From 2d30e1a9c7254e2769d1e11a5e7ab54b34f8b77a Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 29 Jun 2021 13:57:01 +0200 Subject: [PATCH 1/9] Log to journald --- app/garage/deploy/garage.hcl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/garage/deploy/garage.hcl b/app/garage/deploy/garage.hcl index 41e36a0..b5b8bf1 100644 --- a/app/garage/deploy/garage.hcl +++ b/app/garage/deploy/garage.hcl @@ -35,6 +35,9 @@ job "garage" { "secrets/garage.crt:/garage/garage.crt", "secrets/garage.key:/garage/garage.key", ] + logging { + type = "journald" + } } template { From 784efbcc9b19770cba03a5b539bcd1c924fc7d03 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 30 Jun 2021 12:57:13 +0200 Subject: [PATCH 2/9] Add a restart policy --- app/garage/deploy/garage.hcl | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/app/garage/deploy/garage.hcl b/app/garage/deploy/garage.hcl index b5b8bf1..c3d730e 100644 --- a/app/garage/deploy/garage.hcl +++ b/app/garage/deploy/garage.hcl @@ -64,8 +64,8 @@ job "garage" { cpu = 1000 } - kill_signal = "SIGINT" - kill_timeout = "20s" + kill_signal = "SIGINT" + kill_timeout = "20s" service { tags = [ @@ -109,6 +109,13 @@ job "garage" { } } } + + restart { + interval = "30m" + attempts = 10 + delay = "15s" + mode = "delay" + } } } } From 3c8cd4ca1c6bf12766901c9a6c280f4f0465ca9e Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 30 Jun 2021 16:24:03 +0200 Subject: [PATCH 3/9] Deactivate guests + expose _synapse api --- app/im/config/synapse/homeserver.yaml | 2 +- app/im/deploy/im.hcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/im/config/synapse/homeserver.yaml b/app/im/config/synapse/homeserver.yaml index 9e141d4..d146dda 100644 --- a/app/im/config/synapse/homeserver.yaml +++ b/app/im/config/synapse/homeserver.yaml @@ -314,7 +314,7 @@ bcrypt_rounds: 12 # Allows users to register as guests without a password/email/etc, and # participate in rooms hosted on this server which have been made # accessible to anonymous users. -allow_guest_access: True +allow_guest_access: False # The list of identity servers trusted to verify third party # identifiers by this server. diff --git a/app/im/deploy/im.hcl b/app/im/deploy/im.hcl index b53645c..345cf8c 100644 --- a/app/im/deploy/im.hcl +++ b/app/im/deploy/im.hcl @@ -97,7 +97,7 @@ job "im" { "matrix", "traefik.enable=true", "traefik.frontend.entryPoints=https", - "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix", + "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix,/_synapse", "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *", "traefik.frontend.priority=100" ] From 4b68522721ef043b6a3345c559a0f71a096ff217 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 1 Jul 2021 14:23:33 +0200 Subject: [PATCH 4/9] Add locales --- os/config/roles/common/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/os/config/roles/common/tasks/main.yml b/os/config/roles/common/tasks/main.yml index 3898c8f..e817451 100644 --- a/os/config/roles/common/tasks/main.yml +++ b/os/config/roles/common/tasks/main.yml @@ -29,6 +29,7 @@ - iftop - iotop - docker.io + - locales - unzip - tar - tcpdump From b9f0f012bd99143effd2527097dcead7240a4a47 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 1 Jul 2021 14:25:04 +0200 Subject: [PATCH 5/9] Update synapse configuration --- app/im/config/synapse/homeserver.yaml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/app/im/config/synapse/homeserver.yaml b/app/im/config/synapse/homeserver.yaml index d146dda..6482772 100644 --- a/app/im/config/synapse/homeserver.yaml +++ b/app/im/config/synapse/homeserver.yaml @@ -469,5 +469,20 @@ report_stats: false suppress_key_server_warning: true enable_group_creation: true -experimental_features: - spaces_enabled: true +#experimental_features: +# spaces_enabled: true + +presence: + enabled: false +limit_remote_rooms: + enabled: true + complexity: 3.0 + complexity_error: "Ce salon de discussion a trop d'activité, le serveur n'est pas assez puissant pour le rejoindre. N'hésitez pas à remonter l'information à l'équipe technique, nous pourrons ajuster la limitation au besoin." + admins_can_join: false +retention: + enabled: true + # no default policy for now, this is intended. + # DO NOT ADD ONE BECAUSE THIS IS DANGEROUS AND WILL DELETE CONTENT WE WANT TO KEEP! + purge_jobs: + - interval: 1d + From 1277d94bec5cccb62695da34a7ffb156f471eb6e Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 1 Jul 2021 15:36:54 +0200 Subject: [PATCH 6/9] Remove easybridge + increase nomad docker timeout when pulling images --- app/im/deploy/im.hcl | 80 -------------------- os/config/roles/nomad/templates/nomad.hcl.j2 | 7 ++ 2 files changed, 7 insertions(+), 80 deletions(-) diff --git a/app/im/deploy/im.hcl b/app/im/deploy/im.hcl index 345cf8c..42c604d 100644 --- a/app/im/deploy/im.hcl +++ b/app/im/deploy/im.hcl @@ -129,86 +129,6 @@ job "im" { } } - group "easybridge" { - count = 1 - - network { - port "api_port" { - static = 8321 - to = 8321 - } - port "web_port" { to = 8281 } - } - - task "easybridge" { - driver = "docker" - config { - image = "lxpz/easybridge_amd64:35" - ports = [ "api_port", "web_port" ] - volumes = [ - "secrets/conf:/data" - ] - args = [ "./easybridge", "-config", "/data/config.json" ] - } - - template { - data = file("../config/easybridge/registration.yaml.tpl") - destination = "secrets/conf/registration.yaml" - } - - template { - data = file("../config/easybridge/config.json.tpl") - destination = "secrets/conf/config.json" - } - - resources { - memory = 250 - cpu = 100 - } - - service { - name = "easybridge-api" - tags = ["easybridge-api"] - port = "api_port" - address_mode = "host" - check { - type = "tcp" - port = "api_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - service { - name = "easybridge-web" - tags = [ - "easybridge-web", - "traefik.enable=true", - "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr", - ] - port = "web_port" - address_mode = "host" - check { - type = "tcp" - port = "web_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - group "riotweb" { count = 1 diff --git a/os/config/roles/nomad/templates/nomad.hcl.j2 b/os/config/roles/nomad/templates/nomad.hcl.j2 index d1c0720..f44ccaa 100644 --- a/os/config/roles/nomad/templates/nomad.hcl.j2 +++ b/os/config/roles/nomad/templates/nomad.hcl.j2 @@ -39,3 +39,10 @@ telemetry { publish_allocation_metrics = true publish_node_metrics = true } + +plugin "docker" { + config { + pull_activity_timeout = "15m" + } +} + From 576ac2772ebb2f6ff52dfc65cd82a28c384f7186 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 1 Jul 2021 15:53:41 +0200 Subject: [PATCH 7/9] Update config to add more time to pull images --- os/config/roles/nomad/templates/nomad.hcl.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/os/config/roles/nomad/templates/nomad.hcl.j2 b/os/config/roles/nomad/templates/nomad.hcl.j2 index f44ccaa..12acbd3 100644 --- a/os/config/roles/nomad/templates/nomad.hcl.j2 +++ b/os/config/roles/nomad/templates/nomad.hcl.j2 @@ -43,6 +43,10 @@ telemetry { plugin "docker" { config { pull_activity_timeout = "15m" + volumes { + enabled = true + } + allow_privileged = true } } From 455e4db7846bccafd4ed61289af27fd95a43299b Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Thu, 1 Jul 2021 16:30:21 +0200 Subject: [PATCH 8/9] update guichet --- app/directory/deploy/directory.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/directory/deploy/directory.hcl b/app/directory/deploy/directory.hcl index c4dd5c6..ec37a7a 100644 --- a/app/directory/deploy/directory.hcl +++ b/app/directory/deploy/directory.hcl @@ -69,7 +69,7 @@ job "directory" { task "guichet" { driver = "docker" config { - image = "lxpz/guichet_amd64:10" + image = "lxpz/guichet_amd64:11" readonly_rootfs = true ports = [ "web_port" ] volumes = [ From e640f82eb8134d3ff6a363c71d767aef176a32fc Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 1 Jul 2021 23:48:11 +0200 Subject: [PATCH 9/9] Add 500Mo x3 more RAM to postgres and 2Go less RAM to Matrix --- app/im/deploy/im.hcl | 2 +- app/postgres/deploy/postgres.hcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/im/deploy/im.hcl b/app/im/deploy/im.hcl index 42c604d..68eb9fd 100644 --- a/app/im/deploy/im.hcl +++ b/app/im/deploy/im.hcl @@ -86,7 +86,7 @@ job "im" { resources { cpu = 1000 - memory = 4000 + memory = 2000 } service { diff --git a/app/postgres/deploy/postgres.hcl b/app/postgres/deploy/postgres.hcl index 5ce68a4..075a77f 100644 --- a/app/postgres/deploy/postgres.hcl +++ b/app/postgres/deploy/postgres.hcl @@ -110,7 +110,7 @@ job "postgres9.6" { } resources { - memory = 500 + memory = 1000 } service {