aboutsummaryrefslogtreecommitdiff
path: root/app/deployment
diff options
context:
space:
mode:
Diffstat (limited to 'app/deployment')
-rw-r--r--app/deployment/backup.hcl67
-rw-r--r--app/deployment/core.hcl44
-rw-r--r--app/deployment/directory.hcl114
-rw-r--r--app/deployment/email.hcl487
-rw-r--r--app/deployment/garage.hcl102
-rw-r--r--app/deployment/im.hcl265
-rw-r--r--app/deployment/jitsi.hcl234
-rw-r--r--app/deployment/nextcloud.hcl65
-rw-r--r--app/deployment/platoo.hcl64
-rw-r--r--app/deployment/plume.hcl69
-rw-r--r--app/deployment/postgres.hcl134
-rw-r--r--app/deployment/science.hcl58
-rw-r--r--app/deployment/seafile.hcl222
-rw-r--r--app/deployment/traefik.hcl72
-rw-r--r--app/deployment/web_static.hcl112
15 files changed, 0 insertions, 2109 deletions
diff --git a/app/deployment/backup.hcl b/app/deployment/backup.hcl
deleted file mode 100644
index 08fd923..0000000
--- a/app/deployment/backup.hcl
+++ /dev/null
@@ -1,67 +0,0 @@
-job "backup_periodic" {
- datacenters = ["dc1"]
-
- type = "batch"
-
- periodic {
- // Launch every hour
- cron = "0 * * * * *"
-
- // Do not allow overlapping runs.
- prohibit_overlap = true
- }
-
- task "backup-consul" {
- driver = "docker"
-
- config {
- image = "lxpz/backup_consul:12"
- volumes = [
- "secrets/id_ed25519:/root/.ssh/id_ed25519",
- "secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",
- "secrets/known_hosts:/root/.ssh/known_hosts"
- ]
- network_mode = "host"
- }
-
- env {
- CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
- }
-
- template {
- data = <<EOH
-TARGET_SSH_USER={{ key "secrets/backup/target_ssh_user" }}
-TARGET_SSH_PORT={{ key "secrets/backup/target_ssh_port" }}
-TARGET_SSH_HOST={{ key "secrets/backup/target_ssh_host" }}
-TARGET_SSH_DIR={{ key "secrets/backup/target_ssh_dir" }}
-EOH
-
- destination = "secrets/env_vars"
- env = true
- }
-
- template {
- data = "{{ key \"secrets/backup/id_ed25519\" }}"
- destination = "secrets/id_ed25519"
- }
- template {
- data = "{{ key \"secrets/backup/id_ed25519.pub\" }}"
- destination = "secrets/id_ed25519.pub"
- }
- template {
- data = "{{ key \"secrets/backup/target_ssh_fingerprint\" }}"
- destination = "secrets/known_hosts"
- }
-
- resources {
- memory = 200
- }
-
- restart {
- attempts = 2
- interval = "30m"
- delay = "15s"
- mode = "fail"
- }
- }
-}
diff --git a/app/deployment/core.hcl b/app/deployment/core.hcl
deleted file mode 100644
index 5b17b8e..0000000
--- a/app/deployment/core.hcl
+++ /dev/null
@@ -1,44 +0,0 @@
-job "core" {
- datacenters = ["dc1"]
- type = "system"
- priority = 90
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- update {
- max_parallel = 1
- stagger = "1m"
- }
-
- group "network" {
- task "diplonat" {
- driver = "docker"
-
- config {
- image = "darkgallium/amd64_diplonat:v2"
- network_mode = "host"
- readonly_rootfs = true
- privileged = true
- }
-
- template {
- data = <<EOH
-DIPLONAT_PRIVATE_IP={{ env "attr.unique.network.ip-address" }}
-DIPLONAT_REFRESH_TIME=60
-DIPLONAT_EXPIRATION_TIME=300
-DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
-RUST_LOG=debug
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 40
- }
- }
- }
-}
diff --git a/app/deployment/directory.hcl b/app/deployment/directory.hcl
deleted file mode 100644
index 0acc08f..0000000
--- a/app/deployment/directory.hcl
+++ /dev/null
@@ -1,114 +0,0 @@
-job "directory" {
- datacenters = ["dc1"]
- type = "service"
- priority = 90
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "bottin" {
- count = 1
-
- network {
- port "ldap_port" {
- static = 389
- to = 389
- }
- }
-
- task "bottin" {
- driver = "docker"
- config {
- image = "lxpz/bottin_amd64:20"
- network_mode = "host"
- readonly_rootfs = true
- ports = [ "ldap_port" ]
- volumes = [
- "secrets/config.json:/config.json"
- ]
- }
-
- resources {
- memory = 100
- }
-
- template {
- data = file("../config/configuration/directory/bottin/config.json")
- destination = "secrets/config.json"
- }
-
- service {
- tags = ["bottin"]
- port = "ldap_port"
- address_mode = "host"
- name = "bottin2"
- check {
- type = "tcp"
- port = "ldap_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
- group "guichet" {
- count = 1
-
- network {
- port "web_port" { to = 9991 }
- }
-
- task "guichet" {
- driver = "docker"
- config {
- image = "lxpz/guichet_amd64:10"
- readonly_rootfs = true
- ports = [ "web_port" ]
- volumes = [
- "secrets/config.json:/config.json"
- ]
- }
-
- template {
