forked from Deuxfleurs/nixcfg
Compare commits
177 commits
wgautomesh
...
main
Author | SHA1 | Date | |
---|---|---|---|
ff7462b2c7 | |||
972fc4ea7c | |||
444306aa54 | |||
c6a1bb341f | |||
eddc95c5df | |||
fb871fd350 | |||
27df86a7e5 | |||
d817ad7b15 | |||
1871f7bbff | |||
18e73b18f3 | |||
a817d764d3 | |||
9111997f84 | |||
d41e10bd25 | |||
718a23b74b | |||
96ead9a597 | |||
6152dc18d6 | |||
1a1ad0a8ad | |||
5b89004c0f | |||
e4708a325d | |||
05dcd1c6a6 | |||
8fdffdf12f | |||
d55c9610a9 | |||
18af714330 | |||
f228592473 | |||
263dad0243 | |||
aaf95aa110 | |||
6544cd3e14 | |||
691299b5ed | |||
54f7cb670d | |||
3ca0203753 | |||
dde6ece4db | |||
3d75b5a0bd | |||
eb40718bee | |||
62bd80a346 | |||
71e959ee79 | |||
ae632bfecf | |||
5f0cec7d3e | |||
74668a31b2 | |||
f724e81239 | |||
82500758f6 | |||
c2e0e12dc8 | |||
52cfe54129 | |||
47d33c1773 | |||
9d77b5863a | |||
4cddb15fa4 | |||
1bf356e49d | |||
e98ec690b9 | |||
e89d1c82bb | |||
27242fbf70 | |||
6db49e0059 | |||
3ff35c5527 | |||
572822093c | |||
ab481c5e70 | |||
88f8f9fd1e | |||
be0cbea19b | |||
afb28a690b | |||
a21493745d | |||
56e4dd954f | |||
102152a14e | |||
3b34e3c2f5 | |||
ac42e95f1a | |||
2472a6b61a | |||
|
55c9b89cb2 | ||
|
e5f3b6ef0a | ||
516ab9ad91 | |||
16168b916e | |||
47e982b29d | |||
d694ddbe2c | |||
0c3db22de6 | |||
af242486a3 | |||
23690238c9 | |||
7da4510ee8 | |||
52044402ac | |||
d14fc2516c | |||
c1d307d7a9 | |||
9c6f98f4b8 | |||
a315d5d1af | |||
a2654529c7 | |||
b1e0397265 | |||
a46aa03fe2 | |||
a6b84527b0 | |||
3c22659d90 | |||
79f380c72d | |||
b0fecddaec | |||
|
a214496d8c | ||
|
b1630cfa8e | ||
|
d396f35235 | ||
78ed3864d7 | |||
ea8b2e8c82 | |||
fbffe1f0dc | |||
c790f6f3e1 | |||
e94cb54661 | |||
525f04515e | |||
2e3725e8a2 | |||
56e19ff2e5 | |||
9e113416ac | |||
7c7adc76b4 | |||
c4f3dece14 | |||
4e20eb43b3 | |||
f139238c17 | |||
ba3e24c41e | |||
9b8882c250 | |||
a490f082bc | |||
e42ed08788 | |||
1340fb6962 | |||
3d925a4505 | |||
b688a1bbb9 | |||
7dd8153653 | |||
ecb4cabcf0 | |||
8e304e8f5f | |||
be8484b494 | |||
ca3283d6a7 | |||
0c9ea6bc56 | |||
e7a3582c4e | |||
aaa80ae678 | |||
233556e9ef | |||
132ad670a1 | |||
1048456fbf | |||
919004ae79 | |||
03658e8f7b | |||
8ebd35730c | |||
effe155248 | |||
6c12a71ecb | |||
1d19bae7a1 | |||
3fcda94aa0 | |||
3e40bfcca9 | |||
e06d6b14a3 | |||
e71ca8fe11 | |||
1a11ff4202 | |||
14b59ba4b0 | |||
c31de0e94f | |||
|
7022b768e4 | ||
ff13616887 | |||
efd5ec3323 | |||
8a75be4d43 | |||
4ca45cf1d4 | |||
aee3a09471 | |||
76b7f86d22 | |||
560486bc50 | |||
2488ad0ac2 | |||
9cef48a6c2 | |||
5c7a8c72d8 | |||
258d27c566 | |||
04464f632f | |||
24cf7ddd91 | |||
24192cc61a | |||
b73c39c7c1 | |||
e375304c38 | |||
f3cd2e98b4 | |||
6c07a42978 | |||
|
e23b523467 | ||
3befdea206 | |||
607add3161 | |||
c4598bd84f | |||
0b3332fd32 | |||
a9e9149739 | |||
529480b133 | |||
b4e82e37e4 | |||
af82308e84 | |||
e5f9f3c849 | |||
0372df95b5 | |||
9737c661a4 | |||
57aa2ce1d2 | |||
a614f495ad | |||
07f50f297a | |||
0e4c641db7 | |||
c08bc17cc0 | |||
16422d2809 | |||
bb25797d2f | |||
dec4ea479d | |||
cb8d7e92d2 | |||
c9f122bcd3 | |||
d83d230aee | |||
3a883b51df | |||
3ce25b880a | |||
4c903a2447 | |||
2de291e9b7 |
137 changed files with 33801 additions and 9710 deletions
21
README.md
21
README.md
|
@ -1,6 +1,6 @@
|
||||||
# Deuxfleurs on NixOS!
|
# Deuxfleurs on NixOS!
|
||||||
|
|
||||||
This repository contains code to run Deuxfleur's infrastructure on NixOS.
|
This repository contains code to run Deuxfleurs' infrastructure on NixOS.
|
||||||
|
|
||||||
## Our abstraction stack
|
## Our abstraction stack
|
||||||
|
|
||||||
|
@ -15,11 +15,18 @@ Our first abstraction level is the NixOS level, which installs a bunch of standa
|
||||||
|
|
||||||
Then, inside our Nomad+Consul orchestrator, we deploy a number of base services:
|
Then, inside our Nomad+Consul orchestrator, we deploy a number of base services:
|
||||||
|
|
||||||
* **[Garage](https://git.deuxfleurs.fr/Deuxfleurs/garage/):** S3-compatible lightweight object store for self-hosted geo-distributed deployments (we also have a legacy glusterfs cluster)
|
* Data management
|
||||||
* **[DiploNAT](https://git.deuxfleurs.fr/Deuxfleurs/diplonat):** network automation (firewalling, upnp igd)
|
* **[Garage](https://git.deuxfleurs.fr/Deuxfleurs/garage/):** S3-compatible lightweight object store for self-hosted geo-distributed deployments
|
||||||
* **[Bottin](https://git.deuxfleurs.fr/Deuxfleurs/bottin):** authentication and authorization (LDAP protocol, consul backend)
|
|
||||||
* **[Guichet](https://git.deuxfleurs.fr/Deuxfleurs/guichet):** a dashboard for our users and administrators
|
|
||||||
* **Stolon + PostgreSQL:** distributed relational database
|
* **Stolon + PostgreSQL:** distributed relational database
|
||||||
|
* Network Control Plane
|
||||||
|
* **[DiploNAT](https://git.deuxfleurs.fr/Deuxfleurs/diplonat):** - network automation (firewalling, upnp igd)
|
||||||
|
* **[D53](https://git.deuxfleurs.fr/lx/d53)** - update DNS entries (A and AAAA) dynamically based on Nomad service scheduling and local node info
|
||||||
|
* **[Tricot](https://git.deuxfleurs.fr/Deuxfleurs/tricot)** - a dynamic reverse proxy for nomad+consul inspired by traefik
|
||||||
|
* **[wgautomesh](https://git.deuxfleurs.fr/Deuxfleurs/wgautomesh)** - a dynamic wireguard mesh configurator
|
||||||
|
* User Management
|
||||||
|
* **[Bottin](https://git.deuxfleurs.fr/Deuxfleurs/bottin):** authentication and authorization (LDAP protocol, consul backend)
|
||||||
|
* **[Guichet](https://git.deuxfleurs.fr/Deuxfleurs/guichet):** a dashboard for our users and administrators7
|
||||||
|
* Observability
|
||||||
* **Prometheus + Grafana:** monitoring
|
* **Prometheus + Grafana:** monitoring
|
||||||
|
|
||||||
Some services we provide based on this abstraction:
|
Some services we provide based on this abstraction:
|
||||||
|
@ -27,6 +34,7 @@ Some services we provide based on this abstraction:
|
||||||
* **Websites:** Garage (static) + fediverse blog (Plume)
|
* **Websites:** Garage (static) + fediverse blog (Plume)
|
||||||
* **Chat:** Synapse + Element Web (Matrix protocol)
|
* **Chat:** Synapse + Element Web (Matrix protocol)
|
||||||
* **Email:** Postfix SMTP + Dovecot IMAP + opendkim DKIM + Sogo webmail | Alps webmail (experimental)
|
* **Email:** Postfix SMTP + Dovecot IMAP + opendkim DKIM + Sogo webmail | Alps webmail (experimental)
|
||||||
|
- **[Aerogramme](https://git.deuxfleurs.fr/Deuxfleurs/aerogramme/):** an encrypted IMAP server
|
||||||
* **Visioconference:** Jitsi
|
* **Visioconference:** Jitsi
|
||||||
* **Collaboration:** CryptPad
|
* **Collaboration:** CryptPad
|
||||||
|
|
||||||
|
@ -42,5 +50,6 @@ See the following documentation topics:
|
||||||
- [List of TCP and UDP ports used by services](doc/ports)
|
- [List of TCP and UDP ports used by services](doc/ports)
|
||||||
- [Why not Ansible?](doc/why-not-ansible.md)
|
- [Why not Ansible?](doc/why-not-ansible.md)
|
||||||
|
|
||||||
|
## Got personal services in addition to Deuxfleurs at home?
|
||||||
|
|
||||||
|
Go check [`cluster/prod/register_external_services.sh`](./cluster/prod/register_external_services.sh). In bash, we register a redirect from Tricot to your own services or your personal reverse proxy.
