forked from Deuxfleurs/infrastructure
Add bagage deployment
This commit is contained in:
parent
09269e8497
commit
d40c41004d
33 changed files with 17 additions and 802 deletions
|
@ -1,45 +1,46 @@
|
|||
job "science" {
|
||||
job "bagage" {
|
||||
datacenters = ["dc1"]
|
||||
type = "service"
|
||||
priority = 10
|
||||
priority = 90
|
||||
|
||||
constraint {
|
||||
attribute = "${attr.cpu.arch}"
|
||||
value = "amd64"
|
||||
}
|
||||
|
||||
group "diagnet" {
|
||||
group "main" {
|
||||
count = 1
|
||||
|
||||
network {
|
||||
port "web_port" { to = 8000 }
|
||||
port "web_port" { to = 8080 }
|
||||
}
|
||||
|
||||
task "main" {
|
||||
task "server" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "lesterpig/diagnet-landmark:latest"
|
||||
args = [
|
||||
"-name", "landmark-deuxfleurs",
|
||||
"-chrome", "-chrome-interval", "60m",
|
||||
"-http", ":8000"
|
||||
]
|
||||
image = "superboum/amd64_bagage:v5"
|
||||
readonly_rootfs = true
|
||||
ports = [ "web_port" ]
|
||||
}
|
||||
|
||||
env {
|
||||
BAGAGE_LDAP_ENDPOINT = "bottin2.service.2.cluster.deuxfleurs.fr:389"
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 100
|
||||
memory = 250
|
||||
memory = 100
|
||||
}
|
||||
|
||||
service {
|
||||
name = "bagage"
|
||||
tags = [
|
||||
"diagnet",
|
||||
"bagage",
|
||||
"traefik.enable=true",
|
||||
"traefik.frontend.entryPoints=https,http",
|
||||
"traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/"
|
||||
"traefik.frontend.rule=Host:bagage.deuxfleurs.fr",
|
||||
]
|
||||
port = "web_port"
|
||||
address_mode = "host"
|
||||
name = "diagnet"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "web_port"
|
|
@ -1,27 +0,0 @@
|
|||
FROM debian:10
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get -qq -y full-upgrade
|
||||
|
||||
RUN apt-get install -y apache2 php php-gd php-mbstring php-pgsql php-curl php-dom php-xml php-zip \
|
||||
php-intl php-ldap php-fileinfo php-exif php-apcu php-redis php-imagick unzip curl wget && \
|
||||
phpenmod gd && \
|
||||
phpenmod curl && \
|
||||
phpenmod mbstring && \
|
||||
phpenmod pgsql && \
|
||||
phpenmod dom && \
|
||||
phpenmod zip && \
|
||||
phpenmod intl && \
|
||||
phpenmod ldap && \
|
||||
phpenmod fileinfo && \
|
||||
phpenmod exif && \
|
||||
phpenmod apcu && \
|
||||
phpenmod redis && \
|
||||
phpenmod imagick && \
|
||||
phpenmod xml
|
||||
|
||||
COPY container-setup.sh /tmp
|
||||
RUN /tmp/container-setup.sh
|
||||
|
||||
COPY entrypoint.sh /
|
||||
CMD /entrypoint.sh
|
|
@ -1,37 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -ex
|
||||
|
||||
curl https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip > /tmp/nextcloud.zip
|
||||
cd /var/www
|
||||
unzip /tmp/nextcloud.zip
|
||||
rm /tmp/nextcloud.zip
|
||||
mv html html.old
|
||||
mv nextcloud html
|
||||
|
||||
cd html
|
||||
mkdir data
|
||||
|
||||
cd apps
|
||||
wget https://github.com/nextcloud/tasks/releases/download/v0.13.1/tasks.tar.gz
|
||||
tar xf tasks.tar.gz
|
||||
wget https://github.com/nextcloud/maps/releases/download/v0.1.6/maps-0.1.6.tar.gz
|
||||
tar xf maps-0.1.6.tar.gz
|
||||
wget https://github.com/nextcloud/calendar/releases/download/v2.0.3/calendar.tar.gz
|
||||
tar xf calendar.tar.gz
|
||||
wget https://github.com/nextcloud/news/releases/download/14.1.11/news.tar.gz
|
||||
tar xf news.tar.gz
|
||||
wget https://github.com/nextcloud/notes/releases/download/v3.6.0/notes.tar.gz
|
||||
tar xf notes.tar.gz
|
||||
wget https://github.com/nextcloud/contacts/releases/download/v3.3.0/contacts.tar.gz
|
||||
tar xf contacts.tar.gz
|
||||
wget https://github.com/nextcloud/mail/releases/download/v1.4.0/mail.tar.gz
|
||||
tar xf mail.tar.gz
|
||||
wget https://github.com/nextcloud/groupfolders/releases/download/v6.0.6/groupfolders.tar.gz
|
||||
tar xf groupfolders.tar.gz
|
||||
rm *.tar.gz
|
||||
|
||||
chown -R www-data:www-data /var/www/html
|
||||
|
||||
cd /var/www/html
|
||||
php occ
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -xe
|
||||
|
||||
chown www-data:www-data /var/www/html/config/config.php
|
||||
touch /var/www/html/data/.ocdata
|
||||
|
||||
exec apachectl -DFOREGROUND
|
|
@ -1,49 +0,0 @@
|
|||
<?php
|
||||
$CONFIG = array (
|
||||
'appstoreenabled' => false,
|
||||
'instanceid' => '{{ key "secrets/nextcloud/instance_id" | trimSpace }}',
|
||||
'passwordsalt' => '{{ key "secrets/nextcloud/password_salt" | trimSpace }}',
|
||||
'secret' => '{{ key "secrets/nextcloud/secret" | trimSpace }}',
|
||||
'trusted_domains' => array (
|
||||
0 => 'nextcloud.deuxfleurs.fr',
|
||||
),
|
||||
'memcache.local' => '\\OC\\Memcache\\APCu',
|
||||
|
||||
'objectstore' => array(
|
||||
'class' => '\\OC\\Files\\ObjectStore\\S3',
|
||||
'arguments' => array(
|
||||
'bucket' => 'nextcloud',
|
||||
'autocreate' => false,
|
||||
'key' => '{{ key "secrets/nextcloud/garage_access_key" | trimSpace }}',
|
||||
'secret' => '{{ key "secrets/nextcloud/garage_secret_key" | trimSpace }}',
|
||||
'hostname' => 'garage.deuxfleurs.fr',
|
||||
'port' => 443,
|
||||
'use_ssl' => true,
|
||||
'region' => 'garage',
|
||||
// required for some non Amazon S3 implementations
|
||||
'use_path_style' => true
|
||||
),
|
||||
),
|
||||
|
||||
'dbtype' => 'pgsql',
|
||||
'dbhost' => 'psql-proxy.service.2.cluster.deuxfleurs.fr',
|
||||
'dbname' => 'nextcloud',
|
||||
'dbtableprefix' => 'nc_',
|
||||
'dbuser' => '{{ key "secrets/nextcloud/db_user" | trimSpace }}',
|
||||
'dbpassword' => '{{ key "secrets/nextcloud/db_pass" | trimSpace }}',
|
||||
|
||||
'default_language' => 'fr',
|
||||
'default_locale' => 'fr_FR',
|
||||
|
||||
'mail_domain' => 'deuxfleurs.fr',
|
||||
'mail_from_address' => 'nextcloud@deuxfleurs.fr',
|
||||
// TODO SMTP CONFIG
|
||||
|
||||
// TODO REDIS CACHE
|
||||
|
||||
'version' => '19.0.0.12',
|
||||
'overwrite.cli.url' => 'https://nextcloud.deuxfleurs.fr',
|
||||
|
||||
'installed' => true,
|
||||
);
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
job "nextcloud" {
|
||||
datacenters = ["dc1", "belair"]
|
||||
type = "service"
|
||||
priority = 40
|
||||
|
||||
constraint {
|
||||
attribute = "${attr.cpu.arch}"
|
||||
value = "amd64"
|
||||
}
|
||||
|
||||
group "nextcloud" {
|
||||
count = 1
|
||||
|
||||
network {
|
||||
port "web_port" {
|
||||
to = 80
|
||||
}
|
||||
}
|
||||
|
||||
task "nextcloud" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "lxpz/deuxfleurs_nextcloud_amd64:8"
|
||||
ports = [ "web_port" ]
|
||||
volumes = [
|
||||
"secrets/config.php:/var/www/html/config/config.php"
|
||||
]
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/config.php.tpl")
|
||||
destination = "secrets/config.php"
|
||||
}
|
||||
|
||||
resources {
|
||||
memory = 1000
|
||||
cpu = 2000
|
||||
}
|
||||
|
||||
service {
|
||||
name = "nextcloud"
|
||||
tags = [
|
||||
"nextcloud",
|
||||
"traefik.enable=true",
|