- data = file("../config/configuration/directory/guichet/config.json.tpl")
- destination = "secrets/config.json"
- }
-
- resources {
- memory = 200
- }
-
- service {
- name = "guichet"
- tags = [
- "guichet",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:guichet.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/app/deployment/email.hcl b/app/deployment/email.hcl
deleted file mode 100644
index 3d9e15b..0000000
--- a/app/deployment/email.hcl
+++ /dev/null
@@ -1,487 +0,0 @@
-job "email" {
- datacenters = ["dc1"]
- type = "service"
- priority = 65
-
- group "dovecot" {
- count = 1
-
- network {
- port "zauthentication_port" {
- static = 1337
- to = 1337
- }
- port "imaps_port" {
- static = 993
- to = 993
- }
- port "imap_port" {
- static = 143
- to = 143
- }
- port "lmtp_port" {
- static = 24
- to = 24
- }
- }
-
- task "server" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_dovecot:v2"
- readonly_rootfs = false
- ports = [ "zauthentication_port", "imaps_port", "imap_port", "lmtp_port" ]
- command = "dovecot"
- args = [ "-F" ]
- volumes = [
- "secrets/ssl/certs:/etc/ssl/certs",
- "secrets/ssl/private:/etc/ssl/private",
- "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf",
- "/mnt/glusterfs/email/mail:/var/mail/",
- ]
- }
-
- env {
- TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr"
- }
-
- resources {
- cpu = 100
- memory = 200
- }
-
- service {
- name = "dovecot-imap"
- port = "imap_port"
- tags = [
- "dovecot"
- ]
- check {
- type = "tcp"
- port = "imap_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "dovecot-imaps"
- port = "imaps_port"
- tags = [
- "dovecot",
- "(diplonat (tcp_port 993))"
- ]
-
- check {
- type = "tcp"
- port = "imaps_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "dovecot-lmtp"
- port = "lmtp_port"
- tags = [
- "dovecot",
- ]
-
- check {
- type = "tcp"
- port = "lmtp_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "dovecot-auth"
- port = "zauthentication_port"
- tags = [
- "dovecot",
- ]
- check {
- type = "tcp"
- port = "zauthentication_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- template {
- data = file("../config/configuration/email/dovecot/dovecot-ldap.conf.tpl")
- destination = "secrets/conf/dovecot-ldap.conf"
- perms = "400"
- }
-
- # ----- secrets ------
- template {
- data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
- destination = "secrets/ssl/certs/dovecot.crt"
- perms = "400"
- }
- template {
- data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
- destination = "secrets/ssl/private/dovecot.key"
- perms = "400"
- }
- }
- }
-
- group "opendkim" {
- count = 1
-
- network {
- port "dkim_port" {
- static = 8999
- to = 8999
- }
- }
-
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_opendkim:v1"
- readonly_rootfs = false
- ports = [ "dkim_port" ]
- command = "opendkim"
- args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ]
- volumes = [
- "secrets/dkim:/etc/dkim",
- "/dev/log:/dev/log",
- ]
- }
-
- resources {
- cpu = 100
- memory = 50
- }
-
- service {
- name = "opendkim"
- port = "dkim_port"
- address_mode = "host"
- tags = [
- "opendkim",
- ]
- check {
- type = "tcp"
- port = "dkim_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- template {
- data = file("../config/configuration/email/dkim/keytable")
- destination = "secrets/dkim/keytable"
- }
- template {
- data = file("../config/configuration/email/dkim/signingtable")
- destination = "secrets/dkim/signingtable"
- }
- template {
- data = file("../config/configuration/email/dkim/trusted")
- destination = "secrets/dkim/trusted"
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/email/dkim/smtp.private\" }}"
- destination = "secrets/dkim/smtp.private"
- perms = "600"
- }
- }
- }
-
- group "postfix" {
- count = 1
-
- network {
- port "smtp_port" {
- static = 25
- to = 25
- }
- port "smtps_port" {
- static = 465
- to = 465
- }
- port "submission_port" {
- static = 587
- to = 587
- }
- }
-
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_postfix:v3"
- readonly_rootfs = false
- ports = [ "smtp_port", "smtps_port", "submission_port" ]
- command = "postfix"
- args = [ "start-fg" ]
- volumes = [
- "secrets/ssl/certs:/etc/ssl/certs",
- "secrets/ssl/private:/etc/ssl/private",
- "secrets/postfix:/etc/postfix-conf",
- "/dev/log:/dev/log"
- ]
- }
-
- env {
- TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
- MAILNAME = "smtp.deuxfleurs.fr"
- }
-
- resources {
- cpu = 100
- memory = 200
- }
-
- service {
- name = "postfix-smtp"
- port = "smtp_port"
- address_mode = "host"
- tags = [
- "postfix",
- "(diplonat (tcp_port 25 465 587))"
- ]
- check {
- type = "tcp"
- port = "smtp_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "postfix-smtps"
- port = "smtps_port"
- address_mode = "host"
- tags = [
- "postfix",
- ]
-
- check {
- type = "tcp"
- port = "smtps_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "postfix-submission"
- port = "submission_port"
- address_mode = "host"
- tags = [
- "postfix",
- ]
-
- check {
- type = "tcp"
- port = "submission_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- template {
- data = file("../config/configuration/email/postfix/ldap-account.cf.tpl")
- destination = "secrets/postfix/ldap-account.cf"
- }
-
- template {
- data = file("../config/configuration/email/postfix/ldap-alias.cf.tpl")
- destination = "secrets/postfix/ldap-alias.cf"
- }
-
- template {
- data = file("../config/configuration/email/postfix/ldap-virtual-domains.cf.tpl")
- destination = "secrets/postfix/ldap-virtual-domains.cf"
- }
-
- template {
- data = file("../config/configuration/email/postfix/dynamicmaps.cf")
- destination = "secrets/postfix/dynamicmaps.cf"
- }
-
- template {
- data = file("../config/configuration/email/postfix/header_checks")
- destination = "secrets/postfix/header_checks"
- }
-
- template {
- data = file("../config/configuration/email/postfix/main.cf")
- destination = "secrets/postfix/main.cf"
- }
-
- template {
- data = file("../config/configuration/email/postfix/master.cf")
- destination = "secrets/postfix/master.cf"
- }
-
- template {
- data = file("../config/configuration/email/postfix/transport")
- destination = "secrets/postfix/transport"
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
- destination = "secrets/ssl/certs/postfix.crt"
- perms = "400"
- }
-
- template {
- data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
- destination = "secrets/ssl/private/postfix.key"
- perms = "400"
- }
- }
- }
-
- group "alps" {
- count = 1
-
- network {
- port "alps_web_port" { to = 1323 }
- }
-
- task "main" {
- driver = "docker"
- config {
- image = "superboum/amd64_alps:v1"
- readonly_rootfs = true
- ports = [ "alps_web_port" ]
- command = "-theme"
- args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ]
- }
-
- resources {
- cpu = 50
- memory = 40
- }
-
- service {
- name = "alps"
- port = "alps_web_port"
- address_mode = "host"
- tags = [
- "alps",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:alps.deuxfleurs.fr"
- ]
- check {
- type = "tcp"
- port = "alps_web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "5m"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
-
- group "sogo" {
- count = 1
-
- network {
- port "sogo_web_port" { to = 8080 }
- }
-
- task "bundle" {
- driver = "docker"
- config {
- image = "superboum/amd64_sogo:v7"
- readonly_rootfs = false
- ports = [ "sogo_web_port" ]
- volumes = [
- "secrets/sogo.conf:/etc/sogo/sogo.conf",
- ]
- }
-
- template {
- data = file("../config/configuration/email/sogo/sogo.conf.tpl")
- destination = "secrets/sogo.conf"
- }
-
- resources {
- cpu = 200
- memory = 1000
- }
-
- service {
- name = "sogo"
- port = "sogo_web_port"
- address_mode = "host"
- tags = [
- "sogo",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:www.sogo.deuxfleurs.fr,sogo.deuxfleurs.fr;PathPrefix:/"
- ]
- check {
- type = "tcp"
- port = "sogo_web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "5m"
- ignore_warnings = false
- }
- }
- }
-
- }
- }
-}
diff --git a/app/deployment/garage.hcl b/app/deployment/garage.hcl
deleted file mode 100644
index 20ee3cd..0000000
--- a/app/deployment/garage.hcl
+++ /dev/null
@@ -1,102 +0,0 @@
-job "garage" {
- datacenters = ["dc1", "belair", "saturne"]
- type = "system"
- priority = 40
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "garage" {
- network {
- port "s3" { static = 3900 }
- port "rpc" { static = 3901 }
- port "web" { static = 3902 }
- }
-
- task "server" {
- driver = "docker"
- config {
- advertise_ipv6_address = true
- image = "lxpz/garage_amd64:v0.1.1b"
- network_mode = "host"
- volumes = [
- "/mnt/storage/garage/data:/garage/data",
- "/mnt/ssd/garage/meta:/garage/meta",
- "secrets/garage.toml:/garage/config.toml",
- "secrets/garage-ca.crt:/garage/garage-ca.crt",
- "secrets/garage.crt:/garage/garage.crt",
- "secrets/garage.key:/garage/garage.key",
- ]
- }
-
- template {
