aboutsummaryrefslogtreecommitdiff
path: root/cluster
diff options
context:
space:
mode:
authorADRN <adrien@luxeylab.net>2024-01-13 17:58:33 +0100
committerADRN <adrien@luxeylab.net>2024-01-13 17:58:33 +0100
commitabce598e6c7933e9f902a768c974fbbd695258ad (patch)
treebc8d6daf2816f6ca2b34b1bf0ee57f8369279335 /cluster
parent3b34e3c2f52184bd89027509235b9440210c8494 (diff)
downloadnixcfg-abce598e6c7933e9f902a768c974fbbd695258ad.tar.gz
nixcfg-abce598e6c7933e9f902a768c974fbbd695258ad.zip
WIP: im.deuxfleurs.fr porte de service pour Android 7. TODO : mettre le certificat dans Consul et tester. Testeeeeeer.
Diffstat (limited to 'cluster')
-rw-r--r--cluster/prod/app/matrix/deploy/im-android7.hcl74
1 files changed, 74 insertions, 0 deletions
diff --git a/cluster/prod/app/matrix/deploy/im-android7.hcl b/cluster/prod/app/matrix/deploy/im-android7.hcl
new file mode 100644
index 0000000..1daa4e9
--- /dev/null
+++ b/cluster/prod/app/matrix/deploy/im-android7.hcl
@@ -0,0 +1,74 @@
+// Fichier de configuration pour exposer le service Matrix
+// avec une version TLS compatible avec Android 7
+// Voir https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/src/branch/main/cluster/prod/app/email/integration
+
+
+
+job "im-android7" {
+ datacenters = ["scorpio", "neptune"]
+ type = "service"
+ priority = 100
+
+ group "rsa-ecc-proxy" {
+ network {
+ port "api_port" { static = 8008 }
+ // port "web_port" { to = 8043 }
+ }
+
+ task "api-proxy" {
+ driver = "docker"
+ config {
+ image = "alpine/socat:1.8.0.0"
+ readonly_rootfs = true
+ ports = [ "api_port" ]
+ network_mode = "host"
+ args = [
+ "openssl-listen:8008,reuseaddr,fork,verify=0,bind=0.0.0.0,cert=/var/secrets/rsa.crt,key=/var/secrets/rsa.key",
+ "openssl:im.deuxfleurs.fr:8008,verify=0",
+ ]
+ volumes = [
+ "secrets/certs:/var/secrets"
+ ]
+ }
+
+ // TODO : ajouter un certificat TLS self-signed à Consul à l'adresse ci-dessous
+ template {
+ data = "{{ key \"secrets/matrix/tls-tls-proxy/rsa.crt\" }}"
+ destination = "secrets/certs/rsa.crt"
+ }
+ template {
+ data = "{{ key \"secrets/matrix/tls-tls-proxy/rsa.key\" }}"
+ destination = "secrets/certs/rsa.key"
+ }
+
+ resources {
+ cpu = 50
+ memory = 50
+ }
+
+ service {
+ name = "im-android7"
+ port = "api_port"
+ address_mode = "host"
+ tags = [
+ "rsa-ecc-proxy",
+ "(diplonat (tcp_port 8008))",
+ "d53-a im-android7.deuxfleurs.fr",
+ # ipv6 is commented for now as socat does not listen on ipv6 now
+ # "d53-aaaa im-android7.deuxfleurs.fr"
+ ]
+ check {
+ type = "tcp"
+ port = "api_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+ }
+ }
+}