aboutsummaryrefslogtreecommitdiff
path: root/nomad
diff options
context:
space:
mode:
Diffstat (limited to 'nomad')
-rw-r--r--nomad/bottin2.hcl116
-rw-r--r--nomad/core.hcl43
-rw-r--r--nomad/email.hcl475
-rw-r--r--nomad/garage.hcl99
-rw-r--r--nomad/im.hcl361
-rw-r--r--nomad/jitsi.hcl258
-rw-r--r--nomad/mariadb.hcl69
-rw-r--r--nomad/nextcloud.hcl67
-rw-r--r--nomad/object_storage.hcl159
-rw-r--r--nomad/platoo.hcl64
-rw-r--r--nomad/postgres.hcl145
-rw-r--r--nomad/science.hcl58
-rw-r--r--nomad/seafile.hcl174
-rw-r--r--nomad/traefik.hcl68
-rw-r--r--nomad/web_static.hcl113
-rw-r--r--nomad/webcap.hcl56
16 files changed, 0 insertions, 2325 deletions
diff --git a/nomad/bottin2.hcl b/nomad/bottin2.hcl
deleted file mode 100644
index 85bda59..0000000
--- a/nomad/bottin2.hcl
+++ /dev/null
@@ -1,116 +0,0 @@
-job "directory2" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "bottin" {
- count = 1
- task "bottin" {
- driver = "docker"
- config {
- image = "lxpz/bottin_amd64:14"
- readonly_rootfs = true
- port_map {
- ldap_port = 1389
- }
- volumes = [
- "secrets/config.json:/config.json"
- ]
- }
-
- resources {
- memory = 100
- network {
- port "ldap_port" {
- static = "389"
- }
- }
- }
-
- template {
- data = "{{ key \"configuration/directory/bottin/config.json\" }}"
- destination = "secrets/config.json"
- }
-
- service {
- tags = ["bottin"]
- port = "ldap_port"
- address_mode = "host"
- name = "bottin2"
- check {
- type = "tcp"
- port = "ldap_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
- group "guichet" {
- count = 1
- task "guichet" {
- driver = "docker"
- config {
- image = "lxpz/guichet_amd64:10"
- readonly_rootfs = true
- port_map {
- web_port = 9991
- }
- volumes = [
- "secrets/config.json:/config.json"
- ]
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/directory/guichet/config.json.tpl?raw"
- destination = "secrets/config.json.tpl"
- mode = "file"
- }
- template {
- source = "secrets/config.json.tpl"
- destination = "secrets/config.json"
- }
-
- resources {
- memory = 200
- network {
- port "web_port" {}
- }
- }
-
- service {
- name = "guichet"
- tags = [
- "guichet",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:guichet.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/nomad/core.hcl b/nomad/core.hcl
deleted file mode 100644
index 43774a6..0000000
--- a/nomad/core.hcl
+++ /dev/null
@@ -1,43 +0,0 @@
-job "core" {
- datacenters = ["dc1"]
- type = "system"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- update {
- max_parallel = 1
- stagger = "1m"
- }
-
- group "network" {
- task "diplonat" {
- driver = "docker"
-
- config {
- image = "darkgallium/amd64_diplonat:v2"
- network_mode = "host"
- readonly_rootfs = true
- privileged = true
- }
-
- template {
- data = <<EOH
-DIPLONAT_PRIVATE_IP={{ env "attr.unique.network.ip-address" }}
-DIPLONAT_REFRESH_TIME=60
-DIPLONAT_EXPIRATION_TIME=300
-DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
-RUST_LOG=debug
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 40
- }
- }
- }
-}
diff --git a/nomad/email.hcl b/nomad/email.hcl
deleted file mode 100644
index 86c4d87..0000000
--- a/nomad/email.hcl
+++ /dev/null
@@ -1,475 +0,0 @@
-job "email" {
- datacenters = ["dc1"]
- type = "service"
-
- group "dovecot" {
- count = 1
- task "server" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_dovecot:v2"
- readonly_rootfs = false
- port_map {
- auth_port = 1337
- imaps_port = 993
- imap_port = 143
- lmtp_port = 24
- }
- command = "dovecot"
- args = [ "-F" ]
- volumes = [
- "secrets/ssl/certs:/etc/ssl/certs",
- "secrets/ssl/private:/etc/ssl/private",
- "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf",
- "/mnt/glusterfs/email/mail:/var/mail/",
- ]
- }
-
- env {
- TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr"
- }
-
- resources {
- cpu = 100
- memory = 200
- network {
- mbits = 1
- port "auth_port" {
- static = "1337"
- }
- port "imap_port" {
- static = "143"
- }
- port "imaps_port" {
- static = "993"
- }
- port "lmtp_port" {
- static = "24"
- }
- }
- }
-
- service {
- name = "dovecot-auth"
- port = "auth_port"
- address_mode = "host"
- tags = [
- "dovecot",
- ]
- check {
- type = "tcp"
- port = "auth_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "dovecot-imap"
- port = "imap_port"
- address_mode = "host"
- tags = [
- "dovecot"
- ]
- check {
- type = "tcp"
- port = "imap_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "dovecot-imaps"
- port = "imaps_port"
- address_mode = "host"
- tags = [
- "dovecot",
- "(diplonat (tcp_port 993))"
- ]
-
- check {
- type = "tcp"
- port = "imaps_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "dovecot-lmtp"
- port = "lmtp_port"
- address_mode = "host"
- tags = [
- "dovecot",
- ]
-
- check {
- type = "tcp"
- port = "lmtp_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw"
