Move app files into cluster subdirectories; add prod garage

2 files changed, 132 insertions, 0 deletions

diff --git a/cluster/prod/app/cryptpad/deploy/backup.hcl b/cluster/prod/app/cryptpad/deploy/backup.hcl
new file mode 100644
index 0000000..99dee2f
--- /dev/null
+++ b/cluster/prod/app/cryptpad/deploy/backup.hcl
@@ -0,0 +1,57 @@
+job "cryptpad_backup" {
+  datacenters = ["neptune"]
+  type = "batch"
+
+  priority = "60"
+
+  periodic {
+    cron = "@daily"
+    // Do not allow overlapping runs.
+    prohibit_overlap = true
+  }
+
+  group "backup-cryptpad" {
+    constraint {
+      attribute = "${attr.unique.hostname}"
+      operator = "="
+      value = "courgette"
+    }
+
+    task "main" {
+      driver = "docker"
+
+      config {
+        image = "restic/restic:0.12.1"
+        entrypoint = [ "/bin/sh", "-c" ]
+        args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
+        volumes = [
+          "/mnt/storage/cryptpad:/cryptpad"
+        ]
+      }
+
+      template {
+        data = <<EOH
+AWS_ACCESS_KEY_ID={{ key "secrets/cryptpad_backup/backup_aws_access_key_id" }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/cryptpad_backup/backup_aws_secret_access_key" }}
+RESTIC_REPOSITORY={{ key "secrets/cryptpad_backup/backup_restic_repository" }}
+RESTIC_PASSWORD={{ key "secrets/cryptpad_backup/backup_restic_password" }}
+EOH
+
+         destination = "secrets/env_vars"
+         env = true
+      }
+
+      resources {
+        cpu = 500
+        memory = 200
+      }
+
+      restart {
+        attempts = 2
+        interval = "30m"
+        delay = "15s"
+        mode = "fail"
+      }
+    }
+  }
+}
diff --git a/cluster/prod/app/cryptpad/deploy/cryptpad.hcl b/cluster/prod/app/cryptpad/deploy/cryptpad.hcl
new file mode 100644
index 0000000..726fe5a
--- /dev/null
+++ b/cluster/prod/app/cryptpad/deploy/cryptpad.hcl
@@ -0,0 +1,75 @@
+job "cryptpad" {
+  datacenters = ["neptune"]
+  type = "service"
+  
+  group "cryptpad" {
+    count = 1
+
+    network {
+      port "http" {
+        to = 3000
+      }
+    }
+
+    restart {
+      attempts = 10
+      delay    = "30s"
+    }
+
+    task "main" {
+      driver = "docker"
+
+      constraint {
+        attribute = "${attr.unique.hostname}"
+        operator = "="
+        value = "courgette"
+      }
+
+      config {
+        image = "superboum/cryptpad:0p3s44hjh4s1x55kbwkmywmwmx4wfyb8"
+        ports = [ "http" ]
+
+        volumes = [
+          "/mnt/storage/cryptpad:/mnt",
+          "secrets/config.js:/etc/cryptpad/config.js",
+        ]
+      }
+      env {
+        CRYPTPAD_CONFIG = "/etc/cryptpad/config.js"
+      }
+
+      template {
+        data = file("../config/config.js")
+        destination = "secrets/config.js"
+      }
+
+      /* Disabled because it requires modifications to the docker image and I do not want to invest the time yet
+      template {
+        data = file("../config/application_config.js")
+        destination = "secrets/config.js"
+      }
+      */
+
+      resources {
+        memory = 1000
+        cpu = 500
+      }
+
+      service {
+        port = "http"
+        tags = [
+          "tricot pad.deuxfleurs.fr",
+          "tricot pad-sandbox.deuxfleurs.fr",
+          "tricot-add-header Cross-Origin-Resource-Policy cross-origin",
+          "tricot-add-header Cross-Origin-Embedder-Policy require-corp",
+        ]
+        check {
+          type = "http"
+          path = "/"
+          interval = "10s"
+          timeout = "2s"
+        }
+      }
+    }
+  }
+}