adrien/infrastructure
1
0
Fork 0
forked from Deuxfleurs/infrastructure
Code Issues Pull requests Releases Wiki Activity

Add bagage deployment

Browse source
This commit is contained in:
Quentin 2021-08-20 17:39:07 +02:00
parent 09269e8497
commit d40c41004d
33 changed files with 17 additions and 802 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
app/science/deploy/science.hcl → app/bagage/deploy/bagage.hcl
View file

@ -1,45 +1,46 @@
job "science" {
job "bagage" {
datacenters = ["dc1"]
type = "service"
priority = 10
priority = 90
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "diagnet" {
group "main" {
count = 1
network {
port "web_port" { to = 8000 }
port "web_port" { to = 8080 }
}
task "main" {
task "server" {
driver = "docker"
config {
image = "lesterpig/diagnet-landmark:latest"
args = [
"-name", "landmark-deuxfleurs",
"-chrome", "-chrome-interval", "60m",
"-http", ":8000"
]
image = "superboum/amd64_bagage:v5"
readonly_rootfs = true
ports = [ "web_port" ]
}
env {
BAGAGE_LDAP_ENDPOINT = "bottin2.service.2.cluster.deuxfleurs.fr:389"
}
resources {
cpu = 100
memory = 250
memory = 100
}
service {
name = "bagage"
tags = [
"diagnet",
"bagage",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
"traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/"
"traefik.frontend.rule=Host:bagage.deuxfleurs.fr",
]
port = "web_port"
address_mode = "host"
name = "diagnet"
check {
type = "tcp"
port = "web_port"

27
app/nextcloud/build/nextcloud/Dockerfile
View file

@ -1,27 +0,0 @@
FROM debian:10
RUN apt-get update && \
apt-get -qq -y full-upgrade
RUN apt-get install -y apache2 php php-gd php-mbstring php-pgsql php-curl php-dom php-xml php-zip \
php-intl php-ldap php-fileinfo php-exif php-apcu php-redis php-imagick unzip curl wget && \
phpenmod gd && \
phpenmod curl && \
phpenmod mbstring && \
phpenmod pgsql && \
phpenmod dom && \
phpenmod zip && \
phpenmod intl && \
phpenmod ldap && \
phpenmod fileinfo && \
phpenmod exif && \
phpenmod apcu && \
phpenmod redis && \
phpenmod imagick && \
phpenmod xml
COPY container-setup.sh /tmp
RUN /tmp/container-setup.sh
COPY entrypoint.sh /
CMD /entrypoint.sh

37
app/nextcloud/build/nextcloud/container-setup.sh
View file

@ -1,37 +0,0 @@
#!/bin/sh
set -ex
curl https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip > /tmp/nextcloud.zip
cd /var/www
unzip /tmp/nextcloud.zip
rm /tmp/nextcloud.zip
mv html html.old
mv nextcloud html
cd html
mkdir data
cd apps
wget https://github.com/nextcloud/tasks/releases/download/v0.13.1/tasks.tar.gz
tar xf tasks.tar.gz
wget https://github.com/nextcloud/maps/releases/download/v0.1.6/maps-0.1.6.tar.gz
tar xf maps-0.1.6.tar.gz
wget https://github.com/nextcloud/calendar/releases/download/v2.0.3/calendar.tar.gz
tar xf calendar.tar.gz
wget https://github.com/nextcloud/news/releases/download/14.1.11/news.tar.gz
tar xf news.tar.gz
wget https://github.com/nextcloud/notes/releases/download/v3.6.0/notes.tar.gz
tar xf notes.tar.gz
wget https://github.com/nextcloud/contacts/releases/download/v3.3.0/contacts.tar.gz
tar xf contacts.tar.gz
wget https://github.com/nextcloud/mail/releases/download/v1.4.0/mail.tar.gz
tar xf mail.tar.gz
wget https://github.com/nextcloud/groupfolders/releases/download/v6.0.6/groupfolders.tar.gz
tar xf groupfolders.tar.gz
rm *.tar.gz
chown -R www-data:www-data /var/www/html
cd /var/www/html
php occ

8
app/nextcloud/build/nextcloud/entrypoint.sh
View file

@ -1,8 +0,0 @@
#!/bin/sh
set -xe
chown www-data:www-data /var/www/html/config/config.php
touch /var/www/html/data/.ocdata
exec apachectl -DFOREGROUND

