diff options
Diffstat (limited to 'app/deployment')
-rw-r--r-- | app/deployment/backup.hcl | 67 | ||||
-rw-r--r-- | app/deployment/core.hcl | 44 | ||||
-rw-r--r-- | app/deployment/directory.hcl | 114 | ||||
-rw-r--r-- | app/deployment/email.hcl | 487 | ||||
-rw-r--r-- | app/deployment/garage.hcl | 102 | ||||
-rw-r--r-- | app/deployment/im.hcl | 265 | ||||
-rw-r--r-- | app/deployment/jitsi.hcl | 234 | ||||
-rw-r--r-- | app/deployment/nextcloud.hcl | 65 | ||||
-rw-r--r-- | app/deployment/platoo.hcl | 64 | ||||
-rw-r--r-- | app/deployment/plume.hcl | 69 | ||||
-rw-r--r-- | app/deployment/postgres.hcl | 134 | ||||
-rw-r--r-- | app/deployment/science.hcl | 58 | ||||
-rw-r--r-- | app/deployment/seafile.hcl | 222 | ||||
-rw-r--r-- | app/deployment/traefik.hcl | 72 | ||||
-rw-r--r-- | app/deployment/web_static.hcl | 112 |
15 files changed, 0 insertions, 2109 deletions
diff --git a/app/deployment/backup.hcl b/app/deployment/backup.hcl deleted file mode 100644 index 08fd923..0000000 --- a/app/deployment/backup.hcl +++ /dev/null @@ -1,67 +0,0 @@ -job "backup_periodic" { - datacenters = ["dc1"] - - type = "batch" - - periodic { - // Launch every hour - cron = "0 * * * * *" - - // Do not allow overlapping runs. - prohibit_overlap = true - } - - task "backup-consul" { - driver = "docker" - - config { - image = "lxpz/backup_consul:12" - volumes = [ - "secrets/id_ed25519:/root/.ssh/id_ed25519", - "secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub", - "secrets/known_hosts:/root/.ssh/known_hosts" - ] - network_mode = "host" - } - - env { - CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500" - } - - template { - data = <<EOH -TARGET_SSH_USER={{ key "secrets/backup/target_ssh_user" }} -TARGET_SSH_PORT={{ key "secrets/backup/target_ssh_port" }} -TARGET_SSH_HOST={{ key "secrets/backup/target_ssh_host" }} -TARGET_SSH_DIR={{ key "secrets/backup/target_ssh_dir" }} -EOH - - destination = "secrets/env_vars" - env = true - } - - template { - data = "{{ key \"secrets/backup/id_ed25519\" }}" - destination = "secrets/id_ed25519" - } - template { - data = "{{ key \"secrets/backup/id_ed25519.pub\" }}" - destination = "secrets/id_ed25519.pub" - } - template { - data = "{{ key \"secrets/backup/target_ssh_fingerprint\" }}" - destination = "secrets/known_hosts" - } - - resources { - memory = 200 - } - - restart { - attempts = 2 - interval = "30m" - delay = "15s" - mode = "fail" - } - } -} diff --git a/app/deployment/core.hcl b/app/deployment/core.hcl deleted file mode 100644 index 5b17b8e..0000000 --- a/app/deployment/core.hcl +++ /dev/null @@ -1,44 +0,0 @@ -job "core" { - datacenters = ["dc1"] - type = "system" - priority = 90 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - update { - max_parallel = 1 - stagger = "1m" - } - - group "network" { - task "diplonat" { - driver = "docker" - - config { - image = "darkgallium/amd64_diplonat:v2" - network_mode = "host" - readonly_rootfs = true - privileged = true - } - - template { - data = <<EOH -DIPLONAT_PRIVATE_IP={{ env "attr.unique.network.ip-address" }} -DIPLONAT_REFRESH_TIME=60 -DIPLONAT_EXPIRATION_TIME=300 -DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} -RUST_LOG=debug -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 40 - } - } - } -} diff --git a/app/deployment/directory.hcl b/app/deployment/directory.hcl deleted file mode 100644 index 0acc08f..0000000 --- a/app/deployment/directory.hcl +++ /dev/null @@ -1,114 +0,0 @@ -job "directory" { - datacenters = ["dc1"] - type = "service" - priority = 90 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "bottin" { - count = 1 - - network { - port "ldap_port" { - static = 389 - to = 389 - } - } - - task "bottin" { - driver = "docker" - config { - image = "lxpz/bottin_amd64:20" - network_mode = "host" - readonly_rootfs = true - ports = [ "ldap_port" ] - volumes = [ - "secrets/config.json:/config.json" - ] - } - - resources { - memory = 100 - } - - template { - data = file("../config/configuration/directory/bottin/config.json") - destination = "secrets/config.json" - } - - service { - tags = ["bottin"] - port = "ldap_port" - address_mode = "host" - name = "bottin2" - check { - type = "tcp" - port = "ldap_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - - group "guichet" { - count = 1 - - network { - port "web_port" { to = 9991 } - } - - task "guichet" { - driver = "docker" - config { - image = "lxpz/guichet_amd64:10" - readonly_rootfs = true - ports = [ "web_port" ] - volumes = [ - "secrets/config.json:/config.json" - ] - } - - template { - data = file("../config/configuration/directory/guichet/config.json.tpl") - destination = "secrets/config.json" - } - - resources { - memory = 200 - } - - service { - name = "guichet" - tags = [ - "guichet", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:guichet.