- destination = "secrets/conf/dovecot-ldap.conf.tpl"
- mode = "file"
- }
- template {
- source = "secrets/conf/dovecot-ldap.conf.tpl"
- destination = "secrets/conf/dovecot-ldap.conf"
- perms = "400"
- }
-
- template {
- data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}"
- destination = "secrets/ssl/certs/dovecot.crt"
- perms = "400"
- }
- template {
- data = "{{ key \"configuration/email/dovecot/dovecot.key\" }}"
- destination = "secrets/ssl/private/dovecot.key"
- perms = "400"
- }
- }
- }
-
- group "opendkim" {
- count = 1
- task "server" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_opendkim:v1"
- readonly_rootfs = false
- port_map {
- dkim_port = 8999
- }
- command = "opendkim"
- args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ]
- volumes = [
- "secrets/dkim:/etc/dkim",
- "/dev/log:/dev/log",
- ]
- }
-
- resources {
- cpu = 100
- memory = 50
- network {
- mbits = 1
- port "dkim_port" {
- static = "8999"
- }
- }
- }
-
- service {
- name = "opendkim"
- port = "dkim_port"
- address_mode = "host"
- tags = [
- "opendkim",
- ]
- check {
- type = "tcp"
- port = "dkim_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- template {
- data = "{{ key \"configuration/email/dkim/keytable\" }}"
- destination = "secrets/dkim/keytable"
- }
- template {
- data = "{{ key \"configuration/email/dkim/signingtable\" }}"
- destination = "secrets/dkim/signingtable"
- }
- template {
- data = "{{ key \"configuration/email/dkim/smtp.private\" }}"
- destination = "secrets/dkim/smtp.private"
- perms = "600"
- }
- template {
- data = "{{ key \"configuration/email/dkim/smtp.txt\" }}"
- destination = "secrets/dkim/smtp.txt"
- }
- template {
- data = "{{ key \"configuration/email/dkim/trusted\" }}"
- destination = "secrets/dkim/trusted"
- }
- }
- }
-
- group "postfix" {
- count = 1
- task "server" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_postfix:v1"
- readonly_rootfs = false
- port_map {
- smtp_port = 25
- smtps_port = 465
- submission_port = 587
- }
- command = "postfix"
- args = [ "start-fg" ]
- volumes = [
- "secrets/ssl/certs:/etc/ssl/certs",
- "secrets/ssl/private:/etc/ssl/private",
- "secrets/postfix:/etc/postfix-conf",
- "/dev/log:/dev/log"
- ]
- }
-
- env {
- TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
- MAILNAME = "smtp.deuxfleurs.fr",
- }
-
- resources {
- cpu = 100
- memory = 200
- network {
- mbits = 1
- port "smtp_port" {
- static = "25"
- }
- port "smtps_port" {
- static = "465"
- }
- port "submission_port" {
- static = "587"
- }
- }
- }
-
- service {
- name = "postfix-smtp"
- port = "smtp_port"
- address_mode = "host"
- tags = [
- "postfix",
- "(diplonat (tcp_port 25 465 587))"
- ]
- check {
- type = "tcp"
- port = "smtp_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "postfix-smtps"
- port = "smtps_port"
- address_mode = "host"
- tags = [
- "postfix",
- ]
-
- check {
- type = "tcp"
- port = "smtps_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "postfix-submission"
- port = "submission_port"
- address_mode = "host"
- tags = [
- "postfix",
- ]
-
- check {
- type = "tcp"
- port = "submission_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-account.cf.tpl?raw"
- destination = "secrets/postfix/ldap-account.cf.tpl"
- mode = "file"
- }
- template {
- source = "secrets/postfix/ldap-account.cf.tpl"
- destination = "secrets/postfix/ldap-account.cf"
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-alias.cf.tpl?raw"
- destination = "secrets/postfix/ldap-alias.cf.tpl"
- mode = "file"
- }
- template {
- source = "secrets/postfix/ldap-alias.cf.tpl"
- destination = "secrets/postfix/ldap-alias.cf"
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-virtual-domains.cf.tpl?raw"
- destination = "secrets/postfix/ldap-virtual-domains.cf.tpl"
- mode = "file"
- }
- template {
- source = "secrets/postfix/ldap-virtual-domains.cf.tpl"
- destination = "secrets/postfix/ldap-virtual-domains.cf"
- }
-
-
- template {
- data = "{{ key \"configuration/email/postfix/postfix.crt\" }}"
- destination = "secrets/ssl/certs/postfix.crt"
- perms = "400"
- }
- template {
- data = "{{ key \"configuration/email/postfix/postfix.key\" }}"
- destination = "secrets/ssl/private/postfix.key"
- perms = "400"
- }
- template {
- data = "{{ key \"configuration/email/postfix/dynamicmaps.cf\" }}"
- destination = "secrets/postfix/dynamicmaps.cf"
- }
- template {
- data = "{{ key \"configuration/email/postfix/header_checks\" }}"
- destination = "secrets/postfix/header_checks"
- }
- template {
- data = "{{ key \"configuration/email/postfix/main.cf\" }}"
- destination = "secrets/postfix/main.cf"
- }
- template {
- data = "{{ key \"configuration/email/postfix/master.cf\" }}"
- destination = "secrets/postfix/master.cf"
- }
- template {
- data = "{{ key \"configuration/email/postfix/transport\" }}"