49
app/nextcloud/config/config.php.tpl
View file

@ -1,49 +0,0 @@
<?php
$CONFIG = array (
'appstoreenabled' => false,
'instanceid' => '{{ key "secrets/nextcloud/instance_id" | trimSpace }}',
'passwordsalt' => '{{ key "secrets/nextcloud/password_salt" | trimSpace }}',
'secret' => '{{ key "secrets/nextcloud/secret" | trimSpace }}',
'trusted_domains' => array (
0 => 'nextcloud.deuxfleurs.fr',
),
'memcache.local' => '\\OC\\Memcache\\APCu',
'objectstore' => array(
'class' => '\\OC\\Files\\ObjectStore\\S3',
'arguments' => array(
'bucket' => 'nextcloud',
'autocreate' => false,
'key' => '{{ key "secrets/nextcloud/garage_access_key" | trimSpace }}',
'secret' => '{{ key "secrets/nextcloud/garage_secret_key" | trimSpace }}',
'hostname' => 'garage.deuxfleurs.fr',
'port' => 443,
'use_ssl' => true,
'region' => 'garage',
// required for some non Amazon S3 implementations
'use_path_style' => true
),
),
'dbtype' => 'pgsql',
'dbhost' => 'psql-proxy.service.2.cluster.deuxfleurs.fr',
'dbname' => 'nextcloud',
'dbtableprefix' => 'nc_',
'dbuser' => '{{ key "secrets/nextcloud/db_user" | trimSpace }}',
'dbpassword' => '{{ key "secrets/nextcloud/db_pass" | trimSpace }}',
'default_language' => 'fr',
'default_locale' => 'fr_FR',
'mail_domain' => 'deuxfleurs.fr',
'mail_from_address' => 'nextcloud@deuxfleurs.fr',
// TODO SMTP CONFIG
// TODO REDIS CACHE
'version' => '19.0.0.12',
'overwrite.cli.url' => 'https://nextcloud.deuxfleurs.fr',
'installed' => true,
);

65
app/nextcloud/deploy/nextcloud.hcl
View file

@ -1,65 +0,0 @@
job "nextcloud" {
datacenters = ["dc1", "belair"]
type = "service"
priority = 40
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "nextcloud" {
count = 1
network {
port "web_port" {
to = 80
}
}
task "nextcloud" {
driver = "docker"
config {
image = "lxpz/deuxfleurs_nextcloud_amd64:8"
ports = [ "web_port" ]
volumes = [
"secrets/config.php:/var/www/html/config/config.php"
]
}
template {
data = file("../config/config.php.tpl")
destination = "secrets/config.php"
}
resources {
memory = 1000
cpu = 2000
}
service {
name = "nextcloud"
tags = [
"nextcloud",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
"traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr",
]
port = "web_port"
address_mode = "host"
check {
type = "tcp"
port = "web_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
}
}

20
app/nextcloud/integration/README.md
View file

@ -1,20 +0,0 @@
Install Owncloud CLI:
php ./occ \
--no-interaction \
--verbose \
maintenance:install \
--database pgsql \
--database-name nextcloud \
--database-host postgres \
--database-user nextcloud \
--database-pass nextcloud \
--admin-user nextcloud \
--admin-pass nextcloud \
--admin-email coucou@deuxfleurs.fr
Official image entrypoint:
https://github.com/nextcloud/docker/blob/master/20.0/fpm/entrypoint.sh

31
app/nextcloud/integration/bottin.json
View file

@ -1,31 +0,0 @@
{
"suffix": "dc=deuxfleurs,dc=fr",
"bind": "0.0.0.0:389",
"consul_host": "http://consul:8500",
"log_level": "debug",
"acl": [
"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
"*::read modify:SELF:*",
"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
]
}

27
app/nextcloud/integration/docker-compose.yml
View file

@ -1,27 +0,0 @@
version: '3.4'
services:
php:
image: lxpz/deuxfleurs_nextcloud_amd64:8
depends_on:
- bottin
- postgres
ports:
- "80:80"
postgres:
image: postgres:9.6.19
environment:
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=nextcloud
bottin:
image: lxpz/bottin_amd64:14
depends_on:
- consul
volumes:
- ./bottin.json:/config.json
consul:
image: consul:1.8.4

3
app/seafile/build/mariadb/60-disable-dialog.cnf
View file

@ -1,3 +0,0 @@
[mariadb]
pam_use_cleartext_plugin
bind-address = 0.0.0.0

3
app/seafile/build/mariadb/60-ldap.cnf
View file

@ -1,3 +0,0 @@
[mariadb]
plugin-load=auth_pam.so

2
app/seafile/build/mariadb/60-remote.cnf
View file

@ -1,2 +0,0 @@
[mysqld]
bind-address = *

14
app/seafile/build/mariadb/Dockerfile
View file

@ -1,14 +0,0 @@
FROM debian:stretch
RUN apt-get update && \
apt-get dist-upgrade -y && \
DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server mariadb-client libnss-ldapd
COPY 60-ldap.cnf /etc/mysql/mariadb.conf.d/60-ldap.cnf
COPY 60-remote.cnf /etc/mysql/mariadb.conf.d/60-remote.cnf
COPY 60-disable-dialog.cnf /etc/mysql/mariadb.conf.d/60-disable-dialog.cnf
COPY pam-mariadb /etc/pam.d/mariadb
COPY nsswitch.conf /etc/nsswitch.conf
COPY entrypoint.sh /usr/local/bin/entrypoint
ENTRYPOINT ["/usr/local/bin/entrypoint"]

19
app/seafile/build/mariadb/README.md
View file

@ -1,19 +0,0 @@
```
sudo docker build -t superboum/amd64_mariadb:v3 .
sudo docker run \
-t -i \
-p 3306:3306 \
-v /tmp/mysql:/var/lib/mysql \
-e LDAP_URI='ldap://bottin.service.2.cluster.deuxfleurs.fr' \
-e LDAP_BASE='ou=users,dc=deuxfleurs,dc=fr' \
-e LDAP_VERSION=3 \
-e LDAP_BIND_DN='cn=admin,dc=deuxfleurs,dc=fr' \
-e LDAP_BIND_PW='xxxx' \
-e MYSQL_PASSWORD='xxxx' \
superboum/amd64_mariadb:v1 \
tail -f /var/log/mysql/error.log
CREATE USER quentin@localhost IDENTIFIED VIA pam USING 'mariadb';
```

50
app/seafile/build/mariadb/entrypoint.sh
View file

@ -1,50 +0,0 @@
#!/bin/bash
set -e
cat > /etc/nslcd.conf <<EOF
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ${LDAP_URI}
# The search base that will be used for all queries.
base ${LDAP_BASE}
# The LDAP protocol version to use.
ldap_version ${LDAP_VERSION}
# The DN to bind with for normal lookups.
binddn ${LDAP_BIND_DN}
bindpw ${LDAP_BIND_PW}
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope.
#scope sub
EOF
/usr/sbin/nslcd
chown mysql:mysql /var/lib/mysql
[ -z "$(ls -A /var/lib/mysql)" ] && mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
/usr/bin/mysqld_safe --skip-syslog &
until ls /var/run/mysqld/mysqld.sock; do sleep 1; done
/usr/bin/mysqladmin -u root password ${MYSQL_PASSWORD} || true
exec "$@"

21
app/seafile/build/mariadb/nsswitch.conf
View file

@ -1,21 +0,0 @@
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files ldap
group: files ldap
shadow: files ldap
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

2
app/seafile/build/mariadb/pam-mariadb
View file

@ -1,2 +0,0 @@
auth required pam_ldap.so
account required pam_ldap.so

46
app/seafile/build/seafile/Dockerfile
View file

@ -1,46 +0,0 @@
FROM amd64/debian:buster as builder
ENV VERSION 7.0.5
RUN apt-get update && \
apt-get dist-upgrade -y && \
DEBIAN_FRONTEND=noninteractive apt-get install -y wget tar && \
wget https://download.seadrive.org/seafile-server_${VERSION}_x86-64.tar.gz -O ./seafile.tar.gz && \
tar xf ./seafile.tar.gz && \
mv seafile-server-${VERSION} seafile-server
FROM amd64/debian:buster
COPY --from=builder ./seafile-server /srv/webstore/seafile-server
RUN apt-get update && \
apt-get dist-upgrade -y && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
python \
mariadb-client \
python2.7 \
libpython2.7 \
python-setuptools \
python-ldap \
python-urllib3 \
ffmpeg \
python-pip \
python-mysqldb \
python-memcache \
procps \
python-requests && \
pip install Pillow==4.3.0 && \
pip install moviepy && \
useradd -u 1000 -d /srv/webstore seauser && \
chown -R seauser:1000 /srv/webstore/
RUN mkdir -p /usr/local/lib/mariadb/plugin/ && \
ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/mysql_clear_password.so /usr/local/lib/mariadb/plugin/ && \
ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/dialog.so /usr/local/lib/mariadb/plugin/
WORKDIR /srv/webstore/seafile-server
COPY seadocker /usr/local/bin/seadocker
COPY seaenv /usr/local/bin/seaenv
ENTRYPOINT ["/usr/local/bin/seaenv"]
CMD ["/usr/local/bin/seadocker"]

27
app/seafile/build/seafile/README.md
View file

@ -1,27 +0,0 @@
```bash
sudo docker build -t superboum/amd64_seafile:v5 .
```
When upgrading, connect on a production server and run:
```bash
nomad stop seafile
sudo docker build -t superboum/amd64_seafile:v6 .
sudo docker run -t -i \
-v /mnt/glusterfs/seafile:/mnt/seafile-data \
-v /mnt/glusterfs/seaconf/conf:/srv/webstore/conf \
-v /mnt/glusterfs/seaconf/ccnet:/srv/webstore/ccnet \
superboum/amd64_seafile:v5
# See:
# * https://download.seafile.com/published/seafile-manual/deploy/upgrade.md
# * https://download.seafile.com/published/seafile-manual/changelog/server-changelog.md
nomad start seafile.hcl
```
when upgrading, change the command on start

4
app/seafile/build/seafile/seadocker
View file

@ -1,4 +0,0 @@
#!/bin/bash
/srv/webstore/seafile-server/seafile.sh start
/srv/webstore/seafile-server/seahub.sh start
tail -f /srv/webstore/logs/*

7
app/seafile/build/seafile/seaenv
View file

@ -1,7 +0,0 @@
#!/bin/bash
chown seauser /srv/webstore
chown seauser -R /srv/webstore/ccnet
chown seauser -R /srv/webstore/conf
runuser -u seauser -- "$@"

1
app/seafile/config/ccnet/seafile.ini
View file

@ -1 +0,0 @@
/mnt/seafile-data/

29
app/seafile/config/conf/ccnet.conf.tpl
View file

@ -1,29 +0,0 @@
[General]
USER_NAME = deuxfleurs
ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }}
NAME = deuxfleurs
SERVICE_URL = https://cloud.deuxfleurs.fr
[Network]
PORT = 10001
[Client]
PORT = 13418
[LDAP]
HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/
BASE = ou=users,dc=deuxfleurs,dc=fr
USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }}
FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr
PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }}
LOGIN_ATTR = mail
[Database]
ENGINE = mysql
HOST = mariadb.service.2.cluster.deuxfleurs.fr
PORT = 3306
USER = seafile
PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}
DB = ccnet-db
CONNECTION_CHARSET = utf8

16
app/seafile/config/conf/gunicorn.conf
View file

@ -1,16 +0,0 @@
import os
daemon = True
workers = 5
# default localhost:8000
bind = "[::]:8000"
# Pid
pids_dir = '/srv/webstore/pids'
pidfile = os.path.join(pids_dir, 'seahub.pid')
# for file upload, we need a longer timeout value (default is only 30s, too short)
timeout = 1200
limit_request_line = 8190

6
app/seafile/config/conf/seafdav.conf
View file

@ -1,6 +0,0 @@
[WEBDAV]
host = ::
enabled = true
port = 8084
fastcgi = false
share_name = /seafdav

19
app/seafile/config/conf/seafile.conf.tpl
View file

@ -1,19 +0,0 @@
[network]
port = 12001
[fileserver]
port = 8083
max_upload_size=8192
max_download_dir_size=8192
[database]
type = mysql
host = mariadb.service.2.cluster.deuxfleurs.fr
port = 3306
user = seafile
password = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}
db_name = seafile-db
connection_charset = utf8
[quota]
default = 50

21
app/seafile/config/conf/seahub_settings.py.tpl
View file

@ -1,21 +0,0 @@
SECRET_KEY = "8ep+sgi&s1-f2cq2178!ekk!0h0nw2y4z1-olbaopxmodsd8vk"
FILE_SERVER_ROOT = 'https://cloud.deuxfleurs.fr/seafhttp'
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '{{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}',
'HOST': 'mariadb.service.2.cluster.deuxfleurs.fr',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
FILE_PREVIEW_MAX_SIZE = 100 * 1024 * 1024
ENABLE_THUMBNAIL = True
THUMBNAIL_ROOT = '/mnt/seafile-data/thumbnail/thumb/'
THUMBNAIL_EXTENSION = 'png'
THUMBNAIL_DEFAULT_SIZE = '24'
PREVIEW_DEFAULT_SIZE = '300'

