnet.conf.tpl?raw" - destination = "secrets/conf/ccnet.conf.tpl" - mode = "file" - } - template { - source = "secrets/conf/ccnet.conf.tpl" - destination = "secrets/conf/ccnet.conf" - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/seafile.conf.tpl?raw" - destination = "secrets/conf/seafile.conf.tpl" - mode = "file" - } - template { - source = "secrets/conf/seafile.conf.tpl" - destination = "secrets/conf/seafile.conf" - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/seahub_settings.py.tpl?raw" - destination = "secrets/conf/seahub_settings.py.tpl" - mode = "file" - } - template { - source = "secrets/conf/seahub_settings.py.tpl" - destination = "secrets/conf/seahub_settings.py" - } - - template { - data = "{{ key \"configuration/seafile/ccnet/mykey.peer\" }}" - destination = "secrets/ccnet/mykey.peer" - } - template { - data = "{{ key \"configuration/seafile/ccnet/seafile.ini\" }}" - destination = "secrets/ccnet/seafile.ini" - } - template { - data = "{{ key \"configuration/seafile/conf/mykey.peer\" }}" - destination = "secrets/conf/mykey.peer" - } - template { - data = "{{ key \"configuration/seafile/conf/seafdav.conf\" }}" - destination = "secrets/conf/seafdav.conf" - } - template { - data = "{{ key \"configuration/seafile/conf/gunicorn.conf\" }}" - destination = "secrets/conf/gunicorn.conf" - } - } - } -} - diff --git a/nomad/traefik.hcl b/nomad/traefik.hcl deleted file mode 100644 index a0803e4..0000000 --- a/nomad/traefik.hcl +++ /dev/null @@ -1,68 +0,0 @@ -job "frontend" { - datacenters = ["dc1"] - type = "service" - - group "traefik" { - task "server" { - driver = "docker" - - config { - image = "amd64/traefik:1.7.20" - readonly_rootfs = true - port_map { - https_port = 443 - http_port = 80 - adm_port = 8082 - } - volumes = [ - "secrets/traefik.toml:/etc/traefik/traefik.toml", - ] - } - - resources { - memory = 265 - network { - port "https_port" { - static = "443" - } - port "http_port" { - static = "80" - } - port "adm_port" { - static = "8082" - } - } - } - - service { - tags = [ - "https", - "frontend", - "(diplonat (tcp_port 80 443))" - ] - port = "https_port" - address_mode = "host" - name = "traefik" - check { - type = "http" - protocol = "http" - port = "adm_port" - path = "/ping" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - template { - data = "{{ key \"configuration/traefik/traefik.toml\" }}" - destination = "secrets/traefik.toml" - } - } - } -} - diff --git a/nomad/web_static.hcl b/nomad/web_static.hcl deleted file mode 100644 index c935b2a..0000000 --- a/nomad/web_static.hcl +++ /dev/null @@ -1,113 +0,0 @@ -job "web_static" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "landing" { - task "server" { - driver = "docker" - config { - image = "superboum/amd64_webpull_pug:v4" - port_map { - web_port = 8080 - } - } - - template { - data = <<EOH -WEBPULL_REPO="https://git.deuxfleurs.fr/Deuxfleurs/site.git" -WEBPULL_TOKEN="{{ key "secrets/web/home_token" | trimSpace }}" -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 200 - network { - port "web_port" {} - } - } - - service { - tags = [ - "webstatic", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/", - "traefik.frontend.priority=10" - ] - port = "web_port" - address_mode = "host" - name = "landing" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - - group "quentin" { - task "server" { - driver = "docker" - config { - image = "superboum/amd64_webpull_ruby:v1" - port_map { - web_port = 8080 - } - } - - template { - data = <<EOH -WEBPULL_REPO="https://git.deuxfleurs.fr/quentin/quentin.dufour.io.git" -WEBPULL_TOKEN="{{ key "secrets/web/quentin.dufour.io_token" | trimSpace }}" -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 500 - network { - port "web_port" {} - } - } - - service { - tags = [ - "webstatic", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:quentin.dufour.io,www.quentin.dufour.io;PathPrefix:/" - ] - port = "web_port" - address_mode = "host" - name = "blog-quentin" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/nomad/webcap.hcl b/nomad/webcap.hcl deleted file mode 100644 index 1246b76..0000000 --- a/nomad/webcap.hcl +++ /dev/null @@ -1,56 +0,0 @@ -job "webcap" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "main" { - task "flask" { - driver = "docker" - config { - image = "superboum/amd64_webcap:v7" - port_map { - web_port = 3000 - } - } - env { - FLASK_APP = "/usr/local/bin/webcap" - } - - resources { - cpu = 1000 - memory = 2000 - network { - port "web_port" {} - } - } - - service { - tags = [ - "webcap", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:webcap.deuxfleurs.fr;PathPrefix:/" - ] - port = "web_port" - address_mode = "host" - name = "webcap" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - |