Simplify network configuration #11
10 changed files with 41 additions and 29 deletions
|
@ -1,5 +1,5 @@
|
||||||
job "backup_weekly" {
|
job "backup_weekly" {
|
||||||
datacenters = ["orion"]
|
datacenters = ["orion", "neptune", "bespin"]
|
||||||
type = "batch"
|
type = "batch"
|
||||||
|
|
||||||
priority = "60"
|
priority = "60"
|
||||||
|
@ -30,7 +30,7 @@ AWS_ENDPOINT=s3.deuxfleurs.shirokumo.net
|
||||||
AWS_ACCESS_KEY_ID={{ key "secrets/postgres/backup/aws_access_key_id" }}
|
AWS_ACCESS_KEY_ID={{ key "secrets/postgres/backup/aws_access_key_id" }}
|
||||||
AWS_SECRET_ACCESS_KEY={{ key "secrets/postgres/backup/aws_secret_access_key" }}
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/postgres/backup/aws_secret_access_key" }}
|
||||||
CRYPT_PUBLIC_KEY={{ key "secrets/postgres/backup/crypt_public_key" }}
|
CRYPT_PUBLIC_KEY={{ key "secrets/postgres/backup/crypt_public_key" }}
|
||||||
PSQL_HOST=psql-proxy.service.prod.consul
|
PSQL_HOST={{ env "meta.site" }}.psql-proxy.service.prod.consul
|
||||||
PSQL_USER={{ key "secrets/postgres/keeper/pg_repl_username" }}
|
PSQL_USER={{ key "secrets/postgres/keeper/pg_repl_username" }}
|
||||||
PGPASSWORD={{ key "secrets/postgres/keeper/pg_repl_pwd" }}
|
PGPASSWORD={{ key "secrets/postgres/keeper/pg_repl_pwd" }}
|
||||||
EOH
|
EOH
|
||||||
|
|
|
@ -3,13 +3,13 @@
|
||||||
WOWorkersCount = 3;
|
WOWorkersCount = 3;
|
||||||
SxVMemLimit = 300;
|
SxVMemLimit = 300;
|
||||||
WOPort = "127.0.0.1:20000";
|
WOPort = "127.0.0.1:20000";
|
||||||
SOGoProfileURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_user_profile";
|
SOGoProfileURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_user_profile";
|
||||||
OCSFolderInfoURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_folder_info";
|
OCSFolderInfoURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_folder_info";
|
||||||
OCSSessionsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_sessions_folder";
|
OCSSessionsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_sessions_folder";
|
||||||
OCSEMailAlarmsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_alarms_folder";
|
OCSEMailAlarmsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_alarms_folder";
|
||||||
OCSStoreURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_store";
|
OCSStoreURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_store";
|
||||||
OCSAclURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_acl";
|
OCSAclURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_acl";
|
||||||
OCSCacheFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_cache_folder";
|
OCSCacheFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_cache_folder";
|
||||||
SOGoTimeZone = "Europe/Paris";
|
SOGoTimeZone = "Europe/Paris";
|
||||||
SOGoMailDomain = "deuxfleurs.fr";
|
SOGoMailDomain = "deuxfleurs.fr";
|
||||||
SOGoLanguage = French;
|
SOGoLanguage = French;
|
||||||
|
|
|
@ -61,7 +61,7 @@ database:
|
||||||
user: {{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
|
user: {{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
|
||||||
password: {{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
|
password: {{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
|
||||||
database: {{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
|
database: {{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
|
||||||
host: psql-proxy.service.prod.consul
|
host: {{ env "meta.site" }}.psql-proxy.service.prod.consul
|
||||||
port: 5432
|
port: 5432
|
||||||
cp_min: 5
|
cp_min: 5
|
||||||
cp_max: 10
|
cp_max: 10
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "matrix" {
|
job "matrix" {
|
||||||
datacenters = ["orion"]
|
datacenters = ["orion", "neptune"]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 40
|
priority = 40
|
||||||
|
|
||||||
|
@ -8,6 +8,7 @@ job "matrix" {
|
||||||
|
|
||||||
network {
|
network {
|
||||||
port "api_port" { static = 8008 }
|
port "api_port" { static = 8008 }
|
||||||
|
port "web_port" { to = 8043 }
|
||||||
}
|
}
|
||||||
|
|
||||||
task "synapse" {
|
task "synapse" {
|
||||||
|
@ -79,6 +80,7 @@ job "matrix" {
|
||||||
"tricot im.deuxfleurs.fr:443/_matrix 100",
|
"tricot im.deuxfleurs.fr:443/_matrix 100",
|
||||||
"tricot im.deuxfleurs.fr/_synapse 100",
|
"tricot im.deuxfleurs.fr/_synapse 100",
|
||||||
"tricot-add-header Access-Control-Allow-Origin *",
|
"tricot-add-header Access-Control-Allow-Origin *",
|
||||||
|
"d53-cname im.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
|
@ -123,24 +125,15 @@ AWS_DEFAULT_REGION=garage
|
||||||
PG_USER={{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
|
PG_USER={{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
|
||||||
PG_PASS={{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
|
PG_PASS={{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
|
||||||
PG_DB={{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
