first plume on staging with S3 backend

This commit is contained in:
Alex 2023-05-12 18:38:48 +02:00
parent 04464f632f
commit 5c7a8c72d8
10 changed files with 360 additions and 0 deletions

View file

@ -0,0 +1,8 @@
version: '3.4'
services:
plume:
build:
context: ./plume
args:
VERSION: 24d3b289da085261966fb338113610905dfca8c9
image: lxpz/plume_dev:v1

View file

@ -0,0 +1,61 @@
#FROM rust:1.69-bullseye as builder
FROM debian:bullseye-slim as builder
RUN apt-get update && \
apt-get install -y \
pkg-config \
git \
curl \
postgresql \
postgresql-contrib \
libpq-dev \
gettext \
git \
python \
curl \
gcc \
make \
openssl \
libssl-dev \
libclang-dev \
libsqlite3-dev
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain nightly -y
ENV PATH=/root/.cargo/bin:$PATH
RUN cargo install wasm-pack
ARG PLUME_VERSION
WORKDIR /opt
RUN git clone -n https://git.joinplu.me/lx/Plume.git plume
WORKDIR /opt/plume
RUN git checkout ${PLUME_VERSION}
RUN rm rust-toolchain
WORKDIR /opt/plume/script
RUN chmod a+x ./wasm-deps.sh && ./wasm-deps.sh
WORKDIR /opt/plume
RUN chmod a+x ./script/plume-front.sh && ./script/plume-front.sh
RUN cargo install --path ./ --force --no-default-features --features sqlite,s3
RUN cargo install --path plume-cli --force --no-default-features --features sqlite,s3
RUN cargo clean
#-----------------------------
FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
libpq5 \
libssl1.1 \
rclone \
fuse \
sqlite3
WORKDIR /app
COPY --from=builder /opt/plume /app
COPY --from=builder /root/.cargo/bin/plm /usr/local/bin/
COPY --from=builder /root/.cargo/bin/plume /usr/local/bin/
CMD ["plume"]

View file

@ -0,0 +1,3 @@
Try build:
sudo docker build -t superboum/plume:v1 --build-arg VERSION=003dcf861a9f55720b03d52f2f95f5f59e338809 .

View file

@ -0,0 +1,38 @@
BASE_URL=plume.staging.deuxfleurs.org
# generate one with openssl rand -base64 32
ROCKET_SECRET_KEY={{ key "secrets/plume/secret_key" | trimSpace }}
# Mail settings
#MAIL_SERVER=smtp.example.org
#MAIL_USER=example
#MAIL_PASSWORD=123456
#MAIL_HELO_NAME=example.org
# S3 settings
S3_BUCKET=plume
AWS_ACCESS_KEY_ID={{ key "secrets/plume/s3_access_key" | trimSpace }}
AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/s3_secret_key" | trimSpace }}
S3_REGION=garage-staging
S3_HOSTNAME={{ env "attr.unique.network.ip-address" }}:3990
S3_PROTOCOL=http
S3_PATH_STYLE=true
# DATABASE SETUP
DATABASE_URL=/ephemeral/plume.db
MIGRATION_DIRECTORY=migrations/sqlite
USE_HTTPS=0
ROCKET_ADDRESS=::
ROCKET_PORT={{ env "NOMAD_PORT_web_port" }}
MEDIA_UPLOAD_DIRECTORY=/app/static/media
SEARCH_INDEX=/app/search_index
LDAP_ADDR=ldap://bottin.service.staging.consul:389
LDAP_BASE_DN=ou=users,dc=staging,dc=deuxfleurs,dc=org
LDAP_USER_NAME_ATTR=cn
LDAP_USER_MAIL_ATTR=mail
LDAP_TLS=false
RUST_BACKTRACE=1
RUST_LOG=debug

View file

@ -0,0 +1,11 @@
dbs:
- path: /ephemeral/plume.db
replicas:
- url: s3://plume/plume.db
region: garage-staging
endpoint: http://{{ env "attr.unique.network.ip-address" }}:3990
access-key-id: {{ key "secrets/plume/s3_access_key" | trimSpace }}
secret-access-key: {{ key "secrets/plume/s3_secret_key" | trimSpace }}
force-path-style: true
sync-interval: 60s