6
app/seafile/config/mariadb/main/env.tpl
View file

@ -1,6 +0,0 @@
LDAP_URI = "ldap://bottin2.service.2.cluster.deuxfleurs.fr"
LDAP_BASE = "ou=users,dc=deuxfleurs,dc=fr"
LDAP_VERSION = 3
LDAP_BIND_DN = "{{ key "secrets/mariadb/main/ldap_binddn" | trimSpace }}"
LDAP_BIND_PW = "{{ key "secrets/mariadb/main/ldap_bindpwd" | trimSpace }}"
MYSQL_PASSWORD = "{{ key "secrets/mariadb/main/mysql_pwd" | trimSpace }}"

222
app/seafile/deploy/seafile.hcl
View file

@ -1,222 +0,0 @@
job "seafile" {
datacenters = ["dc1"]
type = "service"
priority = 10
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "main" {
count = 1
network {
port "seafile-frontend_port" { static = 8000 }
port "seafile-seafhttp_port" { static = 8083 }
port "seafile-dav_port" { static = 8084 }
port "seafile-hack_port" { static = 8085 }
port "mariadb_port" { static = 3306 }
}
task "mariadb" {
driver = "docker"
config {
image = "superboum/amd64_mariadb:v4"
network_mode = "host"
command = "tail"
ports = [ "mariadb_port" ]
args = [
"-f", "/var/log/mysql/error.log",
]
volumes = [
"/mnt/glusterfs/mariadb/main/server:/var/lib/mysql",
]
}
template {
data = file("../config/mariadb/main/env.tpl")
destination = "secrets/env"
env = true
}
resources {
memory = 800
}
service {
tags = ["mariadb"]
port = "mariadb_port"
address_mode = "host"
name = "mariadb"
check {
type = "tcp"
port = "mariadb_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
task "hack" {
driver = "docker"
config {
image = "alpine/socat:1.0.5"
network_mode = "host"
ports = [ "seafile-hack_port" ]
command = "tcp6-listen:8085,fork,reuseaddr"
args = [ "tcp-connect:127.0.0.1:8083" ]
}
resources {
memory = 10
}
service {
tags = [
"seafile",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp"
]
port = "seafile-hack_port"
address_mode = "host"
name = "seafhttp"
check {
type = "tcp"
port = "seafile-hack_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
task "server" {
driver = "docker"
config {
image = "superboum/amd64_seafile:v6"
network_mode = "host"
ports = [ "seafile-frontend_port", "seafile-dav_port", "seafile-seafhttp_port" ]
## cmd + args are used for running an instance attachable for update
# command = "/bin/sleep"
# args = ["999999"]
mounts = [
{
type = "bind"
source = "/mnt/glusterfs/seafile"
target = "/mnt/seafile-data"
}
]
volumes = [
"secrets/conf:/srv/webstore/conf",
"secrets/ccnet:/srv/webstore/ccnet"
]
}
resources {
memory = 600
}
service {
tags = [
"seafile",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/"
]
port = "seafile-frontend_port"
address_mode = "host"
name = "seahub"
check {
type = "tcp"
port = "seafile-frontend_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
tags = [
"seafile",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav"
]
port = "seafile-dav_port"
address_mode = "host"
name = "seafdav"
check {
type = "tcp"
port = "seafile-dav_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
template {
data = file("../config/conf/ccnet.conf.tpl")
destination = "secrets/conf/ccnet.conf"
}
template {
data = file("../config/conf/seafile.conf.tpl")
destination = "secrets/conf/seafile.conf"
}
template {
data = file("../config/conf/seahub_settings.py.tpl")
destination = "secrets/conf/seahub_settings.py"
}
template {
data = file("../config/ccnet/seafile.ini")
destination = "secrets/ccnet/seafile.ini"
}
template {
data = file("../config/conf/seafdav.conf")
destination = "secrets/conf/seafdav.conf"
}
template {
data = file("../config/conf/gunicorn.conf")
destination = "secrets/conf/gunicorn.conf"
}
# ---- secrets ----
template {
data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}"
destination = "secrets/ccnet/mykey.peer"
}
template {
data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}"
destination = "secrets/conf/mykey.peer"
}
}
}
}

1
app/seafile/secrets/mariadb/main/ldap_binddn
View file

@ -1 +0,0 @@
SERVICE_DN mysql MySQL/MariaDB database

1
app/seafile/secrets/mariadb/main/ldap_bindpwd
View file

@ -1 +0,0 @@
SERVICE_PASSWORD mysql

1
app/seafile/secrets/mariadb/main/mysql_pwd
View file

@ -1 +0,0 @@
USER mysql_pwd (what is this?)

1
app/seafile/secrets/seafile/conf/mykey.peer
View file

@ -1 +0,0 @@
USER Seafile peer key