||||
"traefik.frontend.entryPoints=https,http",
|
||||
"traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr",
|
||||
]
|
||||
port = "web_port"
|
||||
address_mode = "host"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "web_port"
|
||||
interval = "60s"
|
||||
timeout = "5s"
|
||||
check_restart {
|
||||
limit = 3
|
||||
grace = "90s"
|
||||
ignore_warnings = false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
Install Owncloud CLI:
|
||||
|
||||
php ./occ \
|
||||
--no-interaction \
|
||||
--verbose \
|
||||
maintenance:install \
|
||||
--database pgsql \
|
||||
--database-name nextcloud \
|
||||
--database-host postgres \
|
||||
--database-user nextcloud \
|
||||
--database-pass nextcloud \
|
||||
--admin-user nextcloud \
|
||||
--admin-pass nextcloud \
|
||||
--admin-email coucou@deuxfleurs.fr
|
||||
|
||||
Official image entrypoint:
|
||||
|
||||
https://github.com/nextcloud/docker/blob/master/20.0/fpm/entrypoint.sh
|
||||
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
{
|
||||
"suffix": "dc=deuxfleurs,dc=fr",
|
||||
"bind": "0.0.0.0:389",
|
||||
"consul_host": "http://consul:8500",
|
||||
"log_level": "debug",
|
||||
"acl": [
|
||||
"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
|
||||
"*::read modify:SELF:*",
|
||||
"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
|
||||
"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
|
||||
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
|
||||
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
|
||||
"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
|
||||
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
||||
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
|
||||
|
||||
"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
|
||||
"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
|
||||
]
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
version: '3.4'
|
||||
services:
|
||||
php:
|
||||
image: lxpz/deuxfleurs_nextcloud_amd64:8
|
||||
depends_on:
|
||||
- bottin
|
||||
- postgres
|
||||
ports:
|
||||
- "80:80"
|
||||
|
||||
postgres:
|
||||
image: postgres:9.6.19
|
||||
environment:
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
- POSTGRES_PASSWORD=nextcloud
|
||||
|
||||
bottin:
|
||||
image: lxpz/bottin_amd64:14
|
||||
depends_on:
|
||||
- consul
|
||||
volumes:
|
||||
- ./bottin.json:/config.json
|
||||
|
||||
consul:
|
||||
image: consul:1.8.4
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[mariadb]
|
||||
pam_use_cleartext_plugin
|
||||
bind-address = 0.0.0.0
|
|
@ -1,3 +0,0 @@
|
|||
[mariadb]
|
||||
plugin-load=auth_pam.so
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
[mysqld]
|
||||
bind-address = *
|
|
@ -1,14 +0,0 @@
|
|||
FROM debian:stretch
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get dist-upgrade -y && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server mariadb-client libnss-ldapd
|
||||
|
||||
COPY 60-ldap.cnf /etc/mysql/mariadb.conf.d/60-ldap.cnf
|
||||
COPY 60-remote.cnf /etc/mysql/mariadb.conf.d/60-remote.cnf
|
||||
COPY 60-disable-dialog.cnf /etc/mysql/mariadb.conf.d/60-disable-dialog.cnf
|
||||
COPY pam-mariadb /etc/pam.d/mariadb
|
||||
COPY nsswitch.conf /etc/nsswitch.conf
|
||||
COPY entrypoint.sh /usr/local/bin/entrypoint
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
|
@ -1,19 +0,0 @@
|
|||
```
|
||||
sudo docker build -t superboum/amd64_mariadb:v3 .