- data = file("../config/configuration/garage/garage.toml")
- destination = "secrets/garage.toml"
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/garage/garage-ca.crt\" }}"
- destination = "secrets/garage-ca.crt"
- }
- template {
- data = "{{ key \"secrets/garage/garage.crt\" }}"
- destination = "secrets/garage.crt"
- }
- template {
- data = "{{ key \"secrets/garage/garage.key\" }}"
- destination = "secrets/garage.key"
- }
-
- resources {
- memory = 500
- cpu = 1000
- }
-
- service {
- tags = [
- "garage_api",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:garage.deuxfleurs.fr"
- ]
- port = 3900
- address_mode = "driver"
- name = "garage-api"
- check {
- type = "tcp"
- port = 3900
- address_mode = "driver"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- tags = ["garage-rpc"]
- port = 3901
- address_mode = "driver"
- name = "garage-rpc"
- check {
- type = "tcp"
- port = 3901
- address_mode = "driver"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
diff --git a/app/deployment/im.hcl b/app/deployment/im.hcl
deleted file mode 100644
index 636f78e..0000000
--- a/app/deployment/im.hcl
+++ /dev/null
@@ -1,265 +0,0 @@
-job "im" {
- datacenters = ["dc1"]
- type = "service"
- priority = 60
-
- group "matrix" {
- count = 1
-
- network {
- port "client_port" { static = 8008 }
- port "federation_port" { static = 8448 }
- }
-
- task "synapse" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_synapse:v40"
- network_mode = "host"
- readonly_rootfs = true
- ports = [ "client_port", "federation_port" ]
- command = "python"
- args = [
- "-m", "synapse.app.homeserver",
- "-n",
- "-c", "/etc/matrix-synapse/homeserver.yaml"
- ]
- volumes = [
- "secrets/conf:/etc/matrix-synapse",
- "/mnt/glusterfs/chat/matrix/synapse/media:/var/lib/matrix-synapse/media",
- "/mnt/glusterfs/chat/matrix/synapse/uploads:/var/lib/matrix-synapse/uploads",
- "/tmp/synapse-logs:/var/log/matrix-synapse",
- "/tmp/synapse:/tmp"
- ]
- }
-
- template {
- data = file("../config/configuration/chat/synapse/homeserver.yaml")
- destination = "secrets/conf/homeserver.yaml"
- }
-
- template {
- data = file("../config/configuration/chat/easybridge/registration.yaml.tpl")
- destination = "secrets/conf/easybridge_registration.yaml"
- }
-
- template {
- data = file("../config/configuration/chat/synapse/log.yaml")
- destination = "secrets/conf/log.yaml"
- }
-
- template {
- data = file("../config/configuration/chat/synapse/conf.d/server_name.yaml")
- destination = "secrets/conf/server_name.yaml"
- }
-
- template {
- data = file("../config/configuration/chat/synapse/conf.d/report_stats.yaml")
- destination = "secrets/conf/report_stats.yaml"
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}"
- destination = "secrets/conf/homeserver.tls.crt"
- }
-
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}"
- destination = "secrets/conf/homeserver.tls.dh"
- }
-
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}"
- destination = "secrets/conf/homeserver.tls.key"
- }
-
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}"
- destination = "secrets/conf/homeserver.signing.key"
- }
-
- env {
- SYNAPSE_CACHE_FACTOR = 1
- }
-
- resources {
- cpu = 1000
- memory = 4000
- }
-
- service {
- name = "synapse-client"
- port = "client_port"
- address_mode = "host"
- tags = [
- "matrix",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix",
- "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *",
- "traefik.frontend.priority=100"
- ]
- check {
- type = "tcp"
- port = "client_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "synapse-federation"
- port = "federation_port"
- address_mode = "host"
- tags = [
- "matrix",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:deuxfleurs.fr;PathPrefix:/_matrix",
- "traefik.frontend.priority=100"
- ]
- }
- }
- }
-
- group "easybridge" {
- count = 1
-
- network {
- port "api_port" {
- static = 8321
- to = 8321
- }
- port "web_port" { to = 8281 }
- }
-
- task "easybridge" {
- driver = "docker"
- config {
- image = "lxpz/easybridge_amd64:33"
- ports = [ "api_port", "web_port" ]
- volumes = [
- "secrets/conf:/data"
- ]
- args = [ "./easybridge", "-config", "/data/config.json" ]
- }
-
- template {
- data = file("../config/configuration/chat/easybridge/registration.yaml.tpl")
- destination = "secrets/conf/registration.yaml"
- }
-
- template {
- data = file("../config/configuration/chat/easybridge/config.json.tpl")
- destination = "secrets/conf/config.json"
- }
-
- resources {
