cluster(prod): Add dathomir site and onion node

piranha does not seem to be available from the outside world currently

cluster/prod/app/backup/deploy/backup-daily.hcl

@@ -14,14 +14,14 @@ job "backup_daily" {
     constraint {
       attribute = "${attr.unique.hostname}"
       operator = "="
-      value = "ananas"
+      value = "celeri"
     }
 
     task "main" {
       driver = "docker"
 
       config {
-        image = "restic/restic:0.16.0"
+        image = "restic/restic:0.16.4"
         entrypoint = [ "/bin/sh", "-c" ]
         args = [ "restic backup /mail && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
         volumes = [
@@ -116,7 +116,7 @@ EOH
       driver = "docker"
 
       config {
-        image = "restic/restic:0.16.0"
+        image = "restic/restic:0.16.4"
         entrypoint = [ "/bin/sh", "-c" ]
         args = [ "restic backup $NOMAD_ALLOC_DIR/consul.json && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
       }
@@ -152,14 +152,14 @@ EOH
     constraint {
       attribute = "${attr.unique.hostname}"
       operator = "="
-      value = "concombre"
+      value = "courgette"
     }
 
     task "main" {
       driver = "docker"
 
       config {
-        image = "restic/restic:0.16.0"
+        image = "restic/restic:0.16.4"
         entrypoint = [ "/bin/sh", "-c" ]
         args = [ "restic backup /cryptpad && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
         volumes = [

cluster/prod/app/coturn/deploy/coturn.hcl

@@ -34,15 +34,13 @@ job "coturn" {
         ports = [ "prometheus", "turn_ctrl", "turn_data0", "turn_data1", "turn_data2",
                   "turn_data3", "turn_data4", "turn_data5", "turn_data6", "turn_data7",
                   "turn_data8", "turn_data9" ]
+        entrypoint = ["/local/docker-entrypoint.sh"]
         network_mode = "host"
-        volumes = [
-          "secrets/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh",
-        ]
       }
 
       template {
         data = file("../config/docker-entrypoint.sh")
-        destination = "secrets/docker-entrypoint.sh"
+        destination = "local/docker-entrypoint.sh"
         perms = 555
       }
 

cluster/prod/app/cryptpad/config/config.js

@@ -116,7 +116,10 @@ module.exports = {
       "[adrn@pad.deuxfleurs.fr/PxDpkPwd-jDJWkfWdAzFX7wtnLpnPlBeYZ4MmoEYS6E=]",
       "[lx@pad.deuxfleurs.fr/FwQzcXywx1FIb83z6COB7c3sHnz8rNSDX1xhjPuH3Fg=]",
       "[trinity-1686a@pad.deuxfleurs.fr/Pu6Ef03jEsAGBbZI6IOdKd6+5pORD5N51QIYt4-Ys1c=]",
-      "[Jill@pad.deuxfleurs.fr/tLW7W8EVNB2KYETXEaOYR+HmNiBQtZj7u+SOxS3hGmg=]"
+      "[Jill@pad.deuxfleurs.fr/tLW7W8EVNB2KYETXEaOYR+HmNiBQtZj7u+SOxS3hGmg=]",
+      "[vincent@pad.deuxfleurs.fr/07FQiE8w1iztRWwzbRJzEy3xIqnNR31mUFjLNiGXjwU=]",
+      "[boris@pad.deuxfleurs.fr/kHo5LIhSxDFk39GuhGRp+XKlMjNe+lWfFWM75cINoTQ=]",
+      "[maximilien@pad.deuxfleurs.fr/UoXHLejYRUjvX6t55hAQKpjMdU-3ecg4eDhAeckZmyE=]"
     ],
 
     /* =====================

cluster/prod/app/cryptpad/deploy/cryptpad.hcl

@@ -1,5 +1,5 @@
 job "cryptpad" {
-  datacenters = ["scorpio"]
+  datacenters = ["neptune"]
   type = "service"
 
   group "cryptpad" {
@@ -22,7 +22,7 @@ job "cryptpad" {
       constraint {
         attribute = "${attr.unique.hostname}"
         operator = "="
-        value = "abricot"
+        value = "courgette"
       }
 
       config {

cluster/prod/app/email/deploy/email.hcl

@@ -1,5 +1,5 @@
 job "email" {
-  datacenters = ["scorpio"]
+  datacenters = ["neptune"]
   type = "service"
   priority = 65
 
