From 03680a992b627cda620ad3a3fd1ba9c725bfc371 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Wed, 28 Oct 2020 16:55:11 +0100
Subject: Switch Matrix+Plume to IPv6, Add Trusted Net to ip6tables

---
 app/config/configuration/plume/app.env |  2 +-
 app/deployment/im.hcl                  | 20 +++++++-------------
 app/deployment/plume.hcl               | 11 +++++------
 3 files changed, 13 insertions(+), 20 deletions(-)

(limited to 'app')

diff --git a/app/config/configuration/plume/app.env b/app/config/configuration/plume/app.env
index 78eccfe..4a6adb4 100644
--- a/app/config/configuration/plume/app.env
+++ b/app/config/configuration/plume/app.env
@@ -16,7 +16,7 @@ DATABASE_URL=postgres://plume:{{ key "secrets/plume/pgsql_pw" | trimSpace }}@psq
 MIGRATION_DIRECTORY=migrations/postgres
 
 USE_HTTPS=0
-ROCKET_ADDRESS=0.0.0.0
+ROCKET_ADDRESS=::
 ROCKET_PORT=7878
 
 MEDIA_UPLOAD_DIRECTORY=/app/static/media
diff --git a/app/deployment/im.hcl b/app/deployment/im.hcl
index f76fb73..dfff98b 100644
--- a/app/deployment/im.hcl
+++ b/app/deployment/im.hcl
@@ -9,11 +9,8 @@ job "im" {
 
       config {
         image = "superboum/amd64_synapse:v36"
+        network_mode = "host"
         readonly_rootfs = true
-        port_map {
-          client_port = 8008
-          federation_port = 8448
-        }
         command = "python"
         args = [
           "-m", "synapse.app.homeserver",
@@ -95,16 +92,12 @@ job "im" {
       resources {
         cpu = 1000
         memory = 4000
-        network {
-          port "client_port" { }
-          port "federation_port" { }
-        }
       }
 
       service {
         name = "synapse-client"
-        port = "client_port"
-        address_mode = "host"
+        port = 8008
+        address_mode = "driver"
         tags = [
           "matrix",
           "traefik.enable=true",
@@ -115,7 +108,8 @@ job "im" {
         ]
         check {
           type = "tcp"
-          port = "client_port"
+          port = 8008
+          address_mode = "driver"
           interval = "60s"
           timeout = "5s"
           check_restart {
@@ -128,8 +122,8 @@ job "im" {
 
       service {
         name = "synapse-federation"
-        port = "federation_port"
-        address_mode = "host"
+        port = 8448
+        address_mode = "driver"
         tags = [
           "matrix",
           "traefik.enable=true",
diff --git a/app/deployment/plume.hcl b/app/deployment/plume.hcl
index 376789b..88110da 100644
--- a/app/deployment/plume.hcl
+++ b/app/deployment/plume.hcl
@@ -13,9 +13,7 @@ job "plume" {
       driver = "docker"
       config {
         image = "superboum/plume:v1"
-        port_map {
-          web_port = 7878
-        }
+        network_mode = "host"
         #command = "cat"
         #args = [ "/dev/stdout" ]
         volumes = [
@@ -51,11 +49,12 @@ job "plume" {
           "traefik.frontend.entryPoints=https,http",
           "traefik.frontend.rule=Host:plume.deuxfleurs.fr",
         ]
-        port = "web_port"
-        address_mode = "host"
+        port = 7878
+        address_mode = "driver"
         check {
           type = "tcp"
-          port = "web_port"
+          port = 7878
+          address_mode = "driver"
           interval = "60s"
           timeout = "5s"
           check_restart {
-- 
cgit v1.2.3