- memory = 500
- cpu = 1000
- }
-
- service {
- name = "easybridge-api"
- tags = ["easybridge-api"]
- port = "api_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "api_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "easybridge-web"
- tags = [
- "easybridge-web",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
-
- group "riotweb" {
- count = 1
-
- network {
- port "web_port" { to = 8043 }
- }
-
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_riotweb:v19"
- ports = [ "web_port" ]
- volumes = [
- "secrets/config.json:/srv/http/config.json"
- ]
- }
-
- template {
- data = file("../config/configuration/chat/riot_web/config.json")
- destination = "secrets/config.json"
- }
-
- resources {
- memory = 21
- }
-
- service {
- tags = [
- "webstatic",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:im.deuxfleurs.fr,riot.deuxfleurs.fr;PathPrefix:/",
- "traefik.frontend.priority=10"
- ]
- port = "web_port"
- address_mode = "host"
- name = "webstatic"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/app/deployment/jitsi.hcl b/app/deployment/jitsi.hcl
deleted file mode 100644
index 04c3f9f..0000000
--- a/app/deployment/jitsi.hcl
+++ /dev/null
@@ -1,234 +0,0 @@
-job "jitsi" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "core" {
-
- network {
- port "bosh_port" { }
- port "ext_port" { static = 5347 }
- port "xmpp_port" { static = 5222 }
- port "https_port" { }
- port "video1_port" { static = 8080 }
- port "video2_port" { static = 10000 }
- }
-
- task "xmpp" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_xmpp:v8"
- ports = [ "bosh_port", "ext_port", "xmpp_port" ]
- network_mode = "host"
- }
-
- template {
- data = file("../config/configuration/jitsi/global_env.tpl")
- destination = "secrets/global_env"
- env = true
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
- }
-
- resources {
- cpu = 300
- memory = 200
- }
-
- service {
- tags = [ "jitsi", "bosh" ]
- port = "bosh_port"
- address_mode = "host"
- name = "jitsi-xmpp-bosh"
- check {
- type = "tcp"
- port = "bosh_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- tags = [ "jitsi", "ext" ]
- port = "ext_port"
- address_mode = "host"
- name = "jitsi-ext"
- }
-
- service {
- tags = [ "jitsi", "xmpp" ]
- port = "xmpp_port"
- address_mode = "host"
- name = "jitsi-xmpp"
- }
- }
-
- task "front" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_meet:v3"
- network_mode = "host"
- ports = [ "https_port" ]
- }
-
- template {
- data = file("../config/configuration/jitsi/global_env.tpl")
- destination = "secrets/global_env"
- env = true
- }
-
- # --- secrets ---
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
- }
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
- }
-
- resources {
- cpu = 300
- memory = 200
- }
-
- service {
- tags = [
- "jitsi",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
- "traefik.protocol=https"
- ]
- port = "https_port"
- address_mode = "host"
- name = "jitsi-front-https"
- check {
- type = "tcp"
- port = "https_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
-
- task "jicofo" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_conference_focus:v6"
- network_mode = "host"
- }
-
- template {
- data = file("../config/configuration/jitsi/global_env.tpl")
- destination = "secrets/global_env"
- env = true
- }
-
- #--- secrets ---
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
- }
-
- resources {
- cpu = 300
- memory = 400
- }
- }
-
- task "videobridge" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_videobridge:v16"
- network_mode = "host"
- ports = [ "video1_port", "video2_port" ]
- ulimit {
- nofile = "1048576:1048576"
- nproc = "65536:65536"
- }
- }
-
- env {
- #JITSI_DEBUG = 1
- JITSI_VIDEO_TCP = 8080
- VIDEOBRIDGE_MAX_MEMORY = "1450m"
- }
-
- template {
- data = file("../config/configuration/jitsi/global_env.tpl")
- destination = "secrets/global_env"
- env = true
- }
-
- resources {
- cpu = 900
- memory = 1500
- }
-
- service {
- tags = [ "jitsi", "(diplonat (tcp_port 8080))" ]
- port = "video1_port"
- address_mode = "host"
- name = "jitsi-videobridge-video1"
- check {
- type = "tcp"
- port = "video1_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
- port = "video2_port"
- address_mode = "host"
- name = "jitsi-videobridge-video2"
- }
- }
- }
-}
-
diff --git a/app/deployment/nextcloud.hcl b/app/deployment/nextcloud.hcl
deleted file mode 100644
index 8eed7d9..0000000
--- a/app/deployment/nextcloud.hcl
