diff options
Diffstat (limited to 'app/deployment')
| -rw-r--r-- | app/deployment/bottin2.hcl | 116 | ||||
| -rw-r--r-- | app/deployment/core.hcl | 43 | ||||
| -rw-r--r-- | app/deployment/email.hcl | 475 | ||||
| -rw-r--r-- | app/deployment/garage.hcl | 99 | ||||
| -rw-r--r-- | app/deployment/im.hcl | 361 | ||||
| -rw-r--r-- | app/deployment/jitsi.hcl | 258 | ||||
| -rw-r--r-- | app/deployment/mariadb.hcl | 69 | ||||
| -rw-r--r-- | app/deployment/nextcloud.hcl | 67 | ||||
| -rw-r--r-- | app/deployment/object_storage.hcl | 159 | ||||
| -rw-r--r-- | app/deployment/platoo.hcl | 64 | ||||
| -rw-r--r-- | app/deployment/postgres.hcl | 145 | ||||
| -rw-r--r-- | app/deployment/science.hcl | 58 | ||||
| -rw-r--r-- | app/deployment/seafile.hcl | 174 | ||||
| -rw-r--r-- | app/deployment/traefik.hcl | 68 | ||||
| -rw-r--r-- | app/deployment/web_static.hcl | 113 | ||||
| -rw-r--r-- | app/deployment/webcap.hcl | 56 |
16 files changed, 2325 insertions, 0 deletions
diff --git a/app/deployment/bottin2.hcl b/app/deployment/bottin2.hcl new file mode 100644 index 0000000..85bda59 --- /dev/null +++ b/app/deployment/bottin2.hcl @@ -0,0 +1,116 @@ +job "directory2" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "bottin" { + count = 1 + task "bottin" { + driver = "docker" + config { + image = "lxpz/bottin_amd64:14" + readonly_rootfs = true + port_map { + ldap_port = 1389 + } + volumes = [ + "secrets/config.json:/config.json" + ] + } + + resources { + memory = 100 + network { + port "ldap_port" { + static = "389" + } + } + } + + template { + data = "{{ key \"configuration/directory/bottin/config.json\" }}" + destination = "secrets/config.json" + } + + service { + tags = ["bottin"] + port = "ldap_port" + address_mode = "host" + name = "bottin2" + check { + type = "tcp" + port = "ldap_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + + group "guichet" { + count = 1 + task "guichet" { + driver = "docker" + config { + image = "lxpz/guichet_amd64:10" + readonly_rootfs = true + port_map { + web_port = 9991 + } + volumes = [ + "secrets/config.json:/config.json" + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/directory/guichet/config.json.tpl?raw" + destination = "secrets/config.json.tpl" + mode = "file" + } + template { + source = "secrets/config.json.tpl" + destination = "secrets/config.json" + } + + resources { + memory = 200 + network { + port "web_port" {} + } + } + + service { + name = "guichet" + tags = [ + "guichet", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:guichet.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/deployment/core.hcl b/app/deployment/core.hcl new file mode 100644 index 0000000..43774a6 --- /dev/null +++ b/app/deployment/core.hcl @@ -0,0 +1,43 @@ +job "core" { + datacenters = ["dc1"] + type = "system" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + update { + max_parallel = 1 + stagger = "1m" + } + + group "network" { + task "diplonat" { + driver = "docker" + + config { + image = "darkgallium/amd64_diplonat:v2" + network_mode = "host" + readonly_rootfs = true + privileged = true + } + + template { + data = <<EOH +DIPLONAT_PRIVATE_IP={{ env "attr.unique.network.ip-address" }} +DIPLONAT_REFRESH_TIME=60 +DIPLONAT_EXPIRATION_TIME=300 +DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} +RUST_LOG=debug +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 40 + } + } + } +} diff --git a/app/deployment/email.hcl b/app/deployment/email.hcl new file mode 100644 index 0000000..86c4d87 --- /dev/null +++ b/app/deployment/email.hcl @@ -0,0 +1,475 @@ +job "email" { + datacenters = ["dc1"] + type = "service" + + group "dovecot" { + count = 1 + task "server" { + driver = "docker" + + config { + image = "superboum/amd64_dovecot:v2" + readonly_rootfs = false + port_map { + auth_port = 1337 + imaps_port = 993 + imap_port = 143 + lmtp_port = 24 + } + command = "dovecot" + args = [ "-F" ] + volumes = [ + "secrets/ssl/certs:/etc/ssl/certs", + "secrets/ssl/private:/etc/ssl/private", + "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf", + "/mnt/glusterfs/email/mail:/var/mail/", + ] + } + + env { + TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" + } + + resources { + cpu = 100 + memory = 200 + network { + mbits = 1 + port "auth_port" { + static = "1337" + } + port "imap_port" { + static = "143" + } + port "imaps_port" { + static = "993" + } + port "lmtp_port" { + static = "24" + } + } + } + + service { + name = "dovecot-auth" + port = "auth_port" + address_mode = "host" + tags = [ + "dovecot", + ] + check { + type = "tcp" + port = "auth_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "dovecot-imap" + port = "imap_port" + address_mode = "host" + tags = [ + "dovecot" + ] + check { + type = "tcp" + port = "imap_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "dovecot-imaps" + port = "imaps_port" + address_mode = "host" + tags = [ + "dovecot", + "(diplonat (tcp_port 993))" + ] + + check { + type = "tcp" + port = "imaps_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "dovecot-lmtp" + port = "lmtp_port" + address_mode = "host" + tags = [ + "dovecot", + ] + + check { + type = "tcp" + port = "lmtp_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw" + destination = "secrets/conf/dovecot-ldap.conf.tpl" + mode = "file" + } + template { + source = "secrets/conf/dovecot-ldap.conf.tpl" + destination = "secrets/conf/dovecot-ldap.conf" + perms = "400" + } + + template { + data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}" + destination = "secrets/ssl/certs/dovecot.crt" + perms = "400" + } + template { + data = "{{ key \"configuration/email/dovecot/dovecot.key\" }}" + destination = "secrets/ssl/private/dovecot.key" + perms = "400" + } + } + } + + group "opendkim" { + count = 1 + task "server" { + driver = "docker" + + config { + image = "superboum/amd64_opendkim:v1" + readonly_rootfs = false + port_map { + dkim_port = 8999 + } + command = "opendkim" + args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ] + volumes = [ + "secrets/dkim:/etc/dkim", + "/dev/log:/dev/log", + ] + } + + resources { + cpu = 100 + memory = 50 + network { + mbits = 1 + port "dkim_port" { + static = "8999" + } + } + } + + service { + name = "opendkim" + port = "dkim_port" + address_mode = "host" + tags = [ + "opendkim", + ] + check { + type = "tcp" + port = "dkim_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + template { + data = "{{ key \"configuration/email/dkim/keytable\" }}" + destination = "secrets/dkim/keytable" + } + template { + data = "{{ key \"configuration/email/dkim/signingtable\" }}" + destination = "secrets/dkim/signingtable" + } + template { + data = "{{ key \"configuration/email/dkim/smtp.private\" }}" + destination = "secrets/dkim/smtp.private" + perms = "600" + } + template { + data = "{{ key \"configuration/email/dkim/smtp.txt\" }}" + destination = "secrets/dkim/smtp.txt" + } + template { + data = "{{ key \"configuration/email/dkim/trusted\" }}" + destination = "secrets/dkim/trusted" + } + } + } + + group "postfix" { + count = 1 + task "server" { + driver = "docker" + + config { + image = "superboum/amd64_postfix:v1" + readonly_rootfs = false + port_map { + smtp_port = 25 + smtps_port = 465 + submission_port = 587 + } + command = "postfix" + args = [ "start-fg" ] + volumes = [ + "secrets/ssl/certs:/etc/ssl/certs", + "secrets/ssl/private:/etc/ssl/private", + "secrets/postfix:/etc/postfix-conf", + "/dev/log:/dev/log" + ] + } + + env { + TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" + MAILNAME = "smtp.deuxfleurs.fr", + } + + resources { + cpu = 100 + memory = 200 + network { + mbits = 1 + port "smtp_port" { + static = "25" + } + port "smtps_port" { + static = "465" + } + port "submission_port" { + static = "587" + } + } + } + + service { + name = "postfix-smtp" + port = "smtp_port" + address_mode = "host" + tags = [ + "postfix", + "(diplonat (tcp_port 25 465 587))" + ] + check { + type = "tcp" + port = "smtp_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "postfix-smtps" + port = "smtps_port" + address_mode = "host" + tags = [ + "postfix", + ] + + check { + type = "tcp" + port = "smtps_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "postfix-submission" + port = "submission_port" + address_mode = "host" + tags = [ + "postfix", + ] + + check { + type = "tcp" + port = "submission_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-account.cf.tpl?raw" + destination = "secrets/postfix/ldap-account.cf.tpl" + mode = "file" + } + template { + source = "secrets/postfix/ldap-account.cf.tpl" + destination = "secrets/postfix/ldap-account.cf" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-alias.cf.tpl?raw" + destination = "secrets/postfix/ldap-alias.cf.tpl" + mode = "file" + } + template { + source = "secrets/postfix/ldap-alias.cf.tpl" + destination = "secrets/postfix/ldap-alias.cf" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-virtual-domains.cf.tpl?raw" + destination = "secrets/postfix/ldap-virtual-domains.cf.tpl" + mode = "file" + } + template { + source = "secrets/postfix/ldap-virtual-domains.cf.tpl" + destination = "secrets/postfix/ldap-virtual-domains.cf" + } + + + template { + data = "{{ key \"configuration/email/postfix/postfix.crt\" }}" + destination = "secrets/ssl/certs/postfix.crt" + perms = "400" + } + template { + data = "{{ key \"configuration/email/postfix/postfix.key\" }}" + destination = "secrets/ssl/private/postfix.key" + perms = "400" + } + template { + data = "{{ key \"configuration/email/postfix/dynamicmaps.cf\" }}" + destination = "secrets/postfix/dynamicmaps.cf" + } + template { + data = "{{ key \"configuration/email/postfix/header_checks\" }}" + destination = "secrets/postfix/header_checks" + } + template { + data = "{{ key \"configuration/email/postfix/main.cf\" }}" + destination = "secrets/postfix/main.cf" + } + template { + data = "{{ key \"configuration/email/postfix/master.cf\" }}" + destination = "secrets/postfix/master.cf" + } + template { + data = "{{ key \"configuration/email/postfix/transport\" }}" + destination = "secrets/postfix/transport" + } + template { + data = "{{ key \"configuration/email/postfix/transport.db\" }}" + destination = "secrets/postfix/transport.db" + } + } + } + + group "sogo" { + count = 1 + task "bundle" { + + driver = "docker" + + config { + image = "superboum/amd64_sogo:v7" + readonly_rootfs = false + port_map { + sogo_web_port = 8080 + } + volumes = [ + "secrets/sogo.conf:/etc/sogo/sogo.conf", + ] + } + env { + FAKE = 2 + } + + /* Workaround as there is no consul source and no way to template recursively... */ + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/email/sogo/sogo.conf.tpl?raw" + destination = "secrets/tpl/sogo.conf.tpl" + mode = "file" + } + template { + source = "secrets/tpl/sogo.conf.tpl" + destination = "secrets/sogo.conf" + } + + resources { + cpu = 200 + memory = 1000 + network { + mbits = 1 + port "sogo_web_port" {} + } + } + + service { + name = "sogo" + port = "sogo_web_port" + address_mode = "host" + tags = [ + "sogo", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:www.sogo.deuxfleurs.fr,sogo.deuxfleurs.fr;PathPrefix:/" + ] + check { + type = "tcp" + port = "sogo_web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "5m" + ignore_warnings = false + } + } + } + + } + } +} diff --git a/app/deployment/garage.hcl b/app/deployment/garage.hcl new file mode 100644 index 0000000..3478706 --- /dev/null +++ b/app/deployment/garage.hcl @@ -0,0 +1,99 @@ +job "garage" { + datacenters = ["dc1", "belair", "saturne"] + type = "system" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "garage" { + task "server" { + driver = "docker" + config { + image = "lxpz/garage_amd64:4" + port_map { + rpc_port = 3901 + api_port = 3900 + } + volumes = [ + "/mnt/storage/garage/data:/garage/data", + "/mnt/ssd/garage/meta:/garage/meta", + "secrets/garage.toml:/garage/config.toml", + "secrets/garage-ca.crt:/garage/garage-ca.crt", + "secrets/garage.crt:/garage/garage.crt", + "secrets/garage.key:/garage/garage.key", + ] + } + + template { + data = "{{ key \"configuration/garage/garage.toml\" }}" + destination = "secrets/garage.toml" + } + template { + data = "{{ key \"secrets/garage/garage-ca.crt\" }}" + destination = "secrets/garage-ca.crt" + } + template { + data = "{{ key \"secrets/garage/garage.crt\" }}" + destination = "secrets/garage.crt" + } + template { + data = "{{ key \"secrets/garage/garage.key\" }}" + destination = "secrets/garage.key" + } + + resources { + memory = 500 + cpu = 1000 + network { + port "rpc_port" { + static = "3901" + } + port "api_port" {} + } + } + + service { + tags = [ + "garage_api", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:garage.deuxfleurs.fr" + ] + port = "api_port" + address_mode = "host" + name = "garage-api" + check { + type = "tcp" + port = "api_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + tags = ["garage-rpc"] + port = "rpc_port" + address_mode = "host" + name = "garage-rpc" + check { + type = "tcp" + port = "rpc_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} diff --git a/app/deployment/im.hcl b/app/deployment/im.hcl new file mode 100644 index 0000000..53b81d1 --- /dev/null +++ b/app/deployment/im.hcl @@ -0,0 +1,361 @@ +job "im" { + datacenters = ["dc1"] + type = "service" + + group "matrix" { + count = 1 + task "synapse" { + driver = "docker" + + config { + image = "superboum/amd64_synapse:v33" + readonly_rootfs = true + port_map { + client_port = 8008 + federation_port = 8448 + } + command = "python" + args = [ + "-m", "synapse.app.homeserver", + "-n", + "-c", "/etc/matrix-synapse/homeserver.yaml" + ] + volumes = [ + "secrets/conf:/etc/matrix-synapse", + "/mnt/glusterfs/chat/matrix/synapse/media:/var/lib/matrix-synapse/media", + "/mnt/glusterfs/chat/matrix/synapse/uploads:/var/lib/matrix-synapse/uploads", + "/tmp/synapse-logs:/var/log/matrix-synapse", + "/tmp/synapse:/tmp" + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/chat/synapse/homeserver.yaml?raw" + destination = "secrets/tpl/homeserver.yaml.tpl" + mode = "file" + } + template { + source = "secrets/tpl/homeserver.yaml.tpl" + destination = "secrets/conf/homeserver.yaml" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/registration.yaml.tpl?raw" + destination = "secrets/tpl/easybridge_registration.yaml.tpl" + mode = "file" + } + template { + source = "secrets/tpl/easybridge_registration.yaml.tpl" + destination = "secrets/conf/easybridge_registration.yaml" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/chat/fb2mx/registration.yaml?raw" + destination = "secrets/tpl/fb2mx_registration.yaml.tpl" + mode = "file" + } + template { + source = "secrets/tpl/fb2mx_registration.yaml.tpl" + destination = "secrets/conf/fb2mx_registration.yaml" + } + + template { + data = "{{ key \"configuration/chat/synapse/log.yaml\" }}" + destination = "secrets/conf/log.yaml" + } + template { + data = "{{ key \"configuration/chat/synapse/conf.d/server_name.yaml\" }}" + destination = "secrets/conf/server_name.yaml" + } + template { + data = "{{ key \"configuration/chat/synapse/conf.d/report_stats.yaml\" }}" + destination = "secrets/conf/report_stats.yaml" + } + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}" + destination = "secrets/conf/homeserver.tls.crt" + } + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}" + destination = "secrets/conf/homeserver.tls.dh" + } + template { + data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}" + destination = "secrets/conf/homeserver.tls.key" + } + template { + data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}" + destination = "secrets/conf/homeserver.signing.key" + } + + env { + SYNAPSE_CACHE_FACTOR = 1 + } + + resources { + cpu = 1000 + memory = 4000 + network { + port "client_port" { } + port "federation_port" { } + } + } + + service { + name = "synapse-client" + port = "client_port" + address_mode = "host" + tags = [ + "matrix", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix", + "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *", + "traefik.frontend.priority=100" + ] + check { + type = "tcp" + port = "client_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "synapse-federation" + port = "federation_port" + address_mode = "host" + tags = [ + "matrix", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:deuxfleurs.fr;PathPrefix:/_matrix", + "traefik.frontend.priority=100" + ] + } + + } + } + + group "easybridge" { + count = 1 + task "easybridge" { + driver = "docker" + config { + image = "lxpz/easybridge_amd64:27" + port_map { + api_port = 8321 + web_port = 8281 + } + volumes = [ + "secrets/conf:/data" + ] + args = [ "./easybridge", "-config", "/data/config.json" ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/registration.yaml.tpl?raw" + destination = "secrets/tpl/registration.yaml.tpl" + mode = "file" + } + template { + source = "secrets/tpl/registration.yaml.tpl" + destination = "secrets/conf/registration.yaml" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/config.json.tpl?raw" + destination = "secrets/tpl/config.json.tpl" + mode = "file" + } + template { + source = "secrets/tpl/config.json.tpl" + destination = "secrets/conf/config.json" + } + + resources { + memory = 500 + cpu = 1000 + network { + port "api_port" { + static = "8321" + } + port "web_port" {} + } + } + + service { + name = "easybridge-api" + tags = ["easybridge-api"] + port = "api_port" + address_mode = "host" + check { + type = "tcp" + port = "api_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + name = "easybridge-web" + tags = [ + "easybridge-web", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + + + group "riotweb" { + count = 1 + + task "server" { + driver = "docker" + config { + image = "superboum/amd64_riotweb:v15" + port_map { + web_port = 8043 + } + volumes = [ + "secrets/config.json:/srv/http/config.json" + ] + } + + template { + data = "{{ key \"configuration/chat/riot_web/config.json\" }}" + destination = "secrets/config.json" + } + + resources { + memory = 21 + network { + port "web_port" {} + } + } + + service { + tags = [ + "webstatic", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:im.deuxfleurs.fr,riot.deuxfleurs.fr;PathPrefix:/", + "traefik.frontend.priority=10" + ] + port = "web_port" + address_mode = "host" + name = "webstatic" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + +/* + group "turn_stun" { + count=1 + task "coturn" { + driver = "docker" + config { + image = "registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1" + port_map { + main_port = 3478 + alt_port = 3479 + } + command = "/usr/bin/turnserver" + args = [ + "-X", "82.253.205.190", + "-v", + "-f", + "-a" + ] + volumes = [ + "secrets/turnserver.conf:/etc/turnserver.conf" + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/chat/coturn/turnserver.conf.tpl?raw" + destination = "secrets/turnserver.conf.tpl" + mode = "file" + } + + template { + source = "secrets/turnserver.conf.tpl" + destination = "secrets/turnserver.conf" + } + + resources { + memory = 50 + network { + port "main_port" { + static = "3478" + } + port "alt_port" { + static = "3479" + } + } + } + + service { + tags = [ + "coturn", + "matrix" + ] + port = "main_port" + address_mode = "host" + name = "coturn" + check { + type = "tcp" + port = "main_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + } + } +*/ + +} + diff --git a/app/deployment/jitsi.hcl b/app/deployment/jitsi.hcl new file mode 100644 index 0000000..4ef2f98 --- /dev/null +++ b/app/deployment/jitsi.hcl @@ -0,0 +1,258 @@ +/* + * WIP WIP WIP WIP + * + * + NEED TO SET ENV VARIABLES + */ + +job "jitsi" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "core" { + task "xmpp" { + driver = "docker" + config { + image = "superboum/amd64_jitsi_xmpp:v1" + network_mode = "host" + port_map { + xmpp_port = 5222 + ext_port = 5347 + bosh_port = 5280 + } + } + + template { + data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" + } + template { + data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}" + destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key" + } + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + } + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.key" + } + artifact { + source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" + destination = "secrets/global_env.tpl" + mode = "file" + } + template { + source = "secrets/global_env.tpl" + destination = "secrets/global_env" + env = true + } + + resources { + cpu = 300 + memory = 200 + network { + port "xmpp_port" { + static = "5222" + } + port "ext_port" { + static = "5347" + } + port "bosh_port" { + static = "5280" + } + } + } + + service { + tags = [ + "jitsi" + ] + port = "bosh_port" + address_mode = "host" + name = "jitsi-xmpp-bosh" + check { + type = "tcp" + port = "bosh_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + + task "front" { + driver = "docker" + config { + image = "superboum/amd64_jitsi_front:v5" + network_mode = "host" + port_map { + https_port = 443 + } + } + + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + } + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.key" + } + artifact { + source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" + destination = "secrets/global_env.tpl" + mode = "file" + } + template { + source = "secrets/global_env.tpl" + destination = "secrets/global_env" + env = true + } + + resources { + cpu = 300 + memory = 200 + network { + port "https_port" { + static = "443" + } + } + } + + service { + tags = [ + "jitsi", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/", + "traefik.protocol=https" + ] + port = "https_port" + address_mode = "host" + name = "jitsi-front-https" + check { + type = "tcp" + port = "https_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + + task "jicofo" { + driver = "docker" + config { + image = "superboum/amd64_jitsi_conference_focus:v2" + network_mode = "host" + } + + template { + data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + } + template { + data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" + destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" + } + artifact { + source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" + destination = "secrets/global_env.tpl" + mode = "file" + } + template { + source = "secrets/global_env.tpl" + destination = "secrets/global_env" + env = true + } + + resources { + cpu = 300 + memory = 400 + } + } + + task "videobridge" { + driver = "docker" + config { + image = "superboum/amd64_jitsi_videobridge:v9" + network_mode = "host" + port_map { + video1_port = 8080 + video2_port = 10000 + } + ulimit { + nofile = "1048576:1048576" + nproc = "65536:65536" + } + } + + env { + #JITSI_DEBUG = 1 + JITSI_VIDEO_TCP = 8080 + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" + destination = "secrets/global_env.tpl" + mode = "file" + } + template { + source = "secrets/global_env.tpl" + destination = "secrets/global_env" + env = true + } + + resources { + cpu = 900 + memory = 1500 + network { + port "video1_port" { + static = "8080" + } + port "video2_port" { + static = "10000" + } + } + + } + + service { + tags = [ + "jitsi", + "(diplonat (tcp_port 8080) (udp_port 10000))" + ] + port = "video1_port" + address_mode = "host" + name = "jitsi-videobridge-video1" + check { + type = "tcp" + port = "video1_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + + } +} + diff --git a/app/deployment/mariadb.hcl b/app/deployment/mariadb.hcl new file mode 100644 index 0000000..2b9be7e --- /dev/null +++ b/app/deployment/mariadb.hcl @@ -0,0 +1,69 @@ +job "mariadb" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + count = 1 + task "server" { + driver = "docker" + config { + image = "superboum/amd64_mariadb:v3" + port_map { + mariadb_port = 3306 + } + command = "tail" + args = [ + "-f", "/var/log/mysql/error.log", + ] + volumes = [ + "/mnt/glusterfs/mariadb/main/server:/var/lib/mysql", + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/mariadb/main/env.tpl?raw" + destination = "secrets/env.tpl" + mode = "file" + } + template { + source = "secrets/env.tpl" + destination = "secrets/env" + env = true + } + + + resources { + memory = 800 + network { + port "mariadb_port" { + static = "3306" + } + } + } + + service { + tags = ["mariadb"] + port = "mariadb_port" + address_mode = "host" + name = "mariadb" + check { + type = "tcp" + port = "mariadb_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/deployment/nextcloud.hcl b/app/deployment/nextcloud.hcl new file mode 100644 index 0000000..2cc4f5f --- /dev/null +++ b/app/deployment/nextcloud.hcl @@ -0,0 +1,67 @@ +job "nextcloud" { + datacenters = ["dc1", "belair"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "nextcloud" { + count = 1 + task "nextcloud" { + driver = "docker" + config { + image = "lxpz/deuxfleurs_nextcloud_amd64:8" + port_map { + web_port = 80 + } + volumes = [ + "secrets/config.php:/var/www/html/config/config.php" + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/nextcloud/config.php.tpl?raw" + destination = "secrets/config.php.tpl" + mode = "file" + } + template { + source = "secrets/config.php.tpl" + destination = "secrets/config.php" + } + + resources { + memory = 1000 + cpu = 2000 + network { + port "web_port" {} + } + } + + service { + name = "nextcloud" + tags = [ + "nextcloud", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/deployment/object_storage.hcl b/app/deployment/object_storage.hcl new file mode 100644 index 0000000..fa40c4b --- /dev/null +++ b/app/deployment/object_storage.hcl @@ -0,0 +1,159 @@ +job "not_safe_object_storage" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "not_safe_pithos" { + count = 2 + task "not_safe_server" { + driver = "docker" + config { + image = "superboum/amd64_pithos:v1" + readonly_rootfs = true + port_map { + s3_port = 8080 + } + volumes = [ + "secrets/pithos.yaml:/etc/pithos/pithos.yaml" + ] + } + + resources { + memory = 500 + network { + port "s3_port" { + static = "8080" + } + } + } + + template { + data = <<EOH +service: + host: '0.0.0.0' + port: 8080 + + +## logging configuration +## --------------------- +logging: + level: info + console: true + files: [] + +# overrides: +# io.exo.pithos: debug + + +## global options +## -------------- +options: + service-uri: 's3.esir.deuxfleurs.fr' + reporting: true + server-side-encryption: true + multipart-upload: true + masterkey-provisioning: true + masterkey-access: true + default-region: 'FR-RN1' + + +## keystore configuration +## ---------------------- +# +# Keystores associate an access key with +# an organization and secret key. +# +# They may offer provisioning capacities with the +# masterkey. The default provider relies on keys +# being defined inline. +# generate access key: openssl rand -base64 24 +# generate secret key: openssl rand -base64 39 +# (size is arbitrary) +keystore: + keys: + NHu3glGc0lj5FL5AZPTvgjB20tb9w4Eo: + master: true + tenant: 'pyr@spootnik.org' + secret: 'fpyehmZsimMHeYScjwTUREzvIOICeRZiO01Dck0JIKEifKdwOT3T' + rXNoqKXY45RcxpBOKy8i4H8fqGzlHIZu: + tenant: 'exoscale' + secret: 'qtQlWujN70Ukh9IvIbqIM3Zqos/5aU72hOhLCXblQ0PmfYsGO8lU' + + +## bucketstore configuration +## ------------------------- +# +# The bucketstore is ring global and contains information +# on bucket location and global parameters. +# +# Its primary aim is to hold bucket location and ownership +# information. +# +# The default provider relies on cassandra. +bucketstore: + default-region: 'FR-RN1' + cluster: + - 148.60.11.181 + - 148.60.11.183 + - 148.60.11.237 + keyspace: 'storage' + + +## regions +## ------- +# +# Regions are composed of a metastore and an arbitrary number +# of named storage classes which depend on a blobstore. +# +# The metastore holds metadata for the full region, as well as +# object storage-class placement information. +# +# The default implementation of both metastore and blobstore +# rely on cassandra. +# +regions: + FR-RN1: + metastore: + cluster: + - 148.60.11.181 + - 148.60.11.183 + - 148.60.11.237 + keyspace: 'storage' + storage-classes: + standard: + cluster: + - 148.60.11.181 + - 148.60.11.183 + - 148.60.11.237 + keyspace: 'storage' + max-chunk: '128k' + max-block-chunks: 1024 +EOH + destination = "secrets/pithos.yaml" + } + + service { + tags = ["pithos"] + port = "s3_port" + address_mode = "host" + name = "pithos" + check { + type = "tcp" + port = "s3_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "300s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/deployment/platoo.hcl b/app/deployment/platoo.hcl new file mode 100644 index 0000000..0502934 --- /dev/null +++ b/app/deployment/platoo.hcl @@ -0,0 +1,64 @@ +job "platoo" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "core" { + task "nodejs" { + driver = "docker" + config { + image = "victormoi/platoo:v1" + force_pull = true + port_map { + web_port = 8080 + } + } + + template { + data = <<EOH +user=platoo +host=psql-proxy.service.2.cluster.deuxfleurs.fr +database=platoodb +password={{ key "secrets/platoo/bddpw" | trimSpace }} +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 400 + network { + port "web_port" {} + } + } + + service { + tags = [ + "platoo", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:platoo.deuxfleurs.fr;PathPrefix:/" + ] + port = "web_port" + address_mode = "host" + name = "platoo" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/deployment/postgres.hcl b/app/deployment/postgres.hcl new file mode 100644 index 0000000..456156e --- /dev/null +++ b/app/deployment/postgres.hcl @@ -0,0 +1,145 @@ +job "postgres" { + datacenters = ["dc1"] + type = "system" + priority = 90 + + update { + max_parallel = 1 + stagger = "5m" + } + + group "postgres" { + task "sentinel" { + driver = "docker" + + config { + image = "superboum/amd64_postgres:v3" + readonly_rootfs = false + command = "/usr/local/bin/stolon-sentinel" + args = [ + "--cluster-name", "pissenlit", + "--store-backend", "consul", + "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", + ] + } + resources { + memory = 100 + } + } + + task "proxy" { + driver = "docker" + + config { + image = "superboum/amd64_postgres:v3" + readonly_rootfs = false + command = "/usr/local/bin/stolon-proxy" + args = [ + "--cluster-name", "pissenlit", + "--store-backend", "consul", + "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", + "--port", "5432", + "--listen-address", "0.0.0.0" + ] + port_map { + psql_proxy_port = 5432 + } + } + + resources { + memory = 100 + network { + port "psql_proxy_port" { + static = 5432 + } + } + } + + service { + tags = ["sql"] + port = "psql_proxy_port" + address_mode = "host" + name = "psql-proxy" + check { + type = "tcp" + port = "psql_proxy_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "10m" + ignore_warnings = false + } + } + } + } + + task "keeper" { + driver = "docker" + + config { + network_mode = "host" + image = "superboum/amd64_postgres:v3" + readonly_rootfs = false + command = "/usr/local/bin/stolon-keeper" + args = [ + "--cluster-name", "pissenlit", + "--store-backend", "consul", + "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", + "--data-dir", "/mnt/persist", + "--pg-su-password", "${PG_SU_PWD}", + "--pg-repl-username", "${PG_REPL_USER}", + "--pg-repl-password", "${PG_REPL_PWD}", + "--pg-listen-address", "${attr.unique.network.ip-address}", + "--pg-port", "5433", + "--pg-bin-path", "/usr/lib/postgresql/9.6/bin/" + ] + port_map { + psql_port = 5433 + } + volumes = [ + "/mnt/ssd/postgres:/mnt/persist" + ] + } + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/postgres/keeper/env.tpl?raw" + destination = "secrets/env.tpl" + mode = "file" + } + template { + source = "secrets/env.tpl" + destination = "secrets/env" + env = true + } + + resources { + memory = 500 + network { + port "psql_port" { + static = "5433" + } + } + } + + service { + tags = ["sql"] + port = "psql_port" + address_mode = "host" + name = "keeper" + check { + type = "tcp" + port = "psql_port" + interval = "60s" + timeout = "5s" + + check_restart { + limit = 3 + grace = "60m" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/deployment/science.hcl b/app/deployment/science.hcl new file mode 100644 index 0000000..81e398a --- /dev/null +++ b/app/deployment/science.hcl @@ -0,0 +1,58 @@ +job "science" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "diagnet" { + task "main" { + driver = "docker" + config { + image = "lesterpig/diagnet-landmark:latest" + args = [ + "-name", "landmark-deuxfleurs", + "-chrome", "-chrome-interval", "60m", + "-http", ":8000" + ] + port_map { + web_port = 8000 + } + } + + resources { + cpu = 1000 + memory = 1200 + network { + port "web_port" {} + } + } + + service { + tags = [ + "diagnet", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/" + ] + port = "web_port" + address_mode = "host" + name = "diagnet" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/deployment/seafile.hcl b/app/deployment/seafile.hcl new file mode 100644 index 0000000..e22699c --- /dev/null +++ b/app/deployment/seafile.hcl @@ -0,0 +1,174 @@ +job "seafile" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + count = 1 + task "server" { + driver = "docker" + config { + image = "superboum/amd64_seafile:v6" + + ## cmd + args are used for running an instance attachable for update + # command = "/bin/sleep" + # args = ["999999"] + + port_map { + seahub_port = 8000 + seafdav_port = 8084 + seafhttp_port = 8082 + } + + mounts = [ + { + type = "bind" + source = "/mnt/glusterfs/seafile" + target = "/mnt/seafile-data" + } + ] + + volumes = [ + "secrets/conf:/srv/webstore/conf", + "secrets/ccnet:/srv/webstore/ccnet" + ] + } + + resources { + memory = 512 + network { + port "seahub_port" {} + port "seafhttp_port" {} + port "seafdav_port" {} + } + } + + service { + tags = [ + "seafile", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/" + ] + port = "seahub_port" + address_mode = "host" + name = "seahub" + check { + type = "tcp" + port = "seahub_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + tags = [ + "seafile", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp" + + ] + port = "seafhttp_port" + address_mode = "host" + name = "seafhttp" + check { + type = "tcp" + port = "seafhttp_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + tags = [ + "seafile", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav" + + ] + port = "seafdav_port" + address_mode = "host" + name = "seafdav" + check { + type = "tcp" + port = "seafdav_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/ccnet.conf.tpl?raw" + destination = "secrets/conf/ccnet.conf.tpl" + mode = "file" + } + template { + source = "secrets/conf/ccnet.conf.tpl" + destination = "secrets/conf/ccnet.conf" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/seafile.conf.tpl?raw" + destination = "secrets/conf/seafile.conf.tpl" + mode = "file" + } + template { + source = "secrets/conf/seafile.conf.tpl" + destination = "secrets/conf/seafile.conf" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/seahub_settings.py.tpl?raw" + destination = "secrets/conf/seahub_settings.py.tpl" + mode = "file" + } + template { + source = "secrets/conf/seahub_settings.py.tpl" + destination = "secrets/conf/seahub_settings.py" + } + + template { + data = "{{ key \"configuration/seafile/ccnet/mykey.peer\" }}" + destination = "secrets/ccnet/mykey.peer" + } + template { + data = "{{ key \"configuration/seafile/ccnet/seafile.ini\" }}" + destination = "secrets/ccnet/seafile.ini" + } + template { + data = "{{ key \"configuration/seafile/conf/mykey.peer\" }}" + destination = "secrets/conf/mykey.peer" + } + template { + data = "{{ key \"configuration/seafile/conf/seafdav.conf\" }}" + destination = "secrets/conf/seafdav.conf" + } + template { + data = "{{ key \"configuration/seafile/conf/gunicorn.conf\" }}" + destination = "secrets/conf/gunicorn.conf" + } + } + } +} + diff --git a/app/deployment/traefik.hcl b/app/deployment/traefik.hcl new file mode 100644 index 0000000..a0803e4 --- /dev/null +++ b/app/deployment/traefik.hcl @@ -0,0 +1,68 @@ +job "frontend" { + datacenters = ["dc1"] + type = "service" + + group "traefik" { + task "server" { + driver = "docker" + + config { + image = "amd64/traefik:1.7.20" + readonly_rootfs = true + port_map { + https_port = 443 + http_port = 80 + adm_port = 8082 + } + volumes = [ + "secrets/traefik.toml:/etc/traefik/traefik.toml", + ] + } + + resources { + memory = 265 + network { + port "https_port" { + static = "443" + } + port "http_port" { + static = "80" + } + port "adm_port" { + static = "8082" + } + } + } + + service { + tags = [ + "https", + "frontend", + "(diplonat (tcp_port 80 443))" + ] + port = "https_port" + address_mode = "host" + name = "traefik" + check { + type = "http" + protocol = "http" + port = "adm_port" + path = "/ping" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + template { + data = "{{ key \"configuration/traefik/traefik.toml\" }}" + destination = "secrets/traefik.toml" + } + } + } +} + diff --git a/app/deployment/web_static.hcl b/app/deployment/web_static.hcl new file mode 100644 index 0000000..c935b2a --- /dev/null +++ b/app/deployment/web_static.hcl @@ -0,0 +1,113 @@ +job "web_static" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "landing" { + task "server" { + driver = "docker" + config { + image = "superboum/amd64_webpull_pug:v4" + port_map { + web_port = 8080 + } + } + + template { + data = <<EOH +WEBPULL_REPO="https://git.deuxfleurs.fr/Deuxfleurs/site.git" +WEBPULL_TOKEN="{{ key "secrets/web/home_token" | trimSpace }}" +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 200 + network { + port "web_port" {} + } + } + + service { + tags = [ + "webstatic", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/", + "traefik.frontend.priority=10" + ] + port = "web_port" + address_mode = "host" + name = "landing" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + + group "quentin" { + task "server" { + driver = "docker" + config { + image = "superboum/amd64_webpull_ruby:v1" + port_map { + web_port = 8080 + } + } + + template { + data = <<EOH +WEBPULL_REPO="https://git.deuxfleurs.fr/quentin/quentin.dufour.io.git" +WEBPULL_TOKEN="{{ key "secrets/web/quentin.dufour.io_token" | trimSpace }}" +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 500 + network { + port "web_port" {} + } + } + + service { + tags = [ + "webstatic", + "traefik.enable=true", + "traefik.frontend.entryPoints=https", + "traefik.frontend.rule=Host:quentin.dufour.io,www.quentin.dufour.io;PathPrefix:/" + ] + port = "web_port" + address_mode = "host" + name = "blog-quentin" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/deployment/webcap.hcl b/app/deployment/webcap.hcl new file mode 100644 index 0000000..1246b76 --- /dev/null +++ b/app/deployment/webcap.hcl @@ -0,0 +1,56 @@ +job "webcap" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + task "flask" { + driver = "docker" + config { + image = "superboum/amd64_webcap:v7" + port_map { + web_port = 3000 + } + } + env { + FLASK_APP = "/usr/local/bin/webcap" + } + + resources { + cpu = 1000 + memory = 2000 + network { + port "web_port" {} + } + } + + service { + tags = [ + "webcap", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:webcap.deuxfleurs.fr;PathPrefix:/" + ] + port = "web_port" + address_mode = "host" + name = "webcap" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + |