staging plume: cleanup and update

author: Alex Auvolat <alex@adnab.me> 2023-05-15 13:36:38 +0200
committer: Alex Auvolat <alex@adnab.me> 2023-05-15 13:36:38 +0200
commit: 2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc (patch)
tree: c61d46f9a299771bd4389dfd927ff9ba8ddf3b7b
parent: 5c7a8c72d80a2c818e41f5d6aafb4acc70867f1c (diff)
download: nixcfg-2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc.tar.gz
nixcfg-2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc.zip
8 files changed, 12 insertions, 104 deletions
diff --git a/cluster/staging/app/plume/build/docker-compose.yml b/cluster/staging/app/plume/build/docker-compose.yml
index db2be83..3f02e90 100644
--- a/cluster/staging/app/plume/build/docker-compose.yml
+++ b/cluster/staging/app/plume/build/docker-compose.yml
@@ -4,5 +4,5 @@ services:
     build:
       context: ./plume
       args:
-        VERSION: 24d3b289da085261966fb338113610905dfca8c9
+        VERSION: 61e65a55ad1f5094321c111e395d00dddcb05e96
     image: lxpz/plume_dev:v1
diff --git a/cluster/staging/app/plume/build/plume/Dockerfile b/cluster/staging/app/plume/build/plume/Dockerfile
index b7bb862..3ffc20b 100644
--- a/cluster/staging/app/plume/build/plume/Dockerfile
+++ b/cluster/staging/app/plume/build/plume/Dockerfile
@@ -30,6 +30,7 @@ RUN git clone -n https://git.joinplu.me/lx/Plume.git plume
 
 WORKDIR /opt/plume
 RUN git checkout ${PLUME_VERSION}
+RUN git merge 397e3b4d9720475257817b322c05323d12918216
 RUN rm rust-toolchain
 
 WORKDIR /opt/plume/script
diff --git a/cluster/staging/app/plume/config/app.env b/cluster/staging/app/plume/config/app.env
index 6950736..54ff438 100644
--- a/cluster/staging/app/plume/config/app.env
+++ b/cluster/staging/app/plume/config/app.env
@@ -16,6 +16,8 @@ S3_REGION=garage-staging
 S3_HOSTNAME={{ env "attr.unique.network.ip-address" }}:3990
 S3_PROTOCOL=http
 S3_PATH_STYLE=true
+S3_DIRECT_DOWNLOAD=true
+S3_ALIAS_HOST=plume.web.staging.deuxfleurs.org
 
 # DATABASE SETUP
 DATABASE_URL=/ephemeral/plume.db
@@ -35,4 +37,4 @@ LDAP_USER_MAIL_ATTR=mail
 LDAP_TLS=false
 
 RUST_BACKTRACE=1
-RUST_LOG=debug
+RUST_LOG=info
diff --git a/cluster/staging/app/plume/deploy/plume.hcl b/cluster/staging/app/plume/deploy/plume.hcl
index 483828d..9fac3c6 100644
--- a/cluster/staging/app/plume/deploy/plume.hcl
+++ b/cluster/staging/app/plume/deploy/plume.hcl
@@ -46,21 +46,14 @@ job "plume-blog" {
     }
 