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/app/deployment/email.hcl b/app/deployment/email.hcl deleted file mode 100644 index 3d9e15b..0000000 --- a/app/deployment/email.hcl +++ /dev/null @@ -1,487 +0,0 @@ -job "email" { - datacenters = ["dc1"] - type = "service" - priority = 65 - - group "dovecot" { - count = 1 - - network { - port "zauthentication_port" { - static = 1337 - to = 1337 - } - port "imaps_port" { - static = 993 - to = 993 - } - port "imap_port" { - static = 143 - to = 143 - } - port "lmtp_port" { - static = 24 - to = 24 - } - } - - task "server" { - driver = "docker" - - config { - image = "superboum/amd64_dovecot:v2" - readonly_rootfs = false - ports = [ "zauthentication_port", "imaps_port", "imap_port", "lmtp_port" ] - command = "dovecot" - args = [ "-F" ] - volumes = [ - "secrets/ssl/certs:/etc/ssl/certs", - "secrets/ssl/private:/etc/ssl/private", - "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf", - "/mnt/glusterfs/email/mail:/var/mail/", - ] - } - - env { - TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" - } - - resources { - cpu = 100 - memory = 200 - } - - service { - name = "dovecot-imap" - port = "imap_port" - tags = [ - "dovecot" - ] - check { - type = "tcp" - port = "imap_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "dovecot-imaps" - port = "imaps_port" - tags = [ - "dovecot", - "(diplonat (tcp_port 993))" - ] - - check { - type = "tcp" - port = "imaps_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "dovecot-lmtp" - port = "lmtp_port" - tags = [ - "dovecot", - ] - - check { - type = "tcp" - port = "lmtp_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "dovecot-auth" - port = "zauthentication_port" - tags = [ - "dovecot", - ] - check { - type = "tcp" - port = "zauthentication_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - template { - data = file("../config/configuration/email/dovecot/dovecot-ldap.conf.tpl") - destination = "secrets/conf/dovecot-ldap.conf" - perms = "400" - } - - # ----- secrets ------ - template { - data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}" - destination = "secrets/ssl/certs/dovecot.crt" - perms = "400" - } - template { - data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}" - destination = "secrets/ssl/private/dovecot.key" - perms = "400" - } - } - } - - group "opendkim" { - count = 1 - - network { - port "dkim_port" { - static = 8999 - to = 8999 - } - } - - task "server" { - driver = "docker" - config { - image = "superboum/amd64_opendkim:v1" - readonly_rootfs = false - ports = [ "dkim_port" ] - command = "opendkim" - args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ] - volumes = [ - "secrets/dkim:/etc/dkim", - "/dev/log:/dev/log", - ] - } - - resources { - cpu = 100 - memory = 50 - } - - service { - name = "opendkim" - port = "dkim_port" - address_mode = "host" - tags = [ - "opendkim", - ] - check { - type = "tcp" - port = "dkim_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - template { - data = file("../config/configuration/email/dkim/keytable") - destination = "secrets/dkim/keytable" - } - template { - data = file("../config/configuration/email/dkim/signingtable") - destination = "secrets/dkim/signingtable" - } - template { - data = file("../config/configuration/email/dkim/trusted") - destination = "secrets/dkim/trusted" - } - - # --- secrets --- - template { - data = "{{ key \"secrets/email/dkim/smtp.private\" }}" - destination = "secrets/dkim/smtp.private" - perms = "600" - } - } - } - - group "postfix" { - count = 1 - - network { - port "smtp_port" { - static = 25 - to = 25 - } - port "smtps_port" { - static = 465 - to = 465 - } - port "submission_port" { - static = 587 - to = 587 - } - } - - task "server" { - driver = "docker" - config { - image = "superboum/amd64_postfix:v3" - readonly_rootfs = false - ports = [ "smtp_port", "smtps_port", "submission_port" ] - command = "postfix" - args = [ "start-fg" ] - volumes = [ - "secrets/ssl/certs:/etc/ssl/certs", - "secrets/ssl/private:/etc/ssl/private", - "secrets/postfix:/etc/postfix-conf", - "/dev/log:/dev/log" - ] - } - - env { - TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" - MAILNAME = "smtp.deuxfleurs.fr" - } - - resources { - cpu = 100 - memory = 200 - } - - service { - name = "postfix-smtp" - port = "smtp_port" - address_mode = "host" - tags = [ - "postfix", - "(diplonat (tcp_port 25 465 587))" - ] - check { - type = "tcp" - port = "smtp_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "postfix-smtps" - port = "smtps_port" - address_mode = "host" - tags = [ - "postfix", - ] - - check { - type = "tcp" - port = "smtps_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "postfix-submission" - port = "submission_port" - address_mode = "host" - tags = [ - "postfix", - ] - - check { - type = "tcp" - port = "submission_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - template { - data = file("../config/configuration/email/postfix/ldap-account.cf.tpl") - destination = "secrets/postfix/ldap-account.cf" - } - - template { - data = file("../config/configuration/email/postfix/ldap-alias.cf.tpl") - destination = "secrets/postfix/ldap-alias.cf" - } - - template { - data = file("../config/configuration/email/postfix/ldap-virtual-domains.cf.tpl") - destination = "secrets/postfix/ldap-virtual-domains.cf" - } - - template { - data = file("../config/configuration/email/postfix/dynamicmaps.cf") - destination = "secrets/postfix/dynamicmaps.cf" - } - - template { - data = file("../config/configuration/email/postfix/header_checks") - destination = "secrets/postfix/header_checks" - } - - template { - data = file("../config/configuration/email/postfix/main.cf") - destination = "secrets/postfix/main.cf" - } - - template { - data = file("../config/configuration/email/postfix/master.cf") - destination = "secrets/postfix/master.cf" - } - - template { - data = file("../config/configuration/email/postfix/transport") - destination = "secrets/postfix/transport" - } - - # --- secrets --- - template { - data = "{{ key \"secrets/email/postfix/postfix.crt\" }}" - destination = "secrets/ssl/certs/postfix.crt" - perms = "400" - } - - template { - data = "{{ key \"secrets/email/postfix/postfix.key\" }}" - destination = "secrets/ssl/private/postfix.key" - perms = "400" - } - } - } - - group "alps" { - count = 1 - - network { - port "alps_web_port" { to = 1323 } - } - - task "main" { - driver = "docker" - config { - image = "superboum/amd64_alps:v1" - readonly_rootfs = true - ports = [ "alps_web_port" ] - command = "-theme" - args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ] - } - - resources { - cpu = 50 - memory = 40 - } - - service { - name = "alps" - port = "alps_web_port" - address_mode = "host" - tags = [ - "alps", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:alps.deuxfleurs.fr" - ] - check { - type = "tcp" - port = "alps_web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "5m" - ignore_warnings = false - } - } - } - } - } - - - group "sogo" { - count = 1 - - network { - port "sogo_web_port" { to = 8080 } - } - - task "bundle" { - driver = "docker" - config { - image = "superboum/amd64_sogo:v7" - readonly_rootfs = false - ports = [ "sogo_web_port" ] - volumes = [ - "secrets/sogo.conf:/etc/sogo/sogo.conf", - ] - } - - template { - data = file("../config/configuration/email/sogo/sogo.conf.tpl") - destination = "secrets/sogo.conf" - } - - resources { - cpu = 200 - memory = 1000 - } - - service { - name = "sogo" - port = "sogo_web_port" - address_mode = "host" - tags = [ - "sogo", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:www.sogo.deuxfleurs.fr,sogo.deuxfleurs.fr;PathPrefix:/" - ] - check { - type = "tcp" - port = "sogo_web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "5m" - ignore_warnings = false - } - } - } - - } - } -} diff --git a/app/deployment/garage.hcl b/app/deployment/garage.hcl deleted file mode 100644 index 20ee3cd..0000000 --- a/app/deployment/garage.hcl +++ /dev/null @@ -1,102 +0,0 @@ -job "garage" { - datacenters = ["dc1", "belair", "saturne"] - type = "system" - priority = 40 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "garage" { - network { - port "s3" { static = 3900 } - port "rpc" { static = 3901 } - port "web" { static = 3902 } - } - - task "server" { - driver = "docker" - config { - advertise_ipv6_address = true - image = "lxpz/garage_amd64:v0.1.1b" - network_mode = "host" - volumes = [ - "/mnt/storage/garage/data:/garage/data", - "/mnt/ssd/garage/meta:/garage/meta", - "secrets/garage.toml:/garage/config.toml", - "secrets/garage-ca.crt:/garage/garage-ca.crt", - "secrets/garage.crt:/garage/garage.crt", - "secrets/garage.key:/garage/garage.key", - ] - } - - template { - data = file("../config/configuration/garage/garage.toml") - destination = "secrets/garage.toml" - } - - # --- secrets --- - template { - data = "{{ key \"secrets/garage/garage-ca.crt\" }}" - destination = "secrets/garage-ca.crt" - } - template { - data = "{{ key \"secrets/garage/garage.crt\" }}" - destination = "secrets/garage.crt" - } - template { - data = "{{ key \"secrets/garage/garage.key\" }}" - destination = "secrets/garage.key" - } - - resources { - memory = 500 - cpu = 1000 - } - - service { - tags = [ - "garage_api", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:garage.deuxfleurs.fr" - ] - port = 3900 - address_mode = "driver" - name = "garage-api" - check { - type = "tcp" - port = 3900 - address_mode = "driver" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - tags = ["garage-rpc"] - port = 3901 - address_mode = "driver" - name = "garage-rpc" - check { - type = "tcp" - port = 3901 - address_mode = "driver" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} diff --git a/app/deployment/im.hcl b/app/deployment/im.hcl deleted file mode 100644 index 636f78e..0000000 --- a/app/deployment/im.hcl +++ /dev/null @@ -1,265 +0,0 @@ -job "im" { - datacenters = ["dc1"] - type = "service" - priority = 60 - - group "matrix" { - count = 1 - - network { - port "client_port" { static = 8008 } - port "federation_port" { static = 8448 } - } - - task "synapse" { - driver = "docker" - - config { - image = "superboum/amd64_synapse:v40" - network_mode = "host" - readonly_rootfs = true - ports = [ "client_port", "federation_port" ] - command = "python" - args = [ - "-m", "synapse.app.homeserver", - "-n", - "-c", "/etc/matrix-synapse/homeserver.yaml" - ] - volumes = [ - "secrets/conf:/etc/matrix-synapse", - "/mnt/glusterfs/chat/matrix/synapse/media:/var/lib/matrix-synapse/media", - "/mnt/glusterfs/chat/matrix/synapse/uploads:/var/lib/matrix-synapse/uploads", - "/tmp/synapse-logs:/var/log/matrix-synapse", - "/tmp/synapse:/tmp" - ] - } - - template { - data = file("../config/configuration/chat/synapse/homeserver.yaml") - destination = "secrets/conf/homeserver.yaml" - } - - template { - data = file("../config/configuration/chat/easybridge/registration.yaml.tpl") - destination = "secrets/conf/easybridge_registration.yaml" - } - - template { - data = file("../config/configuration/chat/synapse/log.yaml") - destination = "secrets/conf/log.yaml" - } - - template { - data = file("../config/configuration/chat/synapse/conf.d/server_name.yaml") - destination = "secrets/conf/server_name.yaml" - } - - template { - data = file("../config/configuration/chat/synapse/conf.d/report_stats.yaml") - destination = "secrets/conf/report_stats.yaml" - } - - # --- secrets --- - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}" - destination = "secrets/conf/homeserver.tls.crt" - } - - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}" - destination = "secrets/conf/homeserver.tls.dh" - } - - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}" - destination = "secrets/conf/homeserver.tls.key" - } - - template { - data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}" - destination = "secrets/conf/homeserver.signing.key" - } - - env { - SYNAPSE_CACHE_FACTOR = 1 - } - - resources { - cpu = 1000 - memory = 4000 - } - - service { - name = "synapse-client" - port = "client_port" - address_mode = "host" - tags = [ - "matrix", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix", - "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *", - "traefik.frontend.priority=100" - ] - check { - type = "tcp" - port = "client_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "synapse-federation" - port = "federation_port" - address_mode = "host" - tags = [ - "matrix", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:deuxfleurs.fr;PathPrefix:/_matrix", - "traefik.frontend.priority=100" - ] - } - } - } - - group "easybridge" { - count = 1 - - network { - port "api_port" { - static = 8321 - to = 8321 - } - port "web_port" { to = 8281 } - } - - task "easybridge" { - driver = "docker" - config { - image = "lxpz/easybridge_amd64:33" - ports = [ "api_port", "web_port" ] - volumes = [ - "secrets/conf:/data" - ] - args = [ "./easybridge", "-config", "/data/config.json" ] - } - - template { - data = file("../config/configuration/chat/easybridge/registration.yaml.tpl") - destination = "secrets/conf/registration.yaml" - } - - template { - data = file("../config/configuration/chat/easybridge/config.json.tpl") - destination = "secrets/conf/config.json" - } - - resources { - memory = 500 - cpu = 1000 - } - - service { - name = "easybridge-api" - tags = ["easybridge-api"] - port = "api_port" - address_mode = "host" - check { - type = "tcp" - port = "api_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "easybridge-web" - tags = [ - "easybridge-web", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - - - group "riotweb" { - count = 1 - - network { - port "web_port" { to = 8043 } - } - - task "server" { - driver = "docker" - config { - image = "superboum/amd64_riotweb:v19" - ports = [ "web_port" ] - volumes = [ - "secrets/config.json:/srv/http/config.json" - ] - } - - template { - data = file("../config/configuration/chat/riot_web/config.json") - destination = "secrets/config.json" - } - - resources { - memory = 21 - } - - service { - tags = [ - "webstatic", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:im.deuxfleurs.fr,riot.deuxfleurs.fr;PathPrefix:/", - "traefik.frontend.priority=10" - ] - port = "web_port" - address_mode = "host" - name = "webstatic" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/app/deployment/jitsi.hcl b/app/deployment/jitsi.hcl deleted file mode 100644 index 04c3f9f..0000000 --- a/app/deployment/jitsi.hcl +++ /dev/null @@ -1,234 +0,0 @@ -job "jitsi" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "core" { - - network { - port "bosh_port" { } - port "ext_port" { static = 5347 } - port "xmpp_port" { static = 5222 } - port "https_port" { } - port "video1_port" { static = 8080 } - port "video2_port" { static = 10000 } - } - - task "xmpp" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_xmpp:v8" - ports = [ "bosh_port", "ext_port", "xmpp_port" ] - network_mode = "host" - } - - template { - data = file("../config/configuration/jitsi/global_env.tpl") - destination = "secrets/global_env" - env = true - } - - # --- secrets --- - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" - } - - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key" - } - - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" - } - - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.key" - } - - resources { - cpu = 300 - memory = 200 - } - - service { - tags = [ "jitsi", "bosh" ] - port = "bosh_port" - address_mode = "host" - name = "jitsi-xmpp-bosh" - check { - type = "tcp" - port = "bosh_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - tags = [ "jitsi", "ext" ] - port = "ext_port" - address_mode = "host" - name = "jitsi-ext" - } - - service { - tags = [ "jitsi", "xmpp" ] - port = "xmpp_port" - address_mode = "host" - name = "jitsi-xmpp" - } - } - - task "front" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_meet:v3" - network_mode = "host" - ports = [ "https_port" ] - } - - template { - data = file("../config/configuration/jitsi/global_env.tpl") - destination = "secrets/global_env" - env = true - } - - # --- secrets --- - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" - } - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.key" - } - - resources { - cpu = 300 - memory = 200 - } - - service { - tags = [ - "jitsi", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/", - "traefik.protocol=https" - ] - port = "https_port" - address_mode = "host" - name = "jitsi-front-https" - check { - type = "tcp" - port = "https_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - - task "jicofo" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_conference_focus:v6" - network_mode = "host" - } - - template { - data = file("../config/configuration/jitsi/global_env.tpl") - destination = "secrets/global_env" - env = true - } - - #--- secrets --- - template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" - } - - template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" - } - - resources { - cpu = 300 - memory = 400 - } - } - - task "videobridge" { - driver = "docker" - config { - image = "superboum/amd64_jitsi_videobridge:v16" - network_mode = "host" - ports = [ "video1_port", "video2_port" ] - ulimit { - nofile = "1048576:1048576" - nproc = "65536:65536" - } - } - - env { - #JITSI_DEBUG = 1 - JITSI_VIDEO_TCP = 8080 - VIDEOBRIDGE_MAX_MEMORY = "1450m" - } - - template { - data = file("../config/configuration/jitsi/global_env.tpl") - destination = "secrets/global_env" - env = true - } - - resources { - cpu = 900 - memory = 1500 - } - - service { - tags = [ "jitsi", "(diplonat (tcp_port 8080))" ] - port = "video1_port" - address_mode = "host" - name = "jitsi-videobridge-video1" - check { - type = "tcp" - port = "video1_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - tags = [ "jitsi", "(diplonat (udp_port 10000))" ] - port = "video2_port" - address_mode = "host" - name = "jitsi-videobridge-video2" - } - } - } -} - diff --git a/app/deployment/nextcloud.hcl