+++ /dev/null
@@ -1,65 +0,0 @@
-job "nextcloud" {
- datacenters = ["dc1", "belair"]
- type = "service"
- priority = 40
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "nextcloud" {
- count = 1
-
- network {
- port "web_port" {
- to = 80
- }
- }
-
- task "nextcloud" {
- driver = "docker"
- config {
- image = "lxpz/deuxfleurs_nextcloud_amd64:8"
- ports = [ "web_port" ]
- volumes = [
- "secrets/config.php:/var/www/html/config/config.php"
- ]
- }
-
- template {
- data = file("../config/configuration/nextcloud/config.php.tpl")
- destination = "secrets/config.php"
- }
-
- resources {
- memory = 1000
- cpu = 2000
- }
-
- service {
- name = "nextcloud"
- tags = [
- "nextcloud",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/app/deployment/platoo.hcl b/app/deployment/platoo.hcl
deleted file mode 100644
index ffdda9e..0000000
--- a/app/deployment/platoo.hcl
+++ /dev/null
@@ -1,64 +0,0 @@
-job "platoo" {
- datacenters = ["dc1"]
- type = "service"
- priority = 10
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "core" {
- network {
- port "web_port" { to = 8080 }
- }
-
- task "nodejs" {
- driver = "docker"
- config {
- image = "victormoi/platoo:v1"
- force_pull = true
- ports = [ "web_port" ]
- }
-
- template {
- data = <<EOH
-user=platoo
-host=psql-proxy.service.2.cluster.deuxfleurs.fr
-database=platoodb
-password={{ key "secrets/platoo/bddpw" | trimSpace }}
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 400
- }
-
- service {
- tags = [
- "platoo",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:platoo.deuxfleurs.fr;PathPrefix:/"
- ]
- port = "web_port"
- address_mode = "host"
- name = "platoo"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/app/deployment/plume.hcl b/app/deployment/plume.hcl
deleted file mode 100644
index 1bdc332..0000000
--- a/app/deployment/plume.hcl
+++ /dev/null
@@ -1,69 +0,0 @@
-job "plume" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "plume" {
- count = 1
-
- network {
- port "web_port" { }
- }
-
- task "plume" {
- driver = "docker"
- config {
- image = "superboum/plume:v2"
- network_mode = "host"
- ports = [ "web_port" ]
- #command = "cat"
- #args = [ "/dev/stdout" ]
- volumes = [
- "/mnt/glusterfs/plume/media:/app/static/media",
- "/mnt/glusterfs/plume/search:/app/search_index"
- ]
- }
-
- template {
- data = file("../config/configuration/plume/app.env")
- destination = "secrets/app.env"
- env = true
- }
-
- resources {
- memory = 100
- cpu = 100
- }
-
- service {
- name = "plume"
- tags = [
- "plume",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:plume.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "http"
- protocol = "http"
- port = "web_port"
- path = "/"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "600s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/app/deployment/postgres.hcl b/app/deployment/postgres.hcl
deleted file mode 100644
index 388c65e..0000000
--- a/app/deployment/postgres.hcl
+++ /dev/null
@@ -1,134 +0,0 @@
-job "postgres" {
- datacenters = ["dc1"]
- type = "system"
- priority = 90
-
- update {
- max_parallel = 1
- stagger = "2m"
- }
-
- group "postgres" {
- network {
- port "psql_proxy_port" { static = 5432 }
- port "psql_port" { static = 5433 }
- }
-
- task "sentinel" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_postgres:v3"
- network_mode = "host"
- readonly_rootfs = false
- command = "/usr/local/bin/stolon-sentinel"
- args = [
- "--cluster-name", "pissenlit",
- "--store-backend", "consul",
- "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500",
- ]
- }
- resources {
- memory = 100
- }
- }
-
- task "proxy" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_postgres:v3"
- network_mode = "host"
- readonly_rootfs = false
- command = "/usr/local/bin/stolon-proxy"
- args = [
- "--cluster-name", "pissenlit",
- "--store-backend", "consul",
- "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500",
- "--port", "${NOMAD_PORT_psql_proxy_port}",
- "--listen-address", "0.0.0.0"
- ]
- ports = [ "psql_proxy_port" ]
- }
-
- resources {
- memory = 100
- }
-
- service {
- tags = ["sql"]
- port = "psql_proxy_port"
- address_mode = "host"
- name = "psql-proxy"
- check {
- type = "tcp"
- port = "psql_proxy_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "10m"
- ignore_warnings = false
- }
- }
- }
- }
-
- task "keeper" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_postgres:v3"
- network_mode = "host"
- readonly_rootfs = false
