Merge branch 'master' of git.deuxfleurs.fr:Deuxfleurs/infrastructure

2020-12-10 09:09:34 +01:00 · 2020-12-10 09:09:34 +01:00 · ad064dddbc
parent 2b3df5b6ee 9c947a458f
commit ad064dddbc
7 changed files with 143 additions and 1 deletions
--- a/app/build/alps/Dockerfile
+++ b/app/build/alps/Dockerfile
@ -0,0 +1,21 @@
+FROM golang:1.15.6-buster as builder
+
+ARG VERSION
+
+ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
+WORKDIR /tmp/alps
+
+RUN git init && \
+    git remote add origin https://git.sr.ht/~migadu/alps && \
+    git fetch --depth 1 origin ${VERSION} && \
+    git checkout FETCH_HEAD
+
+COPY skipverify.patch skipverify.patch
+
+RUN git apply skipverify.patch && \
+    go build -a -o /usr/local/bin/alps ./cmd/alps
+
+FROM scratch
+COPY --from=builder /usr/local/bin/alps /alps
+COPY --from=builder /tmp/alps/themes /themes
+ENTRYPOINT ["/alps"]
--- a/app/build/alps/skipverify.patch
+++ b/app/build/alps/skipverify.patch
@ -0,0 +1,55 @@
+From 47765c10f1af2013556f76dc63dfa056167ae5e8 Mon Sep 17 00:00:00 2001
+From: Quentin <quentin@deuxfleurs.fr>
+Date: Fri, 4 Dec 2020 13:19:24 +0100
+Subject: [PATCH] Skip CA verification
+
+---
+ imap.go | 3 ++-
+ smtp.go | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/imap.go b/imap.go
+index 7554331..1a4931d 100644
+--- a/imap.go
+++ b/imap.go
+@@ -3,6 +3,7 @@ package alps
+ import (
+ 	"fmt"
+ 
+	"crypto/tls"
+ 	"github.com/emersion/go-imap"
+ 	imapclient "github.com/emersion/go-imap/client"
+ 	"github.com/emersion/go-message/charset"
+@@ -16,7 +17,7 @@ func (s *Server) dialIMAP() (*imapclient.Client, error) {
+ 	var c *imapclient.Client
+ 	var err error
+ 	if s.imap.tls {
+-		c, err = imapclient.DialTLS(s.imap.host, nil)
+		c, err = imapclient.DialTLS(s.imap.host, &tls.Config{InsecureSkipVerify: true})
+ 		if err != nil {
+ 			return nil, fmt.Errorf("failed to connect to IMAPS server: %v", err)
+ 		}
+diff --git a/smtp.go b/smtp.go
+index 5e178f2..8d22f1d 100644
+--- a/smtp.go
+++ b/smtp.go
+@@ -3,6 +3,7 @@ package alps
+ import (
+ 	"fmt"
+ 
+	"crypto/tls"
+ 	"github.com/emersion/go-smtp"
+ )
+ 
+@@ -14,7 +15,7 @@ func (s *Server) dialSMTP() (*smtp.Client, error) {
+ 	var c *smtp.Client
+ 	var err error
+ 	if s.smtp.tls {
+-		c, err = smtp.DialTLS(s.smtp.host, nil)
+		c, err = smtp.DialTLS(s.smtp.host, &tls.Config{InsecureSkipVerify: true})
+ 		if err != nil {
+ 			return nil, fmt.Errorf("failed to connect to SMTPS server: %v", err)
+ 		}
+-- 
+2.28.0
+
--- a/app/build/docker-compose.yml
+++ b/app/build/docker-compose.yml
@ -34,6 +34,13 @@ services:
        VERSION: 5.0.0
    image: superboum/amd64_sogo:v7

+  alps:
+    build:
+      context: ./alps
+      args:
+        VERSION: 5cef0aaff2b8b6ee3e00b566123517e241d8cfb8
+    image: superboum/amd64_alps:v1
+
  # VoIP
  jitsi-meet:
    build:
--- a/app/deployment/email.hcl
+++ b/app/deployment/email.hcl
@ -407,6 +407,57 @@ job "email" {
    }
  }

+  group "alps" {
+    count = 1
+    task "main" {
+    
+      driver = "docker"
+
+      config {
+        image = "superboum/amd64_alps:v1"
+        readonly_rootfs = true
+        port_map {
+          alps_web_port = 1323
+        }
+        command = "-theme"
+        args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ]
+      }
+      
+      resources {
+        cpu = 50
+        memory = 40
+        network {
+          mbits = 1
+          port "alps_web_port" {}
+        }
+      }
+      
+      service {
+        name = "alps"
+        port = "alps_web_port"
+        address_mode = "host"
+        tags = [
+          "alps",
+          "traefik.enable=true",
+          "traefik.frontend.entryPoints=https,http",
+          "traefik.frontend.rule=Host:alps.deuxfleurs.fr"
+        ]
+        check {
+          type = "tcp"
+          port = "alps_web_port"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "5m"
+            ignore_warnings = false
+          }
+        }
+      }
+    }
+  }
+
+
  group "sogo" {
    count = 1
    task "bundle" {
--- a/app/deployment/jitsi.hcl
+++ b/app/deployment/jitsi.hcl
@ -185,6 +185,7 @@ job "jitsi" {
      env {
        #JITSI_DEBUG = 1
        JITSI_VIDEO_TCP = 8080
+        VIDEOBRIDGE_MAX_MEMORY = "1450m"
      }

      artifact {
--- a/os/config/roles/nomad/tasks/main.yml
+++ b/os/config/roles/nomad/tasks/main.yml
@ -1,6 +1,6 @@
 - name: "Set nomad version"
  set_fact:
-    nomad_version: 0.12.6
+    nomad_version: 0.12.9

 - name: "Download and install Nomad for x86_64"
  unarchive:
--- a/os/config/roles/nomad/templates/nomad.hcl.j2
+++ b/os/config/roles/nomad/templates/nomad.hcl.j2
@ -32,3 +32,10 @@ client {
  } 
 }

+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}