diff options
author | Alex Auvolat <alex@adnab.me> | 2022-01-19 18:03:31 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-01-19 18:03:31 +0100 |
commit | 4836bdd4b27067f8f6da27915fc7eca97a23294b (patch) | |
tree | a9f96d044d5799a52e23ac82733324c2f0efd619 | |
parent | 60f1615a12c7c8b633b672ef7e829c91a6322cbe (diff) | |
download | nixcfg-4836bdd4b27067f8f6da27915fc7eca97a23294b.tar.gz nixcfg-4836bdd4b27067f8f6da27915fc7eca97a23294b.zip |
Try nextcloud but fail because of permissions on .db file
-rw-r--r-- | app/bad.nextcloud/config/litestream.yml | 10 | ||||
-rw-r--r-- | app/bad.nextcloud/deploy/nextcloud.hcl | 125 | ||||
-rw-r--r-- | app/bad.nextcloud/secrets/nextcloud/admin_pass | 1 | ||||
-rw-r--r-- | app/bad.nextcloud/secrets/nextcloud/admin_user | 1 | ||||
-rw-r--r-- | app/bad.nextcloud/secrets/nextcloud/s3_access_key | 1 | ||||
-rw-r--r-- | app/bad.nextcloud/secrets/nextcloud/s3_secret_key | 1 |
6 files changed, 139 insertions, 0 deletions
diff --git a/app/bad.nextcloud/config/litestream.yml b/app/bad.nextcloud/config/litestream.yml new file mode 100644 index 0000000..46eca93 --- /dev/null +++ b/app/bad.nextcloud/config/litestream.yml @@ -0,0 +1,10 @@ +dbs: + - path: /ephemeral/nextcloud.db + replicas: + - url: s3://nextcloud-db/nextcloud.db + region: garage-staging + endpoint: http://{{ env "attr.unique.network.ip-address" }}:3990 + access-key-id: {{ key "secrets/nextcloud/s3_access_key" | trimSpace }} + secret-access-key: {{ key "secrets/nextcloud/s3_secret_key" | trimSpace }} + force-path-style: true + sync-interval: 60s diff --git a/app/bad.nextcloud/deploy/nextcloud.hcl b/app/bad.nextcloud/deploy/nextcloud.hcl new file mode 100644 index 0000000..8311bbe --- /dev/null +++ b/app/bad.nextcloud/deploy/nextcloud.hcl @@ -0,0 +1,125 @@ +job "nextcloud" { + datacenters = ["neptune"] + type = "service" + + group "nextcloud" { + count = 1 + + network { + port "http" { + to = 80 + } + } + + ephemeral_disk { + size = 10000 + } + + restart { + attempts = 10 + delay = "30s" + } + + task "restore-db" { + lifecycle { + hook = "prestart" + sidecar = false + } + + driver = "docker" + config { + image = "litestream/litestream:0.3.7" + args = [ + "restore", "-config", "/etc/litestream.yml", "/ephemeral/nextcloud.db" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + + template { + data = file("../config/litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + cpu = 1000 + } + } + + task "nextcloud" { + driver = "docker" + config { + image = "nextcloud:22.2.3-apache" + ports = [ "http" ] + + volumes = [ + "../alloc/data:/ephemeral", + ] + } + + template { + data = <<EOH +SQLITE_DATABASE=/ephemeral/nextcloud.db +NEXTCLOUD_ADMIN_USER={{ key "secrets/nextcloud/admin_user" }} +NEXTCLOUD_ADMIN_PASSWORD={{ key "secrets/nextcloud/admin_pass" }} +NEXTCLOUD_TRUSTED_DOMAINS=cloud.home.adnab.me +OBJECTSTORE_S3_HOST={{ env "node.unique.network.ip-address" }} +OBJECTSTORE_S3_PORT=3990 +OBJECTSTORE_S3_BUCKET=nextcloud-data +OBJECTSTORE_S3_KEY={{ key "secrets/nextcloud/s3_access_key" }} +OBJECTSTORE_S3_SECRET={{ key "secrets/nextcloud/s3_secret_key" }} +OBJECTSTORE_S3_SSL=false +OBJECTSTORE_S3_REGION=garage-staging +OBJECTSTORE_S3_USEPATH_STYLE=true +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 2500 + cpu = 1000 + } + + service { + port = "http" + tags = [ + "tricot cloud.home.adnab.me 100", + ] + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + } + } + + task "replicate-db" { + driver = "docker" + config { + image = "litestream/litestream:0.3.7" + args = [ + "replicate", "-config", "/etc/litestream.yml" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + + template { + data = file("../config/litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + cpu = 100 + } + } + } +} diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_pass b/app/bad.nextcloud/secrets/nextcloud/admin_pass new file mode 100644 index 0000000..ffc9830 --- /dev/null +++ b/app/bad.nextcloud/secrets/nextcloud/admin_pass @@ -0,0 +1 @@ +CMD_ONCE openssl rand -base64 9 diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_user b/app/bad.nextcloud/secrets/nextcloud/admin_user new file mode 100644 index 0000000..7ff2967 --- /dev/null +++ b/app/bad.nextcloud/secrets/nextcloud/admin_user @@ -0,0 +1 @@ +USER Username for administrator account diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_access_key b/app/bad.nextcloud/secrets/nextcloud/s3_access_key new file mode 100644 index 0000000..692dc34 --- /dev/null +++ b/app/bad.nextcloud/secrets/nextcloud/s3_access_key @@ -0,0 +1 @@ +USER S3 access key ID for database storage diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_secret_key b/app/bad.nextcloud/secrets/nextcloud/s3_secret_key new file mode 100644 index 0000000..8bef13c --- /dev/null +++ b/app/bad.nextcloud/secrets/nextcloud/s3_secret_key @@ -0,0 +1 @@ +USER S3 secret key for database storage |