Deuxfleurs/nixcfg
17
6
Fork 2
Code Issues 9 Pull requests 2 Projects Releases Wiki Activity

Add hcl files in here for staging cluster

Browse source
This commit is contained in:
Alex 2021-12-25 19:40:51 +01:00
parent e77254e97f
commit 60dc1b21a1
No known key found for this signature in database
GPG key ID: EDABF9711E244EB1
9 changed files with 367 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
app/core/deploy/core.hcl Normal file
View file

@ -0,0 +1,50 @@
job "core" {
datacenters = ["dc1", "neptune"]
type = "system"
priority = 90
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
update {
max_parallel = 1
stagger = "1m"
}
group "network" {
task "diplonat" {
driver = "docker"
config {
image = "lxpz/amd64_diplonat:2"
network_mode = "host"
readonly_rootfs = true
privileged = true
}
restart {
interval = "30m"
attempts = 2
delay = "15s"
mode = "delay"
}
template {
data = <<EOH
DIPLONAT_REFRESH_TIME=60
DIPLONAT_EXPIRATION_TIME=300
DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
RUST_LOG=debug
EOH
destination = "secrets/env"
env = true
}
resources {
memory = 40
}
}
}
}

41
app/dummy/deploy/dummy-nginx.hcl Normal file
View file

@ -0,0 +1,41 @@
job "dummy-nginx" {
datacenters = ["neptune"]
type = "service"
group "nginx" {
count = 1
constraint {
attribute = "${attr.unique.hostname}"
operator = "="
value = "carcajou"
}
network {
port "http" {
to = 80
}
}
task "nginx" {
driver = "docker"
config {
image = "nginx"
ports = [ "http" ]
}
}
service {
port = "http"
tags = [
"tricot home.adnab.me 100",
]
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
}
}
}
}

48
app/dummy/deploy/dummy-synapse.hcl Normal file
View file

@ -0,0 +1,48 @@
job "dummy-synapse" {
datacenters = ["neptune"]
type = "service"
group "synapse" {
count = 1
constraint {
attribute = "${attr.unique.hostname}"
operator = "="
value = "cariacou"
}
network {
port "http" {
to = 8008
}
}
task "synapse" {
driver = "docker"
config {
image = "matrixdotorg/synapse:v1.48.0"
ports = [ "http" ]
volumes = [
"/mnt/ssd/dummy-synapse:/data",
]
}
}
service {
port = "http"
tags = [
"tricot matrix.home.adnab.me 100",
"tricot matrix.home.adnab.me:443 100",
"tricot matrix.home.adnab.me:8448 100",
"tricot-add-header Access-Control-Allow-Origin *",
]
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
}
}
}
}

67
app/frontend/deploy/frontend-tricot.hcl Normal file
View file

@ -0,0 +1,67 @@
job "frontend" {
datacenters = ["neptune"]
type = "service"
priority = 90
group "tricot" {
constraint {
attribute = "${attr.unique.hostname}"
operator = "="
value = "carcajou"
}
network {
port "http_port" { static = 80 }
port "https_port" { static = 443 }
port "admin_port" { static = 8082 }
}
task "server" {
driver = "docker"
config {
image = "lxpz/amd64_tricot:25"
network_mode = "host"
readonly_rootfs = true
ports = [ "http_port", "https_port", "admin_port" ]
}
resources {
cpu = 2000
memory = 200
}
restart {
interval = "30m"
attempts = 2
delay = "15s"
mode = "delay"
}
template {
data = <<EOH
TRICOT_NODE_NAME={{ env "attr.unique.hostname" }}
TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me
TRICOT_ENABLE_COMPRESSION=true
RUST_LOG=tricot=trace
EOH
destination = "secrets/env"
env = true
}
service {
name = "tricot-http"
port = "http_port"
tags = [ "(diplonat (tcp_port 80))" ]
address_mode = "host"
}
service {
name = "tricot-https"
port = "https_port"
tags = [ "(diplonat (tcp_port 443))" ]
address_mode = "host"
}
}
}
}