- destination = "secrets/postfix/transport"
- }
- template {
- data = "{{ key \"configuration/email/postfix/transport.db\" }}"
- destination = "secrets/postfix/transport.db"
- }
- }
- }
-
- group "sogo" {
- count = 1
- task "bundle" {
-
- driver = "docker"
-
- config {
- image = "superboum/amd64_sogo:v7"
- readonly_rootfs = false
- port_map {
- sogo_web_port = 8080
- }
- volumes = [
- "secrets/sogo.conf:/etc/sogo/sogo.conf",
- ]
- }
- env {
- FAKE = 2
- }
-
- /* Workaround as there is no consul source and no way to template recursively... */
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/sogo/sogo.conf.tpl?raw"
- destination = "secrets/tpl/sogo.conf.tpl"
- mode = "file"
- }
- template {
- source = "secrets/tpl/sogo.conf.tpl"
- destination = "secrets/sogo.conf"
- }
-
- resources {
- cpu = 200
- memory = 1000
- network {
- mbits = 1
- port "sogo_web_port" {}
- }
- }
-
- service {
- name = "sogo"
- port = "sogo_web_port"
- address_mode = "host"
- tags = [
- "sogo",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:www.sogo.deuxfleurs.fr,sogo.deuxfleurs.fr;PathPrefix:/"
- ]
- check {
- type = "tcp"
- port = "sogo_web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "5m"
- ignore_warnings = false
- }
- }
- }
-
- }
- }
-}
diff --git a/nomad/garage.hcl b/nomad/garage.hcl
deleted file mode 100644
index 3478706..0000000
--- a/nomad/garage.hcl
+++ /dev/null
@@ -1,99 +0,0 @@
-job "garage" {
- datacenters = ["dc1", "belair", "saturne"]
- type = "system"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "garage" {
- task "server" {
- driver = "docker"
- config {
- image = "lxpz/garage_amd64:4"
- port_map {
- rpc_port = 3901
- api_port = 3900
- }
- volumes = [
- "/mnt/storage/garage/data:/garage/data",
- "/mnt/ssd/garage/meta:/garage/meta",
- "secrets/garage.toml:/garage/config.toml",
- "secrets/garage-ca.crt:/garage/garage-ca.crt",
- "secrets/garage.crt:/garage/garage.crt",
- "secrets/garage.key:/garage/garage.key",
- ]
- }
-
- template {
- data = "{{ key \"configuration/garage/garage.toml\" }}"
- destination = "secrets/garage.toml"
- }
- template {
- data = "{{ key \"secrets/garage/garage-ca.crt\" }}"
- destination = "secrets/garage-ca.crt"
- }
- template {
- data = "{{ key \"secrets/garage/garage.crt\" }}"
- destination = "secrets/garage.crt"
- }
- template {
- data = "{{ key \"secrets/garage/garage.key\" }}"
- destination = "secrets/garage.key"
- }
-
- resources {
- memory = 500
- cpu = 1000
- network {
- port "rpc_port" {
- static = "3901"
- }
- port "api_port" {}
- }
- }
-
- service {
- tags = [
- "garage_api",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:garage.deuxfleurs.fr"
- ]
- port = "api_port"
- address_mode = "host"
- name = "garage-api"
- check {
- type = "tcp"
- port = "api_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- tags = ["garage-rpc"]
- port = "rpc_port"
- address_mode = "host"
- name = "garage-rpc"
- check {
- type = "tcp"
- port = "rpc_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
diff --git a/nomad/im.hcl b/nomad/im.hcl
deleted file mode 100644
index 53b81d1..0000000
--- a/nomad/im.hcl
+++ /dev/null
@@ -1,361 +0,0 @@
-job "im" {
- datacenters = ["dc1"]
- type = "service"
-
- group "matrix" {
- count = 1
- task "synapse" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_synapse:v33"
- readonly_rootfs = true
- port_map {
- client_port = 8008
- federation_port = 8448
- }
- command = "python"
- args = [
- "-m", "synapse.app.homeserver",
- "-n",
- "-c", "/etc/matrix-synapse/homeserver.yaml"
- ]
- volumes = [
- "secrets/conf:/etc/matrix-synapse",
- "/mnt/glusterfs/chat/matrix/synapse/media:/var/lib/matrix-synapse/media",
- "/mnt/glusterfs/chat/matrix/synapse/uploads:/var/lib/matrix-synapse/uploads",
- "/tmp/synapse-logs:/var/log/matrix-synapse",
- "/tmp/synapse:/tmp"
- ]
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/chat/synapse/homeserver.yaml?raw"
- destination = "secrets/tpl/homeserver.yaml.tpl"
- mode = "file"
- }
- template {
- source = "secrets/tpl/homeserver.yaml.tpl"
- destination = "secrets/conf/homeserver.yaml"
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/registration.yaml.tpl?raw"
- destination = "secrets/tpl/easybridge_registration.yaml.tpl"
- mode = "file"
- }
- template {
- source = "secrets/tpl/easybridge_registration.yaml.tpl"
- destination = "secrets/conf/easybridge_registration.yaml"
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/chat/fb2mx/registration.yaml?raw"
- destination = "secrets/tpl/fb2mx_registration.yaml.tpl"
- mode = "file"
- }
- template {
- source = "secrets/tpl/fb2mx_registration.yaml.tpl"
- destination = "secrets/conf/fb2mx_registration.yaml"
- }
-
- template {
- data = "{{ key \"configuration/chat/synapse/log.yaml\" }}"
- destination = "secrets/conf/log.yaml"
- }
- template {
