forked from Deuxfleurs/nixcfg
first plume on staging with S3 backend
This commit is contained in:
parent
04464f632f
commit
5c7a8c72d8
10 changed files with 360 additions and 0 deletions
8
cluster/staging/app/plume/build/docker-compose.yml
Normal file
8
cluster/staging/app/plume/build/docker-compose.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
version: '3.4'
|
||||
services:
|
||||
plume:
|
||||
build:
|
||||
context: ./plume
|
||||
args:
|
||||
VERSION: 24d3b289da085261966fb338113610905dfca8c9
|
||||
image: lxpz/plume_dev:v1
|
61
cluster/staging/app/plume/build/plume/Dockerfile
Normal file
61
cluster/staging/app/plume/build/plume/Dockerfile
Normal file
|
@ -0,0 +1,61 @@
|
|||
#FROM rust:1.69-bullseye as builder
|
||||
FROM debian:bullseye-slim as builder
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y \
|
||||
pkg-config \
|
||||
git \
|
||||
curl \
|
||||
postgresql \
|
||||
postgresql-contrib \
|
||||
libpq-dev \
|
||||
gettext \
|
||||
git \
|
||||
python \
|
||||
curl \
|
||||
gcc \
|
||||
make \
|
||||
openssl \
|
||||
libssl-dev \
|
||||
libclang-dev \
|
||||
libsqlite3-dev
|
||||
|
||||
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain nightly -y
|
||||
ENV PATH=/root/.cargo/bin:$PATH
|
||||
RUN cargo install wasm-pack
|
||||
|
||||
ARG PLUME_VERSION
|
||||
WORKDIR /opt
|
||||
RUN git clone -n https://git.joinplu.me/lx/Plume.git plume
|
||||
|
||||
WORKDIR /opt/plume
|
||||
RUN git checkout ${PLUME_VERSION}
|
||||
RUN rm rust-toolchain
|
||||
|
||||
WORKDIR /opt/plume/script
|
||||
RUN chmod a+x ./wasm-deps.sh && ./wasm-deps.sh
|
||||
|
||||
WORKDIR /opt/plume
|
||||
RUN chmod a+x ./script/plume-front.sh && ./script/plume-front.sh
|
||||
RUN cargo install --path ./ --force --no-default-features --features sqlite,s3
|
||||
RUN cargo install --path plume-cli --force --no-default-features --features sqlite,s3
|
||||
RUN cargo clean
|
||||
|
||||
#-----------------------------
|
||||
FROM debian:bullseye-slim
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
libpq5 \
|
||||
libssl1.1 \
|
||||
rclone \
|
||||
fuse \
|
||||
sqlite3
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=builder /opt/plume /app
|
||||
COPY --from=builder /root/.cargo/bin/plm /usr/local/bin/
|
||||
COPY --from=builder /root/.cargo/bin/plume /usr/local/bin/
|
||||
|
||||
CMD ["plume"]
|
3
cluster/staging/app/plume/build/plume/README.md
Normal file
3
cluster/staging/app/plume/build/plume/README.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
Try build:
|
||||
|
||||
sudo docker build -t superboum/plume:v1 --build-arg VERSION=003dcf861a9f55720b03d52f2f95f5f59e338809 .
|
38
cluster/staging/app/plume/config/app.env
Normal file
38
cluster/staging/app/plume/config/app.env
Normal file
|
@ -0,0 +1,38 @@
|
|||
BASE_URL=plume.staging.deuxfleurs.org
|
||||
# generate one with openssl rand -base64 32
|
||||
ROCKET_SECRET_KEY={{ key "secrets/plume/secret_key" | trimSpace }}
|
||||
|
||||
# Mail settings
|
||||
#MAIL_SERVER=smtp.example.org
|
||||
#MAIL_USER=example
|
||||
#MAIL_PASSWORD=123456
|
||||
#MAIL_HELO_NAME=example.org
|
||||
|
||||
# S3 settings
|
||||
S3_BUCKET=plume
|
||||
AWS_ACCESS_KEY_ID={{ key "secrets/plume/s3_access_key" | trimSpace }}
|
||||
AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/s3_secret_key" | trimSpace }}
|
||||
S3_REGION=garage-staging
|
||||
S3_HOSTNAME={{ env "attr.unique.network.ip-address" }}:3990
|
||||
S3_PROTOCOL=http
|
||||
S3_PATH_STYLE=true
|
||||
|
||||
# DATABASE SETUP
|
||||
DATABASE_URL=/ephemeral/plume.db
|
||||
MIGRATION_DIRECTORY=migrations/sqlite
|
||||
|
||||
USE_HTTPS=0
|
||||
ROCKET_ADDRESS=::
|
||||
ROCKET_PORT={{ env "NOMAD_PORT_web_port" }}