|
|
@ -1,6 +1,6 @@
|
||||||
FROM alpine:3.17
|
FROM alpine:3.17
|
||||||
|
|
||||||
RUN apk add rclone btrfs-progs curl bash jq
|
RUN apk add rclone curl bash jq
|
||||||
|
|
||||||
COPY do-backup.sh /do-backup.sh
|
COPY do-backup.sh /do-backup.sh
|
||||||
|
|
||||||
|
|
|
@ -1,34 +1,53 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
# DEPENDENCIES: btrfs-progs curl rclone jq
|
# DESCRIPTION:
|
||||||
|
# Script to backup all buckets on a Garage cluster using rclone.
|
||||||
|
#
|
||||||
|
# REQUIREMENTS:
|
||||||
|
# An access key for the backup script must be created in Garage beforehand.
|
||||||
|
# This script will use the Garage administration API to grant read access
|
||||||
|
# to this key on all buckets.
|
||||||
|
#
|
||||||
|
# A rclone configuration file is expected to be located at `/etc/secrets/rclone.conf`,
|
||||||
|
# which contains credentials to the following two remotes:
|
||||||
|
# garage: the Garage server, for read access (using the backup access key)
|
||||||
|
# backup: the backup location
|
||||||
|
#
|
||||||
|
# DEPENDENCIES: (see Dockerfile)
|
||||||
|
# curl
|
||||||
|
# jq
|
||||||
|
# rclone
|
||||||
|
#
|
||||||
# PARAMETERS (environmenet variables)
|
# PARAMETERS (environmenet variables)
|
||||||
# $BACKUP_BASEDIR => where to store backups and btrfs snapshots
|
# $GARAGE_ADMIN_API_URL => Garage administration API URL (e.g. http://localhost:3903)
|
||||||
# $GARAGE_ADMIN_TOKEN => Garage administration access token
|
# $GARAGE_ADMIN_TOKEN => Garage administration access token
|
||||||
# $GARAGE_ACCESS_KEY => Garage access key
|
# $GARAGE_ACCESS_KEY => Garage access key ID
|
||||||
# $GARAGE_SECRET_KEY => Garage secret key
|
# $TARGET_BACKUP_DIR => Folder on the backup remote where to store buckets
|
||||||
|
|
||||||
if [ -z "$BACKUP_BASEDIR" -o -z "$GARAGE_ACCESS_KEY" -o -z "$GARAGE_ADMIN_TOKEN" ]; then
|
if [ -z "$GARAGE_ACCESS_KEY" -o -z "$GARAGE_ADMIN_TOKEN" -o -z "$GARAGE_ADMIN_API_URL" ]; then
|
||||||
echo "Missing parameters"
|
echo "Missing parameters"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -d "$BACKUP_BASEDIR/buckets" ]; then
|
# copy potentially immutable file to a mutable location,
|
||||||
btrfs subvolume create "$BACKUP_BASEDIR/buckets"
|
# otherwise rclone complains
|
||||||
fi
|
mkdir -p /root/.config/rclone
|
||||||
|
cp /etc/secrets/rclone.conf /root/.config/rclone/rclone.conf
|
||||||
|
|
||||||
function gcurl {
|
function gcurl {
|
||||||
curl -s -H "Authorization: Bearer $GARAGE_ADMIN_TOKEN" $@
|
curl -s -H "Authorization: Bearer $GARAGE_ADMIN_TOKEN" $@
|
||||||
}
|
}
|
||||||
|
|
||||||
BUCKETS=$(gcurl "http://localhost:3903/v0/bucket" | jq -r '.[].id')
|
BUCKETS=$(gcurl "$GARAGE_ADMIN_API_URL/v0/bucket" | jq -r '.[].id')
|
||||||
|
|
||||||
|
mkdir -p /tmp/buckets-info
|
||||||
|
|
||||||
for BUCKET in $BUCKETS; do
|
for BUCKET in $BUCKETS; do
|
||||||
echo "==== BUCKET $BUCKET ===="
|
echo "==== BUCKET $BUCKET ===="
|
||||||
|
|
||||||
gcurl "http://localhost:3903/v0/bucket?id=$BUCKET" > "$BACKUP_BASEDIR/buckets/$BUCKET.json"
|
gcurl "http://localhost:3903/v0/bucket?id=$BUCKET" > "/tmp/buckets-info/$BUCKET.json"
|
||||||
|
rclone copy "/tmp/buckets-info/$BUCKET.json" "backup:$TARGET_BACKUP_DIR/" 2>&1
|
||||||
|
|
||||||
ALIASES=$(jq -r '.globalAliases[]' < "$BACKUP_BASEDIR/buckets/$BUCKET.json")
|
ALIASES=$(jq -r '.globalAliases[]' < "/tmp/buckets-info/$BUCKET.json")
|
||||||
echo "(aka. $ALIASES)"
|
echo "(aka. $ALIASES)"
|
||||||
|
|
||||||
case $ALIASES in
|
case $ALIASES in
|
||||||
|
@ -41,10 +60,6 @@ for BUCKET in $BUCKETS; do
|
||||||
*)
|
*)
|
||||||
echo "Backing up $BUCKET"
|
echo "Backing up $BUCKET"
|
||||||
|
|
||||||
if [ ! -d "$BACKUP_BASEDIR/buckets/$BUCKET" ]; then
|
|
||||||
mkdir "$BACKUP_BASEDIR/buckets/$BUCKET"
|
|
||||||
fi
|
|
||||||
|
|
||||||
gcurl -X POST -H "Content-Type: application/json" --data @- "http://localhost:3903/v0/bucket/allow" >/dev/null <<EOF
|
gcurl -X POST -H "Content-Type: application/json" --data @- "http://localhost:3903/v0/bucket/allow" >/dev/null <<EOF
|
||||||
{
|
{
|
||||||
"bucketId": "$BUCKET",
|
"bucketId": "$BUCKET",
|
||||||
|
@ -53,32 +68,16 @@ for BUCKET in $BUCKETS; do
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
rclone sync --s3-endpoint http://localhost:3900 \
|
rclone sync \
|
||||||
--s3-access-key-id $GARAGE_ACCESS_KEY \
|
|
||||||
--s3-secret-access-key $GARAGE_SECRET_KEY \
|
|
||||||
--s3-region garage \
|
|
||||||
--s3-force-path-style \
|
|
||||||
--transfers 32 \
|
--transfers 32 \
|
||||||
--fast-list \
|
--fast-list \
|
||||||
--stats-one-line \
|
--stats-one-line \
|
||||||
--stats 10s \
|
--stats 10s \
|
||||||
--stats-log-level NOTICE \
|
--stats-log-level NOTICE \
|
||||||
":s3:$BUCKET" "$BACKUP_BASEDIR/buckets/$BUCKET" 2>&1
|
"garage:$BUCKET" "backup:$TARGET_BACKUP_DIR/$BUCKET" 2>&1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "========= DONE SYNCHRONIZING =========="
|
echo "========= DONE SYNCHRONIZING =========="
|
||||||
|
|
||||||
if [ ! -d "$BACKUP_BASEDIR/snapshots" ]; then
|
|
||||||
mkdir "$BACKUP_BASEDIR/snapshots"
|
|
||||||
fi
|
|
||||||
|
|
||||||
SNAPSHOT="$BACKUP_BASEDIR/snapshots/buckets-$(date +%F)"
|
|
||||||
if [ ! -e "$SNAPSHOT" ]; then
|
|
||||||
echo "Making snapshot: $SNAPSHOT"
|
|
||||||
btrfs subvolume snapshot "$BACKUP_BASEDIR/buckets" "$SNAPSHOT"
|
|
||||||
btrfs prop set "$SNAPSHOT" ro true
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "backup_daily" {
|
job "backup_daily" {
|
||||||
datacenters = ["orion", "neptune", "scorpio"]
|
datacenters = ["neptune", "scorpio", "bespin"]
|
||||||
type = "batch"
|
type = "batch"
|
||||||
|
|
||||||
priority = "60"
|
priority = "60"
|
||||||
|
@ -14,14 +14,14 @@ job "backup_daily" {
|
||||||
constraint {
|
constraint {
|
||||||
attribute = "${attr.unique.hostname}"
|
attribute = "${attr.unique.hostname}"
|
||||||
operator = "="
|
operator = "="
|
||||||
value = "doradille"
|
value = "ananas"
|
||||||
}
|
}
|
||||||
|
|
||||||
task "main" {
|
task "main" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "restic/restic:0.14.0"
|
image = "restic/restic:0.16.0"
|
||||||
entrypoint = [ "/bin/sh", "-c" ]
|
entrypoint = [ "/bin/sh", "-c" ]
|
||||||
args = [ "restic backup /mail && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
|
args = [ "restic backup /mail && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
|
@ -56,52 +56,6 @@ EOH
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
group "backup-plume" {
|
|
||||||
constraint {
|
|
||||||
attribute = "${attr.unique.hostname}"
|
|
||||||
operator = "="
|
|
||||||
value = "dahlia"
|
|
||||||
}
|
|
||||||
|
|
||||||
task "main" {
|
|
||||||
driver = "docker"
|
|
||||||
|
|
||||||
config {
|
|
||||||
image = "restic/restic:0.14.0"
|
|
||||||
entrypoint = [ "/bin/sh", "-c" ]
|
|
||||||
args = [ "restic backup /plume && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
|
|
||||||
volumes = [
|
|
||||||
"/mnt/ssd/plume/media:/plume"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = <<EOH
|
|
||||||
AWS_ACCESS_KEY_ID={{ key "secrets/plume/backup_aws_access_key_id" }}
|
|
||||||
AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/backup_aws_secret_access_key" }}
|
|
||||||
RESTIC_REPOSITORY={{ key "secrets/plume/backup_restic_repository" }}
|
|
||||||
RESTIC_PASSWORD={{ key "secrets/plume/backup_restic_password" }}
|
|
||||||
EOH
|
|
||||||
|
|
||||||
destination = "secrets/env_vars"
|
|
||||||
env = true
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
cpu = 500
|
|
||||||
memory = 100
|
|
||||||
memory_max = 1000
|
|
||||||
}
|
|
||||||
|
|
||||||
restart {
|
|
||||||
attempts = 2
|
|
||||||
interval = "30m"
|
|
||||||
delay = "15s"
|
|
||||||
mode = "fail"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
group "backup-consul" {
|
group "backup-consul" {
|
||||||
task "consul-kv-export" {
|
task "consul-kv-export" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
@ -162,7 +116,7 @@ EOH
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "restic/restic:0.12.1"
|
image = "restic/restic:0.16.0"
|
||||||
entrypoint = [ "/bin/sh", "-c" ]
|
entrypoint = [ "/bin/sh", "-c" ]
|
||||||
args = [ "restic backup $NOMAD_ALLOC_DIR/consul.json && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
|
args = [ "restic backup $NOMAD_ALLOC_DIR/consul.json && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
|
||||||
}
|
}
|
||||||
|
@ -198,18 +152,18 @@ EOH
|
||||||
constraint {
|
constraint {
|
||||||
attribute = "${attr.unique.hostname}"
|
attribute = "${attr.unique.hostname}"
|
||||||
operator = "="
|
operator = "="
|
||||||
value = "courgette"
|
value = "concombre"
|
||||||
}
|
}
|
||||||
|
|
||||||
task "main" {
|
task "main" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "restic/restic:0.12.1"
|
image = "restic/restic:0.16.0"
|
||||||
entrypoint = [ "/bin/sh", "-c" ]
|
entrypoint = [ "/bin/sh", "-c" ]
|
||||||
args = [ "restic backup /cryptpad && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
|
args = [ "restic backup /cryptpad && restic forget --group-by paths --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
"/mnt/storage/cryptpad:/cryptpad"
|
"/mnt/ssd/cryptpad:/cryptpad"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -239,48 +193,4 @@ EOH
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
group "backup-garage" {
|
|
||||||
constraint {
|
|
||||||
attribute = "${attr.unique.hostname}"
|
|
||||||
operator = "="
|
|
||||||
value = "abricot"
|
|
||||||
}
|
|
||||||
|
|
||||||
task "main" {
|
|
||||||
driver = "docker"
|
|
||||||
|
|
||||||
config {
|
|
||||||
image = "lxpz/backup_garage:4"
|
|
||||||
network_mode = "host"
|
|
||||||
volumes = [
|
|
||||||
"/mnt/storage/backup/garage.deuxfleurs.fr:/backup"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = <<EOH
|
|
||||||
BACKUP_BASEDIR=/backup
|
|
||||||
GARAGE_ADMIN_TOKEN={{ key "secrets/garage/admin_token" }}
|
|
||||||
GARAGE_ACCESS_KEY={{ key "secrets/backup/garage/s3_access_key_id" }}
|
|
||||||
GARAGE_SECRET_KEY={{ key "secrets/backup/garage/s3_secret_access_key" }}
|
|
||||||
EOH
|
|
||||||
destination = "secrets/env_vars"
|
|
||||||
env = true
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
cpu = 500
|
|
||||||
memory = 200
|
|
||||||
memory_max = 4000
|
|
||||||
}
|
|
||||||
|
|
||||||
restart {
|
|
||||||
attempts = 2
|
|
||||||
interval = "30m"
|
|
||||||
delay = "15s"
|
|
||||||
mode = "fail"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
72
cluster/prod/app/backup/deploy/backup-garage.hcl
Normal file
72
cluster/prod/app/backup/deploy/backup-garage.hcl
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
job "backup-garage" {
|
||||||
|
datacenters = ["neptune", "bespin", "scorpio"]
|
||||||
|
type = "batch"
|
||||||
|
|
||||||
|
priority = "60"
|
||||||
|
|
||||||
|
periodic {
|
||||||
|
cron = "@daily"
|
||||||
|
// Do not allow overlapping runs.
|
||||||
|
prohibit_overlap = true
|
||||||
|
}
|
||||||
|
|
||||||
|
group "backup-garage" {
|
||||||
|
task "main" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "lxpz/backup_garage:9"
|
||||||
|
network_mode = "host"
|
||||||
|
volumes = [
|
||||||
|
"secrets/rclone.conf:/etc/secrets/rclone.conf"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
GARAGE_ADMIN_TOKEN={{ key "secrets/garage/admin_token" }}
|
||||||
|
GARAGE_ADMIN_API_URL=http://localhost:3903
|
||||||
|
GARAGE_ACCESS_KEY={{ key "secrets/backup/garage/s3_access_key_id" }}
|
||||||
|
TARGET_BACKUP_DIR={{ key "secrets/backup/garage/target_sftp_directory" }}
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env_vars"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
[garage]
|
||||||
|
type = s3
|
||||||
|
provider = Other
|
||||||
|
env_auth = false
|
||||||
|
access_key_id = {{ key "secrets/backup/garage/s3_access_key_id" }}
|
||||||
|
secret_access_key = {{ key "secrets/backup/garage/s3_secret_access_key" }}
|
||||||
|
endpoint = http://localhost:3900
|
||||||
|
region = garage
|
||||||
|
|
||||||
|
[backup]
|
||||||
|
type = sftp
|
||||||
|
host = {{ key "secrets/backup/garage/target_sftp_host" }}
|
||||||
|
user = {{ key "secrets/backup/garage/target_sftp_user" }}
|
||||||
|
port = {{ key "secrets/backup/garage/target_sftp_port" }}
|
||||||
|
key_pem = {{ key "secrets/backup/garage/target_sftp_key_pem" | replaceAll "\n" "\\n" }}
|
||||||
|
shell_type = unix
|
||||||
|
EOH
|
||||||
|
destination = "secrets/rclone.conf"
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 500
|
||||||
|
memory = 200
|
||||||
|
memory_max = 4000
|
||||||
|
}
|
||||||
|
|
||||||
|
restart {
|
||||||
|
attempts = 2
|
||||||
|
interval = "30m"
|
||||||
|
delay = "15s"
|
||||||
|
mode = "fail"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,5 +1,5 @@
|
||||||
job "backup_weekly" {
|
job "backup_weekly" {
|
||||||
datacenters = ["orion"]
|
datacenters = ["scorpio", "neptune", "bespin"]
|
||||||
type = "batch"
|
type = "batch"
|
||||||
|
|
||||||
priority = "60"
|
priority = "60"
|
||||||
|
@ -30,7 +30,7 @@ AWS_ENDPOINT=s3.deuxfleurs.shirokumo.net
|
||||||
AWS_ACCESS_KEY_ID={{ key "secrets/postgres/backup/aws_access_key_id" }}
|
AWS_ACCESS_KEY_ID={{ key "secrets/postgres/backup/aws_access_key_id" }}
|
||||||
AWS_SECRET_ACCESS_KEY={{ key "secrets/postgres/backup/aws_secret_access_key" }}
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/postgres/backup/aws_secret_access_key" }}
|
||||||
CRYPT_PUBLIC_KEY={{ key "secrets/postgres/backup/crypt_public_key" }}
|
CRYPT_PUBLIC_KEY={{ key "secrets/postgres/backup/crypt_public_key" }}
|
||||||
PSQL_HOST=psql-proxy.service.prod.consul
|
PSQL_HOST={{ env "meta.site" }}.psql-proxy.service.prod.consul
|
||||||
PSQL_USER={{ key "secrets/postgres/keeper/pg_repl_username" }}
|
PSQL_USER={{ key "secrets/postgres/keeper/pg_repl_username" }}
|
||||||
PGPASSWORD={{ key "secrets/postgres/keeper/pg_repl_pwd" }}
|
PGPASSWORD={{ key "secrets/postgres/keeper/pg_repl_pwd" }}
|
||||||
EOH
|
EOH
|
||||||
|
|
88
cluster/prod/app/bagage/deploy/bagage.hcl
Normal file
88
cluster/prod/app/bagage/deploy/bagage.hcl
Normal file
|
@ -0,0 +1,88 @@
|
||||||
|
job "bagage" {
|
||||||
|
datacenters = ["scorpio", "neptune"]
|
||||||
|
type = "service"
|
||||||
|
priority = 90
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${attr.cpu.arch}"
|
||||||
|
value = "amd64"
|
||||||
|
}
|
||||||
|
|
||||||
|
group "main" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "web_port" {
|
||||||
|
static = 8080
|
||||||
|
to = 8080
|
||||||
|
}
|
||||||
|
port "ssh_port" {
|
||||||
|
static = 2222
|
||||||
|
to = 2222
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "server" {
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
image = "lxpz/amd64_bagage:20231016-3"
|
||||||
|
readonly_rootfs = false
|
||||||
|
network_mode = "host"
|
||||||
|
volumes = [
|
||||||
|
"secrets/id_rsa:/id_rsa"
|
||||||
|
]
|
||||||
|
ports = [ "web_port", "ssh_port" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
env {
|
||||||
|
BAGAGE_LDAP_ENDPOINT = "bottin.service.prod.consul:389"
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
memory = 200
|
||||||
|
cpu = 100
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/bagage/id_rsa\" }}"
|
||||||
|
destination = "secrets/id_rsa"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "bagage-ssh"
|
||||||
|
port = "ssh_port"
|
||||||
|
address_mode = "host"
|
||||||
|
tags = [
|
||||||
|
"bagage",
|
||||||
|
"(diplonat (tcp_port 2222))",
|
||||||
|
"d53-a sftp.deuxfleurs.fr",
|
||||||
|
"d53-aaaa sftp.deuxfleurs.fr",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "bagage-webdav"
|
||||||
|
tags = [
|
||||||
|
"bagage",
|
||||||
|
"tricot bagage.deuxfleurs.fr",
|
||||||
|
"d53-cname bagage.deuxfleurs.fr",
|
||||||
|
]
|
||||||
|
port = "web_port"
|
||||||
|
address_mode = "host"
|
||||||
|
check {
|
||||||
|
type = "tcp"
|
||||||
|
port = "web_port"
|
||||||
|
address_mode = "host"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "90s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
4
cluster/prod/app/bagage/secrets.toml
Normal file
4
cluster/prod/app/bagage/secrets.toml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
[secrets."bagage/id_rsa"]
|
||||||
|
type = 'command'
|
||||||
|
rotate = true
|
||||||
|
command = 'ssh-keygen -q -f >(cat) -N "" <<< y 2>/dev/null 1>&2 ; true'
|
|
@ -1,5 +1,5 @@
|
||||||
job "cms" {
|
job "cms" {
|
||||||
datacenters = ["neptune", "orion"]
|
datacenters = ["neptune", "scorpio"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
|
||||||
priority = 100
|
priority = 100
|
||||||
|
|
100
cluster/prod/app/core/deploy/bottin.hcl
Normal file
100
cluster/prod/app/core/deploy/bottin.hcl
Normal file
|
@ -0,0 +1,100 @@
|
||||||
|
job "core-bottin" {
|
||||||
|
datacenters = ["neptune", "scorpio"]
|
||||||
|
type = "system"
|
||||||
|
priority = 90
|
||||||
|
|
||||||
|
update {
|
||||||
|
max_parallel = 1
|
||||||
|
stagger = "1m"
|
||||||
|
}
|
||||||
|
|
||||||
|
group "bottin" {
|
||||||
|
constraint {
|
||||||
|
distinct_property = "${meta.site}"
|
||||||
|
value = "1"
|
||||||
|
}
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "ldap_port" {
|
||||||
|
static = 389
|
||||||
|
to = 389
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "bottin" {
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
image = "dxflrs/bottin:7h18i30cckckaahv87d3c86pn4a7q41z"
|
||||||
|
network_mode = "host"
|
||||||
|
readonly_rootfs = true
|
||||||
|
ports = [ "ldap_port" ]
|
||||||
|
volumes = [
|
||||||
|
"secrets/config.json:/config.json",
|
||||||
|
"secrets:/etc/bottin",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
restart {
|
||||||
|
interval = "5m"
|
||||||
|
attempts = 10
|
||||||
|
delay = "15s"
|
||||||
|
mode = "delay"
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
memory = 100
|
||||||
|
memory_max = 200
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/bottin/config.json.tpl")
|
||||||
|
destination = "secrets/config.json"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul.crt\" }}"
|
||||||
|
destination = "secrets/consul.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
||||||
|
destination = "secrets/consul-client.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
||||||
|
destination = "secrets/consul-client.key"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
CONSUL_HTTP_ADDR=https://consul.service.prod.consul:8501
|
||||||
|
CONSUL_HTTP_SSL=true
|
||||||
|
CONSUL_CACERT=/etc/bottin/consul.crt
|
||||||
|
CONSUL_CLIENT_CERT=/etc/bottin/consul-client.crt
|
||||||
|
CONSUL_CLIENT_KEY=/etc/bottin/consul-client.key
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
tags = [ "${meta.site}" ]
|
||||||
|
port = "ldap_port"
|
||||||
|
address_mode = "host"
|
||||||
|
name = "bottin"
|
||||||
|
check {
|
||||||
|
type = "tcp"
|
||||||
|
port = "ldap_port"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "90s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,257 +0,0 @@
|
||||||
job "core" {
|
|
||||||
datacenters = ["orion", "neptune", "bespin", "scorpio"]
|
|
||||||
type = "system"
|
|
||||||
priority = 90
|
|
||||||
|
|
||||||
update {
|
|
||||||
max_parallel = 1
|
|
||||||
stagger = "5m"
|
|
||||||
}
|
|
||||||
|
|
||||||
group "diplonat" {
|
|
||||||
task "diplonat" {
|
|
||||||
driver = "docker"
|
|
||||||
|
|
||||||
config {
|
|
||||||
image = "lxpz/amd64_diplonat:4"
|
|
||||||
network_mode = "host"
|
|
||||||
readonly_rootfs = true
|
|
||||||
privileged = true
|
|
||||||
volumes = [
|
|
||||||
"secrets:/etc/diplonat",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
restart {
|
|
||||||
interval = "5m"
|
|
||||||
attempts = 10
|
|
||||||
delay = "15s"
|
|
||||||
mode = "delay"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul.crt\" }}"
|
|
||||||
destination = "secrets/consul.crt"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
|
||||||
destination = "secrets/consul-client.crt"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
|
||||||
destination = "secrets/consul-client.key"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = <<EOH
|
|
||||||
DIPLONAT_REFRESH_TIME=60
|
|
||||||
DIPLONAT_EXPIRATION_TIME=300
|
|
||||||
DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
|
|
||||||
DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
|
|
||||||
DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
|
|
||||||
DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
|
|
||||||
DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
|
|
||||||
RUST_LOG=debug
|
|
||||||
EOH
|
|
||||||
destination = "secrets/env"
|
|
||||||
env = true
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
memory = 100
|
|
||||||
memory_max = 200
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
group "tricot" {
|
|
||||||
constraint {
|
|
||||||
distinct_property = "${meta.site}"
|
|
||||||
value = "1"
|
|
||||||
}
|
|
||||||
|
|
||||||
network {
|
|
||||||
port "http_port" { static = 80 }
|
|
||||||
port "https_port" { static = 443 }
|
|
||||||
port "metrics_port" { static = 9334 }
|
|
||||||
}
|
|
||||||
|
|
||||||
task "server" {
|
|
||||||
driver = "docker"
|
|
||||||
|
|
||||||
config {
|
|
||||||
image = "lxpz/amd64_tricot:47"
|
|
||||||
network_mode = "host"
|
|
||||||
readonly_rootfs = true
|
|
||||||
ports = [ "http_port", "https_port" ]
|
|
||||||
volumes = [
|
|
||||||
"secrets:/etc/tricot",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
cpu = 1000
|
|
||||||
memory = 200
|
|
||||||
memory_max = 500
|
|
||||||
}
|
|
||||||
|
|
||||||
restart {
|
|
||||||
interval = "5m"
|
|
||||||
attempts = 10
|
|
||||||
delay = "15s"
|
|
||||||
mode = "delay"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
|
|
||||||
destination = "secrets/consul-ca.crt"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
|
||||||
destination = "secrets/consul-client.crt"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
|
||||||
destination = "secrets/consul-client.key"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = <<EOH
|
|
||||||
TRICOT_NODE_NAME={{ env "attr.unique.hostname" }}
|
|
||||||
TRICOT_LETSENCRYPT_EMAIL=prod-sysadmin@deuxfleurs.fr
|
|
||||||
TRICOT_ENABLE_COMPRESSION=true
|
|
||||||
TRICOT_CONSUL_HOST=https://consul.service.prod.consul:8501
|
|
||||||
TRICOT_CONSUL_TLS_SKIP_VERIFY=true
|
|
||||||
TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
|
|
||||||
TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
|
|
||||||
TRICOT_HTTP_BIND_ADDR=[::]:80
|
|
||||||
TRICOT_HTTPS_BIND_ADDR=[::]:443
|
|
||||||
TRICOT_METRICS_BIND_ADDR=[::]:9334
|
|
||||||
RUST_LOG=tricot=debug
|
|
||||||
EOH
|
|
||||||
destination = "secrets/env"
|
|
||||||
env = true
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
name = "tricot-http"
|
|
||||||
port = "http_port"
|
|
||||||
tags = [ "(diplonat (tcp_port 80))", "${meta.site}" ]
|
|
||||||
address_mode = "host"
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
name = "tricot-https"
|
|
||||||
port = "https_port"
|
|
||||||
tags = [
|
|
||||||
"(diplonat (tcp_port 443))",
|
|
||||||
"${meta.site}",
|
|
||||||
"d53-aaaa ${meta.site}.site.deuxfleurs.fr",
|
|
||||||
"d53-a global.site.deuxfleurs.fr",
|
|
||||||
"d53-aaaa global.site.deuxfleurs.fr",
|
|
||||||
]
|
|
||||||
address_mode = "host"
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
name = "tricot-metrics"
|
|
||||||
port = "metrics_port"
|
|
||||||
address_mode = "host"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
group "bottin" {
|
|
||||||
constraint {
|
|
||||||
distinct_property = "${meta.site}"
|
|
||||||
value = "1"
|
|
||||||
}
|
|
||||||
|
|
||||||
network {
|
|
||||||
port "ldap_port" {
|
|
||||||
static = 389
|
|
||||||
to = 389
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
task "bottin" {
|
|
||||||
driver = "docker"
|
|
||||||
config {
|
|
||||||
image = "superboum/bottin_amd64:22"
|
|
||||||
network_mode = "host"
|
|
||||||
readonly_rootfs = true
|
|
||||||
ports = [ "ldap_port" ]
|
|
||||||
volumes = [
|
|
||||||
"secrets/config.json:/config.json",
|
|
||||||
"secrets:/etc/bottin",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
restart {
|
|
||||||
interval = "5m"
|
|
||||||
attempts = 10
|
|
||||||
delay = "15s"
|
|
||||||
mode = "delay"
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
memory = 100
|
|
||||||
memory_max = 200
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/bottin/config.json.tpl")
|
|
||||||
destination = "secrets/config.json"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul.crt\" }}"
|
|
||||||
destination = "secrets/consul.crt"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
|
||||||
destination = "secrets/consul-client.crt"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
|
||||||
destination = "secrets/consul-client.key"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = <<EOH
|
|
||||||
CONSUL_HTTP_ADDR=https://consul.service.prod.consul:8501
|
|
||||||
CONSUL_HTTP_SSL=true
|
|
||||||
CONSUL_CACERT=/etc/bottin/consul.crt
|
|
||||||
CONSUL_CLIENT_CERT=/etc/bottin/consul-client.crt
|
|
||||||
CONSUL_CLIENT_KEY=/etc/bottin/consul-client.key
|
|
||||||
EOH
|
|
||||||
destination = "secrets/env"
|
|
||||||
env = true
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
tags = [ "${meta.site}" ]
|
|
||||||
port = "ldap_port"
|
|
||||||
address_mode = "host"
|
|
||||||
name = "bottin"
|
|
||||||
check {
|
|
||||||
type = "tcp"
|
|
||||||
port = "ldap_port"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "core-service" {
|
job "core-d53" {
|
||||||
datacenters = ["neptune", "orion", "bespin"]
|
datacenters = ["neptune", "scorpio", "bespin"]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 90
|
priority = 90
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ job "core-service" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "lxpz/amd64_d53:3"
|
image = "lxpz/amd64_d53:4"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
volumes = [
|
volumes = [
|
||||||
|
@ -61,4 +61,42 @@ EOH
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Dummy task for Gitea (still on an external VM), runs on any bespin node
|
||||||
|
# and allows D53 to automatically update the A record for git.deuxfleurs.fr
|
||||||
|
# to the IPv4 address of the bespin site (that changes occasionnaly)
|
||||||
|
group "gitea-dummy" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "dummy" {
|
||||||
|
to = 999
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "main" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${meta.site}"
|
||||||
|
operator = "="
|
||||||
|
value = "bespin"
|
||||||
|
}
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "alpine"
|
||||||
|
command = "sh"
|
||||||
|
args = ["-c", "while true; do echo x; sleep 60; done"]
|
||||||
|
ports = [ "dummy" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "gitea-dummy"
|
||||||
|
port = "dummy"
|
||||||
|
tags = [
|
||||||
|
"d53-a git.deuxfleurs.fr",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
68
cluster/prod/app/core/deploy/diplonat.hcl
Normal file
68
cluster/prod/app/core/deploy/diplonat.hcl
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
job "core-diplonat" {
|
||||||
|
datacenters = ["neptune", "scorpio", "bespin"]
|
||||||
|
type = "system"
|
||||||
|
priority = 90
|
||||||
|
|
||||||
|
update {
|
||||||
|
max_parallel = 2
|
||||||
|
stagger = "1m"
|
||||||
|
}
|
||||||
|
|
||||||
|
group "diplonat" {
|
||||||
|
task "diplonat" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "lxpz/amd64_diplonat:7"
|
||||||
|
network_mode = "host"
|
||||||
|
readonly_rootfs = true
|
||||||
|
privileged = true
|
||||||
|
volumes = [
|
||||||
|
"secrets:/etc/diplonat",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
restart {
|
||||||
|
interval = "5m"
|
||||||
|
attempts = 10
|
||||||
|
delay = "15s"
|
||||||
|
mode = "delay"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul.crt\" }}"
|
||||||
|
destination = "secrets/consul.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
||||||
|
destination = "secrets/consul-client.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
||||||
|
destination = "secrets/consul-client.key"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
DIPLONAT_REFRESH_TIME=60
|
||||||
|
DIPLONAT_EXPIRATION_TIME=300
|
||||||
|
DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
|
||||||
|
DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
|
||||||
|
DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
|
||||||
|
DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
|
||||||
|
DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
|
||||||
|
RUST_LOG=debug
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
memory = 100
|
||||||
|
memory_max = 200
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
120
cluster/prod/app/core/deploy/tricot.hcl
Normal file
120
cluster/prod/app/core/deploy/tricot.hcl
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
job "core-tricot" {
|
||||||
|
# bespin pas pour l'instant, on a des soucis de SSL avec gitea
|
||||||
|
# on pourra mettre bespin quand on aura migré gitea de la vm vers le cluster
|
||||||
|
# en attendant, les deux ne sont pas capables de partager les certificats SSL
|
||||||
|
# donc on laisse la VM gitea gérer les certifs et prendre tout le trafic http(s)
|
||||||
|
datacenters = ["neptune", "scorpio"]
|
||||||
|
type = "system"
|
||||||
|
priority = 90
|
||||||
|
|
||||||
|
update {
|
||||||
|
max_parallel = 1
|
||||||
|
stagger = "5m"
|
||||||
|
}
|
||||||
|
|
||||||
|
group "tricot" {
|
||||||
|
constraint {
|
||||||
|
distinct_property = "${meta.site}"
|
||||||
|
value = "1"
|
||||||
|
}
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "http_port" { static = 80 }
|
||||||
|
port "https_port" { static = 443 }
|
||||||
|
port "metrics_port" { static = 9334 }
|
||||||
|
}
|
||||||
|
|
||||||
|
task "server" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "superboum/amd64_tricot:54"
|
||||||
|
network_mode = "host"
|
||||||
|
readonly_rootfs = true
|
||||||
|
ports = [ "http_port", "https_port" ]
|
||||||
|
volumes = [
|
||||||
|
"secrets:/etc/tricot",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 1000
|
||||||
|
memory = 200
|
||||||
|
memory_max = 500
|
||||||
|
}
|
||||||
|
|
||||||
|
restart {
|
||||||
|
interval = "5m"
|
||||||
|
attempts = 10
|
||||||
|
delay = "15s"
|
||||||
|
mode = "delay"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
|
||||||
|
destination = "secrets/consul-ca.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
||||||
|
destination = "secrets/consul-client.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
||||||
|
destination = "secrets/consul-client.key"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
TRICOT_NODE_NAME={{ env "attr.unique.hostname" }}
|
||||||
|
TRICOT_LETSENCRYPT_EMAIL=prod-sysadmin@deuxfleurs.fr
|
||||||
|
TRICOT_ENABLE_COMPRESSION=true
|
||||||
|
TRICOT_CONSUL_HOST=https://consul.service.prod.consul:8501
|
||||||
|
TRICOT_CONSUL_TLS_SKIP_VERIFY=true
|
||||||
|
TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
|
||||||
|
TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
|
||||||
|
TRICOT_HTTP_BIND_ADDR=[::]:80
|
||||||
|
TRICOT_HTTPS_BIND_ADDR=[::]:443
|
||||||
|
TRICOT_METRICS_BIND_ADDR=[::]:9334
|
||||||
|
TRICOT_WARMUP_CERT_MEMORY_STORE=true
|
||||||
|
RUST_LOG=tricot=debug
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "tricot-http"
|
||||||
|
port = "http_port"
|
||||||
|
tags = [
|
||||||
|
"(diplonat (tcp_port 80))",
|
||||||
|
"${meta.site}"
|
||||||
|
]
|
||||||
|
address_mode = "host"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "tricot-https"
|
||||||
|
port = "https_port"
|
||||||
|
tags = [
|
||||||
|
"(diplonat (tcp_port 443))",
|
||||||
|
"${meta.site}",
|
||||||
|
"d53-a global.site.deuxfleurs.fr",
|
||||||
|
"d53-aaaa global.site.deuxfleurs.fr",
|
||||||
|
"d53-a ${meta.site}.site.deuxfleurs.fr",
|
||||||
|
"d53-aaaa ${meta.site}.site.deuxfleurs.fr",
|
||||||
|
"d53-a v4.${meta.site}.site.deuxfleurs.fr",
|
||||||
|
"d53-aaaa v6.${meta.site}.site.deuxfleurs.fr",
|
||||||
|
]
|
||||||
|
address_mode = "host"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "tricot-metrics"
|
||||||
|
port = "metrics_port"
|
||||||
|
address_mode = "host"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,5 +1,5 @@
|
||||||
job "coturn" {
|
job "coturn" {
|
||||||
datacenters = ["neptune", "orion"]
|
datacenters = ["neptune", "scorpio"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
|
||||||
priority = 100
|
priority = 100
|
||||||
|
|
|
@ -1,29 +1,56 @@
|
||||||
## Build
|
# CryptPad for NixOS with Deuxfleurs flavour
|
||||||
|
|
||||||
Cryptpad being not NixOS native, an upgrade must be done in 4 steps:
|
## Building
|
||||||
1. Bump the cryptpad version in `common.nix`
|
|
||||||
2. Rebuild the Nix lock files for the dependencies
|
|
||||||
3. Build the package for Nix
|
|
||||||
4. Create a container from the Nix package
|
|
||||||
|
|
||||||
To bump the nix version, set the desired tag in `common.nix` in the `cryptpadVersion` entry.
|
The `default.nix` file follows the nixpkgs `callPackage` convention for fetching dependencies, so you need to either:
|
||||||
Set the corresponding commit in the `cryptadCommit` field, its goal would be to detect unwanted update of the tag.
|
|
||||||
|
|
||||||
To rebuild the lock files (they are stored in the `nix.lock` folder):
|
- Run `nix-build --expr '{ ... }@args: (import <nixpkgs> {}).callPackage ./default.nix args'`
|
||||||
|
- Do the `callPackage from a higher-level directory importing your package`
|
||||||
|
|
||||||
```
|
### Docker
|
||||||
nix-shell --run "update_lock"
|
|
||||||
|
The `docker.nix` derives into a Docker image you can load simply by running:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
docker load -i $(nix-build docker.nix)
|
||||||
```
|
```
|
||||||
|
|
||||||
To build cryptpad:
|
You can then test the built Docker image using the provided `docker-compose.yml` and `config.js` files, which are
|
||||||
|
configured to render the instance accessible at `http://localhost:3000` with data stored into the `_data` folder.
|
||||||
|
|
||||||
```
|
|
||||||
nix-build
|
### Deuxfleurs flavour
|
||||||
|
The `deuxfleurs.nix` file derives into two derivations: The CryptPad derivation itself and a Docker image,
|
||||||
|
which can be choose by passing the `-A [name]` flags to `nix-build`
|
||||||
|
|
||||||
|
For example, to build and load the Deuxfleurs-flavoured CryptPad Docker image, you run:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
docker load -i $(nix-build deuxfleurs.nix -A docker)
|
||||||
```
|
```
|
||||||
|
|
||||||
Create the container:
|
## OnlyOffice integration
|
||||||
|
Apart for `deuxfleurs.nix`, both `default.nix` and `docker.nix` files build CryptPad with a copy of OnlyOffice pre-built and
|
||||||
|
used by CryptPad, which can result to large Docker image (~2.6GiB)
|
||||||
|
|
||||||
|
This behaviour is configurable by passing the `--arg withOnlyOffice false` flag to `nix-build` when building them.
|
||||||
|
|
||||||
|
## Updating the Deuxfleurs pinned nixpkgs
|
||||||
|
The pinned sources files are generated with the [niv](https://github.com/nmattia/niv) tool.
|
||||||
|
|
||||||
|
To update the pinned nixpkgs, you simply run the following command:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
niv update
|
||||||
```
|
```
|
||||||
docker load < $(nix-build docker.nix)
|
|
||||||
docker push superboum/cryptpad:???
|
To modify the pinned nixpkgs, you can use the `niv modify` command, for example, to move to nixpkgs-unstable:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
niv modify nixpkgs -b nixos-unstable
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Quirks
|
||||||
|
|
||||||
|
- The CryptPad `package-lock.json` is included here because the upstream-provided one appeared to be desync'ed, so a
|
||||||
|
manual lockfile generation was needed
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
rec {
|
|
||||||
cryptpadVersion = "4.14.1+2";
|
|
||||||
cryptpadCommit = "18c371bb5bda068a5d962dd7c4f0726320eea5e9";
|
|
||||||
|
|
||||||
pkgsSrc = fetchTarball {
|
|
||||||
# Latest commit on https://github.com/NixOS/nixpkgs/tree/nixos-21.11
|
|
||||||
# As of 2022-04-15
|
|
||||||
url ="https://github.com/NixOS/nixpkgs/archive/2f06b87f64bc06229e05045853e0876666e1b023.tar.gz";
|
|
||||||
sha256 = "sha256:1d7zg96xw4qsqh7c89pgha9wkq3rbi9as3k3d88jlxy2z0ns0cy2";
|
|
||||||
};
|
|
||||||
cryptpadSrc = builtins.fetchGit {
|
|
||||||
url = "https://github.com/superboum/cryptpad";
|
|
||||||
ref = "refs/tags/${cryptpadVersion}";
|
|
||||||
rev = cryptpadCommit;
|
|
||||||
};
|
|
||||||
bower2nixSrc = builtins.fetchGit {
|
|
||||||
url = "https://github.com/superboum/bower2nix";
|
|
||||||
ref = "new";
|
|
||||||
rev = "618ab3e206325c63fe4526ae842a1f6c792b0e27";
|
|
||||||
};
|
|
||||||
nodejs = "nodejs-slim-16_x";
|
|
||||||
}
|
|
|
@ -1,77 +1,118 @@
|
||||||
let
|
{ lib
|
||||||
common = import ./common.nix;
|
, stdenvNoCC
|
||||||
pkgs = import common.pkgsSrc {};
|
|
||||||
nodejs = pkgs.${common.nodejs};
|
|
||||||
|
|
||||||
bower = (pkgs.buildBowerComponents {
|
, buildNpmPackage
|
||||||
name = "cryptpad-${common.cryptpadVersion}-bower";
|
, fetchFromGitHub
|
||||||
generated = ./nix.lock/bower.nix;
|
|
||||||
src = common.cryptpadSrc;
|
|
||||||
}).overrideAttrs (old: {
|
|
||||||
bowerPackages = old.bowerPackages.override (old_: {
|
|
||||||
# add missing dependencies:
|
|
||||||
# Those dependencies are EOL and they are not installed by buildBowerComponents,
|
|
||||||
# but they are required, otherwise the resolver crashes.
|
|
||||||
# * add the second jquery ~2.1.0 entry
|
|
||||||
# * add the second bootstrap ~3.1.1 entry
|
|
||||||
paths = old_.paths ++ [
|
|
||||||
(pkgs.fetchbower "jquery" "2.1.0" "~2.1.0" "02kwvz93vzpv10qnp7s0dz3al0jh77awwrizb6wadsvgifxssnlr")
|
|
||||||
(pkgs.fetchbower "bootstrap" "3.1.1" "~3.1.1" "06bhjwa8p7mzbpr3jkgydd804z1nwrkdql66h7jkfml99psv9811")
|
|
||||||
];
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
npm = import ./nix.lock/npm.nix {
|
, nodejs
|
||||||
inherit pkgs;
|
|
||||||
|
, withOnlyOffice ? true
|
||||||
|
}: let
|
||||||
|
onlyOfficeVersions = {
|
||||||
|
v1 = {
|
||||||
|
rev = "4f370bebe96e3a0d4054df87412ee5b2c6ed8aaa";
|
||||||
|
hash = "sha256-TE/99qOx4wT2s0op9wi+SHwqTPYq/H+a9Uus9Zj4iSY=";
|
||||||
|
};
|
||||||
|
v2b = {
|
||||||
|
rev = "d9da72fda95daf93b90ffa345757c47eb5b919dd";
|
||||||
|
hash = "sha256-SiRDRc2vnLwCVnvtk+C8PKw7IeuSzHBaJmZHogRe3hQ=";
|
||||||
|
};
|
||||||
|
v4 = {
|
||||||
|
rev = "6ebc6938b6841440ffad2efc1e23f1dc1ceda964";
|
||||||
|
hash = "sha256-eto1+8Tk/s3kbUCpbUh8qCS8EOq700FYG1/KiHyynaA=";
|
||||||
|
};
|
||||||
|
v5 = {
|
||||||
|
rev = "88a356f08ded2f0f4620bda66951caf1d7f02c21";
|
||||||
|
hash = "sha256-8j1rlAyHlKx6oAs2pIhjPKcGhJFj6ZzahOcgenyeOCc=";
|
||||||
|
};
|
||||||
|
v6 = {
|
||||||
|
rev = "abd8a309f6dd37289f950cd8cea40df4492d8a15";
|
||||||
|
hash = "sha256-BZdExj2q/bqUD3k9uluOot2dlrWKA+vpad49EdgXKww=";
|
||||||
|
};
|
||||||
|
v7 = {
|
||||||
|
rev = "9d8b914a81f0f9e5d0bc3f0fc631adf4b6d480e7";
|
||||||
|
hash = "sha256-M+rPJ/Xo2olhqB5ViynGRaesMLLfG/1ltUoLnepMPnM=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
mkOnlyOffice = {
|
||||||
|
pname, version
|
||||||
|
}: stdenvNoCC.mkDerivation (final: {
|
||||||
|
pname = "${pname}-onlyoffice";
|
||||||
|
inherit version;
|
||||||
|
|
||||||
|
srcs = lib.mapAttrsToList (version: { rev, hash ? lib.fakeHash }: fetchFromGitHub {
|
||||||
|
name = "${final.pname}-${version}-source";
|
||||||
|
owner = "cryptpad";
|
||||||
|
repo = "onlyoffice-builds";
|
||||||
|
inherit rev hash;
|
||||||
|
}) onlyOfficeVersions;
|
||||||
|
|
||||||
|
dontBuild = true;
|
||||||
|
|
||||||
|
sourceRoot = ".";
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
${lib.concatLines (map
|
||||||
|
(version: "cp -Tr ${final.pname}-${version}-source $out/${version}")
|
||||||
|
(builtins.attrNames onlyOfficeVersions)
|
||||||
|
)}
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
in buildNpmPackage rec {
|
||||||
|
pname = "cryptpad";
|
||||||
|
version = "2024.3.0";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "cryptpad";
|
||||||
|
repo = "cryptpad";
|
||||||
|
rev = version;
|
||||||
|
hash = "sha256-VUW6KvoSatk1/hlzklMQYlSNVH/tdbH+yU4ONUQ0JSQ=";
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
npmDepsHash = "sha256-tvTkoxxioPuNoe8KIuXSP7QQbvcpxMnygsMmzKBQIY0=";
|
||||||
pkgs.stdenv.mkDerivation {
|
|
||||||
name = "cryptpad-${common.cryptpadVersion}";
|
|
||||||
src = common.cryptpadSrc;
|
|
||||||
|
|
||||||
buildPhase = ''
|
inherit nodejs;
|
||||||
cp -r ${npm.nodeDependencies}/lib/node_modules node_modules
|
|
||||||
chmod +w -R node_modules
|
|
||||||
|
|
||||||
# clear executable files inside the node_modules folder to reduce dependencies
|
onlyOffice = lib.optional withOnlyOffice (mkOnlyOffice {
|
||||||
# and attack surface
|
inherit pname version;
|
||||||
find node_modules -type f ! -path 'node_modules/gar/*' -executable -print | tee >(xargs -n 20 rm)
|
});
|
||||||
|
|
||||||
# Remove only office that IS BIG
|
makeCacheWritable = true;
|
||||||
# COMMENTED as it is not as easy as planned.
|
dontFixup = true;
|
||||||
# rm -rf www/common/onlyoffice
|
|
||||||
|
postPatch = ''
|
||||||
|
cp -T ${./package-lock.json} package-lock.json
|
||||||
|
'';
|
||||||
|
|
||||||
|
preBuild = ''
|
||||||
|
npm run install:components
|
||||||
|
'' + lib.optionalString withOnlyOffice ''
|
||||||
|
ln -s $onlyOffice www/common/onlyoffice/dist
|
||||||
|
'';
|
||||||
|
|
||||||
|
postBuild = ''
|
||||||
|
rm -rf customize
|
||||||
'';
|
'';
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
mkdir -p $out/{bin,opt}
|
runHook preInstall
|
||||||
|
|
||||||
out_cryptpad=$out/opt/
|
mkdir -p $out
|
||||||
|
cp -R . $out/
|
||||||
|
|
||||||
# copy the source code
|
substituteInPlace $out/lib/workers/index.js \
|
||||||
cp -r .bowerrc bower.json package.json package-lock.json customize.dist lib server.js www $out_cryptpad
|
--replace-warn "lib/workers/db-worker" "$out/lib/workers/db-worker"
|
||||||
|
|
||||||
# mount node_modules
|
makeWrapper ${lib.getExe nodejs} $out/bin/cryptpad-server \
|
||||||
cp -r node_modules $out_cryptpad/node_modules
|
--chdir $out \
|
||||||
|
--add-flags server.js
|
||||||
|
|
||||||
# patch
|
runHook postInstall
|
||||||
substituteInPlace $out_cryptpad/lib/workers/index.js --replace "lib/workers/db-worker" "$out_cryptpad/lib/workers/db-worker"
|
|
||||||
|
|
||||||
# mount bower, based on the .bowerrc file at the git repo root
|
|
||||||
cp -r ${bower}/bower_components $out_cryptpad/www/
|
|
||||||
|
|
||||||
# cryptpad is bugged with absolute path, this is a workaround to use absolute path as relative path
|
|
||||||
ln -s / $out_cryptpad/root
|
|
||||||
|
|
||||||
# start script, cryptpad is lost if its working directory is not its source directory
|
|
||||||
cat > $out/bin/cryptpad <<EOF
|
|
||||||
#!${pkgs.stdenv.shell}
|
|
||||||
cd $out_cryptpad
|
|
||||||
exec ${nodejs}/bin/node server.js
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod +x $out/bin/cryptpad
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
dontFixup = true;
|
meta = {
|
||||||
}
|
homepage = "https://cryptpad.org";
|
||||||
|
mainProgram = "cryptpad-server";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
12
cluster/prod/app/cryptpad/build/deuxfleurs.nix
Normal file
12
cluster/prod/app/cryptpad/build/deuxfleurs.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ name ? "deuxfleurs/cryptpad"
|
||||||
|
, tag ? "nix-latest"
|
||||||
|
}: let
|
||||||
|
sources = import ./nix/sources.nix;
|
||||||
|
pkgs = import sources.nixpkgs {};
|
||||||
|
in rec {
|
||||||
|
cryptpad = pkgs.callPackage ./default.nix {};
|
||||||
|
docker = pkgs.callPackage ./docker.nix {
|
||||||
|
inherit name tag;
|
||||||
|
inherit cryptpad;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,11 +1,27 @@
|
||||||
let
|
{ pkgs ? import <nixpkgs> {}
|
||||||
common = import ./common.nix;
|
|
||||||
pkgs = import common.pkgsSrc {};
|
, name ? "cryptpad"
|
||||||
app = import ./default.nix;
|
, tag ? "nix-latest"
|
||||||
in
|
|
||||||
pkgs.dockerTools.buildLayeredImage {
|
, withOnlyOffice ? true
|
||||||
name = "superboum/cryptpad";
|
|
||||||
config = {
|
, cryptpad ? pkgs.callPackage ./default.nix { inherit withOnlyOffice; }
|
||||||
Cmd = [ "${app}/bin/cryptpad" ];
|
}: let
|
||||||
|
cryptpad' = cryptpad.overrideAttrs {
|
||||||
|
postInstall = ''
|
||||||
|
ln -sf /cryptpad/customize $out/customize
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
in pkgs.dockerTools.buildImage {
|
||||||
|
inherit name tag;
|
||||||
|
|
||||||
|
config = {
|
||||||
|
Cmd = [
|
||||||
|
(pkgs.lib.getExe cryptpad')
|
||||||
|
];
|
||||||
|
|
||||||
|
Volumes = {
|
||||||
|
"/cryptpad/customize" = {};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -1,57 +0,0 @@
|
||||||
{
|
|
||||||
"name": "cryptpad",
|
|
||||||
"version": "0.1.0",
|
|
||||||
"authors": [
|
|
||||||
"Caleb James DeLisle <cjd@cjdns.fr>"
|
|
||||||
],
|
|
||||||
"description": "realtime collaborative visual editor with zero knowlege server",
|
|
||||||
"main": "www/index.html",
|
|
||||||
"moduleType": [
|
|
||||||
"node"
|
|
||||||
],
|
|
||||||
"license": "AGPLv3",
|
|
||||||
"ignore": [
|
|
||||||
"**/.*",
|
|
||||||
"node_modules",
|
|
||||||
"bower_components",
|
|
||||||
"test",
|
|
||||||
"tests"
|
|
||||||
],
|
|
||||||
"dependencies": {
|
|
||||||
"jquery": "3.6.0",
|
|
||||||
"tweetnacl": "0.12.2",
|
|
||||||
"components-font-awesome": "^4.6.3",
|
|
||||||
"ckeditor": "4.14.0",
|
|
||||||
"codemirror": "^5.19.0",
|
|
||||||
"requirejs": "2.3.5",
|
|
||||||
"marked": "1.1.0",
|
|
||||||
"rangy": "rangy-release#~1.3.0",
|
|
||||||
"json.sortify": "~2.1.0",
|
|
||||||
"hyperjson": "~1.4.0",
|
|
||||||
"chainpad-crypto": "^0.2.0",
|
|
||||||
"chainpad-listmap": "^1.0.0",
|
|
||||||
"chainpad": "^5.2.0",
|
|
||||||
"file-saver": "1.3.1",
|
|
||||||
"alertifyjs": "1.0.11",
|
|
||||||
"scrypt-async": "1.2.0",
|
|
||||||
"require-css": "0.1.10",
|
|
||||||
"bootstrap": "^v4.0.0",
|
|
||||||
"diff-dom": "2.1.1",
|
|
||||||
"nthen": "0.1.7",
|
|
||||||
"open-sans-fontface": "^1.4.2",
|
|
||||||
"bootstrap-tokenfield": "0.12.1",
|
|
||||||
"localforage": "^1.5.2",
|
|
||||||
"html2canvas": "^0.4.1",
|
|
||||||
"croppie": "^2.5.0",
|
|
||||||
"sortablejs": "^1.6.0",
|
|
||||||
"saferphore": "^0.0.1",
|
|
||||||
"jszip": "3.7.1",
|
|
||||||
"requirejs-plugins": "^1.0.3",
|
|
||||||
"dragula.js": "3.7.2",
|
|
||||||
"MathJax": "3.0.5"
|
|
||||||
},
|
|
||||||
"resolutions": {
|
|
||||||
"bootstrap": "^v4.0.0",
|
|
||||||
"jquery": "3.6.0"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,37 +0,0 @@
|
||||||
# Generated by bower2nix v3.3.0 (https://github.com/rvl/bower2nix)
|
|
||||||
{ fetchbower, buildEnv }:
|
|
||||||
buildEnv { name = "bower-env"; ignoreCollisions = true; paths = [
|
|
||||||
(fetchbower "jquery" "3.6.0" "3.6.0" "1wx5n605x6ga483hba43gxjncgzk8yvxc3h0jlwgpjd0h54y9v6l")
|
|
||||||
(fetchbower "tweetnacl" "0.12.2" "0.12.2" "1lfzbfrdaly3zyzbcp1p53yhxlrx56k8x04q924kg7l52gblm65g")
|
|
||||||
(fetchbower "components-font-awesome" "4.7.0" "^4.6.3" "1w27im6ayjrbgjqa0i49ml5d3wy4ld40h9b29hz9myv77bpx4lg1")
|
|
||||||
(fetchbower "ckeditor" "4.14.0" "4.14.0" "0lw9q0k8c0jlxvf35vrccab9c3c8rgpc6x66czj9si8yy2lyliyp")
|
|
||||||
(fetchbower "codemirror" "5.65.3" "^5.19.0" "0z6pd0q0cy0k0dkplx4f3cmmjqbiixv6wqlzbz5j8dnsxr5hhgzh")
|
|
||||||
(fetchbower "requirejs" "2.3.5" "2.3.5" "05lyvgz914h2w08r24rk0vkk3yxmqrvlg7j3i5av9ffkg9lpzsli")
|
|
||||||
(fetchbower "marked" "1.1.0" "1.1.0" "1sdgqw9iki9c1pfm4c5h6c956mchbip2jywjrcmrlb75k53flsjz")
|
|
||||||
(fetchbower "rangy" "rangy-release#1.3.0" "rangy-release#~1.3.0" "13x3wci003p8jyv2ncir0k23bxckx99b3555r0zvgmlwycg7w0zv")
|
|
||||||
(fetchbower "json.sortify" "2.1.0" "~2.1.0" "1rz9xz0gnm4ak31n10vhslqsw8fw493gjylwj8xsy3bxqq1ygpnh")
|
|
||||||
(fetchbower "hyperjson" "1.4.0" "~1.4.0" "1n68ls3x4lyhg1yy8i4q3xkgh5xqpyakf45sny4x91mkr68x4bd9")
|
|
||||||
(fetchbower "chainpad-crypto" "0.2.7" "^0.2.0" "16j0gjj1v8dckqpsg38229qs4dammz7vx8ywsik6f0brzf4py65a")
|
|
||||||
(fetchbower "chainpad-listmap" "1.0.1" "^1.0.0" "0s2v27hhraifb1yjw5fka4a922zmgsdngsaq1nfd48gbs8gd2rrd")
|
|
||||||
(fetchbower "chainpad" "5.2.4" "^5.2.0" "1f4nap0r8w50qpmjdfhhjhpz5xcl0n4zaxxnav1qaxi5j6dyg8h6")
|
|
||||||
(fetchbower "file-saver" "1.3.1" "1.3.1" "065nzkvdiicxnw06z1sjz1sbp9nyis8z839hv6ng1fk25dc5kvkg")
|
|
||||||
(fetchbower "alertifyjs" "1.0.11" "1.0.11" "0v7323bzq90k35shm3h6azj4wd9la3kbi1va1pw4qyvndkwma69l")
|
|
||||||
(fetchbower "scrypt-async" "1.2.0" "1.2.0" "0d076ax708p9b8hcmk4f82j925nlnm0hmp0ni45ql37g7iirfpyv")
|
|
||||||
(fetchbower "require-css" "0.1.10" "0.1.10" "106gz9i76v71q9zx2pnqkkj342m630lvssnw54023a0ljc0gqcwq")
|
|
||||||
(fetchbower "bootstrap" "4.6.1" "^v4.0.0" "0g8zy1fl396lawgjvfhlpcl38zxsgybhnzi8b6b4m9nccvmpxv83")
|
|
||||||
(fetchbower "diff-dom" "2.1.1" "2.1.1" "0bp8c80g11hhlkvl3lhrqc39jvqiiyqvrgk1nsn35ps01ava07z9")
|
|
||||||
(fetchbower "nthen" "0.1.7" "0.1.7" "03yap5ildigaw4rwxmxs37pcwhq415iham8w39zd56ka98gpfxa5")
|
|
||||||
(fetchbower "open-sans-fontface" "1.4.2" "^1.4.2" "0ksav1fcq640fmdz49ra4prwsrrfj35y2p4shx1jh1j7zxd044nf")
|
|
||||||
(fetchbower "bootstrap-tokenfield" "0.12.1" "0.12.1" "1dh791s6ih8bf9ihck9n39h68c273jb3lg4mqk94bvqraz45fvwx")
|
|
||||||
(fetchbower "localforage" "1.10.0" "^1.5.2" "019rh006v2w5x63mgk78qhw59kf8czbkwdvfngmac8fs6gz88lc8")
|
|
||||||
(fetchbower "html2canvas" "0.4.1" "^0.4.1" "0yg7y90nav068q0i5afc2c221zkddpf28hi0hwc46cawx4180c69")
|
|
||||||
(fetchbower "croppie" "2.6.5" "^2.5.0" "1j1v5620zi13ad42r358i4ay891abwn6nz357484kgq2bgjj6ccx")
|
|
||||||
(fetchbower "sortablejs" "1.15.0" "^1.6.0" "1wk1097jrxbp2c4ghcppqd3h2gnq5b01qkf9426mc08zgszlvjr7")
|
|
||||||
(fetchbower "saferphore" "0.0.1" "^0.0.1" "1wfr9wpbm3lswmvy2p0247ydb108h4qh5s286py89k871qh6jwdi")
|
|
||||||
(fetchbower "jszip" "3.7.1" "3.7.1" "0f14bak7vylxizi6pvj3znjc2cx922avbv7lslklvic85x0318lf")
|
|
||||||
(fetchbower "requirejs-plugins" "1.0.3" "^1.0.3" "00s3sdz1ykygx5shldwhhhybwgw7c99vkqd94i5i5x0gl97ifxf5")
|
|
||||||
(fetchbower "dragula.js" "3.7.2" "3.7.2" "0dbkmrl8bcxiplprmmp9fj96ri5nahb2ql8cc7zwawncv0drvlh0")
|
|
||||||
(fetchbower "MathJax" "3.0.5" "3.0.5" "087a9av15qj43m8pr3b9g59ncmydhmg40m6dfzsac62ykianh2a0")
|
|
||||||
(fetchbower "chainpad-netflux" "1.0.0" "^1.0.0" "08rpc73x1vyvd6zkb7w0m1smzjhq3b7cwb30nlmg93x873zjlsl6")
|
|
||||||
(fetchbower "netflux-websocket" "1.0.0" "^1.0.0" "10hgc5ra3ll7qc2r8aal6p03gx6dgz06l2b54lh995pvf901wzi6")
|
|
||||||
]; }
|
|
|
@ -1,588 +0,0 @@
|
||||||
# This file originates from node2nix
|
|
||||||
|
|
||||||
{lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript}:
|
|
||||||
|
|
||||||
let
|
|
||||||
# Workaround to cope with utillinux in Nixpkgs 20.09 and util-linux in Nixpkgs master
|
|
||||||
utillinux = if pkgs ? utillinux then pkgs.utillinux else pkgs.util-linux;
|
|
||||||
|
|
||||||
python = if nodejs ? python then nodejs.python else python2;
|
|
||||||
|
|
||||||
# Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise
|
|
||||||
tarWrapper = runCommand "tarWrapper" {} ''
|
|
||||||
mkdir -p $out/bin
|
|
||||||
|
|
||||||
cat > $out/bin/tar <<EOF
|
|
||||||
#! ${stdenv.shell} -e
|
|
||||||
$(type -p tar) "\$@" --warning=no-unknown-keyword --delay-directory-restore
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod +x $out/bin/tar
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Function that generates a TGZ file from a NPM project
|
|
||||||
buildNodeSourceDist =
|
|
||||||
{ name, version, src, ... }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
name = "node-tarball-${name}-${version}";
|
|
||||||
inherit src;
|
|
||||||
buildInputs = [ nodejs ];
|
|
||||||
buildPhase = ''
|
|
||||||
export HOME=$TMPDIR
|
|
||||||
tgzFile=$(npm pack | tail -n 1) # Hooks to the pack command will add output (https://docs.npmjs.com/misc/scripts)
|
|
||||||
'';
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/tarballs
|
|
||||||
mv $tgzFile $out/tarballs
|
|
||||||
mkdir -p $out/nix-support
|
|
||||||
echo "file source-dist $out/tarballs/$tgzFile" >> $out/nix-support/hydra-build-products
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# Common shell logic
|
|
||||||
installPackage = writeShellScript "install-package" ''
|
|
||||||
installPackage() {
|
|
||||||
local packageName=$1 src=$2
|
|
||||||
|
|
||||||
local strippedName
|
|
||||||
|
|
||||||
local DIR=$PWD
|
|
||||||
cd $TMPDIR
|
|
||||||
|
|
||||||
unpackFile $src
|
|
||||||
|
|
||||||
# Make the base dir in which the target dependency resides first
|
|
||||||
mkdir -p "$(dirname "$DIR/$packageName")"
|
|
||||||
|
|
||||||
if [ -f "$src" ]
|
|
||||||
then
|
|
||||||
# Figure out what directory has been unpacked
|
|
||||||
packageDir="$(find . -maxdepth 1 -type d | tail -1)"
|
|
||||||
|
|
||||||
# Restore write permissions to make building work
|
|
||||||
find "$packageDir" -type d -exec chmod u+x {} \;
|
|
||||||
chmod -R u+w "$packageDir"
|
|
||||||
|
|
||||||
# Move the extracted tarball into the output folder
|
|
||||||
mv "$packageDir" "$DIR/$packageName"
|
|
||||||
elif [ -d "$src" ]
|
|
||||||
then
|
|
||||||
# Get a stripped name (without hash) of the source directory.
|
|
||||||
# On old nixpkgs it's already set internally.
|
|
||||||
if [ -z "$strippedName" ]
|
|
||||||
then
|
|
||||||
strippedName="$(stripHash $src)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Restore write permissions to make building work
|
|
||||||
chmod -R u+w "$strippedName"
|
|
||||||
|
|
||||||
# Move the extracted directory into the output folder
|
|
||||||
mv "$strippedName" "$DIR/$packageName"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Change to the package directory to install dependencies
|
|
||||||
cd "$DIR/$packageName"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Bundle the dependencies of the package
|
|
||||||
#
|
|
||||||
# Only include dependencies if they don't exist. They may also be bundled in the package.
|
|
||||||
includeDependencies = {dependencies}:
|
|
||||||
lib.optionalString (dependencies != []) (
|
|
||||||
''
|
|
||||||
mkdir -p node_modules
|
|
||||||
cd node_modules
|
|
||||||
''
|
|
||||||
+ (lib.concatMapStrings (dependency:
|
|
||||||
''
|
|
||||||
if [ ! -e "${dependency.name}" ]; then
|
|
||||||
${composePackage dependency}
|
|
||||||
fi
|
|
||||||
''
|
|
||||||
) dependencies)
|
|
||||||
+ ''
|
|
||||||
cd ..
|
|
||||||
''
|
|
||||||
);
|
|
||||||
|
|
||||||
# Recursively composes the dependencies of a package
|
|
||||||
composePackage = { name, packageName, src, dependencies ? [], ... }@args:
|
|
||||||
builtins.addErrorContext "while evaluating node package '${packageName}'" ''
|
|
||||||
installPackage "${packageName}" "${src}"
|
|
||||||
${includeDependencies { inherit dependencies; }}
|
|
||||||
cd ..
|
|
||||||
${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
|
|
||||||
'';
|
|
||||||
|
|
||||||
pinpointDependencies = {dependencies, production}:
|
|
||||||
let
|
|
||||||
pinpointDependenciesFromPackageJSON = writeTextFile {
|
|
||||||
name = "pinpointDependencies.js";
|
|
||||||
text = ''
|
|
||||||
var fs = require('fs');
|
|
||||||
var path = require('path');
|
|
||||||
|
|
||||||
function resolveDependencyVersion(location, name) {
|
|
||||||
if(location == process.env['NIX_STORE']) {
|
|
||||||
return null;
|
|
||||||
} else {
|
|
||||||
var dependencyPackageJSON = path.join(location, "node_modules", name, "package.json");
|
|
||||||
|
|
||||||
if(fs.existsSync(dependencyPackageJSON)) {
|
|
||||||
var dependencyPackageObj = JSON.parse(fs.readFileSync(dependencyPackageJSON));
|
|
||||||
|
|
||||||
if(dependencyPackageObj.name == name) {
|
|
||||||
return dependencyPackageObj.version;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return resolveDependencyVersion(path.resolve(location, ".."), name);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function replaceDependencies(dependencies) {
|
|
||||||
if(typeof dependencies == "object" && dependencies !== null) {
|
|
||||||
for(var dependency in dependencies) {
|
|
||||||
var resolvedVersion = resolveDependencyVersion(process.cwd(), dependency);
|
|
||||||
|
|
||||||
if(resolvedVersion === null) {
|
|
||||||
process.stderr.write("WARNING: cannot pinpoint dependency: "+dependency+", context: "+process.cwd()+"\n");
|
|
||||||
} else {
|
|
||||||
dependencies[dependency] = resolvedVersion;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Read the package.json configuration */
|
|
||||||
var packageObj = JSON.parse(fs.readFileSync('./package.json'));
|
|
||||||
|
|
||||||
/* Pinpoint all dependencies */
|
|
||||||
replaceDependencies(packageObj.dependencies);
|
|
||||||
if(process.argv[2] == "development") {
|
|
||||||
replaceDependencies(packageObj.devDependencies);
|
|
||||||
}
|
|
||||||
replaceDependencies(packageObj.optionalDependencies);
|
|
||||||
|
|
||||||
/* Write the fixed package.json file */
|
|
||||||
fs.writeFileSync("package.json", JSON.stringify(packageObj, null, 2));
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
in
|
|
||||||
''
|
|
||||||
node ${pinpointDependenciesFromPackageJSON} ${if production then "production" else "development"}
|
|
||||||
|
|
||||||
${lib.optionalString (dependencies != [])
|
|
||||||
''
|
|
||||||
if [ -d node_modules ]
|
|
||||||
then
|
|
||||||
cd node_modules
|
|
||||||
${lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies}
|
|
||||||
cd ..
|
|
||||||
fi
|
|
||||||
''}
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Recursively traverses all dependencies of a package and pinpoints all
|
|
||||||
# dependencies in the package.json file to the versions that are actually
|
|
||||||
# being used.
|
|
||||||
|
|
||||||
pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args:
|
|
||||||
''
|
|
||||||
if [ -d "${packageName}" ]
|
|
||||||
then
|
|
||||||
cd "${packageName}"
|
|
||||||
${pinpointDependencies { inherit dependencies production; }}
|
|
||||||
cd ..
|
|
||||||
${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Extract the Node.js source code which is used to compile packages with
|
|
||||||
# native bindings
|
|
||||||
nodeSources = runCommand "node-sources" {} ''
|
|
||||||
tar --no-same-owner --no-same-permissions -xf ${nodejs.src}
|
|
||||||
mv node-* $out
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Script that adds _integrity fields to all package.json files to prevent NPM from consulting the cache (that is empty)
|
|
||||||
addIntegrityFieldsScript = writeTextFile {
|
|
||||||
name = "addintegrityfields.js";
|
|
||||||
text = ''
|
|
||||||
var fs = require('fs');
|
|
||||||
var path = require('path');
|
|
||||||
|
|
||||||
function augmentDependencies(baseDir, dependencies) {
|
|
||||||
for(var dependencyName in dependencies) {
|
|
||||||
var dependency = dependencies[dependencyName];
|
|
||||||
|
|
||||||
// Open package.json and augment metadata fields
|
|
||||||
var packageJSONDir = path.join(baseDir, "node_modules", dependencyName);
|
|
||||||
var packageJSONPath = path.join(packageJSONDir, "package.json");
|
|
||||||
|
|
||||||
if(fs.existsSync(packageJSONPath)) { // Only augment packages that exist. Sometimes we may have production installs in which development dependencies can be ignored
|
|
||||||
console.log("Adding metadata fields to: "+packageJSONPath);
|
|
||||||
var packageObj = JSON.parse(fs.readFileSync(packageJSONPath));
|
|
||||||
|
|
||||||
if(dependency.integrity) {
|
|
||||||
packageObj["_integrity"] = dependency.integrity;
|
|
||||||
} else {
|
|
||||||
packageObj["_integrity"] = "sha1-000000000000000000000000000="; // When no _integrity string has been provided (e.g. by Git dependencies), add a dummy one. It does not seem to harm and it bypasses downloads.
|
|
||||||
}
|
|
||||||
|
|
||||||
if(dependency.resolved) {
|
|
||||||
packageObj["_resolved"] = dependency.resolved; // Adopt the resolved property if one has been provided
|
|
||||||
} else {
|
|
||||||
packageObj["_resolved"] = dependency.version; // Set the resolved version to the version identifier. This prevents NPM from cloning Git repositories.
|
|
||||||
}
|
|
||||||
|
|
||||||
if(dependency.from !== undefined) { // Adopt from property if one has been provided
|
|
||||||
packageObj["_from"] = dependency.from;
|
|
||||||
}
|
|
||||||
|
|
||||||
fs.writeFileSync(packageJSONPath, JSON.stringify(packageObj, null, 2));
|
|
||||||
}
|
|
||||||
|
|
||||||
// Augment transitive dependencies
|
|
||||||
if(dependency.dependencies !== undefined) {
|
|
||||||
augmentDependencies(packageJSONDir, dependency.dependencies);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(fs.existsSync("./package-lock.json")) {
|
|
||||||
var packageLock = JSON.parse(fs.readFileSync("./package-lock.json"));
|
|
||||||
|
|
||||||
if(![1, 2].includes(packageLock.lockfileVersion)) {
|
|
||||||
process.stderr.write("Sorry, I only understand lock file versions 1 and 2!\n");
|
|
||||||
process.exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
if(packageLock.dependencies !== undefined) {
|
|
||||||
augmentDependencies(".", packageLock.dependencies);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# Reconstructs a package-lock file from the node_modules/ folder structure and package.json files with dummy sha1 hashes
|
|
||||||
reconstructPackageLock = writeTextFile {
|
|
||||||
name = "addintegrityfields.js";
|
|
||||||
text = ''
|
|
||||||
var fs = require('fs');
|
|
||||||
var path = require('path');
|
|
||||||
|
|
||||||
var packageObj = JSON.parse(fs.readFileSync("package.json"));
|
|
||||||
|
|
||||||
var lockObj = {
|
|
||||||
name: packageObj.name,
|
|
||||||
version: packageObj.version,
|
|
||||||
lockfileVersion: 1,
|
|
||||||
requires: true,
|
|
||||||
dependencies: {}
|
|
||||||
};
|
|
||||||
|
|
||||||
function augmentPackageJSON(filePath, dependencies) {
|
|
||||||
var packageJSON = path.join(filePath, "package.json");
|
|
||||||
if(fs.existsSync(packageJSON)) {
|
|
||||||
var packageObj = JSON.parse(fs.readFileSync(packageJSON));
|
|
||||||
dependencies[packageObj.name] = {
|
|
||||||
version: packageObj.version,
|
|
||||||
integrity: "sha1-000000000000000000000000000=",
|
|
||||||
dependencies: {}
|
|
||||||
};
|
|
||||||
processDependencies(path.join(filePath, "node_modules"), dependencies[packageObj.name].dependencies);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function processDependencies(dir, dependencies) {
|
|
||||||
if(fs.existsSync(dir)) {
|
|
||||||
var files = fs.readdirSync(dir);
|
|
||||||
|
|
||||||
files.forEach(function(entry) {
|
|
||||||
var filePath = path.join(dir, entry);
|
|
||||||
var stats = fs.statSync(filePath);
|
|
||||||
|
|
||||||
if(stats.isDirectory()) {
|
|
||||||
if(entry.substr(0, 1) == "@") {
|
|
||||||
// When we encounter a namespace folder, augment all packages belonging to the scope
|
|
||||||
var pkgFiles = fs.readdirSync(filePath);
|
|
||||||
|
|
||||||
pkgFiles.forEach(function(entry) {
|
|
||||||
if(stats.isDirectory()) {
|
|
||||||
var pkgFilePath = path.join(filePath, entry);
|
|
||||||
augmentPackageJSON(pkgFilePath, dependencies);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
} else {
|
|
||||||
augmentPackageJSON(filePath, dependencies);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
processDependencies("node_modules", lockObj.dependencies);
|
|
||||||
|
|
||||||
fs.writeFileSync("package-lock.json", JSON.stringify(lockObj, null, 2));
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}:
|
|
||||||
let
|
|
||||||
forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com";
|
|
||||||
in
|
|
||||||
''
|
|
||||||
# Pinpoint the versions of all dependencies to the ones that are actually being used
|
|
||||||
echo "pinpointing versions of dependencies..."
|
|
||||||
source $pinpointDependenciesScriptPath
|
|
||||||
|
|
||||||
# Patch the shebangs of the bundled modules to prevent them from
|
|
||||||
# calling executables outside the Nix store as much as possible
|
|
||||||
patchShebangs .
|
|
||||||
|
|
||||||
# Deploy the Node.js package by running npm install. Since the
|
|
||||||
# dependencies have been provided already by ourselves, it should not
|
|
||||||
# attempt to install them again, which is good, because we want to make
|
|
||||||
# it Nix's responsibility. If it needs to install any dependencies
|
|
||||||
# anyway (e.g. because the dependency parameters are
|
|
||||||
# incomplete/incorrect), it fails.
|
|
||||||
#
|
|
||||||
# The other responsibilities of NPM are kept -- version checks, build
|
|
||||||
# steps, postprocessing etc.
|
|
||||||
|
|
||||||
export HOME=$TMPDIR
|
|
||||||
cd "${packageName}"
|
|
||||||
runHook preRebuild
|
|
||||||
|
|
||||||
${lib.optionalString bypassCache ''
|
|
||||||
${lib.optionalString reconstructLock ''
|
|
||||||
if [ -f package-lock.json ]
|
|
||||||
then
|
|
||||||
echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
|
|
||||||
echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
|
|
||||||
rm package-lock.json
|
|
||||||
else
|
|
||||||
echo "No package-lock.json file found, reconstructing..."