- data = "{{ key \"configuration/chat/synapse/conf.d/server_name.yaml\" }}"
- destination = "secrets/conf/server_name.yaml"
- }
- template {
- data = "{{ key \"configuration/chat/synapse/conf.d/report_stats.yaml\" }}"
- destination = "secrets/conf/report_stats.yaml"
- }
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}"
- destination = "secrets/conf/homeserver.tls.crt"
- }
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}"
- destination = "secrets/conf/homeserver.tls.dh"
- }
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}"
- destination = "secrets/conf/homeserver.tls.key"
- }
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}"
- destination = "secrets/conf/homeserver.signing.key"
- }
-
- env {
- SYNAPSE_CACHE_FACTOR = 1
- }
-
- resources {
- cpu = 1000
- memory = 4000
- network {
- port "client_port" { }
- port "federation_port" { }
- }
- }
-
- service {
- name = "synapse-client"
- port = "client_port"
- address_mode = "host"
- tags = [
- "matrix",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix",
- "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *",
- "traefik.frontend.priority=100"
- ]
- check {
- type = "tcp"
- port = "client_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "synapse-federation"
- port = "federation_port"
- address_mode = "host"
- tags = [
- "matrix",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:deuxfleurs.fr;PathPrefix:/_matrix",
- "traefik.frontend.priority=100"
- ]
- }
-
- }
- }
-
- group "easybridge" {
- count = 1
- task "easybridge" {
- driver = "docker"
- config {
- image = "lxpz/easybridge_amd64:27"
- port_map {
- api_port = 8321
- web_port = 8281
- }
- volumes = [
- "secrets/conf:/data"
- ]
- args = [ "./easybridge", "-config", "/data/config.json" ]
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/registration.yaml.tpl?raw"
- destination = "secrets/tpl/registration.yaml.tpl"
- mode = "file"
- }
- template {
- source = "secrets/tpl/registration.yaml.tpl"
- destination = "secrets/conf/registration.yaml"
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/config.json.tpl?raw"
- destination = "secrets/tpl/config.json.tpl"
- mode = "file"
- }
- template {
- source = "secrets/tpl/config.json.tpl"
- destination = "secrets/conf/config.json"
- }
-
- resources {
- memory = 500
- cpu = 1000
- network {
- port "api_port" {
- static = "8321"
- }
- port "web_port" {}
- }
- }
-
- service {
- name = "easybridge-api"
- tags = ["easybridge-api"]
- port = "api_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "api_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- name = "easybridge-web"
- tags = [
- "easybridge-web",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
-
- group "riotweb" {
- count = 1
-
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_riotweb:v15"
- port_map {
- web_port = 8043
- }
- volumes = [
- "secrets/config.json:/srv/http/config.json"
- ]
- }
-
- template {
- data = "{{ key \"configuration/chat/riot_web/config.json\" }}"
- destination = "secrets/config.json"
- }
-
- resources {
- memory = 21
- network {
- port "web_port" {}
- }
- }
-
- service {
- tags = [
- "webstatic",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:im.deuxfleurs.fr,riot.deuxfleurs.fr;PathPrefix:/",
- "traefik.frontend.priority=10"
- ]
- port = "web_port"
- address_mode = "host"
- name = "webstatic"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
-/*
- group "turn_stun" {
- count=1
- task "coturn" {
- driver = "docker"
- config {
- image = "registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1"
- port_map {
- main_port = 3478
- alt_port = 3479
- }
- command = "/usr/bin/turnserver"
- args = [
- "-X", "82.253.205.190",
- "-v",
- "-f",
- "-a"
- ]
- volumes = [
- "secrets/turnserver.conf:/etc/turnserver.conf"
- ]
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/chat/coturn/turnserver.conf.tpl?raw"
- destination = "secrets/turnserver.conf.tpl"
- mode = "file"
- }
-
- template {
- source = "secrets/turnserver.conf.tpl"
- destination = "secrets/turnserver.conf"
- }
-
- resources {
- memory = 50
- network {
- port "main_port" {
- static = "3478"
- }
- port "alt_port" {
- static = "3479"
- }
- }
- }
-
- service {
- tags = [
- "coturn",
- "matrix"
- ]
- port = "main_port"
- address_mode = "host"
- name = "coturn"
- check {
- type = "tcp"
- port = "main_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- }
- }
-*/
-
-}
-
diff --git a/nomad/jitsi.hcl b/nomad/jitsi.hcl
deleted file mode 100644
index 4ef2f98..0000000
--- a/nomad/jitsi.hcl
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- * WIP WIP WIP WIP
- *
- * + NEED TO SET ENV VARIABLES
- */
-
-job "jitsi" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "core" {
- task "xmpp" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_xmpp:v1"
- network_mode = "host"
- port_map {
- xmpp_port = 5222