|
||||
|
||||
MEDIA_UPLOAD_DIRECTORY=/app/static/media
|
||||
SEARCH_INDEX=/app/search_index
|
||||
|
||||
LDAP_ADDR=ldap://bottin.service.staging.consul:389
|
||||
LDAP_BASE_DN=ou=users,dc=staging,dc=deuxfleurs,dc=org
|
||||
LDAP_USER_NAME_ATTR=cn
|
||||
LDAP_USER_MAIL_ATTR=mail
|
||||
LDAP_TLS=false
|
||||
|
||||
RUST_BACKTRACE=1
|
||||
RUST_LOG=debug
|
11
cluster/staging/app/plume/config/litestream.yml
Normal file
11
cluster/staging/app/plume/config/litestream.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
|
||||
dbs:
|
||||
- path: /ephemeral/plume.db
|
||||
replicas:
|
||||
- url: s3://plume/plume.db
|
||||
region: garage-staging
|
||||
endpoint: http://{{ env "attr.unique.network.ip-address" }}:3990
|
||||
access-key-id: {{ key "secrets/plume/s3_access_key" | trimSpace }}
|
||||
secret-access-key: {{ key "secrets/plume/s3_secret_key" | trimSpace }}
|
||||
force-path-style: true
|
||||
sync-interval: 60s
|
139
cluster/staging/app/plume/deploy/plume.hcl
Normal file
139
cluster/staging/app/plume/deploy/plume.hcl
Normal file
|
@ -0,0 +1,139 @@
|
|||
job "plume-blog" {
|
||||
datacenters = ["neptune"]
|
||||
type = "service"
|
||||
|
||||
constraint {
|
||||
attribute = "${attr.cpu.arch}"
|
||||
value = "amd64"
|
||||
}
|
||||
|
||||
group "plume" {
|
||||
count = 1
|
||||
|
||||
network {
|
||||
port "web_port" { }
|
||||
}
|
||||
|
||||
task "restore-db" {
|
||||
lifecycle {
|
||||
hook = "prestart"
|
||||
sidecar = false
|
||||
}
|
||||
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "litestream/litestream:0.3.7"
|
||||
args = [
|
||||
"restore", "-config", "/etc/litestream.yml", "/ephemeral/plume.db"
|
||||
]
|
||||
volumes = [
|
||||
"../alloc/data:/ephemeral",
|
||||
"secrets/litestream.yml:/etc/litestream.yml"
|
||||
]
|
||||
}
|
||||
user = "0"
|
||||
|
||||
template {
|
||||
data = file("../config/litestream.yml")
|
||||
destination = "secrets/litestream.yml"
|
||||
}
|
||||
|
||||
resources {
|
||||
memory = 100
|
||||
memory_max = 1000
|
||||
cpu = 1000
|
||||
}
|
||||
}
|
||||
|
||||
task "plume" {
|
||||
constraint {
|
||||
attribute = "${attr.unique.hostname}"
|
||||
operator = "="
|
||||
value = "carcajou"
|
||||
}
|
||||
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "lxpz/devplume:v3"
|
||||
network_mode = "host"
|
||||
ports = [ "web_port" ]
|
||||
command = "sh"
|
||||
args = [ "-c", "plm search init; plm search refill; plume" ]
|
||||
volumes = [
|
||||
"/mnt/ssd/plume/search_index:/app/search_index",
|
||||
"../alloc/data:/ephemeral"
|
||||
]
|
||||
}
|
||||
user = "0"
|
||||
|
||||
template {
|
||||
data = file("../config/app.env")
|
||||
destination = "secrets/app.env"
|
||||
env = true
|
||||
}
|
||||
|
||||
resources {
|
||||
memory = 200
|
||||
memory_max = 800
|
||||
cpu = 100
|
||||
}
|
||||
|
||||
service {
|
||||
name = "plume"
|
||||
tags = [
|
||||
"plume",
|
||||
"tricot plume.staging.deuxfleurs.org",
|
||||
"d53-cname plume.staging.deuxfleurs.org",
|
||||
]
|
||||
port = "web_port"
|
||||
address_mode = "host"
|
||||
check {
|
||||
type = "http"
|
||||
protocol = "http"
|
||||
port = "web_port"
|
||||
path = "/"
|
||||
interval = "60s"
|
||||
timeout = "5s"
|
||||
check_restart {
|
||||
limit = 3
|
||||
grace = "600s"
|
||||
ignore_warnings = false
|
||||
}
|
||||
}
|
||||
}
|
||||
restart {
|
||||
interval = "30m"
|
||||
attempts = 20
|
||||
delay = "15s"
|
||||
mode = "delay"
|
||||
}
|
||||
}
|
||||
|
||||
task "replicate-db" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "litestream/litestream:0.3.7"
|
||||
args = [
|
||||
"replicate", "-config", "/etc/litestream.yml"
|
||||
]
|
||||
volumes = [
|
||||
