From 9117616f0250ab0ac724c6aa9a5b6d94ec7c9d92 Mon Sep 17 00:00:00 2001 From: Quentin Date: Tue, 22 Dec 2020 18:24:33 +0100 Subject: [PATCH] Migrate Synapse + Email hack Nomad seemed to dislike the 'auth_port' label, replaced by 'zauthentication_port' --- app/deployment/email.hcl | 46 +++++----- app/deployment/im.hcl | 176 ++++++++++----------------------------- 2 files changed, 63 insertions(+), 159 deletions(-) diff --git a/app/deployment/email.hcl b/app/deployment/email.hcl index a51ea27..3d9e15b 100644 --- a/app/deployment/email.hcl +++ b/app/deployment/email.hcl @@ -7,7 +7,7 @@ job "email" { count = 1 network { - port "auth_port" { + port "zauthentication_port" { static = 1337 to = 1337 } @@ -31,7 +31,7 @@ job "email" { config { image = "superboum/amd64_dovecot:v2" readonly_rootfs = false - ports = [ "auth_port", "imaps_port", "imap_port", "lmtp_port" ] + ports = [ "zauthentication_port", "imaps_port", "imap_port", "lmtp_port" ] command = "dovecot" args = [ "-F" ] volumes = [ @@ -51,30 +51,9 @@ job "email" { memory = 200 } - service { - name = "dovecot-auth" - port = "auth_port" - address_mode = "host" - tags = [ - "dovecot", - ] - check { - type = "tcp" - port = "auth_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - service { name = "dovecot-imap" port = "imap_port" - address_mode = "host" tags = [ "dovecot" ] @@ -94,7 +73,6 @@ job "email" { service { name = "dovecot-imaps" port = "imaps_port" - address_mode = "host" tags = [ "dovecot", "(diplonat (tcp_port 993))" @@ -116,7 +94,6 @@ job "email" { service { name = "dovecot-lmtp" port = "lmtp_port" - address_mode = "host" tags = [ "dovecot", ] @@ -134,6 +111,25 @@ job "email" { } } + service { + name = "dovecot-auth" + port = "zauthentication_port" + tags = [ + "dovecot", + ] + check { + type = "tcp" + port = "zauthentication_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + template { data = file("../config/configuration/email/dovecot/dovecot-ldap.conf.tpl") destination = "secrets/conf/dovecot-ldap.conf" diff --git a/app/deployment/im.hcl b/app/deployment/im.hcl index cbce54c..9667965 100644 --- a/app/deployment/im.hcl +++ b/app/deployment/im.hcl @@ -5,6 +5,12 @@ job "im" { group "matrix" { count = 1 + + network { + port "client_port" { static = 8008 } + port "federation_port" { static = 8448 } + } + task "synapse" { driver = "docker" @@ -12,6 +18,7 @@ job "im" { image = "particallydone/amd64_synapse:v39" network_mode = "host" readonly_rootfs = true + ports = [ "client_port", "federation_port" ] command = "python" args = [ "-m", "synapse.app.homeserver", @@ -27,60 +34,47 @@ job "im" { ] } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/synapse/homeserver.yaml?raw" - destination = "secrets/tpl/homeserver.yaml.tpl" - mode = "file" - } template { - source = "secrets/tpl/homeserver.yaml.tpl" + data = file("../config/configuration/chat/synapse/homeserver.yaml") destination = "secrets/conf/homeserver.yaml" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/registration.yaml.tpl?raw" - destination = "secrets/tpl/easybridge_registration.yaml.tpl" - mode = "file" - } template { - source = "secrets/tpl/easybridge_registration.yaml.tpl" + data = file("../config/configuration/chat/easybridge/registration.yaml.tpl") destination = "secrets/conf/easybridge_registration.yaml" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/fb2mx/registration.yaml?raw" - destination = "secrets/tpl/fb2mx_registration.yaml.tpl" - mode = "file" - } template { - source = "secrets/tpl/fb2mx_registration.yaml.tpl" - destination = "secrets/conf/fb2mx_registration.yaml" + data = file("../config/configuration/chat/synapse/log.yaml") + destination = "secrets/conf/log.yaml" } template { - data = "{{ key \"configuration/chat/synapse/log.yaml\" }}" - destination = "secrets/conf/log.yaml" - } - template { - data = "{{ key \"configuration/chat/synapse/conf.d/server_name.yaml\" }}" + data = file("../config/configuration/chat/synapse/conf.d/server_name.yaml") destination = "secrets/conf/server_name.yaml" } + template { - data = "{{ key \"configuration/chat/synapse/conf.d/report_stats.yaml\" }}" + data = file("../config/configuration/chat/synapse/conf.d/report_stats.yaml") destination = "secrets/conf/report_stats.yaml" } + + # --- secrets --- template { data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}" destination = "secrets/conf/homeserver.tls.crt" } + template { data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}" destination = "secrets/conf/homeserver.tls.dh" } + template { data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}" destination = "secrets/conf/homeserver.tls.key" } + template { data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}" destination = "secrets/conf/homeserver.signing.key" @@ -97,8 +91,7 @@ job "im" { service { name = "synapse-client" - port = 8008 - address_mode = "driver" + port = "client_port" tags = [ "matrix", "traefik.enable=true", @@ -109,8 +102,7 @@ job "im" { ] check { type = "tcp" - port = 8008 - address_mode = "driver" + port = "client_port" interval = "60s" timeout = "5s" check_restart { @@ -123,7 +115,7 @@ job "im" { service { name = "synapse-federation" - port = 8448 + port = "federation_port" address_mode = "driver" tags = [ "matrix", @@ -133,55 +125,44 @@ job "im" { "traefik.frontend.priority=100" ] } - } } group "easybridge" { count = 1 + + network { + port "api_port" { + static = 8321 + to = 8321 + } + port "web_port" { to = 8281 } + } + task "easybridge" { driver = "docker" config { image = "lxpz/easybridge_amd64:33" - port_map { - api_port = 8321 - web_port = 8281 - } + ports = [ "api_port", "web_port" ] volumes = [ - "secrets/conf:/data" + "secrets/conf:/data" ] args = [ "./easybridge", "-config", "/data/config.json" ] } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/registration.yaml.tpl?raw" - destination = "secrets/tpl/registration.yaml.tpl" - mode = "file" - } template { - source = "secrets/tpl/registration.yaml.tpl" + data = file("../config/configuration/chat/easybridge/registration.yaml.tpl") destination = "secrets/conf/registration.yaml" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/easybridge/config.json.tpl?raw" - destination = "secrets/tpl/config.json.tpl" - mode = "file" - } template { - source = "secrets/tpl/config.json.tpl" + data = file("../config/configuration/chat/easybridge/config.json.tpl") destination = "secrets/conf/config.json" } resources { memory = 500 cpu = 1000 - network { - port "api_port" { - static = "8321" - } - port "web_port" {} - } } service { @@ -231,28 +212,27 @@ job "im" { group "riotweb" { count = 1 + network { + port "web_port" { to = 8043 } + } + task "server" { driver = "docker" config { image = "particallydone/amd64_riotweb:v18" - port_map { - web_port = 8043 - } + ports = [ "web_port" ] volumes = [ - "secrets/config.json:/srv/http/config.json" + "secrets/config.json:/srv/http/config.json" ] } template { - data = "{{ key \"configuration/chat/riot_web/config.json\" }}" + data = file("../config/configuration/chat/riot_web/config.json") destination = "secrets/config.json" } resources { memory = 21 - network { - port "web_port" {} - } } service { @@ -280,77 +260,5 @@ job "im" { } } } - -/* - group "turn_stun" { - count=1 - task "coturn" { - driver = "docker" - config { - image = "registry.gitlab.com/superboum/ankh-morpork/amd64_coturn:v1" - port_map { - main_port = 3478 - alt_port = 3479 - } - command = "/usr/bin/turnserver" - args = [ - "-X", "82.253.205.190", - "-v", - "-f", - "-a" - ] - volumes = [ - "secrets/turnserver.conf:/etc/turnserver.conf" - ] - } - - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/chat/coturn/turnserver.conf.tpl?raw" - destination = "secrets/turnserver.conf.tpl" - mode = "file" - } - - template { - source = "secrets/turnserver.conf.tpl" - destination = "secrets/turnserver.conf" - } - - resources { - memory = 50 - network { - port "main_port" { - static = "3478" - } - port "alt_port" { - static = "3479" - } - } - } - - service { - tags = [ - "coturn", - "matrix" - ] - port = "main_port" - address_mode = "host" - name = "coturn" - check { - type = "tcp" - port = "main_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - } - } -*/ - }