- ext_port = 5347
- bosh_port = 5280
- }
- }
-
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
- }
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
- }
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
- }
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
- }
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
- destination = "secrets/global_env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/global_env.tpl"
- destination = "secrets/global_env"
- env = true
- }
-
- resources {
- cpu = 300
- memory = 200
- network {
- port "xmpp_port" {
- static = "5222"
- }
- port "ext_port" {
- static = "5347"
- }
- port "bosh_port" {
- static = "5280"
- }
- }
- }
-
- service {
- tags = [
- "jitsi"
- ]
- port = "bosh_port"
- address_mode = "host"
- name = "jitsi-xmpp-bosh"
- check {
- type = "tcp"
- port = "bosh_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
-
- task "front" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_front:v5"
- network_mode = "host"
- port_map {
- https_port = 443
- }
- }
-
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
- }
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
- }
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
- destination = "secrets/global_env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/global_env.tpl"
- destination = "secrets/global_env"
- env = true
- }
-
- resources {
- cpu = 300
- memory = 200
- network {
- port "https_port" {
- static = "443"
- }
- }
- }
-
- service {
- tags = [
- "jitsi",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
- "traefik.protocol=https"
- ]
- port = "https_port"
- address_mode = "host"
- name = "jitsi-front-https"
- check {
- type = "tcp"
- port = "https_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
-
- task "jicofo" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_conference_focus:v2"
- network_mode = "host"
- }
-
- template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
- }
- template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
- }
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
- destination = "secrets/global_env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/global_env.tpl"
- destination = "secrets/global_env"
- env = true
- }
-
- resources {
- cpu = 300
- memory = 400
- }
- }
-
- task "videobridge" {
- driver = "docker"
- config {
- image = "superboum/amd64_jitsi_videobridge:v9"
- network_mode = "host"
- port_map {
- video1_port = 8080
- video2_port = 10000
- }
- ulimit {
- nofile = "1048576:1048576"
- nproc = "65536:65536"
- }
- }
-
- env {
- #JITSI_DEBUG = 1
- JITSI_VIDEO_TCP = 8080
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
- destination = "secrets/global_env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/global_env.tpl"
- destination = "secrets/global_env"
- env = true
- }
-
- resources {
- cpu = 900
- memory = 1500
- network {
- port "video1_port" {
- static = "8080"
- }
- port "video2_port" {
- static = "10000"
- }
- }
-
- }
-
- service {
- tags = [
- "jitsi",
- "(diplonat (tcp_port 8080) (udp_port 10000))"
- ]
- port = "video1_port"
- address_mode = "host"
- name = "jitsi-videobridge-video1"
- check {
- type = "tcp"
- port = "video1_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
-
- }
-}
-
diff --git a/nomad/mariadb.hcl b/nomad/mariadb.hcl
deleted file mode 100644
index 2b9be7e..0000000
--- a/nomad/mariadb.hcl
+++ /dev/null
@@ -1,69 +0,0 @@
-job "mariadb" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "main" {
- count = 1
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_mariadb:v3"
- port_map {
- mariadb_port = 3306
- }
- command = "tail"
- args = [
- "-f", "/var/log/mysql/error.log",
- ]
- volumes = [
- "/mnt/glusterfs/mariadb/main/server:/var/lib/mysql",
- ]
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/mariadb/main/env.tpl?raw"
- destination = "secrets/env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/env.tpl"
- destination = "secrets/env"
- env = true
- }
-
-
- resources {
- memory = 800
- network {
- port "mariadb_port" {
- static = "3306"
- }
- }
- }
-
- service {
- tags = ["mariadb"]
- port = "mariadb_port"
- address_mode = "host"
- name = "mariadb"
- check {
- type = "tcp"
- port = "mariadb_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/nomad/nextcloud.hcl b/nomad/nextcloud.hcl
deleted file mode 100644
index 2cc4f5f..0000000
--- a/nomad/nextcloud.hcl
+++ /dev/null
@@ -1,67 +0,0 @@
-job "nextcloud" {
- datacenters = ["dc1", "belair"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "nextcloud" {
- count = 1
- task "nextcloud" {
- driver = "docker"
- config {
- image = "lxpz/deuxfleurs_nextcloud_amd64:8"
- port_map {
- web_port = 80
- }
- volumes = [
- "secrets/config.php:/var/www/html/config/config.php"
- ]
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/nextcloud/config.php.tpl?raw"
- destination = "secrets/config.php.tpl"
- mode = "file"
- }
- template {
- source = "secrets/config.php.tpl"
- destination = "secrets/config.php"
- }
-
- resources {
- memory = 1000
- cpu = 2000
- network {
- port "web_port" {}
- }
- }
-
- service {
- name = "nextcloud"
- tags = [
- "nextcloud",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr",
- ]
- port = "web_port"
- address_mode = "host"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/nomad/object_storage.hcl b/nomad/object_storage.hcl
deleted file mode 100644
index fa40c4b..0000000
--- a/nomad/object_storage.hcl
+++ /dev/null
@@ -1,159 +0,0 @@
-job "not_safe_object_storage" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "not_safe_pithos" {
- count = 2
- task "not_safe_server" {
- driver = "docker"
- config {
- image = "superboum/amd64_pithos:v1"
- readonly_rootfs = true
- port_map {
- s3_port = 8080
- }
- volumes = [
- "secrets/pithos.yaml:/etc/pithos/pithos.yaml"
- ]
- }
-
- resources {
- memory = 500
- network {
- port "s3_port" {
- static = "8080"
- }
- }
- }
-
- template {
- data = <<EOH
-service:
- host: '0.0.0.0'
- port: 8080
-
-
-## logging configuration
-## ---------------------
-logging:
- level: info
- console: true
- files: []
-
-# overrides:
-# io.exo.pithos: debug
-
-
-## global options
-## --------------
-options:
- service-uri: 's3.esir.deuxfleurs.fr'
- reporting: true
- server-side-encryption: true
- multipart-upload: true
- masterkey-provisioning: true
- masterkey-access: true
- default-region: 'FR-RN1'
-
-
-## keystore configuration
-## ----------------------
-#
-# Keystores associate an access key with
-# an organization and secret key.
-#
-# They may offer provisioning capacities with the
-# masterkey. The default provider relies on keys
-# being defined inline.
-# generate access key: openssl rand -base64 24
-# generate secret key: openssl rand -base64 39
-# (size is arbitrary)
-keystore:
- keys:
- NHu3glGc0lj5FL5AZPTvgjB20tb9w4Eo:
- master: true
- tenant: 'pyr@spootnik.org'
- secret: 'fpyehmZsimMHeYScjwTUREzvIOICeRZiO01Dck0JIKEifKdwOT3T'
- rXNoqKXY45RcxpBOKy8i4H8fqGzlHIZu:
- tenant: 'exoscale'
- secret: 'qtQlWujN70Ukh9IvIbqIM3Zqos/5aU72hOhLCXblQ0PmfYsGO8lU'
-
-
-## bucketstore configuration
-## -------------------------
-#
-# The bucketstore is ring global and contains information
-# on bucket location and global parameters.
-#
-# Its primary aim is to hold bucket location and ownership
-# information.
-#
-# The default provider relies on cassandra.
-bucketstore:
- default-region: 'FR-RN1'
- cluster:
- - 148.60.11.181
- - 148.60.11.183
- - 148.60.11.237
- keyspace: 'storage'
-
-
-## regions
-## -------
-#
-# Regions are composed of a metastore and an arbitrary number
-# of named storage classes which depend on a blobstore.
-#
-# The metastore holds metadata for the full region, as well as
-# object storage-class placement information.
-#
-# The default implementation of both metastore and blobstore
-# rely on cassandra.
-#
-regions:
- FR-RN1:
- metastore:
- cluster:
- - 148.60.11.181
- - 148.60.11.183
- - 148.60.11.237
- keyspace: 'storage'
- storage-classes:
- standard:
- cluster:
- - 148.60.11.181
- - 148.60.11.183
- - 148.60.11.237
- keyspace: 'storage'
- max-chunk: '128k'
- max-block-chunks: 1024
-EOH
- destination = "secrets/pithos.yaml"
- }
-
- service {
- tags = ["pithos"]
- port = "s3_port"
- address_mode = "host"
- name = "pithos"
- check {
- type = "tcp"
- port = "s3_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "300s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/nomad/platoo.hcl b/nomad/platoo.hcl
deleted file mode 100644
index 0502934..0000000
--- a/nomad/platoo.hcl
+++ /dev/null
@@ -1,64 +0,0 @@
-job "platoo" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "core" {
- task "nodejs" {
- driver = "docker"
- config {
- image = "victormoi/platoo:v1"
- force_pull = true
- port_map {
- web_port = 8080
- }
- }
-
- template {
- data = <<EOH
-user=platoo
-host=psql-proxy.service.2.cluster.deuxfleurs.fr
-database=platoodb
-password={{ key "secrets/platoo/bddpw" | trimSpace }}
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 400
- network {
- port "web_port" {}
- }
- }
-
- service {
- tags = [
- "platoo",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:platoo.deuxfleurs.fr;PathPrefix:/"
- ]
- port = "web_port"
- address_mode = "host"
- name = "platoo"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/nomad/postgres.hcl b/nomad/postgres.hcl
deleted file mode 100644
index 456156e..0000000
--- a/nomad/postgres.hcl
+++ /dev/null
@@ -1,145 +0,0 @@
-job "postgres" {
- datacenters = ["dc1"]
- type = "system"
- priority = 90
-
- update {
- max_parallel = 1
- stagger = "5m"
- }
-
- group "postgres" {
- task "sentinel" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_postgres:v3"
