aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod
diff options
context:
space:
mode:
authorAlex <alex@adnab.me>2023-05-16 13:38:07 +0000
committerAlex <alex@adnab.me>2023-05-16 13:38:07 +0000
commit8a75be4d43fb83de2737c18a314e2602c775f193 (patch)
tree9ffa4130941cd57138e26eb49e5ce3b67e5967ef /cluster/prod
parent4ca45cf1d4ea44778501d9da640c156d842e539e (diff)
parent560486bc50f5298d91706604339513f6840a2a18 (diff)
downloadnixcfg-8a75be4d43fb83de2737c18a314e2602c775f193.tar.gz
nixcfg-8a75be4d43fb83de2737c18a314e2602c775f193.zip
Merge pull request 'prod: Plume with S3 storage backend' (#13) from plume-s3 into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/13
Diffstat (limited to 'cluster/prod')
-rw-r--r--cluster/prod/app/plume/build/docker-compose.yml2
-rw-r--r--cluster/prod/app/plume/build/plume/Dockerfile19
-rw-r--r--cluster/prod/app/plume/config/app.env11
-rw-r--r--cluster/prod/app/plume/deploy/plume.hcl24
-rw-r--r--cluster/prod/app/plume/secrets.toml7
5 files changed, 35 insertions, 28 deletions
diff --git a/cluster/prod/app/plume/build/docker-compose.yml b/cluster/prod/app/plume/build/docker-compose.yml
index 560f539..a621540 100644
--- a/cluster/prod/app/plume/build/docker-compose.yml
+++ b/cluster/prod/app/plume/build/docker-compose.yml
@@ -4,5 +4,5 @@ services:
build:
context: ./plume
args:
- VERSION: 8709f6cf9f8ff7e3c5ee7ea699ee7c778e92fefc
+ PLUME_VERSION: 61e65a55ad1f5094321c111e395d00dddcb05e96
image: superboum/plume:v8
diff --git a/cluster/prod/app/plume/build/plume/Dockerfile b/cluster/prod/app/plume/build/plume/Dockerfile
index 1f57a52..6e9d4f9 100644
--- a/cluster/prod/app/plume/build/plume/Dockerfile
+++ b/cluster/prod/app/plume/build/plume/Dockerfile
@@ -1,4 +1,5 @@
-FROM rust:1.58.1-slim-bullseye as builder
+#FROM rust:1.69-bullseye as builder
+FROM rustlang/rust:nightly-bullseye as builder
RUN apt-get update && \
apt-get install -y \
@@ -18,21 +19,25 @@ RUN apt-get update && \
libssl-dev \
libclang-dev
-ARG VERSION
+RUN cargo install wasm-pack
+
+ARG PLUME_VERSION
WORKDIR /opt
-RUN git clone -n https://git.joinplu.me/Plume/Plume.git plume
+RUN git clone -n https://git.joinplu.me/lx/Plume.git plume
WORKDIR /opt/plume
-RUN git checkout ${VERSION}
+RUN git checkout ${PLUME_VERSION}
+# Small style patch to make text column wider
+RUN git merge 397e3b4d9720475257817b322c05323d12918216
+RUN rm rust-toolchain
WORKDIR /opt/plume/script
RUN chmod a+x ./wasm-deps.sh && ./wasm-deps.sh
WORKDIR /opt/plume
-RUN cargo install wasm-pack
RUN chmod a+x ./script/plume-front.sh && ./script/plume-front.sh
-RUN cargo install --path ./ --force --no-default-features --features postgres
-RUN cargo install --path plume-cli --force --no-default-features --features postgres
+RUN cargo install --path ./ --force --no-default-features --features postgres,s3
+RUN cargo install --path plume-cli --force --no-default-features --features postgres,s3
RUN cargo clean
#-----------------------------
diff --git a/cluster/prod/app/plume/config/app.env b/cluster/prod/app/plume/config/app.env
index b751bd6..b663d81 100644
--- a/cluster/prod/app/plume/config/app.env
+++ b/cluster/prod/app/plume/config/app.env
@@ -8,6 +8,17 @@ ROCKET_SECRET_KEY={{ key "secrets/plume/secret_key" | trimSpace }}
#MAIL_PASSWORD=123456
#MAIL_HELO_NAME=example.org
+# S3 settings
+S3_BUCKET=plume
+AWS_ACCESS_KEY_ID={{ key "secrets/plume/s3_access_key" | trimSpace }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/s3_secret_key" | trimSpace }}
+S3_REGION=garage
+S3_HOSTNAME={{ env "attr.unique.network.ip-address" }}:3900
+S3_PROTOCOL=http
+S3_PATH_STYLE=true
+S3_DIRECT_DOWNLOAD=true
+S3_ALIAS_HOST=plume.web.deuxfleurs.fr
+
# DATABASE SETUP
POSTGRES_PASSWORD={{ key "secrets/plume/pgsql_pw" | trimSpace }}
POSTGRES_USER=plume
diff --git a/cluster/prod/app/plume/deploy/plume.hcl b/cluster/prod/app/plume/deploy/plume.hcl
index 4470099..c266167 100644
--- a/cluster/prod/app/plume/deploy/plume.hcl
+++ b/cluster/prod/app/plume/deploy/plume.hcl
@@ -1,12 +1,7 @@
job "plume-blog" {
- datacenters = ["orion"]
+ datacenters = ["orion", "neptune"]
type = "service"
- constraint {
- attribute = "${attr.cpu.arch}"
- value = "amd64"
- }
-
group "plume" {
count = 1
@@ -15,23 +10,13 @@ job "plume-blog" {
}
task "plume" {
- constraint {
- attribute = "${attr.unique.hostname}"
- operator = "="
- value = "dahlia"
- }
-
driver = "docker"
config {
- image = "superboum/plume:v8"
+ image = "lxpz/plume_s3:v1"
network_mode = "host"
ports = [ "web_port" ]
- #command = "cat"
- #args = [ "/dev/stdout" ]
- volumes = [
- "/mnt/ssd/plume/search_index:/app/search_index",
- "/mnt/ssd/plume/media:/app/static/media"
- ]
+ command = "sh"
+ args = [ "-c", "plm search init; plm search refill; plume" ]
}
template {
@@ -51,6 +36,7 @@ job "plume-blog" {
tags = [
"plume",
"tricot plume.deuxfleurs.fr",
+ "d53-cname plume.deuxfleurs.fr",
]
port = "web_port"
address_mode = "host"
diff --git a/cluster/prod/app/plume/secrets.toml b/cluster/prod/app/plume/secrets.toml
index 4d68a5c..fd67a57 100644
--- a/cluster/prod/app/plume/secrets.toml
+++ b/cluster/prod/app/plume/secrets.toml
@@ -1,10 +1,15 @@
[service_user."plume"]
password_secret = "plume/pgsql_pw"
-
[secrets."plume/secret_key"]
type = 'command'
rotate = true
command = 'openssl rand -base64 32'
+[secrets."plume/s3_access_key"]
+type = 'user'
+description = 'S3 access key ID for database and media storage'
+[secrets."plume/s3_secret_key"]
+type = 'user'
+description = 'S3 secret key for database and media storage'