b/app/deployment/nextcloud.hcl deleted file mode 100644 index 8eed7d9..0000000 --- a/app/deployment/nextcloud.hcl +++ /dev/null @@ -1,65 +0,0 @@ -job "nextcloud" { - datacenters = ["dc1", "belair"] - type = "service" - priority = 40 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "nextcloud" { - count = 1 - - network { - port "web_port" { - to = 80 - } - } - - task "nextcloud" { - driver = "docker" - config { - image = "lxpz/deuxfleurs_nextcloud_amd64:8" - ports = [ "web_port" ] - volumes = [ - "secrets/config.php:/var/www/html/config/config.php" - ] - } - - template { - data = file("../config/configuration/nextcloud/config.php.tpl") - destination = "secrets/config.php" - } - - resources { - memory = 1000 - cpu = 2000 - } - - service { - name = "nextcloud" - tags = [ - "nextcloud", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/app/deployment/platoo.hcl b/app/deployment/platoo.hcl deleted file mode 100644 index ffdda9e..0000000 --- a/app/deployment/platoo.hcl +++ /dev/null @@ -1,64 +0,0 @@ -job "platoo" { - datacenters = ["dc1"] - type = "service" - priority = 10 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "core" { - network { - port "web_port" { to = 8080 } - } - - task "nodejs" { - driver = "docker" - config { - image = "victormoi/platoo:v1" - force_pull = true - ports = [ "web_port" ] - } - - template { - data = <<EOH -user=platoo -host=psql-proxy.service.2.cluster.deuxfleurs.fr -database=platoodb -password={{ key "secrets/platoo/bddpw" | trimSpace }} -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 400 - } - - service { - tags = [ - "platoo", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:platoo.deuxfleurs.fr;PathPrefix:/" - ] - port = "web_port" - address_mode = "host" - name = "platoo" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/app/deployment/plume.hcl b/app/deployment/plume.hcl deleted file mode 100644 index 1bdc332..0000000 --- a/app/deployment/plume.hcl +++ /dev/null @@ -1,69 +0,0 @@ -job "plume" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "plume" { - count = 1 - - network { - port "web_port" { } - } - - task "plume" { - driver = "docker" - config { - image = "superboum/plume:v2" - network_mode = "host" - ports = [ "web_port" ] - #command = "cat" - #args = [ "/dev/stdout" ] - volumes = [ - "/mnt/glusterfs/plume/media:/app/static/media", - "/mnt/glusterfs/plume/search:/app/search_index" - ] - } - - template { - data = file("../config/configuration/plume/app.env") - destination = "secrets/app.env" - env = true - } - - resources { - memory = 100 - cpu = 100 - } - - service { - name = "plume" - tags = [ - "plume", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:plume.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "http" - protocol = "http" - port = "web_port" - path = "/" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "600s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/app/deployment/postgres.hcl b/app/deployment/postgres.hcl deleted file mode 100644 index 388c65e..0000000 --- a/app/deployment/postgres.hcl +++ /dev/null @@ -1,134 +0,0 @@ -job "postgres" { - datacenters = ["dc1"] - type = "system" - priority = 90 - - update { - max_parallel = 1 - stagger = "2m" - } - - group "postgres" { - network { - port "psql_proxy_port" { static = 5432 } - port "psql_port" { static = 5433 } - } - - task "sentinel" { - driver = "docker" - - config { - image = "superboum/amd64_postgres:v3" - network_mode = "host" - readonly_rootfs = false - command = "/usr/local/bin/stolon-sentinel" - args = [ - "--cluster-name", "pissenlit", - "--store-backend", "consul", - "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", - ] - } - resources { - memory = 100 - } - } - - task "proxy" { - driver = "docker" - - config { - image = "superboum/amd64_postgres:v3" - network_mode = "host" - readonly_rootfs = false - command = "/usr/local/bin/stolon-proxy" - args = [ - "--cluster-name", "pissenlit", - "--store-backend", "consul", - "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", - "--port", "${NOMAD_PORT_psql_proxy_port}", - "--listen-address", "0.0.0.0" - ] - ports = [ "psql_proxy_port" ] - } - - resources { - memory = 100 - } - - service { - tags = ["sql"] - port = "psql_proxy_port" - address_mode = "host" - name = "psql-proxy" - check { - type = "tcp" - port = "psql_proxy_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "10m" - ignore_warnings = false - } - } - } - } - - task "keeper" { - driver = "docker" - - config { - image = "superboum/amd64_postgres:v3" - network_mode = "host" - readonly_rootfs = false - command = "/usr/local/bin/stolon-keeper" - args = [ - "--cluster-name", "pissenlit", - "--store-backend", "consul", - "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500", - "--data-dir", "/mnt/persist", - "--pg-su-password", "${PG_SU_PWD}", - "--pg-repl-username", "${PG_REPL_USER}", - "--pg-repl-password", "${PG_REPL_PWD}", - "--pg-listen-address", "${attr.unique.network.ip-address}", - "--pg-port", "${NOMAD_PORT_psql_port}", - "--pg-bin-path", "/usr/lib/postgresql/9.6/bin/" - ] - ports = [ "psql_port" ] - volumes = [ - "/mnt/ssd/postgres:/mnt/persist" - ] - } - - template { - data = file("../config/configuration/postgres/keeper/env.tpl") - destination = "secrets/env" - env = true - } - - resources { - memory = 500 - } - - service { - tags = ["sql"] - port = "psql_port" - address_mode = "host" - name = "keeper" - check { - type = "tcp" - port = "psql_port" - interval = "60s" - timeout = "5s" - - check_restart { - limit = 3 - grace = "60m" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/app/deployment/science.hcl b/app/deployment/science.hcl deleted file mode 100644 index 1aee7a8..0000000 --- a/app/deployment/science.hcl +++ /dev/null @@ -1,58 +0,0 @@ -job "science" { - datacenters = ["dc1"] - type = "service" - priority = 10 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "diagnet" { - network { - port "web_port" { to = 8000 } - } - - task "main" { - driver = "docker" - config { - image = "lesterpig/diagnet-landmark:latest" - args = [ - "-name", "landmark-deuxfleurs", - "-chrome", "-chrome-interval", "60m", - "-http", ":8000" - ] - ports = [ "web_port" ] - } - - resources { - cpu = 1000 - memory = 1200 - } - - service { - tags = [ - "diagnet", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/" - ] - port = "web_port" - address_mode = "host" - name = "diagnet" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/app/deployment/seafile.hcl b/app/deployment/seafile.hcl deleted file mode 100644 index 3af7db3..0000000 --- a/app/deployment/seafile.hcl +++ /dev/null @@ -1,222 +0,0 @@ -job "seafile" { - datacenters = ["dc1"] - type = "service" - priority = 10 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "main" { - count = 1 - - network { - port "seafile-frontend_port" { static = 8000 } - port "seafile-seafhttp_port" { static = 8083 } - port "seafile-dav_port" { static = 8084 } - port "seafile-hack_port" { static = 8085 } - port "mariadb_port" { static = 3306 } - } - - task "mariadb" { - driver = "docker" - config { - image = "superboum/amd64_mariadb:v4" - network_mode = "host" - command = "tail" - ports = [ "mariadb_port" ] - args = [ - "-f", "/var/log/mysql/error.log", - ] - volumes = [ - "/mnt/glusterfs/mariadb/main/server:/var/lib/mysql", - ] - } - - template { - data = file("../config/configuration/mariadb/main/env.tpl") - destination = "secrets/env" - env = true - } - - resources { - memory = 800 - } - - service { - tags = ["mariadb"] - port = "mariadb_port" - address_mode = "host" - name = "mariadb" - check { - type = "tcp" - port = "mariadb_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - - - task "hack" { - driver = "docker" - config { - image = "alpine/socat:1.0.5" - network_mode = "host" - ports = [ "seafile-hack_port" ] - command = "tcp6-listen:8085,fork,reuseaddr" - args = [ "tcp-connect:127.0.0.1:8083" ] - } - resources { - memory = 10 - } - service { - tags = [ - "seafile", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp" - - ] - port = "seafile-hack_port" - address_mode = "host" - name = "seafhttp" - check { - type = "tcp" - port = "seafile-hack_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - } - - task "server" { - driver = "docker" - config { - image = "superboum/amd64_seafile:v6" - network_mode = "host" - ports = [ "seafile-frontend_port", "seafile-dav_port", "seafile-seafhttp_port" ] - - ## cmd + args are used for running an instance attachable for update - # command = "/bin/sleep" - # args = ["999999"] - - mounts = [ - { - type = "bind" - source = "/mnt/glusterfs/seafile" - target = "/mnt/seafile-data" - } - ] - - volumes = [ - "secrets/conf:/srv/webstore/conf", - "secrets/ccnet:/srv/webstore/ccnet" - ] - } - - resources { - memory = 600 - } - - service { - tags = [ - "seafile", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/" - ] - port = "seafile-frontend_port" - address_mode = "host" - name = "seahub" - check { - type = "tcp" - port = "seafile-frontend_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - tags = [ - "seafile", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav" - - ] - port = "seafile-dav_port" - address_mode = "host" - name = "seafdav" - check { - type = "tcp" - port = "seafile-dav_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - template { - data = file("../config/configuration/seafile/conf/ccnet.conf.tpl") - destination = "secrets/conf/ccnet.conf" - } - - template { - data = file("../config/configuration/seafile/conf/seafile.conf.tpl") - destination = "secrets/conf/seafile.conf" - } - - template { - data = file("../config/configuration/seafile/conf/seahub_settings.py.tpl") - destination = "secrets/conf/seahub_settings.py" - } - - template { - data = file("../config/configuration/seafile/ccnet/seafile.ini") - destination = "secrets/ccnet/seafile.ini" - } - template { - data = file("../config/configuration/seafile/conf/seafdav.conf") - destination = "secrets/conf/seafdav.conf" - } - template { - data = file("../config/configuration/seafile/conf/gunicorn.conf") - destination = "secrets/conf/gunicorn.conf" - } - - # ---- secrets ---- - template { - data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}" - destination = "secrets/ccnet/mykey.peer" - } - - template { - data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}" - destination = "secrets/conf/mykey.peer" - } - } - } -} - diff --git a/app/deployment/traefik.hcl b/app/deployment/traefik.hcl deleted file mode 100644 index d0dc129..0000000 --- a/app/deployment/traefik.hcl +++ /dev/null @@ -1,72 +0,0 @@ -job "frontend" { - datacenters = ["dc1"] - type = "service" - priority = 80 - - group "traefik" { - - network { - port "http_port" { static = 80 } - port "https_port" { static = 443 } - port "admin_port" { static = 8082 } - } - - task "server" { - driver = "docker" - - config { - image = "amd64/traefik:1.7.20" - readonly_rootfs = true - network_mode = "host" - volumes = [ - "secrets/traefik.toml:/etc/traefik/traefik.toml", - ] - ports = [ "http_port", "https_port", "admin_port" ] - } - - resources { - memory = 265 - } - - template { - data = file("../config/configuration/traefik/traefik.toml") - destination = "secrets/traefik.toml" - } - - service { - name = "traefik-http" - port = "http_port" - tags = [ "(diplonat (tcp_port 80))" ] - address_mode = "host" - } - - service { - name = "traefik-https" - port = "https_port" - tags = [ "(diplonat (tcp_port 443))" ] - address_mode = "host" - } - - service { - name = "traefik-admin" - port = "admin_port" - address_mode = "host" - check { - type = "http" - protocol = "http" - port = 8082 - address_mode = "driver" - path = "/ping" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - diff --git a/app/deployment/web_static.hcl b/app/deployment/web_static.hcl deleted file mode 100644 index a02d48b..0000000 --- a/app/deployment/web_static.hcl +++ /dev/null @@ -1,112 +0,0 @@ -job "web_static" { - datacenters = ["dc1"] - type = "service" - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - group "landing" { - network { - port "deuxfleurs_port" { to = 8080 } - } - - task "server" { - driver = "docker" - config { - image = "superboum/amd64_webpull_pug:v4" - ports = [ "deuxfleurs_port" ] - } - - template { - data = <<EOH -WEBPULL_REPO="https://git.deuxfleurs.fr/Deuxfleurs/site.git" -WEBPULL_TOKEN="{{ key "secrets/web/home_token" | trimSpace }}" -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 200 - } - - service { - tags = [ - "webstatic", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/", - # ideally we would have a rewrite regex: ^https?://(www\.deuxfleurs\.fr|deuxfleurs\.org|www\.deuxfleurs\.fr)(.*)$ - "traefik.frontend.priority=10" - ] - port = "deuxfleurs_port" - address_mode = "host" - name = "landing" - check { - type = "tcp" - port = "deuxfleurs_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - - group "quentin" { - network { - port "quentin_port" { to = 8080 } - } - - task "server" { - driver = "docker" - config { - image = "superboum/amd64_webpull_ruby:v1" - ports = [ "quentin_port" ] - } - - template { - data = <<EOH -WEBPULL_REPO="https://git.deuxfleurs.fr/quentin/quentin.dufour.io.git" -WEBPULL_TOKEN="{{ key "secrets/web/quentin.dufour.io_token" | trimSpace }}" -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 500 - } - - service { - tags = [ - "webstatic", - "traefik.enable=true", - "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:quentin.dufour.io,www.quentin.dufour.io;PathPrefix:/" - ] - port = "quentin_port" - address_mode = "host" - name = "blog-quentin" - check { - type = "tcp" - port = "quentin_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} - |