- readonly_rootfs = false
- command = "/usr/local/bin/stolon-sentinel"
- args = [
- "--cluster-name", "pissenlit",
- "--store-backend", "consul",
- "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500",
- ]
- }
- resources {
- memory = 100
- }
- }
-
- task "proxy" {
- driver = "docker"
-
- config {
- image = "superboum/amd64_postgres:v3"
- readonly_rootfs = false
- command = "/usr/local/bin/stolon-proxy"
- args = [
- "--cluster-name", "pissenlit",
- "--store-backend", "consul",
- "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500",
- "--port", "5432",
- "--listen-address", "0.0.0.0"
- ]
- port_map {
- psql_proxy_port = 5432
- }
- }
-
- resources {
- memory = 100
- network {
- port "psql_proxy_port" {
- static = 5432
- }
- }
- }
-
- service {
- tags = ["sql"]
- port = "psql_proxy_port"
- address_mode = "host"
- name = "psql-proxy"
- check {
- type = "tcp"
- port = "psql_proxy_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "10m"
- ignore_warnings = false
- }
- }
- }
- }
-
- task "keeper" {
- driver = "docker"
-
- config {
- network_mode = "host"
- image = "superboum/amd64_postgres:v3"
- readonly_rootfs = false
- command = "/usr/local/bin/stolon-keeper"
- args = [
- "--cluster-name", "pissenlit",
- "--store-backend", "consul",
- "--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500",
- "--data-dir", "/mnt/persist",
- "--pg-su-password", "${PG_SU_PWD}",
- "--pg-repl-username", "${PG_REPL_USER}",
- "--pg-repl-password", "${PG_REPL_PWD}",
- "--pg-listen-address", "${attr.unique.network.ip-address}",
- "--pg-port", "5433",
- "--pg-bin-path", "/usr/lib/postgresql/9.6/bin/"
- ]
- port_map {
- psql_port = 5433
- }
- volumes = [
- "/mnt/ssd/postgres:/mnt/persist"
- ]
- }
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/postgres/keeper/env.tpl?raw"
- destination = "secrets/env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/env.tpl"
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 500
- network {
- port "psql_port" {
- static = "5433"
- }
- }
- }
-
- service {
- tags = ["sql"]
- port = "psql_port"
- address_mode = "host"
- name = "keeper"
- check {
- type = "tcp"
- port = "psql_port"
- interval = "60s"
- timeout = "5s"
-
- check_restart {
- limit = 3
- grace = "60m"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/nomad/science.hcl b/nomad/science.hcl
deleted file mode 100644
index 81e398a..0000000
--- a/nomad/science.hcl
+++ /dev/null
@@ -1,58 +0,0 @@
-job "science" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "diagnet" {
- task "main" {
- driver = "docker"
- config {
- image = "lesterpig/diagnet-landmark:latest"
- args = [
- "-name", "landmark-deuxfleurs",
- "-chrome", "-chrome-interval", "60m",
- "-http", ":8000"
- ]
- port_map {
- web_port = 8000
- }
- }
-
- resources {
- cpu = 1000
- memory = 1200
- network {
- port "web_port" {}
- }
- }
-
- service {
- tags = [
- "diagnet",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/"
- ]
- port = "web_port"
- address_mode = "host"
- name = "diagnet"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/nomad/seafile.hcl b/nomad/seafile.hcl
deleted file mode 100644
index e22699c..0000000
--- a/nomad/seafile.hcl
+++ /dev/null
@@ -1,174 +0,0 @@
-job "seafile" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "main" {
- count = 1
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_seafile:v6"
-
- ## cmd + args are used for running an instance attachable for update
- # command = "/bin/sleep"
- # args = ["999999"]
-
- port_map {
- seahub_port = 8000
- seafdav_port = 8084
- seafhttp_port = 8082
- }
-
- mounts = [
- {
- type = "bind"
- source = "/mnt/glusterfs/seafile"
- target = "/mnt/seafile-data"
- }
- ]
-
- volumes = [
- "secrets/conf:/srv/webstore/conf",
- "secrets/ccnet:/srv/webstore/ccnet"
- ]
- }
-
- resources {
- memory = 512
- network {
- port "seahub_port" {}
- port "seafhttp_port" {}
- port "seafdav_port" {}
- }
- }
-
- service {
- tags = [
- "seafile",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/"
- ]
- port = "seahub_port"
- address_mode = "host"
- name = "seahub"
- check {
- type = "tcp"
- port = "seahub_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- tags = [
- "seafile",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp"
-
- ]
- port = "seafhttp_port"
- address_mode = "host"
- name = "seafhttp"
- check {
- type = "tcp"
- port = "seafhttp_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- service {
- tags = [
- "seafile",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav"
-
- ]
- port = "seafdav_port"
- address_mode = "host"
- name = "seafdav"
- check {
- type = "tcp"
- port = "seafdav_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/ccnet.conf.tpl?raw"
- destination = "secrets/conf/ccnet.conf.tpl"
- mode = "file"
- }
- template {