- command = "/usr/local/bin/stolon-keeper"
- args = [
- "--cluster-name", "pissenlit",
- "--store-backend", "consul",
- "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500",
- "--data-dir", "/mnt/persist",
- "--pg-su-password", "${PG_SU_PWD}",
- "--pg-repl-username", "${PG_REPL_USER}",
- "--pg-repl-password", "${PG_REPL_PWD}",
- "--pg-listen-address", "${attr.unique.network.ip-address}",
- "--pg-port", "${NOMAD_PORT_psql_port}",
- "--pg-bin-path", "/usr/lib/postgresql/9.6/bin/"
- ]
- ports = [ "psql_port" ]
- volumes = [
- "/mnt/ssd/postgres:/mnt/persist"
- ]
- }
-
- template {
- data = file("../config/configuration/postgres/keeper/env.tpl")
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 500
- }
-
- service {
- tags = ["sql"]
- port = "psql_port"
- address_mode = "host"
- name = "keeper"
- check {
- type = "tcp"
- port = "psql_port"
- interval = "60s"
- timeout = "5s"
-
- check_restart {
- limit = 3
- grace = "60m"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/app/deployment/science.hcl b/app/deployment/science.hcl
deleted file mode 100644
index 1aee7a8..0000000
--- a/app/deployment/science.hcl
+++ /dev/null
@@ -1,58 +0,0 @@
-job "science" {
- datacenters = ["dc1"]
- type = "service"
- priority = 10
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "diagnet" {
- network {
- port "web_port" { to = 8000 }
- }
-
- task "main" {
- driver = "docker"
- config {
- image = "lesterpig/diagnet-landmark:latest"
- args = [
- "-name", "landmark-deuxfleurs",
- "-chrome", "-chrome-interval", "60m",
- "-http", ":8000"
- ]
- ports = [ "web_port" ]
- }
-
- resources {
- cpu = 1000
- memory = 1200
- }
-
- service {
- tags = [
- "diagnet",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/"
- ]
- port = "web_port"
- address_mode = "host"
- name = "diagnet"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/app/deployment/seafile.hcl b/app/deployment/seafile.hcl
deleted file mode 100644
index 3af7db3..0000000
--- a/app/deployment/seafile.hcl
+++ /dev/null
@@ -1,222 +0,0 @@
-job "seafile" {
- datacenters = ["dc1"]
- type = "service"
- priority = 10
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "main" {
- count = 1
-
- network {
- port "seafile-frontend_port" { static = 8000 }
- port "seafile-seafhttp_port" { static = 8083 }
- port "seafile-dav_port" { static = 8084 }
- port "seafile-hack_port" { static = 8085 }
- port "mariadb_port" { static = 3306 }
- }
-
- task "mariadb" {
- driver = "docker"
- config {
- image = "superboum/amd64_mariadb:v4"
- network_mode = "host"
- command = "tail"
- ports = [ "mariadb_port" ]
- args = [
- "-f", "/var/log/mysql/error.log",
- ]
- volumes = [
- "/mnt/glusterfs/mariadb/main/server:/var/lib/mysql",
- ]
- }
-
- template {
- data = file("../config/configuration/mariadb/main/env.tpl")
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 800
- }
-
- service {
- tags = ["mariadb"]
- port = "mariadb_port"
- address_mode = "host"
- name = "mariadb"
- check {
- type = "tcp"
- port = "mariadb_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
-
-
- task "hack" {
- driver = "docker"
- config {
- image = "alpine/socat:1.0.5"
- network_mode = "host"
- ports = [ "seafile-hack_port" ]
- command = "tcp6-listen:8085,fork,reuseaddr"
- args = [ "tcp-connect:127.0.0.1:8083" ]
- }
- resources {
- memory = 10
- }
- service {
- tags = [
- "seafile",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp"
-
- ]
- port = "seafile-hack_port"
- address_mode = "host"
- name = "seafhttp"
- check {
- type = "tcp"
- port = "seafile-hack_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- }
-
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_seafile:v6"
- network_mode = "host"
- ports = [ "seafile-frontend_port", "seafile-dav_port", "seafile-seafhttp_port" ]
-
- ## cmd + args are used for running an instance attachable for update
- # command = "/bin/sleep"
- # args = ["999999"]
-
- mounts = [
- {
- type = "bind"
- source = "/mnt/glusterfs/seafile"
- target = "/mnt/seafile-data"
- }
- ]
-
- volumes = [
- "secrets/conf:/srv/webstore/conf",
- "secrets/ccnet:/srv/webstore/ccnet"
- ]
- }
-
- resources {
- memory = 600
- }
-
- service {
- tags = [
- "seafile",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/"
- ]
- port = "seafile-frontend_port"
- address_mode = "host"
- name = "seahub"
- check {
- type = "tcp"
- port = "seafile-frontend_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- tags = [
