aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-01-19 18:03:31 +0100
committerAlex Auvolat <alex@adnab.me>2022-01-19 18:03:31 +0100
commit4836bdd4b27067f8f6da27915fc7eca97a23294b (patch)
treea9f96d044d5799a52e23ac82733324c2f0efd619
parent60f1615a12c7c8b633b672ef7e829c91a6322cbe (diff)
downloadnixcfg-4836bdd4b27067f8f6da27915fc7eca97a23294b.tar.gz
nixcfg-4836bdd4b27067f8f6da27915fc7eca97a23294b.zip
Try nextcloud but fail because of permissions on .db file
-rw-r--r--app/bad.nextcloud/config/litestream.yml10
-rw-r--r--app/bad.nextcloud/deploy/nextcloud.hcl125
-rw-r--r--app/bad.nextcloud/secrets/nextcloud/admin_pass1
-rw-r--r--app/bad.nextcloud/secrets/nextcloud/admin_user1
-rw-r--r--app/bad.nextcloud/secrets/nextcloud/s3_access_key1
-rw-r--r--app/bad.nextcloud/secrets/nextcloud/s3_secret_key1
6 files changed, 139 insertions, 0 deletions
diff --git a/app/bad.nextcloud/config/litestream.yml b/app/bad.nextcloud/config/litestream.yml
new file mode 100644
index 0000000..46eca93
--- /dev/null
+++ b/app/bad.nextcloud/config/litestream.yml
@@ -0,0 +1,10 @@
+dbs:
+ - path: /ephemeral/nextcloud.db
+ replicas:
+ - url: s3://nextcloud-db/nextcloud.db
+ region: garage-staging
+ endpoint: http://{{ env "attr.unique.network.ip-address" }}:3990
+ access-key-id: {{ key "secrets/nextcloud/s3_access_key" | trimSpace }}
+ secret-access-key: {{ key "secrets/nextcloud/s3_secret_key" | trimSpace }}
+ force-path-style: true
+ sync-interval: 60s
diff --git a/app/bad.nextcloud/deploy/nextcloud.hcl b/app/bad.nextcloud/deploy/nextcloud.hcl
new file mode 100644
index 0000000..8311bbe
--- /dev/null
+++ b/app/bad.nextcloud/deploy/nextcloud.hcl
@@ -0,0 +1,125 @@
+job "nextcloud" {
+ datacenters = ["neptune"]
+ type = "service"
+
+ group "nextcloud" {
+ count = 1
+
+ network {
+ port "http" {
+ to = 80
+ }
+ }
+
+ ephemeral_disk {
+ size = 10000
+ }
+
+ restart {
+ attempts = 10
+ delay = "30s"
+ }
+
+ task "restore-db" {
+ lifecycle {
+ hook = "prestart"
+ sidecar = false
+ }
+
+ driver = "docker"
+ config {
+ image = "litestream/litestream:0.3.7"
+ args = [
+ "restore", "-config", "/etc/litestream.yml", "/ephemeral/nextcloud.db"
+ ]
+ volumes = [
+ "../alloc/data:/ephemeral",
+ "secrets/litestream.yml:/etc/litestream.yml"
+ ]
+ }
+
+ template {
+ data = file("../config/litestream.yml")
+ destination = "secrets/litestream.yml"
+ }
+
+ resources {
+ memory = 200
+ cpu = 1000
+ }
+ }
+
+ task "nextcloud" {
+ driver = "docker"
+ config {
+ image = "nextcloud:22.2.3-apache"
+ ports = [ "http" ]
+
+ volumes = [
+ "../alloc/data:/ephemeral",
+ ]
+ }
+
+ template {
+ data = <<EOH
+SQLITE_DATABASE=/ephemeral/nextcloud.db
+NEXTCLOUD_ADMIN_USER={{ key "secrets/nextcloud/admin_user" }}
+NEXTCLOUD_ADMIN_PASSWORD={{ key "secrets/nextcloud/admin_pass" }}
+NEXTCLOUD_TRUSTED_DOMAINS=cloud.home.adnab.me
+OBJECTSTORE_S3_HOST={{ env "node.unique.network.ip-address" }}
+OBJECTSTORE_S3_PORT=3990
+OBJECTSTORE_S3_BUCKET=nextcloud-data
+OBJECTSTORE_S3_KEY={{ key "secrets/nextcloud/s3_access_key" }}
+OBJECTSTORE_S3_SECRET={{ key "secrets/nextcloud/s3_secret_key" }}
+OBJECTSTORE_S3_SSL=false
+OBJECTSTORE_S3_REGION=garage-staging
+OBJECTSTORE_S3_USEPATH_STYLE=true
+EOH
+ destination = "secrets/env"
+ env = true
+ }
+
+ resources {
+ memory = 2500
+ cpu = 1000
+ }
+
+ service {
+ port = "http"
+ tags = [
+ "tricot cloud.home.adnab.me 100",
+ ]
+ check {
+ type = "http"
+ path = "/"
+ interval = "10s"
+ timeout = "2s"
+ }
+ }
+ }
+
+ task "replicate-db" {
+ driver = "docker"
+ config {
+ image = "litestream/litestream:0.3.7"
+ args = [
+ "replicate", "-config", "/etc/litestream.yml"
+ ]
+ volumes = [
+ "../alloc/data:/ephemeral",
+ "secrets/litestream.yml:/etc/litestream.yml"
+ ]
+ }
+
+ template {
+ data = file("../config/litestream.yml")
+ destination = "secrets/litestream.yml"
+ }
+
+ resources {
+ memory = 200
+ cpu = 100
+ }
+ }
+ }
+}
diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_pass b/app/bad.nextcloud/secrets/nextcloud/admin_pass
new file mode 100644
index 0000000..ffc9830
--- /dev/null
+++ b/app/bad.nextcloud/secrets/nextcloud/admin_pass
@@ -0,0 +1 @@
+CMD_ONCE openssl rand -base64 9
diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_user b/app/bad.nextcloud/secrets/nextcloud/admin_user
new file mode 100644
index 0000000..7ff2967
--- /dev/null
+++ b/app/bad.nextcloud/secrets/nextcloud/admin_user
@@ -0,0 +1 @@
+USER Username for administrator account
diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_access_key b/app/bad.nextcloud/secrets/nextcloud/s3_access_key
new file mode 100644
index 0000000..692dc34
--- /dev/null
+++ b/app/bad.nextcloud/secrets/nextcloud/s3_access_key
@@ -0,0 +1 @@
+USER S3 access key ID for database storage
diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_secret_key b/app/bad.nextcloud/secrets/nextcloud/s3_secret_key
new file mode 100644
index 0000000..8bef13c
--- /dev/null
+++ b/app/bad.nextcloud/secrets/nextcloud/s3_secret_key
@@ -0,0 +1 @@
+USER S3 secret key for database storage