- source = "secrets/conf/ccnet.conf.tpl"
- destination = "secrets/conf/ccnet.conf"
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/seafile.conf.tpl?raw"
- destination = "secrets/conf/seafile.conf.tpl"
- mode = "file"
- }
- template {
- source = "secrets/conf/seafile.conf.tpl"
- destination = "secrets/conf/seafile.conf"
- }
-
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/seahub_settings.py.tpl?raw"
- destination = "secrets/conf/seahub_settings.py.tpl"
- mode = "file"
- }
- template {
- source = "secrets/conf/seahub_settings.py.tpl"
- destination = "secrets/conf/seahub_settings.py"
- }
-
- template {
- data = "{{ key \"configuration/seafile/ccnet/mykey.peer\" }}"
- destination = "secrets/ccnet/mykey.peer"
- }
- template {
- data = "{{ key \"configuration/seafile/ccnet/seafile.ini\" }}"
- destination = "secrets/ccnet/seafile.ini"
- }
- template {
- data = "{{ key \"configuration/seafile/conf/mykey.peer\" }}"
- destination = "secrets/conf/mykey.peer"
- }
- template {
- data = "{{ key \"configuration/seafile/conf/seafdav.conf\" }}"
- destination = "secrets/conf/seafdav.conf"
- }
- template {
- data = "{{ key \"configuration/seafile/conf/gunicorn.conf\" }}"
- destination = "secrets/conf/gunicorn.conf"
- }
- }
- }
-}
-
diff --git a/nomad/traefik.hcl b/nomad/traefik.hcl
deleted file mode 100644
index a0803e4..0000000
--- a/nomad/traefik.hcl
+++ /dev/null
@@ -1,68 +0,0 @@
-job "frontend" {
- datacenters = ["dc1"]
- type = "service"
-
- group "traefik" {
- task "server" {
- driver = "docker"
-
- config {
- image = "amd64/traefik:1.7.20"
- readonly_rootfs = true
- port_map {
- https_port = 443
- http_port = 80
- adm_port = 8082
- }
- volumes = [
- "secrets/traefik.toml:/etc/traefik/traefik.toml",
- ]
- }
-
- resources {
- memory = 265
- network {
- port "https_port" {
- static = "443"
- }
- port "http_port" {
- static = "80"
- }
- port "adm_port" {
- static = "8082"
- }
- }
- }
-
- service {
- tags = [
- "https",
- "frontend",
- "(diplonat (tcp_port 80 443))"
- ]
- port = "https_port"
- address_mode = "host"
- name = "traefik"
- check {
- type = "http"
- protocol = "http"
- port = "adm_port"
- path = "/ping"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
-
- template {
- data = "{{ key \"configuration/traefik/traefik.toml\" }}"
- destination = "secrets/traefik.toml"
- }
- }
- }
-}
-
diff --git a/nomad/web_static.hcl b/nomad/web_static.hcl
deleted file mode 100644
index c935b2a..0000000
--- a/nomad/web_static.hcl
+++ /dev/null
@@ -1,113 +0,0 @@
-job "web_static" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "landing" {
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_webpull_pug:v4"
- port_map {
- web_port = 8080
- }
- }
-
- template {
- data = <<EOH
-WEBPULL_REPO="https://git.deuxfleurs.fr/Deuxfleurs/site.git"
-WEBPULL_TOKEN="{{ key "secrets/web/home_token" | trimSpace }}"
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 200
- network {
- port "web_port" {}
- }
- }
-
- service {
- tags = [
- "webstatic",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/",
- "traefik.frontend.priority=10"
- ]
- port = "web_port"
- address_mode = "host"
- name = "landing"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-
- group "quentin" {
- task "server" {
- driver = "docker"
- config {
- image = "superboum/amd64_webpull_ruby:v1"
- port_map {
- web_port = 8080
- }
- }
-
- template {
- data = <<EOH
-WEBPULL_REPO="https://git.deuxfleurs.fr/quentin/quentin.dufour.io.git"
-WEBPULL_TOKEN="{{ key "secrets/web/quentin.dufour.io_token" | trimSpace }}"
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 500
- network {
- port "web_port" {}
- }
- }
-
- service {
- tags = [
- "webstatic",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https",
- "traefik.frontend.rule=Host:quentin.dufour.io,www.quentin.dufour.io;PathPrefix:/"
- ]
- port = "web_port"
- address_mode = "host"
- name = "blog-quentin"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-
diff --git a/nomad/webcap.hcl b/nomad/webcap.hcl
deleted file mode 100644
index 1246b76..0000000
--- a/nomad/webcap.hcl
+++ /dev/null
@@ -1,56 +0,0 @@
-job "webcap" {
- datacenters = ["dc1"]
- type = "service"
-
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
- group "main" {
- task "flask" {
- driver = "docker"
- config {
- image = "superboum/amd64_webcap:v7"
- port_map {
- web_port = 3000
- }
- }
- env {
- FLASK_APP = "/usr/local/bin/webcap"
- }
-
- resources {
- cpu = 1000
- memory = 2000
- network {
- port "web_port" {}
- }
- }
-
- service {
- tags = [
- "webcap",
- "traefik.enable=true",
- "traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:webcap.deuxfleurs.fr;PathPrefix:/"
- ]
- port = "web_port"
- address_mode = "host"
- name = "webcap"
- check {
- type = "tcp"
- port = "web_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
-