- "seafile",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav"
-
- ]
- port = "seafile-dav_port"
- address_mode = "host"
- name = "seafdav"
- check {
- type = "tcp"
- port = "seafile-dav_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- template {
- data = file("../config/configuration/seafile/conf/ccnet.conf.tpl")
- destination = "secrets/conf/ccnet.conf"
- }
-
- template {
- data = file("../config/configuration/seafile/conf/seafile.conf.tpl")
- destination = "secrets/conf/seafile.conf"
- }
-
- template {
- data = file("../config/configuration/seafile/conf/seahub_settings.py.tpl")
- destination = "secrets/conf/seahub_settings.py"
- }
-
- template {
- data = file("../config/configuration/seafile/ccnet/seafile.ini")
- destination = "secrets/ccnet/seafile.ini"
- }
- template {
- data = file("../config/configuration/seafile/conf/seafdav.conf")
- destination = "secrets/conf/seafdav.conf"
- }
- template {
- data = file("../config/configuration/seafile/conf/gunicorn.conf")
- destination = "secrets/conf/gunicorn.conf"
- }
-
- # ---- secrets ----
- template {
- data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}"
- destination = "secrets/ccnet/mykey.peer"
- }
-
- template {
- data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}"
- destination = "secrets/conf/mykey.peer"
- }
- }
- }
-}
-
diff --git a/app/deployment/traefik.hcl b/app/deployment/traefik.hcl
deleted file mode 100644
index d0dc129..0000000
--- a/app/deployment/traefik.hcl
+++ /dev/null
@@ -1,72 +0,0 @@
-job "frontend" {
- datacenters = ["dc1"]
- type = "service"
- priority = 80
-
- group "traefik" {
-
- network {
- port "http_port" { static = 80 }
- port "https_port" { static = 443 }
- port "admin_port" { static = 8082 }
- }
-
- task "server" {
- driver = "docker"
-
- config {
- image = "amd64/traefik:1.7.20"
- readonly_rootfs = true
- network_mode = "host"
- volumes = [
- "secrets/traefik.toml:/etc/traefik/traefik.toml",
- ]
- ports = [ "http_port", "https_port", "admin_port" ]
- }
-
- resources {
- memory = 265
- }
-
- template {
- data = file("../config/configuration/traefik/traefik.toml")
- destination = "secrets/traefik.toml"
- }
-
- service {
- name = "traefik-http"
- port = "http_port"
- tags = [ "(diplonat (tcp_port 80))" ]
- address_mode = "host"
- }
-
- service {
- name = "traefik-https"
- port = "https_port"
- tags = [ "(diplonat (tcp_port 443))" ]
- address_mode = "host"
- }
-
- service {
- name = "traefik-admin"
- port = "admin_port"
- address_mode = "host"
- check {
- type = "http"
- protocol = "http"
- port = 8082
- address_mode = "driver"
- path = "/ping"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/app/deployment/web_static.hcl b/app/deployment/web_static.hcl
deleted file mode 100644
index a02d48b..0000000
--- a/app/deployment/web_static.hcl
+++ /dev/null
@@ -1,112 +0,0 @@
-job "web_static" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "landing" {
- network {
- port "deuxfleurs_port" { to = 8080 }
- }
-
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_webpull_pug:v4"
- ports = [ "deuxfleurs_port" ]
- }
-
- template {
- data = <<EOH
-WEBPULL_REPO="https://git.deuxfleurs.fr/Deuxfleurs/site.git"
-WEBPULL_TOKEN="{{ key "secrets/web/home_token" | trimSpace }}"
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 200
- }
-
- service {
- tags = [
- "webstatic",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/",
- # ideally we would have a rewrite regex: ^https?://(www\.deuxfleurs\.fr|deuxfleurs\.org|www\.deuxfleurs\.fr)(.*)$
- "traefik.frontend.priority=10"
- ]
- port = "deuxfleurs_port"
- address_mode = "host"
- name = "landing"
- check {
- type = "tcp"
- port = "deuxfleurs_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
- group "quentin" {
- network {
- port "quentin_port" { to = 8080 }
- }
-
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_webpull_ruby:v1"
- ports = [ "quentin_port" ]
- }
-
- template {
- data = <<EOH
-WEBPULL_REPO="https://git.deuxfleurs.fr/quentin/quentin.dufour.io.git"
-WEBPULL_TOKEN="{{ key "secrets/web/quentin.dufour.io_token" | trimSpace }}"
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 500
- }
-
- service {
- tags = [
- "webstatic",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:quentin.dufour.io,www.quentin.dufour.io;PathPrefix:/"
- ]
- port = "quentin_port"
- address_mode = "host"
- name = "blog-quentin"
- check {
- type = "tcp"
- port = "quentin_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-