diff --git a/app/directory/deploy/directory.hcl b/app/directory/deploy/directory.hcl index c4dd5c6..ec37a7a 100644 --- a/app/directory/deploy/directory.hcl +++ b/app/directory/deploy/directory.hcl @@ -69,7 +69,7 @@ job "directory" { task "guichet" { driver = "docker" config { - image = "lxpz/guichet_amd64:10" + image = "lxpz/guichet_amd64:11" readonly_rootfs = true ports = [ "web_port" ] volumes = [ diff --git a/app/garage/deploy/garage.hcl b/app/garage/deploy/garage.hcl index 41e36a0..c3d730e 100644 --- a/app/garage/deploy/garage.hcl +++ b/app/garage/deploy/garage.hcl @@ -35,6 +35,9 @@ job "garage" { "secrets/garage.crt:/garage/garage.crt", "secrets/garage.key:/garage/garage.key", ] + logging { + type = "journald" + } } template { @@ -61,8 +64,8 @@ job "garage" { cpu = 1000 } - kill_signal = "SIGINT" - kill_timeout = "20s" + kill_signal = "SIGINT" + kill_timeout = "20s" service { tags = [ @@ -106,6 +109,13 @@ job "garage" { } } } + + restart { + interval = "30m" + attempts = 10 + delay = "15s" + mode = "delay" + } } } } diff --git a/app/im/config/synapse/homeserver.yaml b/app/im/config/synapse/homeserver.yaml index 9e141d4..6482772 100644 --- a/app/im/config/synapse/homeserver.yaml +++ b/app/im/config/synapse/homeserver.yaml @@ -314,7 +314,7 @@ bcrypt_rounds: 12 # Allows users to register as guests without a password/email/etc, and # participate in rooms hosted on this server which have been made # accessible to anonymous users. -allow_guest_access: True +allow_guest_access: False # The list of identity servers trusted to verify third party # identifiers by this server. @@ -469,5 +469,20 @@ report_stats: false suppress_key_server_warning: true enable_group_creation: true -experimental_features: - spaces_enabled: true +#experimental_features: +# spaces_enabled: true + +presence: + enabled: false +limit_remote_rooms: + enabled: true + complexity: 3.0 + complexity_error: "Ce salon de discussion a trop d'activité, le serveur n'est pas assez puissant pour le rejoindre. N'hésitez pas à remonter l'information à l'équipe technique, nous pourrons ajuster la limitation au besoin." + admins_can_join: false +retention: + enabled: true + # no default policy for now, this is intended. + # DO NOT ADD ONE BECAUSE THIS IS DANGEROUS AND WILL DELETE CONTENT WE WANT TO KEEP! + purge_jobs: + - interval: 1d + diff --git a/app/im/deploy/im.hcl b/app/im/deploy/im.hcl index b53645c..68eb9fd 100644 --- a/app/im/deploy/im.hcl +++ b/app/im/deploy/im.hcl @@ -86,7 +86,7 @@ job "im" { resources { cpu = 1000 - memory = 4000 + memory = 2000 } service { @@ -97,7 +97,7 @@ job "im" { "matrix", "traefik.enable=true", "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix", + "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix,/_synapse", "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *", "traefik.frontend.priority=100" ] @@ -129,86 +129,6 @@ job "im" { } } - group "easybridge" { - count = 1 - - network { - port "api_port" { - static = 8321 - to = 8321 - } - port "web_port" { to = 8281 } - } - - task "easybridge" { - driver = "docker" - config { - image = "lxpz/easybridge_amd64:35" - ports = [ "api_port", "web_port" ] - volumes = [ - "secrets/conf:/data" - ] - args = [ "./easybridge", "-config", "/data/config.json" ] - } - - template { - data = file("../config/easybridge/registration.yaml.tpl") - destination = "secrets/conf/registration.yaml" - } - - template { - data = file("../config/easybridge/config.json.tpl") - destination = "secrets/conf/config.json" - } - - resources { - memory = 250 - cpu = 100 - } - - service { - name = "easybridge-api" - tags = ["easybridge-api"] - port = "api_port" - address_mode = "host" - check { - type = "tcp" - port = "api_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "easybridge-web" - tags = [ - "easybridge-web", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - group "riotweb" { count = 1 diff --git a/app/postgres/deploy/postgres.hcl b/app/postgres/deploy/postgres.hcl index 5ce68a4..075a77f 100644 --- a/app/postgres/deploy/postgres.hcl +++ b/app/postgres/deploy/postgres.hcl @@ -110,7 +110,7 @@ job "postgres9.6" { } resources { - memory = 500 + memory = 1000 } service { diff --git a/os/config/roles/common/tasks/main.yml b/os/config/roles/common/tasks/main.yml index 3898c8f..e817451 100644 --- a/os/config/roles/common/tasks/main.yml +++ b/os/config/roles/common/tasks/main.yml @@ -29,6 +29,7 @@ - iftop - iotop - docker.io + - locales - unzip - tar - tcpdump diff --git a/os/config/roles/nomad/templates/nomad.hcl.j2 b/os/config/roles/nomad/templates/nomad.hcl.j2 index d1c0720..12acbd3 100644 --- a/os/config/roles/nomad/templates/nomad.hcl.j2 +++ b/os/config/roles/nomad/templates/nomad.hcl.j2 @@ -39,3 +39,14 @@ telemetry { publish_allocation_metrics = true publish_node_metrics = true } + +plugin "docker" { + config { + pull_activity_timeout = "15m" + volumes { + enabled = true + } + allow_privileged = true + } +} +