|
|
||||||
fi
|
|
||||||
|
|
||||||
node ${reconstructPackageLock}
|
|
||||||
''}
|
|
||||||
|
|
||||||
node ${addIntegrityFieldsScript}
|
|
||||||
''}
|
|
||||||
|
|
||||||
npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
|
|
||||||
|
|
||||||
if [ "''${dontNpmInstall-}" != "1" ]
|
|
||||||
then
|
|
||||||
# NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
|
|
||||||
rm -f npm-shrinkwrap.json
|
|
||||||
|
|
||||||
npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} install
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Builds and composes an NPM package including all its dependencies
|
|
||||||
buildNodePackage =
|
|
||||||
{ name
|
|
||||||
, packageName
|
|
||||||
, version
|
|
||||||
, dependencies ? []
|
|
||||||
, buildInputs ? []
|
|
||||||
, production ? true
|
|
||||||
, npmFlags ? ""
|
|
||||||
, dontNpmInstall ? false
|
|
||||||
, bypassCache ? false
|
|
||||||
, reconstructLock ? false
|
|
||||||
, preRebuild ? ""
|
|
||||||
, dontStrip ? true
|
|
||||||
, unpackPhase ? "true"
|
|
||||||
, buildPhase ? "true"
|
|
||||||
, meta ? {}
|
|
||||||
, ... }@args:
|
|
||||||
|
|
||||||
let
|
|
||||||
extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" "meta" ];
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation ({
|
|
||||||
name = "${name}-${version}";
|
|
||||||
buildInputs = [ tarWrapper python nodejs ]
|
|
||||||
++ lib.optional (stdenv.isLinux) utillinux
|
|
||||||
++ lib.optional (stdenv.isDarwin) libtool
|
|
||||||
++ buildInputs;
|
|
||||||
|
|
||||||
inherit nodejs;
|
|
||||||
|
|
||||||
inherit dontStrip; # Stripping may fail a build for some package deployments
|
|
||||||
inherit dontNpmInstall preRebuild unpackPhase buildPhase;
|
|
||||||
|
|
||||||
compositionScript = composePackage args;
|
|
||||||
pinpointDependenciesScript = pinpointDependenciesOfPackage args;
|
|
||||||
|
|
||||||
passAsFile = [ "compositionScript" "pinpointDependenciesScript" ];
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
source ${installPackage}
|
|
||||||
|
|
||||||
# Create and enter a root node_modules/ folder
|
|
||||||
mkdir -p $out/lib/node_modules
|
|
||||||
cd $out/lib/node_modules
|
|
||||||
|
|
||||||
# Compose the package and all its dependencies
|
|
||||||
source $compositionScriptPath
|
|
||||||
|
|
||||||
${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
|
|
||||||
|
|
||||||
# Create symlink to the deployed executable folder, if applicable
|
|
||||||
if [ -d "$out/lib/node_modules/.bin" ]
|
|
||||||
then
|
|
||||||
ln -s $out/lib/node_modules/.bin $out/bin
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Create symlinks to the deployed manual page folders, if applicable
|
|
||||||
if [ -d "$out/lib/node_modules/${packageName}/man" ]
|
|
||||||
then
|
|
||||||
mkdir -p $out/share
|
|
||||||
for dir in "$out/lib/node_modules/${packageName}/man/"*
|
|
||||||
do
|
|
||||||
mkdir -p $out/share/man/$(basename "$dir")
|
|
||||||
for page in "$dir"/*
|
|
||||||
do
|
|
||||||
ln -s $page $out/share/man/$(basename "$dir")
|
|
||||||
done
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Run post install hook, if provided
|
|
||||||
runHook postInstall
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = {
|
|
||||||
# default to Node.js' platforms
|
|
||||||
platforms = nodejs.meta.platforms;
|
|
||||||
} // meta;
|
|
||||||
} // extraArgs);
|
|
||||||
|
|
||||||
# Builds a node environment (a node_modules folder and a set of binaries)
|
|
||||||
buildNodeDependencies =
|
|
||||||
{ name
|
|
||||||
, packageName
|
|
||||||
, version
|
|
||||||
, src
|
|
||||||
, dependencies ? []
|
|
||||||
, buildInputs ? []
|
|
||||||
, production ? true
|
|
||||||
, npmFlags ? ""
|
|
||||||
, dontNpmInstall ? false
|
|
||||||
, bypassCache ? false
|
|
||||||
, reconstructLock ? false
|
|
||||||
, dontStrip ? true
|
|
||||||
, unpackPhase ? "true"
|
|
||||||
, buildPhase ? "true"
|
|
||||||
, ... }@args:
|
|
||||||
|
|
||||||
let
|
|
||||||
extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ];
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation ({
|
|
||||||
name = "node-dependencies-${name}-${version}";
|
|
||||||
|
|
||||||
buildInputs = [ tarWrapper python nodejs ]
|
|
||||||
++ lib.optional (stdenv.isLinux) utillinux
|
|
||||||
++ lib.optional (stdenv.isDarwin) libtool
|
|
||||||
++ buildInputs;
|
|
||||||
|
|
||||||
inherit dontStrip; # Stripping may fail a build for some package deployments
|
|
||||||
inherit dontNpmInstall unpackPhase buildPhase;
|
|
||||||
|
|
||||||
includeScript = includeDependencies { inherit dependencies; };
|
|
||||||
pinpointDependenciesScript = pinpointDependenciesOfPackage args;
|
|
||||||
|
|
||||||
passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
source ${installPackage}
|
|
||||||
|
|
||||||
mkdir -p $out/${packageName}
|
|
||||||
cd $out/${packageName}
|
|
||||||
|
|
||||||
source $includeScriptPath
|
|
||||||
|
|
||||||
# Create fake package.json to make the npm commands work properly
|
|
||||||
cp ${src}/package.json .
|
|
||||||
chmod 644 package.json
|
|
||||||
${lib.optionalString bypassCache ''
|
|
||||||
if [ -f ${src}/package-lock.json ]
|
|
||||||
then
|
|
||||||
cp ${src}/package-lock.json .
|
|
||||||
fi
|
|
||||||
''}
|
|
||||||
|
|
||||||
# Go to the parent folder to make sure that all packages are pinpointed
|
|
||||||
cd ..
|
|
||||||
${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
|
|
||||||
|
|
||||||
${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
|
|
||||||
|
|
||||||
# Expose the executables that were installed
|
|
||||||
cd ..
|
|
||||||
${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
|
|
||||||
|
|
||||||
mv ${packageName} lib
|
|
||||||
ln -s $out/lib/node_modules/.bin $out/bin
|
|
||||||
'';
|
|
||||||
} // extraArgs);
|
|
||||||
|
|
||||||
# Builds a development shell
|
|
||||||
buildNodeShell =
|
|
||||||
{ name
|
|
||||||
, packageName
|
|
||||||
, version
|
|
||||||
, src
|
|
||||||
, dependencies ? []
|
|
||||||
, buildInputs ? []
|
|
||||||
, production ? true
|
|
||||||
, npmFlags ? ""
|
|
||||||
, dontNpmInstall ? false
|
|
||||||
, bypassCache ? false
|
|
||||||
, reconstructLock ? false
|
|
||||||
, dontStrip ? true
|
|
||||||
, unpackPhase ? "true"
|
|
||||||
, buildPhase ? "true"
|
|
||||||
, ... }@args:
|
|
||||||
|
|
||||||
let
|
|
||||||
nodeDependencies = buildNodeDependencies args;
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
name = "node-shell-${name}-${version}";
|
|
||||||
|
|
||||||
buildInputs = [ python nodejs ] ++ lib.optional (stdenv.isLinux) utillinux ++ buildInputs;
|
|
||||||
buildCommand = ''
|
|
||||||
mkdir -p $out/bin
|
|
||||||
cat > $out/bin/shell <<EOF
|
|
||||||
#! ${stdenv.shell} -e
|
|
||||||
$shellHook
|
|
||||||
exec ${stdenv.shell}
|
|
||||||
EOF
|
|
||||||
chmod +x $out/bin/shell
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Provide the dependencies in a development shell through the NODE_PATH environment variable
|
|
||||||
inherit nodeDependencies;
|
|
||||||
shellHook = lib.optionalString (dependencies != []) ''
|
|
||||||
export NODE_PATH=${nodeDependencies}/lib/node_modules
|
|
||||||
export PATH="${nodeDependencies}/bin:$PATH"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
buildNodeSourceDist = lib.makeOverridable buildNodeSourceDist;
|
|
||||||
buildNodePackage = lib.makeOverridable buildNodePackage;
|
|
||||||
buildNodeDependencies = lib.makeOverridable buildNodeDependencies;
|
|
||||||
buildNodeShell = lib.makeOverridable buildNodeShell;
|
|
||||||
}
|
|
|
@ -1,756 +0,0 @@
|
||||||
# This file has been generated by node2nix 1.9.0. Do not edit!
|
|
||||||
|
|
||||||
{nodeEnv, fetchurl, fetchgit, nix-gitignore, stdenv, lib, globalBuildInputs ? []}:
|
|
||||||
|
|
||||||
let
|
|
||||||
sources = {
|
|
||||||
"@mcrowe/minibloom-0.2.0" = {
|
|
||||||
name = "_at_mcrowe_slash_minibloom";
|
|
||||||
packageName = "@mcrowe/minibloom";
|
|
||||||
version = "0.2.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/@mcrowe/minibloom/-/minibloom-0.2.0.tgz";
|
|
||||||
sha1 = "1bed96aec18388198da37443899b2c3ff5948053";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"accepts-1.3.8" = {
|
|
||||||
name = "accepts";
|
|
||||||
packageName = "accepts";
|
|
||||||
version = "1.3.8";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz";
|
|
||||||
sha512 = "PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"array-flatten-1.1.1" = {
|
|
||||||
name = "array-flatten";
|
|
||||||
packageName = "array-flatten";
|
|
||||||
version = "1.1.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz";
|
|
||||||
sha1 = "9a5f699051b1e7073328f2a008968b64ea2955d2";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"async-limiter-1.0.1" = {
|
|
||||||
name = "async-limiter";
|
|
||||||
packageName = "async-limiter";
|
|
||||||
version = "1.0.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz";
|
|
||||||
sha512 = "csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"body-parser-1.18.3" = {
|
|
||||||
name = "body-parser";
|
|
||||||
packageName = "body-parser";
|
|
||||||
version = "1.18.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/body-parser/-/body-parser-1.18.3.tgz";
|
|
||||||
sha1 = "5b292198ffdd553b3a0f20ded0592b956955c8b4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"bytes-3.0.0" = {
|
|
||||||
name = "bytes";
|
|
||||||
packageName = "bytes";
|
|
||||||
version = "3.0.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz";
|
|
||||||
sha1 = "d32815404d689699f85a4ea4fa8755dd13a96048";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"chainpad-crypto-0.2.7" = {
|
|
||||||
name = "chainpad-crypto";
|
|
||||||
packageName = "chainpad-crypto";
|
|
||||||
version = "0.2.7";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/chainpad-crypto/-/chainpad-crypto-0.2.7.tgz";
|
|
||||||
sha512 = "H2FfFmMwWw4i8XeGVjKUNEmgOnJohlAvc5IpnVnHqCDm6axntpZ15rv9hV70uhzDrmFhlAPW8MoY4roe5PhUyA==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"chainpad-server-5.1.0" = {
|
|
||||||
name = "chainpad-server";
|
|
||||||
packageName = "chainpad-server";
|
|
||||||
version = "5.1.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/chainpad-server/-/chainpad-server-5.1.0.tgz";
|
|
||||||
sha512 = "BdjgOOLTXXo1EjQ7lURDe7oqsqfQISNvwhILfp3K3diY2K1hxpPLbjYzOSgxNOTADeOAff0xnInR5eUCESVWaQ==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"content-disposition-0.5.2" = {
|
|
||||||
name = "content-disposition";
|
|
||||||
packageName = "content-disposition";
|
|
||||||
version = "0.5.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz";
|
|
||||||
sha1 = "0cf68bb9ddf5f2be7961c3a85178cb85dba78cb4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"content-type-1.0.4" = {
|
|
||||||
name = "content-type";
|
|
||||||
packageName = "content-type";
|
|
||||||
version = "1.0.4";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz";
|
|
||||||
sha512 = "hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"cookie-0.3.1" = {
|
|
||||||
name = "cookie";
|
|
||||||
packageName = "cookie";
|
|
||||||
version = "0.3.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz";
|
|
||||||
sha1 = "e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"cookie-signature-1.0.6" = {
|
|
||||||
name = "cookie-signature";
|
|
||||||
packageName = "cookie-signature";
|
|
||||||
version = "1.0.6";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz";
|
|
||||||
sha1 = "e303a882b342cc3ee8ca513a79999734dab3ae2c";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"debug-2.6.9" = {
|
|
||||||
name = "debug";
|
|
||||||
packageName = "debug";
|
|
||||||
version = "2.6.9";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz";
|
|
||||||
sha512 = "bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"depd-1.1.2" = {
|
|
||||||
name = "depd";
|
|
||||||
packageName = "depd";
|
|
||||||
version = "1.1.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz";
|
|
||||||
sha1 = "9bcd52e14c097763e749b274c4346ed2e560b5a9";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"destroy-1.0.4" = {
|
|
||||||
name = "destroy";
|
|
||||||
packageName = "destroy";
|
|
||||||
version = "1.0.4";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz";
|
|
||||||
sha1 = "978857442c44749e4206613e37946205826abd80";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"ee-first-1.1.1" = {
|
|
||||||
name = "ee-first";
|
|
||||||
packageName = "ee-first";
|
|
||||||
version = "1.1.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz";
|
|
||||||
sha1 = "590c61156b0ae2f4f0255732a158b266bc56b21d";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"encodeurl-1.0.2" = {
|
|
||||||
name = "encodeurl";
|
|
||||||
packageName = "encodeurl";
|
|
||||||
version = "1.0.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz";
|
|
||||||
sha1 = "ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"escape-html-1.0.3" = {
|
|
||||||
name = "escape-html";
|
|
||||||
packageName = "escape-html";
|
|
||||||
version = "1.0.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz";
|
|
||||||
sha1 = "0258eae4d3d0c0974de1c169188ef0051d1d1988";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"etag-1.8.1" = {
|
|
||||||
name = "etag";
|
|
||||||
packageName = "etag";
|
|
||||||
version = "1.8.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz";
|
|
||||||
sha1 = "41ae2eeb65efa62268aebfea83ac7d79299b0887";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"express-4.16.4" = {
|
|
||||||
name = "express";
|
|
||||||
packageName = "express";
|
|
||||||
version = "4.16.4";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/express/-/express-4.16.4.tgz";
|
|
||||||
sha512 = "j12Uuyb4FMrd/qQAm6uCHAkPtO8FDTRJZBDd5D2KOL2eLaz1yUNdUB/NOIyq0iU4q4cFarsUCrnFDPBcnksuOg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"finalhandler-1.1.1" = {
|
|
||||||
name = "finalhandler";
|
|
||||||
packageName = "finalhandler";
|
|
||||||
version = "1.1.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.1.tgz";
|
|
||||||
sha512 = "Y1GUDo39ez4aHAw7MysnUD5JzYX+WaIj8I57kO3aEPT1fFRL4sr7mjei97FgnwhAyyzRYmQZaTHb2+9uZ1dPtg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"forwarded-0.2.0" = {
|
|
||||||
name = "forwarded";
|
|
||||||
packageName = "forwarded";
|
|
||||||
version = "0.2.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz";
|
|
||||||
sha512 = "buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"fresh-0.5.2" = {
|
|
||||||
name = "fresh";
|
|
||||||
packageName = "fresh";
|
|
||||||
version = "0.5.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz";
|
|
||||||
sha1 = "3d8cadd90d976569fa835ab1f8e4b23a105605a7";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"fs-extra-7.0.1" = {
|
|
||||||
name = "fs-extra";
|
|
||||||
packageName = "fs-extra";
|
|
||||||
version = "7.0.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/fs-extra/-/fs-extra-7.0.1.tgz";
|
|
||||||
sha512 = "YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"gar-1.0.4" = {
|
|
||||||
name = "gar";
|
|
||||||
packageName = "gar";
|
|
||||||
version = "1.0.4";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/gar/-/gar-1.0.4.tgz";
|
|
||||||
sha512 = "w4n9cPWyP7aHxKxYHFQMegj7WIAsL/YX/C4Bs5Rr8s1H9M1rNtRWRsw+ovYMkXDQ5S4ZbYHsHAPmevPjPgw44w==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"get-folder-size-2.0.1" = {