23
app/garage-staging/config/garage.toml Normal file
View file

@ -0,0 +1,23 @@
block_size = 1048576
metadata_dir = "/meta"
data_dir = "/data"
replication_mode = "3"
rpc_bind_addr = "0.0.0.0:3991"
rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
consul_host = "localhost:8500"
consul_service_name = "garage-staging-rpc-self-advertised"
bootstrap_peers = []
[s3_api]
s3_region = "garage-staging"
api_bind_addr = "0.0.0.0:3990"
[s3_web]
bind_addr = "0.0.0.0:3992"
root_domain = ".garage-staging-web.home.adnab.me"
index = "index.html"

130
app/garage-staging/deploy/garage.hcl Normal file
View file

@ -0,0 +1,130 @@
job "garage-staging" {
type = "system"
datacenters = [ "neptune", "pluton" ]
priority = 80
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "garage-staging" {
network {
port "s3" { static = 3990 }
port "rpc" { static = 3991 }
port "web" { static = 3992 }
}
update {
max_parallel = 1
min_healthy_time = "30s"
healthy_deadline = "5m"
}
task "server" {
driver = "docker"
config {
image = "dxflrs/amd64_garage:v0.5-beta1"
command = "/garage"
args = [ "server" ]
network_mode = "host"
volumes = [
"/mnt/storage/garage-staging/data:/data",
"/mnt/ssd/garage-staging/meta:/meta",
"secrets/garage.toml:/etc/garage.toml",
]
logging {
type = "journald"
}
}
template {
data = file("../config/garage.toml")
destination = "secrets/garage.toml"
}
resources {
memory = 1000
cpu = 1000
}
kill_signal = "SIGINT"
kill_timeout = "20s"
service {
tags = [
"garage-staging-api",
"tricot garage-staging.home.adnab.me",
]
port = 3990
address_mode = "driver"
name = "garage-staging-api"
check {
type = "tcp"
port = 3990
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
tags = ["garage-staging-rpc"]
port = 3991
address_mode = "driver"
name = "garage-staging-rpc"
check {
type = "tcp"
port = 3991
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
tags = [
"garage-staging-web",
"tricot *.garage-staging-web.home.adnab.me",
"tricot matrix.home.adnab.me/.well-known/matrix/server",
"tricot rust-docs",
"tricot-add-header Access-Control-Allow-Origin *",
]
port = 3992
address_mode = "driver"
name = "garage-staging-web"
check {
type = "tcp"
port = 3992
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
restart {
interval = "30m"
attempts = 10
delay = "15s"
mode = "delay"
}
}
}
}

1
app/garage-staging/secrets/garage-staging/rpc_secret Normal file
View file

@ -0,0 +1 @@
CMD_ONCE openssl rand -hex 32

1
app/secretmgr.py Symbolic link
View file

@ -0,0 +1 @@
../../infrastructure/app/secretmgr.py

9
configuration.nix
View file

@ -87,13 +87,16 @@ in
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
networking.extraHosts = '' networking.extraHosts = ''
192.168.1.21 cariacou 192.168.1.21 cariacou.lan
192.168.1.22 carcajou 192.168.1.22 carcajou.lan
192.168.1.23 caribou 192.168.1.23 caribou.lan
192.168.1.23 binarycache 192.168.1.23 binarycache
192.168.1.23 binarycache.home.adnab.me 192.168.1.23 binarycache.home.adnab.me
10.42.0.1 hammerhead 10.42.0.1 hammerhead
10.42.0.2 spoutnik 10.42.0.2 spoutnik
10.42.0.21 cariacou
10.42.0.22 carcajou
10.42.0.23 caribou
10.42.0.66 lindy 10.42.0.66 lindy
10.42.0.206 shiki 10.42.0.206 shiki
''; '';