Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/infrastructure into main
This commit is contained in:
commit
0a6ffcacd2
7 changed files with 46 additions and 89 deletions
|
@ -69,7 +69,7 @@ job "directory" {
|
||||||
task "guichet" {
|
task "guichet" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "lxpz/guichet_amd64:10"
|
image = "lxpz/guichet_amd64:11"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
ports = [ "web_port" ]
|
ports = [ "web_port" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
|
@ -35,6 +35,9 @@ job "garage" {
|
||||||
"secrets/garage.crt:/garage/garage.crt",
|
"secrets/garage.crt:/garage/garage.crt",
|
||||||
"secrets/garage.key:/garage/garage.key",
|
"secrets/garage.key:/garage/garage.key",
|
||||||
]
|
]
|
||||||
|
logging {
|
||||||
|
type = "journald"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -61,8 +64,8 @@ job "garage" {
|
||||||
cpu = 1000
|
cpu = 1000
|
||||||
}
|
}
|
||||||
|
|
||||||
kill_signal = "SIGINT"
|
kill_signal = "SIGINT"
|
||||||
kill_timeout = "20s"
|
kill_timeout = "20s"
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = [
|
tags = [
|
||||||
|
@ -106,6 +109,13 @@ job "garage" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
restart {
|
||||||
|
interval = "30m"
|
||||||
|
attempts = 10
|
||||||
|
delay = "15s"
|
||||||
|
mode = "delay"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -314,7 +314,7 @@ bcrypt_rounds: 12
|
||||||
# Allows users to register as guests without a password/email/etc, and
|
# Allows users to register as guests without a password/email/etc, and
|
||||||
# participate in rooms hosted on this server which have been made
|
# participate in rooms hosted on this server which have been made
|
||||||
# accessible to anonymous users.
|
# accessible to anonymous users.
|
||||||
allow_guest_access: True
|
allow_guest_access: False
|
||||||
|
|
||||||
# The list of identity servers trusted to verify third party
|
# The list of identity servers trusted to verify third party
|
||||||
# identifiers by this server.
|
# identifiers by this server.
|
||||||
|
@ -469,5 +469,20 @@ report_stats: false
|
||||||
suppress_key_server_warning: true
|
suppress_key_server_warning: true
|
||||||
enable_group_creation: true
|
enable_group_creation: true
|
||||||
|
|
||||||
experimental_features:
|
#experimental_features:
|
||||||
spaces_enabled: true
|
# spaces_enabled: true
|
||||||
|
|
||||||
|
presence:
|
||||||
|
enabled: false
|
||||||
|
limit_remote_rooms:
|
||||||
|
enabled: true
|
||||||
|
complexity: 3.0
|
||||||
|
complexity_error: "Ce salon de discussion a trop d'activité, le serveur n'est pas assez puissant pour le rejoindre. N'hésitez pas à remonter l'information à l'équipe technique, nous pourrons ajuster la limitation au besoin."
|
||||||
|
admins_can_join: false
|
||||||
|
retention:
|
||||||
|
enabled: true
|
||||||
|
# no default policy for now, this is intended.
|
||||||
|
# DO NOT ADD ONE BECAUSE THIS IS DANGEROUS AND WILL DELETE CONTENT WE WANT TO KEEP!
|
||||||
|
purge_jobs:
|
||||||
|
- interval: 1d
|
||||||
|
|
||||||
|
|
|
@ -86,7 +86,7 @@ job "im" {
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 1000
|
cpu = 1000
|
||||||
memory = 4000
|
memory = 2000
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
@ -97,7 +97,7 @@ job "im" {
|
||||||
"matrix",
|
"matrix",
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
"traefik.frontend.entryPoints=https",
|
"traefik.frontend.entryPoints=https",
|
||||||
"traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix",
|
"traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix,/_synapse",
|
||||||
"traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *",
|
"traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *",
|
||||||
"traefik.frontend.priority=100"
|
"traefik.frontend.priority=100"
|
||||||
]
|
]
|
||||||
|
@ -129,86 +129,6 @@ job "im" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
group "easybridge" {
|
|
||||||
count = 1
|
|
||||||
|
|
||||||
network {
|
|
||||||
port "api_port" {
|
|
||||||
static = 8321
|
|
||||||
to = 8321
|
|
||||||
}
|
|
||||||
port "web_port" { to = 8281 }
|
|
||||||
}
|
|
||||||
|
|
||||||
task "easybridge" {
|
|
||||||
driver = "docker"
|
|
||||||
config {
|
|
||||||
image = "lxpz/easybridge_amd64:35"
|
|
||||||
ports = [ "api_port", "web_port" ]
|
|
||||||
volumes = [
|
|
||||||
"secrets/conf:/data"
|
|
||||||
]
|
|
||||||
args = [ "./easybridge", "-config", "/data/config.json" ]
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/easybridge/registration.yaml.tpl")
|
|
||||||
destination = "secrets/conf/registration.yaml"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/easybridge/config.json.tpl")
|
|
||||||
destination = "secrets/conf/config.json"
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
memory = 250
|
|
||||||
cpu = 100
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
name = "easybridge-api"
|
|
||||||
tags = ["easybridge-api"]
|
|
||||||
port = "api_port"
|
|
||||||
address_mode = "host"
|
|
||||||
check {
|
|
||||||
type = "tcp"
|
|
||||||
port = "api_port"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
name = "easybridge-web"
|
|
||||||
tags = [
|
|
||||||
"easybridge-web",
|
|
||||||
"traefik.enable=true",
|
|
||||||
"traefik.frontend.entryPoints=https,http",
|
|
||||||
"traefik.frontend.rule=Host:easybridge.deuxfleurs.fr",
|
|
||||||
]
|
|
||||||
port = "web_port"
|
|
||||||
address_mode = "host"
|
|
||||||
check {
|
|
||||||
type = "tcp"
|
|
||||||
port = "web_port"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
group "riotweb" {
|
group "riotweb" {
|
||||||
count = 1
|
count = 1
|
||||||
|
|
|
@ -110,7 +110,7 @@ job "postgres9.6" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 500
|
memory = 1000
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
|
|
@ -29,6 +29,7 @@
|
||||||
- iftop
|
- iftop
|
||||||
- iotop
|
- iotop
|
||||||
- docker.io
|
- docker.io
|
||||||
|
- locales
|
||||||
- unzip
|
- unzip
|
||||||
- tar
|
- tar
|
||||||
- tcpdump
|
- tcpdump
|
||||||
|
|
|
@ -39,3 +39,14 @@ telemetry {
|
||||||
publish_allocation_metrics = true
|
publish_allocation_metrics = true
|
||||||
publish_node_metrics = true
|
publish_node_metrics = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
plugin "docker" {
|
||||||
|
config {
|
||||||
|
pull_activity_timeout = "15m"
|
||||||
|
volumes {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
allow_privileged = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
Reference in a new issue