Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/infrastructure into main

2021-07-02 13:11:29 +02:00 · 2021-07-02 13:11:29 +02:00 · 0a6ffcacd2
parent 2d61f1449d 80c2f1f701
commit 0a6ffcacd2
7 changed files with 46 additions and 89 deletions
--- a/app/directory/deploy/directory.hcl
+++ b/app/directory/deploy/directory.hcl
@ -69,7 +69,7 @@ job "directory" {
    task "guichet" {
      driver = "docker"
      config {
-        image = "lxpz/guichet_amd64:10"
+        image = "lxpz/guichet_amd64:11"
        readonly_rootfs = true
        ports = [ "web_port" ]
        volumes = [
--- a/app/garage/deploy/garage.hcl
+++ b/app/garage/deploy/garage.hcl
@ -35,6 +35,9 @@ job "garage" {
          "secrets/garage.crt:/garage/garage.crt",
          "secrets/garage.key:/garage/garage.key",
        ]
+        logging {
+          type = "journald"
+        }
      }

      template {
@ -61,8 +64,8 @@ job "garage" {
        cpu = 1000
      }

-	  kill_signal = "SIGINT"
-	  kill_timeout = "20s"
+      kill_signal = "SIGINT"
+      kill_timeout = "20s"

      service {
        tags = [
@ -106,6 +109,13 @@ job "garage" {
          }
        }
      }
+
+      restart { 
+        interval = "30m"  
+        attempts = 10  
+        delay    = "15s"  
+        mode     = "delay"
+      }
    }
  }
 }
--- a/app/im/config/synapse/homeserver.yaml
+++ b/app/im/config/synapse/homeserver.yaml
@ -314,7 +314,7 @@ bcrypt_rounds: 12
 # Allows users to register as guests without a password/email/etc, and
 # participate in rooms hosted on this server which have been made
 # accessible to anonymous users.
-allow_guest_access: True
+allow_guest_access: False

 # The list of identity servers trusted to verify third party
 # identifiers by this server.
@ -469,5 +469,20 @@ report_stats: false
 suppress_key_server_warning: true
 enable_group_creation: true

-experimental_features:
-  spaces_enabled: true
+#experimental_features:
+#  spaces_enabled: true
+
+presence:
+  enabled: false
+limit_remote_rooms:
+  enabled: true
+  complexity: 3.0
+  complexity_error: "Ce salon de discussion a trop d'activité, le serveur n'est pas assez puissant pour le rejoindre. N'hésitez pas à remonter l'information à l'équipe technique, nous pourrons ajuster la limitation au besoin."
+  admins_can_join: false
+retention:
+  enabled: true
+  # no default policy for now, this is intended. 
+  # DO NOT ADD ONE BECAUSE THIS IS DANGEROUS AND WILL DELETE CONTENT WE WANT TO KEEP!
+  purge_jobs:
+    - interval: 1d
+
--- a/app/im/deploy/im.hcl
+++ b/app/im/deploy/im.hcl
@ -86,7 +86,7 @@ job "im" {

      resources {
        cpu = 1000
-        memory = 4000
+        memory = 2000
      }

      service {
@ -97,7 +97,7 @@ job "im" {
          "matrix",
          "traefik.enable=true",
          "traefik.frontend.entryPoints=https",
-          "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix",
+          "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix,/_synapse",
          "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *",
          "traefik.frontend.priority=100"
        ]
@ -129,86 +129,6 @@ job "im" {
    }
  }

-  group "easybridge" {
-    count = 1
-
-    network {
-      port "api_port" {
-        static = 8321
-        to = 8321
-      }
-      port "web_port" { to = 8281 }
-    }
-
-    task "easybridge" {
-      driver = "docker"
-      config {
-        image = "lxpz/easybridge_amd64:35"
-        ports = [ "api_port", "web_port" ]
-        volumes = [
-          "secrets/conf:/data"
-        ]
-        args = [ "./easybridge", "-config", "/data/config.json" ]
-      }
-
-      template {
-        data = file("../config/easybridge/registration.yaml.tpl")
-        destination = "secrets/conf/registration.yaml"
-      }
-
-      template {
-        data = file("../config/easybridge/config.json.tpl")
-        destination = "secrets/conf/config.json"
-      }
-
-      resources {
-        memory = 250
-        cpu = 100
-      }
-
-      service {
-        name = "easybridge-api"
-        tags = ["easybridge-api"]
-        port = "api_port"
-        address_mode = "host"
-        check {
-          type = "tcp"
-          port = "api_port"
-          interval = "60s"
-          timeout = "5s"
-          check_restart {
-            limit = 3
-            grace = "90s"
-            ignore_warnings = false
-          }
-        }
-      }
-
-      service {
-        name = "easybridge-web"
-        tags = [
-          "easybridge-web",
-          "traefik.enable=true",
-          "traefik.frontend.entryPoints=https,http",
-          "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr",
-        ]
-        port = "web_port"
-        address_mode = "host"
-        check {
-          type = "tcp"
-          port = "web_port"
-          interval = "60s"
-          timeout = "5s"
-          check_restart {
-            limit = 3
-            grace = "90s"
-            ignore_warnings = false
-          }
-        }
-      }
-    }
- }
-

  group "riotweb" {
    count = 1
--- a/app/postgres/deploy/postgres.hcl
+++ b/app/postgres/deploy/postgres.hcl
@ -110,7 +110,7 @@ job "postgres9.6" {
      }

      resources {
-        memory = 500
+        memory = 1000
      }

      service {
--- a/os/config/roles/common/tasks/main.yml
+++ b/os/config/roles/common/tasks/main.yml
@ -29,6 +29,7 @@
      - iftop
      - iotop
      - docker.io
+      - locales
      - unzip
      - tar
      - tcpdump
--- a/os/config/roles/nomad/templates/nomad.hcl.j2
+++ b/os/config/roles/nomad/templates/nomad.hcl.j2
@ -39,3 +39,14 @@ telemetry {
  publish_allocation_metrics = true
  publish_node_metrics = true
 }
+
+plugin "docker" {  
+  config {
+    pull_activity_timeout = "15m"  
+    volumes {
+      enabled = true
+    }
+    allow_privileged = true
+  }
+}
+