@@ -31,7 +31,7 @@ job "email" {
       constraint {
         attribute = "${attr.unique.hostname}"
         operator = "="
-        value = "ananas"
+        value = "celeri"
       }
 
       config {

cluster/prod/app/woodpecker-ci/deploy/server.hcl

@@ -23,7 +23,7 @@ job "woodpecker-ci" {
     task "server" {
       driver = "docker"
       config {
-        image = "woodpeckerci/woodpecker-server:v2.3.0"
+        image = "woodpeckerci/woodpecker-server:v2.4.1"
         ports = [ "web_port", "grpc_port" ]
         network_mode = "host"
       }

cluster/prod/app/woodpecker-ci/integration/README.md

@@ -38,8 +38,8 @@ apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke
 ## Install the runner
 
 ```bash
-wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/nix.conf
-wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/docker-compose.yml
+wget https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/raw/branch/main/cluster/prod/app/woodpecker-ci/integration/nix.conf
+wget https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/raw/branch/main/cluster/prod/app/woodpecker-ci/integration/docker-compose.yml
 ```
 
 Create a new Agent for your runner in the Woodpecker admin, and copy the agent secret value.

cluster/prod/app/woodpecker-ci/integration/docker-compose.yml

@@ -10,7 +10,7 @@ services:
       - "./nix.conf:/etc/nix/nix.conf:ro"
 
   woodpecker-runner:
-    image: woodpeckerci/woodpecker-agent:v2.3.0
+    image: woodpeckerci/woodpecker-agent:v2.4.1
     restart: always
     environment:
       # -- change these for each agent

cluster/prod/cluster.nix

@@ -75,6 +75,12 @@
       address = "10.83.4.2";
       endpoint = "82.65.41.110:33742";
     };
+    "onion" = {
+      siteName = "dathomir";
+      publicKey = "gpeqalqAUaYlMuebv3glQeZyE64+OpkyIHFhfStJQA4=";
+      address = "10.83.5.1";
+      endpoint = "82.64.238.84:33740";
+    };
   };
 
   # Pin Nomad version

cluster/prod/known_hosts

@@ -9,3 +9,4 @@ concombre.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkC
 courgette.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
 abricot.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhHUQtc5lukPMFkiWf/sTgaUpwNFXHCJoQKu4ooRFy+
 ananas.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHs0zAyBy70oyV56qaMaMAKR7VjEDnsm5LEyZJbM95BL
+onion.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjBQ67fxwuDDzRPveTko/Sgf0cev3tIvlr3CfAmhF0C

cluster/prod/node/onion.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  deuxfleurs.hostName = "onion";
+  deuxfleurs.staticIPv4.address = "192.168.1.34";
+  deuxfleurs.staticIPv6.address = "2a01:e0a:5e4:1d0:223:24ff:feb0:e866";
+}

cluster/prod/node/onion.site.nix

@@ -0,0 +1 @@
+../site/dathomir.nix

cluster/prod/site/dathomir.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  deuxfleurs.siteName = "dathomir";
+  deuxfleurs.cnameTarget = "dathomir.site.deuxfleurs.fr";
+  deuxfleurs.publicIPv4 = "82.64.238.84";
+  deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1";
+}

cluster/prod/ssh_config

@@ -33,3 +33,5 @@ Host abricot
 Host ananas
 	HostName ananas.machine.deuxfleurs.fr
 
+Host onion
+  HostName onion.machine.deuxfleurs.fr

cluster/staging/app/telemetry/deploy/telemetry-service.hcl

@@ -79,6 +79,12 @@ job "telemetry-service" {
   group "grafana" {
     count = 1
 
+    constraint {
+      attribute = "${attr.unique.hostname}"
+      operator = "!="
+      value = "piranha"
+    }
+
     network {
       port "grafana" {
         static = 3719