|
||||
|
||||
sudo docker run \
|
||||
-t -i \
|
||||
-p 3306:3306 \
|
||||
-v /tmp/mysql:/var/lib/mysql \
|
||||
-e LDAP_URI='ldap://bottin.service.2.cluster.deuxfleurs.fr' \
|
||||
-e LDAP_BASE='ou=users,dc=deuxfleurs,dc=fr' \
|
||||
-e LDAP_VERSION=3 \
|
||||
-e LDAP_BIND_DN='cn=admin,dc=deuxfleurs,dc=fr' \
|
||||
-e LDAP_BIND_PW='xxxx' \
|
||||
-e MYSQL_PASSWORD='xxxx' \
|
||||
superboum/amd64_mariadb:v1 \
|
||||
tail -f /var/log/mysql/error.log
|
||||
|
||||
CREATE USER quentin@localhost IDENTIFIED VIA pam USING 'mariadb';
|
||||
|
||||
```
|
|
@ -1,50 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
cat > /etc/nslcd.conf <<EOF
|
||||
# /etc/nslcd.conf
|
||||
# nslcd configuration file. See nslcd.conf(5)
|
||||
# for details.
|
||||
|
||||
# The user and group nslcd should run as.
|
||||
uid nslcd
|
||||
gid nslcd
|
||||
|
||||
# The location at which the LDAP server(s) should be reachable.
|
||||
uri ${LDAP_URI}
|
||||
|
||||
# The search base that will be used for all queries.
|
||||
base ${LDAP_BASE}
|
||||
|
||||
# The LDAP protocol version to use.
|
||||
ldap_version ${LDAP_VERSION}
|
||||
|
||||
# The DN to bind with for normal lookups.
|
||||
binddn ${LDAP_BIND_DN}
|
||||
bindpw ${LDAP_BIND_PW}
|
||||
|
||||
# The DN used for password modifications by root.
|
||||
#rootpwmoddn cn=admin,dc=example,dc=com
|
||||
|
||||
# SSL options
|
||||
#ssl off
|
||||
#tls_reqcert never
|
||||
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
# The search scope.
|
||||
#scope sub
|
||||
EOF
|
||||
|
||||
/usr/sbin/nslcd
|
||||
|
||||
chown mysql:mysql /var/lib/mysql
|
||||
[ -z "$(ls -A /var/lib/mysql)" ] && mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
|
||||
|
||||
/usr/bin/mysqld_safe --skip-syslog &
|
||||
|
||||
until ls /var/run/mysqld/mysqld.sock; do sleep 1; done
|
||||
/usr/bin/mysqladmin -u root password ${MYSQL_PASSWORD} || true
|
||||
|
||||
exec "$@"
