staging plume: cleanup and update

2023-05-15 13:36:38 +02:00 · 2023-05-15 13:36:38 +02:00 · 2488ad0ac2
commit 2488ad0ac2
parent 5c7a8c72d8
8 changed files with 12 additions and 104 deletions
--- a/cluster/staging/app/plume/build/docker-compose.yml
+++ b/cluster/staging/app/plume/build/docker-compose.yml
@ -4,5 +4,5 @@ services:
    build:
      context: ./plume
      args:
-        VERSION: 24d3b289da085261966fb338113610905dfca8c9
+        VERSION: 61e65a55ad1f5094321c111e395d00dddcb05e96
    image: lxpz/plume_dev:v1
--- a/cluster/staging/app/plume/build/plume/Dockerfile
+++ b/cluster/staging/app/plume/build/plume/Dockerfile
@ -30,6 +30,7 @@ RUN git clone -n https://git.joinplu.me/lx/Plume.git plume

 WORKDIR /opt/plume
 RUN git checkout ${PLUME_VERSION}
+RUN git merge 397e3b4d9720475257817b322c05323d12918216
 RUN rm rust-toolchain

 WORKDIR /opt/plume/script
--- a/cluster/staging/app/plume/config/app.env
+++ b/cluster/staging/app/plume/config/app.env
@ -16,6 +16,8 @@ S3_REGION=garage-staging
 S3_HOSTNAME={{ env "attr.unique.network.ip-address" }}:3990
 S3_PROTOCOL=http
 S3_PATH_STYLE=true
+S3_DIRECT_DOWNLOAD=true
+S3_ALIAS_HOST=plume.web.staging.deuxfleurs.org

 # DATABASE SETUP
 DATABASE_URL=/ephemeral/plume.db
@ -35,4 +37,4 @@ LDAP_USER_MAIL_ATTR=mail
 LDAP_TLS=false

 RUST_BACKTRACE=1
-RUST_LOG=debug
+RUST_LOG=info
--- a/cluster/staging/app/plume/deploy/plume.hcl
+++ b/cluster/staging/app/plume/deploy/plume.hcl
@ -46,21 +46,14 @@ job "plume-blog" {
    }

    task "plume" {
-      constraint {
-        attribute = "${attr.unique.hostname}"
-        operator = "="
-        value = "carcajou"
-      }
-
      driver = "docker"
      config {
-        image = "lxpz/devplume:v3"
+        image = "lxpz/devplume:v5"
        network_mode = "host"
        ports = [ "web_port" ]
        command = "sh"
        args = [ "-c", "plm search init; plm search refill; plume" ]
        volumes = [
-          "/mnt/ssd/plume/search_index:/app/search_index",
 		  "../alloc/data:/ephemeral"
        ]
      }
--- a/cluster/staging/app/plume/integration/bottin.json
+++ b/cluster/staging/app/plume/integration/bottin.json
@ -1,31 +0,0 @@
-{
-  "suffix": "dc=deuxfleurs,dc=fr",
-  "bind": "0.0.0.0:389",
-  "consul_host": "http://consul:8500",
-  "log_level": "debug",
-  "acl": [
-		"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
-		"*::read modify:SELF:*",
-		"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
-		"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
-		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
-		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
-		"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
-		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
-
-		"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
-		"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
-  ]
-}
--- a/cluster/staging/app/plume/integration/docker-compose.yml
+++ b/cluster/staging/app/plume/integration/docker-compose.yml
@ -1,28 +0,0 @@
-version: '3.4'
-services:
-  plume:
-    image: superboum/plume:v1
-    env_file:
-      - plume.env
-    depends_on:
-      - consul
-      - postgres
-    ports:
-      - "7878:7878"
-
-  postgres:
-    image: postgres:9.6.19
-    environment:
-      - POSTGRES_DB=plume
-      - POSTGRES_USER=plume
-      - POSTGRES_PASSWORD=plume
-
-  bottin:
-    image: lxpz/bottin_amd64:14
-    depends_on:
-      - consul
-    volumes:
-      - ./bottin.json:/config.json
-
-  consul:
-    image: consul:1.8.4
--- a/cluster/staging/app/plume/integration/plume.env
+++ b/cluster/staging/app/plume/integration/plume.env
@ -1,31 +0,0 @@
-BASE_URL=integration.env
-# generate one with openssl rand -base64 32
-ROCKET_SECRET_KEY=cXZbKoxWIBo0wdaD8tbA1B3BlH2LBSUmgzdyZZr8QxI=
-
-# Mail settings
-#MAIL_SERVER=smtp.example.org
-#MAIL_USER=example
-#MAIL_PASSWORD=123456
-#MAIL_HELO_NAME=example.org
-
-# DATABASE SETUP
-POSTGRES_PASSWORD=plume
-POSTGRES_USER=plume
-POSTGRES_DB=plume
-DATABASE_URL=postgres://plume:plume@postgres:5432/plume
-MIGRATION_DIRECTORY=migrations/postgres
-
-USE_HTTPS=0
-ROCKET_ADDRESS=0.0.0.0
-ROCKET_PORT=7878
-
-MEDIA_UPLOAD_DIRECTORY=/app/static/media
-SEARCH_INDEX=/app/search_index
-DOMAIN_NAME="integration.env"
-INSTANCE_NAME="Integration Instance"
-
-LDAP_ADDR=ldap://bottin:389
-LDAP_BASE_DN=ou=users,dc=deuxfleurs,dc=fr
-LDAP_USER_NAME_ATTR=cn
-LDAP_USER_MAIL_ATTR=mail
-LDAP_TLS=false
--- a/cluster/staging/app/plume/secrets.toml
+++ b/cluster/staging/app/plume/secrets.toml
@ -1,10 +1,12 @@
-[service_user."plume"]
-password_secret = "plume/pgsql_pw"
-
-
 [secrets."plume/secret_key"]
 type = 'command'
 rotate = true
 command = 'openssl rand -base64 32'

+[secrets."plume/s3_access_key"]
+type = 'user'
+description = 'S3 access key ID for database and media storage'

+[secrets."plume/s3_secret_key"]
+type = 'user'
+description = 'S3 secret key for database and media storage'