View file

@ -0,0 +1,139 @@
job "plume-blog" {
datacenters = ["neptune"]
type = "service"
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "plume" {
count = 1
network {
port "web_port" { }
}
task "restore-db" {
lifecycle {
hook = "prestart"
sidecar = false
}
driver = "docker"
config {
image = "litestream/litestream:0.3.7"
args = [
"restore", "-config", "/etc/litestream.yml", "/ephemeral/plume.db"
]
volumes = [
"../alloc/data:/ephemeral",
"secrets/litestream.yml:/etc/litestream.yml"
]
}
user = "0"
template {
data = file("../config/litestream.yml")
destination = "secrets/litestream.yml"
}
resources {
memory = 100
memory_max = 1000
cpu = 1000
}
}
task "plume" {
constraint {
attribute = "${attr.unique.hostname}"
operator = "="
value = "carcajou"
}
driver = "docker"
config {
image = "lxpz/devplume:v3"
network_mode = "host"
ports = [ "web_port" ]
command = "sh"
args = [ "-c", "plm search init; plm search refill; plume" ]
volumes = [
"/mnt/ssd/plume/search_index:/app/search_index",
"../alloc/data:/ephemeral"
]
}
user = "0"
template {
data = file("../config/app.env")
destination = "secrets/app.env"
env = true
}
resources {
memory = 200
memory_max = 800
cpu = 100
}
service {
name = "plume"
tags = [
"plume",
"tricot plume.staging.deuxfleurs.org",
"d53-cname plume.staging.deuxfleurs.org",
]
port = "web_port"
address_mode = "host"
check {
type = "http"
protocol = "http"
port = "web_port"
path = "/"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "600s"
ignore_warnings = false
}
}
}
restart {
interval = "30m"
attempts = 20
delay = "15s"
mode = "delay"
}
}
task "replicate-db" {
driver = "docker"
config {
image = "litestream/litestream:0.3.7"
args = [
"replicate", "-config", "/etc/litestream.yml"
]
volumes = [
"../alloc/data:/ephemeral",
"secrets/litestream.yml:/etc/litestream.yml"
]
}
user = "0"
template {
data = file("../config/litestream.yml")
destination = "secrets/litestream.yml"
}
resources {
memory = 200
memory_max = 1000
cpu = 100
}
}
}
}

View file

@ -0,0 +1,31 @@
{
"suffix": "dc=deuxfleurs,dc=fr",
"bind": "0.0.0.0:389",
"consul_host": "http://consul:8500",
"log_level": "debug",
"acl": [
"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
"*::read modify:SELF:*",
"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
]
}

View file

@ -0,0 +1,28 @@
version: '3.4'
services:
plume:
image: superboum/plume:v1
env_file:
- plume.env
depends_on:
- consul
- postgres
ports:
- "7878:7878"
postgres:
image: postgres:9.6.19
environment:
- POSTGRES_DB=plume
- POSTGRES_USER=plume
- POSTGRES_PASSWORD=plume
bottin:
image: lxpz/bottin_amd64:14
depends_on:
- consul
volumes:
- ./bottin.json:/config.json
consul:
image: consul:1.8.4

View file

@ -0,0 +1,31 @@
BASE_URL=integration.env
# generate one with openssl rand -base64 32
ROCKET_SECRET_KEY=cXZbKoxWIBo0wdaD8tbA1B3BlH2LBSUmgzdyZZr8QxI=
# Mail settings
#MAIL_SERVER=smtp.example.org
#MAIL_USER=example
#MAIL_PASSWORD=123456
#MAIL_HELO_NAME=example.org
# DATABASE SETUP
POSTGRES_PASSWORD=plume
POSTGRES_USER=plume
POSTGRES_DB=plume
DATABASE_URL=postgres://plume:plume@postgres:5432/plume
MIGRATION_DIRECTORY=migrations/postgres
USE_HTTPS=0
ROCKET_ADDRESS=0.0.0.0
ROCKET_PORT=7878
MEDIA_UPLOAD_DIRECTORY=/app/static/media
SEARCH_INDEX=/app/search_index
DOMAIN_NAME="integration.env"
INSTANCE_NAME="Integration Instance"
LDAP_ADDR=ldap://bottin:389
LDAP_BASE_DN=ou=users,dc=deuxfleurs,dc=fr
LDAP_USER_NAME_ATTR=cn
LDAP_USER_MAIL_ATTR=mail
LDAP_TLS=false

View file

@ -0,0 +1,10 @@
[service_user."plume"]
password_secret = "plume/pgsql_pw"
[secrets."plume/secret_key"]
type = 'command'
rotate = true
command = 'openssl rand -base64 32'