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
# /etc/nsswitch.conf
|
||||
#
|
||||
# Example configuration of GNU Name Service Switch functionality.
|
||||
# If you have the `glibc-doc-reference' and `info' packages installed, try:
|
||||
# `info libc "Name Service Switch"' for information about this file.
|
||||
|
||||
passwd: files ldap
|
||||
group: files ldap
|
||||
shadow: files ldap
|
||||
gshadow: files
|
||||
|
||||
hosts: files dns
|
||||
networks: files
|
||||
|
||||
protocols: db files
|
||||
services: db files
|
||||
ethers: db files
|
||||
rpc: db files
|
||||
|
||||
netgroup: nis
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
auth required pam_ldap.so
|
||||
account required pam_ldap.so
|
|
@ -1,46 +0,0 @@
|
|||
FROM amd64/debian:buster as builder
|
||||
|
||||
ENV VERSION 7.0.5
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get dist-upgrade -y && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y wget tar && \
|
||||
wget https://download.seadrive.org/seafile-server_${VERSION}_x86-64.tar.gz -O ./seafile.tar.gz && \
|
||||
tar xf ./seafile.tar.gz && \
|
||||
mv seafile-server-${VERSION} seafile-server
|
||||
|
||||
FROM amd64/debian:buster
|
||||
|
||||
COPY --from=builder ./seafile-server /srv/webstore/seafile-server
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get dist-upgrade -y && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
||||
python \
|
||||
mariadb-client \
|
||||
python2.7 \
|
||||
libpython2.7 \
|
||||
python-setuptools \
|
||||
python-ldap \
|
||||
python-urllib3 \
|
||||
ffmpeg \
|
||||
python-pip \
|
||||
python-mysqldb \
|
||||
python-memcache \
|
||||
procps \
|
||||
python-requests && \
|
||||
pip install Pillow==4.3.0 && \
|
||||
pip install moviepy && \
|
||||
useradd -u 1000 -d /srv/webstore seauser && \
|
||||
chown -R seauser:1000 /srv/webstore/
|
||||
|
||||
RUN mkdir -p /usr/local/lib/mariadb/plugin/ && \
|
||||
ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/mysql_clear_password.so /usr/local/lib/mariadb/plugin/ && \
|
||||
ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/dialog.so /usr/local/lib/mariadb/plugin/
|
||||
|
||||
WORKDIR /srv/webstore/seafile-server
|
||||
COPY seadocker /usr/local/bin/seadocker
|
||||
COPY seaenv /usr/local/bin/seaenv
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/seaenv"]
|
||||
CMD ["/usr/local/bin/seadocker"]
|
|
@ -1,27 +0,0 @@
|
|||
|
||||
```bash
|
||||
sudo docker build -t superboum/amd64_seafile:v5 .
|
||||
```
|
||||
|
||||
When upgrading, connect on a production server and run:
|
||||
|
||||
```bash
|
||||
nomad stop seafile
|
||||
sudo docker build -t superboum/amd64_seafile:v6 .
|
||||
|
||||
sudo docker run -t -i \
|
||||
-v /mnt/glusterfs/seafile:/mnt/seafile-data \
|
||||
-v /mnt/glusterfs/seaconf/conf:/srv/webstore/conf \
|
||||
-v /mnt/glusterfs/seaconf/ccnet:/srv/webstore/ccnet \
|
||||
superboum/amd64_seafile:v5
|
||||
|
||||
# See:
|
||||
# * https://download.seafile.com/published/seafile-manual/deploy/upgrade.md
|
||||
# * https://download.seafile.com/published/seafile-manual/changelog/server-changelog.md
|
||||
|
||||
|
||||
|
||||
nomad start seafile.hcl
|
||||
```
|
||||
|
||||
when upgrading, change the command on start
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
/srv/webstore/seafile-server/seafile.sh start
|
||||
/srv/webstore/seafile-server/seahub.sh start
|
||||
tail -f /srv/webstore/logs/*
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
chown seauser /srv/webstore
|
||||
chown seauser -R /srv/webstore/ccnet
|
||||
chown seauser -R /srv/webstore/conf
|
||||
|
||||
runuser -u seauser -- "$@"
|
|
@ -1 +0,0 @@
|
|||
/mnt/seafile-data/
|
|
@ -1,29 +0,0 @@
|
|||
[General]
|
||||
USER_NAME = deuxfleurs
|
||||
ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }}
|
||||
NAME = deuxfleurs
|
||||
SERVICE_URL = https://cloud.deuxfleurs.fr
|
||||
|
||||
[Network]
|
||||
PORT = 10001
|
||||
|
||||
[Client]
|
||||
PORT = 13418
|
||||
|
||||