     task "plume" {
-      constraint {
-        attribute = "${attr.unique.hostname}"
-        operator = "="
-        value = "carcajou"
-      }
-
       driver = "docker"
       config {
-        image = "lxpz/devplume:v3"
+        image = "lxpz/devplume:v5"
         network_mode = "host"
         ports = [ "web_port" ]
         command = "sh"
         args = [ "-c", "plm search init; plm search refill; plume" ]
         volumes = [
-          "/mnt/ssd/plume/search_index:/app/search_index",
 		  "../alloc/data:/ephemeral"
         ]
       }
diff --git a/cluster/staging/app/plume/integration/bottin.json b/cluster/staging/app/plume/integration/bottin.json
deleted file mode 100644
index a970762..0000000
--- a/cluster/staging/app/plume/integration/bottin.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
-  "suffix": "dc=deuxfleurs,dc=fr",
-  "bind": "0.0.0.0:389",
-  "consul_host": "http://consul:8500",
-  "log_level": "debug",
-  "acl": [
-		"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
-		"*::read modify:SELF:*",
-		"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
-		"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
-		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
-		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
-		"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
-
-		"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
-		"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
-  ]
-}
diff --git a/cluster/staging/app/plume/integration/docker-compose.yml b/cluster/staging/app/plume/integration/docker-compose.yml
deleted file mode 100644
index b88de8a..0000000
--- a/cluster/staging/app/plume/integration/docker-compose.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-version: '3.4'
-services:
-  plume:
-    image: superboum/plume:v1
-    env_file:
-      - plume.env
-    depends_on:
-      - consul
-      - postgres
-    ports:
-      - "7878:7878"
-
-  postgres:
-    image: postgres:9.6.19
-    environment:
-      - POSTGRES_DB=plume
-      - POSTGRES_USER=plume
-      - POSTGRES_PASSWORD=plume
-
-  bottin:
-    image: lxpz/bottin_amd64:14
-    depends_on:
-      - consul
-    volumes:
-      - ./bottin.json:/config.json
-
-  consul:
-    image: consul:1.8.4
diff --git a/cluster/staging/app/plume/integration/plume.env b/cluster/staging/app/plume/integration/plume.env
deleted file mode 100644
index 88c62dc..0000000
--- a/cluster/staging/app/plume/integration/plume.env
+++ /dev/null
@@ -1,31 +0,0 @@
-BASE_URL=integration.env
-# generate one with openssl rand -base64 32
-ROCKET_SECRET_KEY=cXZbKoxWIBo0wdaD8tbA1B3BlH2LBSUmgzdyZZr8QxI=
-
-# Mail settings
-#MAIL_SERVER=smtp.example.org
-#MAIL_USER=example
-#MAIL_PASSWORD=123456
-#MAIL_HELO_NAME=example.org
-
-# DATABASE SETUP
-POSTGRES_PASSWORD=plume
-POSTGRES_USER=plume
-POSTGRES_DB=plume
-DATABASE_URL=postgres://plume:plume@postgres:5432/plume
-MIGRATION_DIRECTORY=migrations/postgres
-
-USE_HTTPS=0
-ROCKET_ADDRESS=0.0.0.0
-ROCKET_PORT=7878
-
-MEDIA_UPLOAD_DIRECTORY=/app/static/media
-SEARCH_INDEX=/app/search_index
-DOMAIN_NAME="integration.env"
-INSTANCE_NAME="Integration Instance"
-
-LDAP_ADDR=ldap://bottin:389
-LDAP_BASE_DN=ou=users,dc=deuxfleurs,dc=fr
-LDAP_USER_NAME_ATTR=cn
-LDAP_USER_MAIL_ATTR=mail
-LDAP_TLS=false
diff --git a/cluster/staging/app/plume/secrets.toml b/cluster/staging/app/plume/secrets.toml
index 4d68a5c..e61eb4e 100644
--- a/cluster/staging/app/plume/secrets.toml
+++ b/cluster/staging/app/plume/secrets.toml
@@ -1,10 +1,12 @@
-[service_user."plume"]
-password_secret = "plume/pgsql_pw"
-
-
 [secrets."plume/secret_key"]
 type = 'command'
 rotate = true
 command = 'openssl rand -base64 32'
 
+[secrets."plume/s3_access_key"]
+type = 'user'
+description = 'S3 access key ID for database and media storage'
 
+[secrets."plume/s3_secret_key"]
+type = 'user'
+description = 'S3 secret key for database and media storage'
author	Alex Auvolat <alex@adnab.me>	2023-05-15 13:36:38 +0200
committer	Alex Auvolat <alex@adnab.me>	2023-05-15 13:36:38 +0200
commit	2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc (patch)
tree	c61d46f9a299771bd4389dfd927ff9ba8ddf3b7b
parent	5c7a8c72d80a2c818e41f5d6aafb4acc70867f1c (diff)
download	nixcfg-2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc.tar.gz nixcfg-2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc.zip