From 560486bc50f5298d91706604339513f6840a2a18 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Mon, 15 May 2023 17:30:41 +0200
Subject: [PATCH] prod plume with s3 backend

---
 .../prod/app/plume/build/docker-compose.yml   |  2 +-
 cluster/prod/app/plume/build/plume/Dockerfile | 19 +++++++++------
 cluster/prod/app/plume/config/app.env         | 11 +++++++++
 cluster/prod/app/plume/deploy/plume.hcl       | 24 ++++---------------
 cluster/prod/app/plume/secrets.toml           |  7 +++++-
 5 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/cluster/prod/app/plume/build/docker-compose.yml b/cluster/prod/app/plume/build/docker-compose.yml
index 560f539..a621540 100644
--- a/cluster/prod/app/plume/build/docker-compose.yml
+++ b/cluster/prod/app/plume/build/docker-compose.yml
@@ -4,5 +4,5 @@ services:
     build:
       context: ./plume
       args:
-        VERSION: 8709f6cf9f8ff7e3c5ee7ea699ee7c778e92fefc
+        PLUME_VERSION: 61e65a55ad1f5094321c111e395d00dddcb05e96
     image: superboum/plume:v8
diff --git a/cluster/prod/app/plume/build/plume/Dockerfile b/cluster/prod/app/plume/build/plume/Dockerfile
index 1f57a52..6e9d4f9 100644
--- a/cluster/prod/app/plume/build/plume/Dockerfile
+++ b/cluster/prod/app/plume/build/plume/Dockerfile
@@ -1,4 +1,5 @@
-FROM rust:1.58.1-slim-bullseye as builder
+#FROM rust:1.69-bullseye as builder
+FROM rustlang/rust:nightly-bullseye as builder
 
 RUN apt-get update && \
     apt-get install -y \
@@ -18,21 +19,25 @@ RUN apt-get update && \
       libssl-dev \
       libclang-dev
 
-ARG VERSION
+RUN cargo install wasm-pack
+
+ARG PLUME_VERSION
 WORKDIR /opt
-RUN git clone -n https://git.joinplu.me/Plume/Plume.git plume
+RUN git clone -n https://git.joinplu.me/lx/Plume.git plume
 
 WORKDIR /opt/plume
-RUN git checkout ${VERSION}
+RUN git checkout ${PLUME_VERSION}
+# Small style patch to make text column wider
+RUN git merge 397e3b4d9720475257817b322c05323d12918216
+RUN rm rust-toolchain
 
 WORKDIR /opt/plume/script
 RUN chmod a+x ./wasm-deps.sh && ./wasm-deps.sh
 
 WORKDIR /opt/plume
-RUN cargo install wasm-pack
 RUN chmod a+x ./script/plume-front.sh && ./script/plume-front.sh
-RUN cargo install --path ./ --force --no-default-features --features postgres
-RUN cargo install --path plume-cli --force --no-default-features --features postgres
+RUN cargo install --path ./ --force --no-default-features --features postgres,s3
+RUN cargo install --path plume-cli --force --no-default-features --features postgres,s3
 RUN cargo clean
 
 #-----------------------------
diff --git a/cluster/prod/app/plume/config/app.env b/cluster/prod/app/plume/config/app.env
index b751bd6..b663d81 100644
--- a/cluster/prod/app/plume/config/app.env
+++ b/cluster/prod/app/plume/config/app.env
@@ -8,6 +8,17 @@ ROCKET_SECRET_KEY={{ key "secrets/plume/secret_key" | trimSpace }}
 #MAIL_PASSWORD=123456
 #MAIL_HELO_NAME=example.org
 
+# S3 settings
+S3_BUCKET=plume
+AWS_ACCESS_KEY_ID={{ key "secrets/plume/s3_access_key" | trimSpace }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/s3_secret_key" | trimSpace }}
+S3_REGION=garage
+S3_HOSTNAME={{ env "attr.unique.network.ip-address" }}:3900
+S3_PROTOCOL=http
+S3_PATH_STYLE=true
+S3_DIRECT_DOWNLOAD=true
+S3_ALIAS_HOST=plume.web.deuxfleurs.fr
+
 # DATABASE SETUP
 POSTGRES_PASSWORD={{ key "secrets/plume/pgsql_pw" | trimSpace }}
 POSTGRES_USER=plume
diff --git a/cluster/prod/app/plume/deploy/plume.hcl b/cluster/prod/app/plume/deploy/plume.hcl
index 4470099..c266167 100644
--- a/cluster/prod/app/plume/deploy/plume.hcl
+++ b/cluster/prod/app/plume/deploy/plume.hcl
@@ -1,12 +1,7 @@
 job "plume-blog" {
-  datacenters = ["orion"]
+  datacenters = ["orion", "neptune"]
   type = "service"
 
-  constraint {
-    attribute = "${attr.cpu.arch}"
-    value     = "amd64"
-  }
-
   group "plume" {
     count = 1
 
@@ -15,23 +10,13 @@ job "plume-blog" {
     }
 
     task "plume" {
-      constraint {
-        attribute = "${attr.unique.hostname}"
-        operator = "="
-        value = "dahlia"
-      }
-
       driver = "docker"
       config {
-        image = "superboum/plume:v8"
+        image = "lxpz/plume_s3:v1"
         network_mode = "host"
         ports = [ "web_port" ]
-        #command = "cat"
-        #args = [ "/dev/stdout" ]
-        volumes = [
-          "/mnt/ssd/plume/search_index:/app/search_index",
-          "/mnt/ssd/plume/media:/app/static/media"
-        ]
+        command = "sh"
+        args = [ "-c", "plm search init; plm search refill; plume" ]
       }
 
       template {
@@ -51,6 +36,7 @@ job "plume-blog" {
         tags = [
           "plume",
           "tricot plume.deuxfleurs.fr",
+          "d53-cname plume.deuxfleurs.fr",
         ]
         port = "web_port"
         address_mode = "host"
diff --git a/cluster/prod/app/plume/secrets.toml b/cluster/prod/app/plume/secrets.toml
index 4d68a5c..fd67a57 100644
--- a/cluster/prod/app/plume/secrets.toml
+++ b/cluster/prod/app/plume/secrets.toml
@@ -1,10 +1,15 @@
 [service_user."plume"]
 password_secret = "plume/pgsql_pw"
 
-
 [secrets."plume/secret_key"]
 type = 'command'
 rotate = true
 command = 'openssl rand -base64 32'
 
+[secrets."plume/s3_access_key"]
+type = 'user'
+description = 'S3 access key ID for database and media storage'
 
+[secrets."plume/s3_secret_key"]
+type = 'user'
+description = 'S3 secret key for database and media storage'