[LDAP]
|
||||
HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/
|
||||
BASE = ou=users,dc=deuxfleurs,dc=fr
|
||||
USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }}
|
||||
FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr
|
||||
PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }}
|
||||
LOGIN_ATTR = mail
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = mariadb.service.2.cluster.deuxfleurs.fr
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
import os
|
||||
|
||||
daemon = True
|
||||
workers = 5
|
||||
|
||||
# default localhost:8000
|
||||
bind = "[::]:8000"
|
||||
|
||||
# Pid
|
||||
pids_dir = '/srv/webstore/pids'
|
||||
pidfile = os.path.join(pids_dir, 'seahub.pid')
|
||||
|
||||
# for file upload, we need a longer timeout value (default is only 30s, too short)
|
||||
timeout = 1200
|
||||
|
||||
limit_request_line = 8190
|
|
@ -1,6 +0,0 @@
|
|||
[WEBDAV]
|
||||
host = ::
|
||||
enabled = true
|
||||
port = 8084
|
||||
fastcgi = false
|
||||
share_name = /seafdav
|
|
@ -1,19 +0,0 @@
|
|||
[network]
|
||||
port = 12001
|
||||
|
||||
[fileserver]
|
||||
port = 8083
|
||||
max_upload_size=8192
|
||||
max_download_dir_size=8192
|
||||
|
||||
[database]
|
||||
type = mysql
|
||||
host = mariadb.service.2.cluster.deuxfleurs.fr
|
||||
port = 3306
|
||||
user = seafile
|
||||
password = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}
|
||||
db_name = seafile-db
|
||||
connection_charset = utf8
|
||||
|
||||
[quota]
|
||||
default = 50
|
|
@ -1,21 +0,0 @@
|
|||
SECRET_KEY = "8ep+sgi&s1-f2cq2178!ekk!0h0nw2y4z1-olbaopxmodsd8vk"
|
||||
FILE_SERVER_ROOT = 'https://cloud.deuxfleurs.fr/seafhttp'
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '{{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}',
|
||||
'HOST': 'mariadb.service.2.cluster.deuxfleurs.fr',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
FILE_PREVIEW_MAX_SIZE = 100 * 1024 * 1024
|
||||
ENABLE_THUMBNAIL = True
|
||||
THUMBNAIL_ROOT = '/mnt/seafile-data/thumbnail/thumb/'
|
||||
THUMBNAIL_EXTENSION = 'png'
|
||||
THUMBNAIL_DEFAULT_SIZE = '24'
|
||||
PREVIEW_DEFAULT_SIZE = '300'
|
|
@ -1,6 +0,0 @@
|
|||
LDAP_URI = "ldap://bottin2.service.2.cluster.deuxfleurs.fr"
|
||||
LDAP_BASE = "ou=users,dc=deuxfleurs,dc=fr"
|
||||
LDAP_VERSION = 3
|
||||
LDAP_BIND_DN = "{{ key "secrets/mariadb/main/ldap_binddn" | trimSpace }}"
|
||||
LDAP_BIND_PW = "{{ key "secrets/mariadb/main/ldap_bindpwd" | trimSpace }}"
|
||||
MYSQL_PASSWORD = "{{ key "secrets/mariadb/main/mysql_pwd" | trimSpace }}"
|
|
@ -1,222 +0,0 @@
|
|||
job "seafile" {
|
||||
datacenters = ["dc1"]
|
||||
type = "service"
|
||||
priority = 10
|
||||
|
||||
constraint {
|
||||
attribute = "${attr.cpu.arch}"
|
||||
value = "amd64"
|
||||
}
|
||||
|
||||
group "main" {
|
||||
count = 1
|
||||
|
||||
network {
|
||||
port "seafile-frontend_port" { static = 8000 }
|
||||
port "seafile-seafhttp_port" { static = 8083 }
|
||||
port "seafile-dav_port" { static = 8084 }
|
||||
port "seafile-hack_port" { static = 8085 }
|
||||
port "mariadb_port" { static = 3306 }
|
||||
}
|
||||
|
||||
task "mariadb" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_mariadb:v4"
|
||||
network_mode = "host"
|
||||
command = "tail"
|
||||
ports = [ "mariadb_port" ]
|
||||
args = [
|
||||
"-f", "/var/log/mysql/error.log",
|
||||
]
|
||||
volumes = [
|
||||
"/mnt/glusterfs/mariadb/main/server:/var/lib/mysql",
|
||||
]
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/mariadb/main/env.tpl")
|
||||
destination = "secrets/env"
|
||||
env = true
|
||||
}
|
||||
|
||||
resources {
|
||||
memory = 800
|
||||
}
|
||||
|
||||
service {
|
||||
tags = ["mariadb"]
|
||||
port = "mariadb_port"
|
||||
address_mode = "host"
|
||||
name = "mariadb"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "mariadb_port"
|
||||
interval = "60s"
|
||||
timeout = "5s"
|
||||
check_restart {
|
||||
limit = 3
|
||||
grace = "90s"
|
||||
ignore_warnings = false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
