Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/infrastructure into main

This commit is contained in:
Quentin 2021-07-02 13:11:29 +02:00
commit 0a6ffcacd2
7 changed files with 46 additions and 89 deletions

View file

@ -69,7 +69,7 @@ job "directory" {
task "guichet" { task "guichet" {
driver = "docker" driver = "docker"
config { config {
image = "lxpz/guichet_amd64:10" image = "lxpz/guichet_amd64:11"
readonly_rootfs = true readonly_rootfs = true
ports = [ "web_port" ] ports = [ "web_port" ]
volumes = [ volumes = [

View file

@ -35,6 +35,9 @@ job "garage" {
"secrets/garage.crt:/garage/garage.crt", "secrets/garage.crt:/garage/garage.crt",
"secrets/garage.key:/garage/garage.key", "secrets/garage.key:/garage/garage.key",
] ]
logging {
type = "journald"
}
} }
template { template {
@ -106,6 +109,13 @@ job "garage" {
} }
} }
} }
restart {
interval = "30m"
attempts = 10
delay = "15s"
mode = "delay"
}
} }
} }
} }

View file

@ -314,7 +314,7 @@ bcrypt_rounds: 12
# Allows users to register as guests without a password/email/etc, and # Allows users to register as guests without a password/email/etc, and
# participate in rooms hosted on this server which have been made # participate in rooms hosted on this server which have been made
# accessible to anonymous users. # accessible to anonymous users.
allow_guest_access: True allow_guest_access: False
# The list of identity servers trusted to verify third party # The list of identity servers trusted to verify third party
# identifiers by this server. # identifiers by this server.
@ -469,5 +469,20 @@ report_stats: false
suppress_key_server_warning: true suppress_key_server_warning: true
enable_group_creation: true enable_group_creation: true
experimental_features: #experimental_features:
spaces_enabled: true # spaces_enabled: true
presence:
enabled: false
limit_remote_rooms:
enabled: true
complexity: 3.0
complexity_error: "Ce salon de discussion a trop d'activité, le serveur n'est pas assez puissant pour le rejoindre. N'hésitez pas à remonter l'information à l'équipe technique, nous pourrons ajuster la limitation au besoin."
admins_can_join: false
retention:
enabled: true
# no default policy for now, this is intended.
# DO NOT ADD ONE BECAUSE THIS IS DANGEROUS AND WILL DELETE CONTENT WE WANT TO KEEP!
purge_jobs:
- interval: 1d

View file

@ -86,7 +86,7 @@ job "im" {
resources { resources {
cpu = 1000 cpu = 1000
memory = 4000 memory = 2000
} }
service { service {
@ -97,7 +97,7 @@ job "im" {
"matrix", "matrix",
"traefik.enable=true", "traefik.enable=true",
"traefik.frontend.entryPoints=https", "traefik.frontend.entryPoints=https",
"traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix", "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix,/_synapse",
"traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *", "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *",
"traefik.frontend.priority=100" "traefik.frontend.priority=100"
] ]
@ -129,86 +129,6 @@ job "im" {
} }
} }
group "easybridge" {
count = 1
network {
port "api_port" {
static = 8321
to = 8321
}
port "web_port" { to = 8281 }
}
task "easybridge" {
driver = "docker"
config {
image = "lxpz/easybridge_amd64:35"
ports = [ "api_port", "web_port" ]
volumes = [
"secrets/conf:/data"
]
args = [ "./easybridge", "-config", "/data/config.json" ]
}
template {
data = file("../config/easybridge/registration.yaml.tpl")
destination = "secrets/conf/registration.yaml"
}
template {
data = file("../config/easybridge/config.json.tpl")
destination = "secrets/conf/config.json"
}
resources {
memory = 250
cpu = 100
}
service {
name = "easybridge-api"
tags = ["easybridge-api"]
port = "api_port"
address_mode = "host"
check {
type = "tcp"
port = "api_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
name = "easybridge-web"
tags = [
"easybridge-web",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
"traefik.frontend.rule=Host:easybridge.deuxfleurs.fr",
]
port = "web_port"
address_mode = "host"
check {
type = "tcp"
port = "web_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
}
group "riotweb" { group "riotweb" {
count = 1 count = 1

View file

@ -110,7 +110,7 @@ job "postgres9.6" {
} }
resources { resources {
memory = 500 memory = 1000
} }
service { service {

View file

@ -29,6 +29,7 @@
- iftop - iftop
- iotop - iotop
- docker.io - docker.io
- locales
- unzip - unzip
- tar - tar
- tcpdump - tcpdump

View file

@ -39,3 +39,14 @@ telemetry {
publish_allocation_metrics = true publish_allocation_metrics = true
publish_node_metrics = true publish_node_metrics = true
} }
plugin "docker" {
config {
pull_activity_timeout = "15m"
volumes {
enabled = true
}
allow_privileged = true
}
}