|
PG_DB={{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
|
||||||
PG_HOST=psql-proxy.service.2.cluster.deuxfleurs.fr
|
PG_HOST={{ env "meta.site" }}.psql-proxy.service.2.cluster.deuxfleurs.fr
|
||||||
PG_PORT=5432
|
PG_PORT=5432
|
||||||
EOH
|
EOH
|
||||||
destination = "secrets/env"
|
destination = "secrets/env"
|
||||||
env = true
|
env = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
task "riotweb" {
|
||||||
group "riotweb" {
|
|
||||||
count = 1
|
|
||||||
|
|
||||||
network {
|
|
||||||
port "web_port" { to = 8043 }
|
|
||||||
}
|
|
||||||
|
|
||||||
task "server" {
|
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_riotweb:v33"
|
image = "superboum/amd64_riotweb:v33"
|
||||||
|
@ -164,6 +157,7 @@ EOH
|
||||||
"webstatic",
|
"webstatic",
|
||||||
"tricot im.deuxfleurs.fr 10",
|
"tricot im.deuxfleurs.fr 10",
|
||||||
"tricot riot.deuxfleurs.fr 10",
|
"tricot riot.deuxfleurs.fr 10",
|
||||||
|
"d53-cname riot.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
port = "web_port"
|
port = "web_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
|
|
|
@ -12,7 +12,7 @@ ROCKET_SECRET_KEY={{ key "secrets/plume/secret_key" | trimSpace }}
|
||||||
POSTGRES_PASSWORD={{ key "secrets/plume/pgsql_pw" | trimSpace }}
|
POSTGRES_PASSWORD={{ key "secrets/plume/pgsql_pw" | trimSpace }}
|
||||||
POSTGRES_USER=plume
|
POSTGRES_USER=plume
|
||||||
POSTGRES_DB=plume
|
POSTGRES_DB=plume
|
||||||
DATABASE_URL=postgres://plume:{{ key "secrets/plume/pgsql_pw" | trimSpace }}@psql-proxy.service.prod.consul:5432/plume
|
DATABASE_URL=postgres://plume:{{ key "secrets/plume/pgsql_pw" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/plume
|
||||||
MIGRATION_DIRECTORY=migrations/postgres
|
MIGRATION_DIRECTORY=migrations/postgres
|
||||||
|
|
||||||
USE_HTTPS=0
|
USE_HTTPS=0
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "postgres14" {
|
job "postgres14" {
|
||||||
datacenters = ["orion"]
|
datacenters = ["orion", "neptune", "bespin"]
|
||||||
type = "system"
|
type = "system"
|
||||||
priority = 90
|
priority = 90
|
||||||
|
|
||||||
|
@ -16,6 +16,20 @@ job "postgres14" {
|
||||||
port "psql_port" { static = 5433 }
|
port "psql_port" { static = 5433 }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${attr.unique.hostname}"
|
||||||
|
operator = "set_contains_any"
|
||||||
|
# target: courgette,df-ymf,abricot (or ananas)
|
||||||
|
value = "diplotaxis,courgette,concombre,df-ymf"
|
||||||
|
}
|
||||||
|
|
||||||
|
restart {
|
||||||
|
interval = "10m"
|
||||||
|
attempts = 10
|
||||||
|
delay = "15s"
|
||||||
|
mode = "delay"
|
||||||
|
}
|
||||||
|
|
||||||
task "sentinel" {
|
task "sentinel" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
|
@ -99,7 +113,7 @@ job "postgres14" {
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = ["sql"]
|
tags = ["sql", "${meta.site}"]
|
||||||
port = "psql_proxy_port"
|
port = "psql_proxy_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "psql-proxy"
|
name = "psql-proxy"
|
||||||
|
@ -179,7 +193,7 @@ job "postgres14" {
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = ["sql"]
|
tags = ["sql", "${meta.site}"]
|
||||||
port = "psql_port"
|
port = "psql_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "psql-keeper"
|
name = "psql-keeper"
|
||||||
|
|
|
@ -45,7 +45,7 @@ job "telemetry-service" {
|
||||||
task "grafana" {
|
task "grafana" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "grafana/grafana:9.3.2"
|
image = "grafana/grafana:9.5.1"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "grafana" ]
|
ports = [ "grafana" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
|
@ -20,7 +20,7 @@ job "telemetry-storage" {
|
||||||
task "prometheus" {
|
task "prometheus" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "prom/prometheus:v2.41.0"
|
image = "prom/prometheus:v2.43.1"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "prometheus" ]
|
ports = [ "prometheus" ]
|
||||||
args = [
|
args = [
|
||||||
|
|
|
@ -12,7 +12,7 @@ job "telemetry-system" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "quay.io/prometheus/node-exporter:v1.4.0"
|
image = "quay.io/prometheus/node-exporter:v1.5.0"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
volumes = [
|
volumes = [
|
||||||
"/:/host:ro,rslave"
|
"/:/host:ro,rslave"
|
||||||
|
|
|
@ -218,6 +218,10 @@ in
|
||||||
domain-insecure = [ "consul." ];
|
domain-insecure = [ "consul." ];
|
||||||
local-zone = [ "consul. nodefault" ];
|
local-zone = [ "consul. nodefault" ];
|
||||||
log-servfail = true;
|
log-servfail = true;
|
||||||
|
verbosity = 1;
|
||||||
|
log-queries = true;
|
||||||
|
use-syslog = false;
|
||||||
|
logfile = "/dev/stdout";
|
||||||
access-control = [
|
access-control = [
|
||||||
"127.0.0.0/8 allow"
|
"127.0.0.0/8 allow"
|
||||||
"172.17.0.0/16 allow"
|
"172.17.0.0/16 allow"
|
||||||
|
|
Loading…
Reference in a new issue