task "hack" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "alpine/socat:1.0.5"
|
||||
network_mode = "host"
|
||||
ports = [ "seafile-hack_port" ]
|
||||
command = "tcp6-listen:8085,fork,reuseaddr"
|
||||
args = [ "tcp-connect:127.0.0.1:8083" ]
|
||||
}
|
||||
resources {
|
||||
memory = 10
|
||||
}
|
||||
service {
|
||||
tags = [
|
||||
"seafile",
|
||||
"traefik.enable=true",
|
||||
"traefik.frontend.entryPoints=https,http",
|
||||
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp"
|
||||
|
||||
]
|
||||
port = "seafile-hack_port"
|
||||
address_mode = "host"
|
||||
name = "seafhttp"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "seafile-hack_port"
|
||||
interval = "60s"
|
||||
timeout = "5s"
|
||||
check_restart {
|
||||
limit = 3
|
||||
grace = "90s"
|
||||
ignore_warnings = false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
task "server" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_seafile:v6"
|
||||
network_mode = "host"
|
||||
ports = [ "seafile-frontend_port", "seafile-dav_port", "seafile-seafhttp_port" ]
|
||||
|
||||
## cmd + args are used for running an instance attachable for update
|
||||
# command = "/bin/sleep"
|
||||
# args = ["999999"]
|
||||
|
||||
mounts = [
|
||||
{
|
||||
type = "bind"
|
||||
source = "/mnt/glusterfs/seafile"
|
||||
target = "/mnt/seafile-data"
|
||||
}
|
||||
]
|
||||
|
||||
volumes = [
|
||||
"secrets/conf:/srv/webstore/conf",
|
||||
"secrets/ccnet:/srv/webstore/ccnet"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
memory = 600
|
||||
}
|
||||
|
||||
service {
|
||||
tags = [
|
||||
"seafile",
|
||||
"traefik.enable=true",
|
||||
"traefik.frontend.entryPoints=https,http",
|
||||
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/"
|
||||
]
|
||||
port = "seafile-frontend_port"
|
||||
address_mode = "host"
|
||||
name = "seahub"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "seafile-frontend_port"
|
||||
interval = "60s"
|
||||
timeout = "5s"
|
||||
check_restart {
|
||||
limit = 3
|
||||
grace = "90s"
|
||||
ignore_warnings = false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
service {
|
||||
tags = [
|
||||
"seafile",
|
||||
"traefik.enable=true",
|
||||
"traefik.frontend.entryPoints=https,http",
|
||||
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav"
|
||||
|
||||
]
|
||||
port = "seafile-dav_port"
|
||||
address_mode = "host"
|
||||
name = "seafdav"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "seafile-dav_port"
|
||||
interval = "60s"
|
||||
timeout = "5s"
|
||||
check_restart {
|
||||
limit = 3
|
||||
grace = "90s"
|
||||
ignore_warnings = false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/conf/ccnet.conf.tpl")
|
||||
destination = "secrets/conf/ccnet.conf"
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/conf/seafile.conf.tpl")
|
||||
destination = "secrets/conf/seafile.conf"
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/conf/seahub_settings.py.tpl")
|
||||
destination = "secrets/conf/seahub_settings.py"
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/ccnet/seafile.ini")
|
||||
destination = "secrets/ccnet/seafile.ini"
|
||||
}
|
||||
template {
|
||||
data = file("../config/conf/seafdav.conf")
|
||||
destination = "secrets/conf/seafdav.conf"
|
||||
}
|
||||
template {
|
||||
data = file("../config/conf/gunicorn.conf")
|
||||
destination = "secrets/conf/gunicorn.conf"
|
||||
}
|
||||
|
||||
# ---- secrets ----
|
||||
template {
|
||||
data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}"
|
||||
destination = "secrets/ccnet/mykey.peer"
|
||||
}
|
||||
|
||||
template {
|
||||
data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}"
|
||||
destination = "secrets/conf/mykey.peer"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
SERVICE_DN mysql MySQL/MariaDB database
|
|
@ -1 +0,0 @@
|
|||
SERVICE_PASSWORD mysql
|
|
@ -1 +0,0 @@
|
|||
USER mysql_pwd (what is this?)
|
|
@ -1 +0,0 @@
|
|||
USER Seafile peer key
|
Loading…
Reference in a new issue