"../alloc/data:/ephemeral",
|
||||
"secrets/litestream.yml:/etc/litestream.yml"
|
||||
]
|
||||
}
|
||||
user = "0"
|
||||
|
||||
template {
|
||||
data = file("../config/litestream.yml")
|
||||
destination = "secrets/litestream.yml"
|
||||
}
|
||||
|
||||
resources {
|
||||
memory = 200
|
||||
memory_max = 1000
|
||||
cpu = 100
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
31
cluster/staging/app/plume/integration/bottin.json
Normal file
31
cluster/staging/app/plume/integration/bottin.json
Normal file
|
@ -0,0 +1,31 @@
|
|||
{
|
||||
"suffix": "dc=deuxfleurs,dc=fr",
|
||||
"bind": "0.0.0.0:389",
|
||||
"consul_host": "http://consul:8500",
|
||||
"log_level": "debug",
|
||||
"acl": [
|
||||
"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
|
||||
"*::read modify:SELF:*",
|
||||
"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
|
||||
"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
|
||||
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
|
||||
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
|
||||
"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
|
||||
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
||||
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
|
||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
|
||||
|
||||
"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
|
||||
"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
|
||||
]
|
||||
}
|
28
cluster/staging/app/plume/integration/docker-compose.yml
Normal file
28
cluster/staging/app/plume/integration/docker-compose.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
version: '3.4'
|
||||
services:
|
||||
plume:
|
||||
image: superboum/plume:v1
|
||||
env_file:
|
||||
- plume.env
|
||||
depends_on:
|
||||
- consul
|
||||
- postgres
|
||||
ports:
|
||||
- "7878:7878"
|
||||
|
||||
postgres:
|
||||
image: postgres:9.6.19
|
||||
environment:
|
||||
- POSTGRES_DB=plume
|
||||
- POSTGRES_USER=plume
|
||||
- POSTGRES_PASSWORD=plume
|
||||
|
||||
bottin:
|
||||
image: lxpz/bottin_amd64:14
|
||||
depends_on:
|
||||
- consul
|
||||
volumes:
|
||||
- ./bottin.json:/config.json
|
||||
|
||||
consul:
|
||||
image: consul:1.8.4
|
31
cluster/staging/app/plume/integration/plume.env
Normal file
31
cluster/staging/app/plume/integration/plume.env
Normal file
|
@ -0,0 +1,31 @@
|
|||
BASE_URL=integration.env
|
||||
# generate one with openssl rand -base64 32
|
||||
ROCKET_SECRET_KEY=cXZbKoxWIBo0wdaD8tbA1B3BlH2LBSUmgzdyZZr8QxI=
|
||||
|
||||
# Mail settings
|
||||
#MAIL_SERVER=smtp.example.org
|
||||
#MAIL_USER=example
|
||||
#MAIL_PASSWORD=123456
|
||||
#MAIL_HELO_NAME=example.org
|
||||
|
||||
# DATABASE SETUP
|
||||
POSTGRES_PASSWORD=plume
|
||||
POSTGRES_USER=plume
|
||||
POSTGRES_DB=plume
|
||||
DATABASE_URL=postgres://plume:plume@postgres:5432/plume
|
||||
MIGRATION_DIRECTORY=migrations/postgres
|
||||
|
||||
USE_HTTPS=0
|
||||
ROCKET_ADDRESS=0.0.0.0
|
||||
ROCKET_PORT=7878
|
||||
|
||||
MEDIA_UPLOAD_DIRECTORY=/app/static/media
|
||||
SEARCH_INDEX=/app/search_index
|
||||
DOMAIN_NAME="integration.env"
|
||||
INSTANCE_NAME="Integration Instance"
|
||||
|
||||
LDAP_ADDR=ldap://bottin:389
|
||||
LDAP_BASE_DN=ou=users,dc=deuxfleurs,dc=fr
|
||||
LDAP_USER_NAME_ATTR=cn
|
||||
LDAP_USER_MAIL_ATTR=mail
|
||||
LDAP_TLS=false
|
10
cluster/staging/app/plume/secrets.toml
Normal file
10
cluster/staging/app/plume/secrets.toml
Normal file
|
@ -0,0 +1,10 @@
|
|||
[service_user."plume"]
|
||||
password_secret = "plume/pgsql_pw"
|
||||
|
||||
|
||||
[secrets."plume/secret_key"]
|
||||
type = 'command'
|
||||
rotate = true
|
||||
command = 'openssl rand -base64 32'
|
||||
|
||||
|
Loading…
Reference in a new issue