|
|
||||||
name = "get-folder-size";
|
|
||||||
packageName = "get-folder-size";
|
|
||||||
version = "2.0.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/get-folder-size/-/get-folder-size-2.0.1.tgz";
|
|
||||||
sha512 = "+CEb+GDCM7tkOS2wdMKTn9vU7DgnKUTuDlehkNJKNSovdCOVxs14OfKCk4cvSaR3za4gj+OBdl9opPN9xrJ0zA==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"graceful-fs-4.2.10" = {
|
|
||||||
name = "graceful-fs";
|
|
||||||
packageName = "graceful-fs";
|
|
||||||
version = "4.2.10";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz";
|
|
||||||
sha512 = "9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"http-errors-1.6.3" = {
|
|
||||||
name = "http-errors";
|
|
||||||
packageName = "http-errors";
|
|
||||||
version = "1.6.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz";
|
|
||||||
sha1 = "8b55680bb4be283a0b5bf4ea2e38580be1d9320d";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"iconv-lite-0.4.23" = {
|
|
||||||
name = "iconv-lite";
|
|
||||||
packageName = "iconv-lite";
|
|
||||||
version = "0.4.23";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.23.tgz";
|
|
||||||
sha512 = "neyTUVFtahjf0mB3dZT77u+8O0QB89jFdnBkd5P1JgYPbPaia3gXXOVL2fq8VyU2gMMD7SaN7QukTB/pmXYvDA==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"inherits-2.0.3" = {
|
|
||||||
name = "inherits";
|
|
||||||
packageName = "inherits";
|
|
||||||
version = "2.0.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz";
|
|
||||||
sha1 = "633c2c83e3da42a502f52466022480f4208261de";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"ipaddr.js-1.9.1" = {
|
|
||||||
name = "ipaddr.js";
|
|
||||||
packageName = "ipaddr.js";
|
|
||||||
version = "1.9.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz";
|
|
||||||
sha512 = "0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"jsonfile-4.0.0" = {
|
|
||||||
name = "jsonfile";
|
|
||||||
packageName = "jsonfile";
|
|
||||||
version = "4.0.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz";
|
|
||||||
sha1 = "8771aae0799b64076b76640fca058f9c10e33ecb";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"lex-1.7.9" = {
|
|
||||||
name = "lex";
|
|
||||||
packageName = "lex";
|
|
||||||
version = "1.7.9";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/lex/-/lex-1.7.9.tgz";
|
|
||||||
sha1 = "5d5636ccef574348362938b79a47f0eed8ed0d43";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"looper-3.0.0" = {
|
|
||||||
name = "looper";
|
|
||||||
packageName = "looper";
|
|
||||||
version = "3.0.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/looper/-/looper-3.0.0.tgz";
|
|
||||||
sha1 = "2efa54c3b1cbaba9b94aee2e5914b0be57fbb749";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"media-typer-0.3.0" = {
|
|
||||||
name = "media-typer";
|
|
||||||
packageName = "media-typer";
|
|
||||||
version = "0.3.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz";
|
|
||||||
sha1 = "8710d7af0aa626f8fffa1ce00168545263255748";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"merge-descriptors-1.0.1" = {
|
|
||||||
name = "merge-descriptors";
|
|
||||||
packageName = "merge-descriptors";
|
|
||||||
version = "1.0.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz";
|
|
||||||
sha1 = "b00aaa556dd8b44568150ec9d1b953f3f90cbb61";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"methods-1.1.2" = {
|
|
||||||
name = "methods";
|
|
||||||
packageName = "methods";
|
|
||||||
version = "1.1.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz";
|
|
||||||
sha1 = "5529a4d67654134edcc5266656835b0f851afcee";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"mime-1.4.1" = {
|
|
||||||
name = "mime";
|
|
||||||
packageName = "mime";
|
|
||||||
version = "1.4.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/mime/-/mime-1.4.1.tgz";
|
|
||||||
sha512 = "KI1+qOZu5DcW6wayYHSzR/tXKCDC5Om4s1z2QJjDULzLcmf3DvzS7oluY4HCTrc+9FiKmWUgeNLg7W3uIQvxtQ==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"mime-db-1.52.0" = {
|
|
||||||
name = "mime-db";
|
|
||||||
packageName = "mime-db";
|
|
||||||
version = "1.52.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz";
|
|
||||||
sha512 = "sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"mime-types-2.1.35" = {
|
|
||||||
name = "mime-types";
|
|
||||||
packageName = "mime-types";
|
|
||||||
version = "2.1.35";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz";
|
|
||||||
sha512 = "ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"ms-2.0.0" = {
|
|
||||||
name = "ms";
|
|
||||||
packageName = "ms";
|
|
||||||
version = "2.0.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz";
|
|
||||||
sha1 = "5608aeadfc00be6c2901df5f9861788de0d597c8";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"negotiator-0.6.3" = {
|
|
||||||
name = "negotiator";
|
|
||||||
packageName = "negotiator";
|
|
||||||
version = "0.6.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz";
|
|
||||||
sha512 = "+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"netflux-websocket-0.1.21" = {
|
|
||||||
name = "netflux-websocket";
|
|
||||||
packageName = "netflux-websocket";
|
|
||||||
version = "0.1.21";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/netflux-websocket/-/netflux-websocket-0.1.21.tgz";
|
|
||||||
sha512 = "Zjl5lefg8urC0a0T7YCPGiUgRsISZBsTZl1STylmQz8Bq4ohcZ8cP3r6VoCpeVcvJ1Y/e3ZCXPxndWlNP9Jfug==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"nthen-0.1.8" = {
|
|
||||||
name = "nthen";
|
|
||||||
packageName = "nthen";
|
|
||||||
version = "0.1.8";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/nthen/-/nthen-0.1.8.tgz";
|
|
||||||
sha512 = "Oh2CwIbhj+wUT94lQV7LKmmgw3UYAGGd8oLIqp6btQN3Bz3PuWp4BuvtUo35H3rqDknjPfKx5P6mt7v+aJNjcw==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"on-finished-2.3.0" = {
|
|
||||||
name = "on-finished";
|
|
||||||
packageName = "on-finished";
|
|
||||||
version = "2.3.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz";
|
|
||||||
sha1 = "20f1336481b083cd75337992a16971aa2d906947";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"parseurl-1.3.3" = {
|
|
||||||
name = "parseurl";
|
|
||||||
packageName = "parseurl";
|
|
||||||
version = "1.3.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz";
|
|
||||||
sha512 = "CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"path-to-regexp-0.1.7" = {
|
|
||||||
name = "path-to-regexp";
|
|
||||||
packageName = "path-to-regexp";
|
|
||||||
version = "0.1.7";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz";
|
|
||||||
sha1 = "df604178005f522f15eb4490e7247a1bfaa67f8c";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"proxy-addr-2.0.7" = {
|
|
||||||
name = "proxy-addr";
|
|
||||||
packageName = "proxy-addr";
|
|
||||||
version = "2.0.7";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz";
|
|
||||||
sha512 = "llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"pull-stream-3.6.14" = {
|
|
||||||
name = "pull-stream";
|
|
||||||
packageName = "pull-stream";
|
|
||||||
version = "3.6.14";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/pull-stream/-/pull-stream-3.6.14.tgz";
|
|
||||||
sha512 = "KIqdvpqHHaTUA2mCYcLG1ibEbu/LCKoJZsBWyv9lSYtPkJPBq8m3Hxa103xHi6D2thj5YXa0TqK3L3GUkwgnew==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"qs-6.5.2" = {
|
|
||||||
name = "qs";
|
|
||||||
packageName = "qs";
|
|
||||||
version = "6.5.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz";
|
|
||||||
sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"range-parser-1.2.1" = {
|
|
||||||
name = "range-parser";
|
|
||||||
packageName = "range-parser";
|
|
||||||
version = "1.2.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz";
|
|
||||||
sha512 = "Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"raw-body-2.3.3" = {
|
|
||||||
name = "raw-body";
|
|
||||||
packageName = "raw-body";
|
|
||||||
version = "2.3.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/raw-body/-/raw-body-2.3.3.tgz";
|
|
||||||
sha512 = "9esiElv1BrZoI3rCDuOuKCBRbuApGGaDPQfjSflGxdy4oyzqghxu6klEkkVIvBje+FF0BX9coEv8KqW6X/7njw==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"safe-buffer-5.1.2" = {
|
|
||||||
name = "safe-buffer";
|
|
||||||
packageName = "safe-buffer";
|
|
||||||
version = "5.1.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz";
|
|
||||||
sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"safer-buffer-2.1.2" = {
|
|
||||||
name = "safer-buffer";
|
|
||||||
packageName = "safer-buffer";
|
|
||||||
version = "2.1.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz";
|
|
||||||
sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"saferphore-0.0.1" = {
|
|
||||||
name = "saferphore";
|
|
||||||
packageName = "saferphore";
|
|
||||||
version = "0.0.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/saferphore/-/saferphore-0.0.1.tgz";
|
|
||||||
sha1 = "cc962eda4e2b2452e6437fd32dcfb6f69ef2ea63";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"send-0.16.2" = {
|
|
||||||
name = "send";
|
|
||||||
packageName = "send";
|
|
||||||
version = "0.16.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/send/-/send-0.16.2.tgz";
|
|
||||||
sha512 = "E64YFPUssFHEFBvpbbjr44NCLtI1AohxQ8ZSiJjQLskAdKuriYEP6VyGEsRDH8ScozGpkaX1BGvhanqCwkcEZw==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"serve-static-1.13.2" = {
|
|
||||||
name = "serve-static";
|
|
||||||
packageName = "serve-static";
|
|
||||||
version = "1.13.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/serve-static/-/serve-static-1.13.2.tgz";
|
|
||||||
sha512 = "p/tdJrO4U387R9oMjb1oj7qSMaMfmOyd4j9hOFoxZe2baQszgHcSWjuya/CiT5kgZZKRudHNOA0pYXOl8rQ5nw==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"setprototypeof-1.1.0" = {
|
|
||||||
name = "setprototypeof";
|
|
||||||
packageName = "setprototypeof";
|
|
||||||
version = "1.1.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz";
|
|
||||||
sha512 = "BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"sortify-1.0.4" = {
|
|
||||||
name = "sortify";
|
|
||||||
packageName = "sortify";
|
|
||||||
version = "1.0.4";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/sortify/-/sortify-1.0.4.tgz";
|
|
||||||
sha1 = "f0178687c83231be8a34fc0ec5462ea957b60284";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"statuses-1.4.0" = {
|
|
||||||
name = "statuses";
|
|
||||||
packageName = "statuses";
|
|
||||||
version = "1.4.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/statuses/-/statuses-1.4.0.tgz";
|
|
||||||
sha512 = "zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"stream-to-pull-stream-1.7.3" = {
|
|
||||||
name = "stream-to-pull-stream";
|
|
||||||
packageName = "stream-to-pull-stream";
|
|
||||||
version = "1.7.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/stream-to-pull-stream/-/stream-to-pull-stream-1.7.3.tgz";
|
|
||||||
sha512 = "6sNyqJpr5dIOQdgNy/xcDWwDuzAsAwVzhzrWlAPAQ7Lkjx/rv0wgvxEyKwTq6FmNd5rjTrELt/CLmaSw7crMGg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"tiny-each-async-2.0.3" = {
|
|
||||||
name = "tiny-each-async";
|
|
||||||
packageName = "tiny-each-async";
|
|
||||||
version = "2.0.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/tiny-each-async/-/tiny-each-async-2.0.3.tgz";
|
|
||||||
sha1 = "8ebbbfd6d6295f1370003fbb37162afe5a0a51d1";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"tweetnacl-0.12.2" = {
|
|
||||||
name = "tweetnacl";
|
|
||||||
packageName = "tweetnacl";
|
|
||||||
version = "0.12.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.12.2.tgz";
|
|
||||||
sha1 = "bd59f890507856fb0a1136acc3a8b44547e29ddb";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"type-is-1.6.18" = {
|
|
||||||
name = "type-is";
|
|
||||||
packageName = "type-is";
|
|
||||||
version = "1.6.18";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz";
|
|
||||||
sha512 = "TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"ulimit-0.0.2" = {
|
|
||||||
name = "ulimit";
|
|
||||||
packageName = "ulimit";
|
|
||||||
version = "0.0.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/ulimit/-/ulimit-0.0.2.tgz";
|
|
||||||
sha1 = "2b51f9dc8381ae4102636cec5eb338c2630588a0";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"ultron-1.1.1" = {
|
|
||||||
name = "ultron";
|
|
||||||
packageName = "ultron";
|
|
||||||
version = "1.1.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/ultron/-/ultron-1.1.1.tgz";
|
|
||||||
sha512 = "UIEXBNeYmKptWH6z8ZnqTeS8fV74zG0/eRU9VGkpzz+LIJNs8W/zM/L+7ctCkRrgbNnnR0xxw4bKOr0cW0N0Og==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"universalify-0.1.2" = {
|
|
||||||
name = "universalify";
|
|
||||||
packageName = "universalify";
|
|
||||||
version = "0.1.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz";
|
|
||||||
sha512 = "rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"unpipe-1.0.0" = {
|
|
||||||
name = "unpipe";
|
|
||||||
packageName = "unpipe";
|
|
||||||
version = "1.0.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz";
|
|
||||||
sha1 = "b2bf4ee8514aae6165b4817829d21b2ef49904ec";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"utils-merge-1.0.1" = {
|
|
||||||
name = "utils-merge";
|
|
||||||
packageName = "utils-merge";
|
|
||||||
version = "1.0.1";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz";
|
|
||||||
sha1 = "9f95710f50a267947b2ccc124741c1028427e713";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"vary-1.1.2" = {
|
|
||||||
name = "vary";
|
|
||||||
packageName = "vary";
|
|
||||||
version = "1.1.2";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz";
|
|
||||||
sha1 = "2299f02c6ded30d4a5961b0b9f74524a18f634fc";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"ws-3.3.3" = {
|
|
||||||
name = "ws";
|
|
||||||
packageName = "ws";
|
|
||||||
version = "3.3.3";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://registry.npmjs.org/ws/-/ws-3.3.3.tgz";
|
|
||||||
sha512 = "nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
args = {
|
|
||||||
name = "cryptpad";
|
|
||||||
packageName = "cryptpad";
|
|
||||||
version = "4.14.1";
|
|
||||||
src = ./.;
|
|
||||||
dependencies = [
|
|
||||||
sources."@mcrowe/minibloom-0.2.0"
|
|
||||||
sources."accepts-1.3.8"
|
|
||||||
sources."array-flatten-1.1.1"
|
|
||||||
sources."async-limiter-1.0.1"
|
|
||||||
sources."body-parser-1.18.3"
|
|
||||||
sources."bytes-3.0.0"
|
|
||||||
sources."chainpad-crypto-0.2.7"
|
|
||||||
sources."chainpad-server-5.1.0"
|
|
||||||
sources."content-disposition-0.5.2"
|
|
||||||
sources."content-type-1.0.4"
|
|
||||||
sources."cookie-0.3.1"
|
|
||||||
sources."cookie-signature-1.0.6"
|
|
||||||
sources."debug-2.6.9"
|
|
||||||
sources."depd-1.1.2"
|
|
||||||
sources."destroy-1.0.4"
|
|
||||||
sources."ee-first-1.1.1"
|
|
||||||
sources."encodeurl-1.0.2"
|
|
||||||
sources."escape-html-1.0.3"
|
|
||||||
sources."etag-1.8.1"
|
|
||||||
sources."express-4.16.4"
|
|
||||||
sources."finalhandler-1.1.1"
|
|
||||||
sources."forwarded-0.2.0"
|
|
||||||
sources."fresh-0.5.2"
|
|
||||||
sources."fs-extra-7.0.1"
|
|
||||||
sources."gar-1.0.4"
|
|
||||||
sources."get-folder-size-2.0.1"
|
|
||||||
sources."graceful-fs-4.2.10"
|
|
||||||
sources."http-errors-1.6.3"
|
|
||||||
sources."iconv-lite-0.4.23"
|
|
||||||
sources."inherits-2.0.3"
|
|
||||||
sources."ipaddr.js-1.9.1"
|
|
||||||
sources."jsonfile-4.0.0"
|
|
||||||
sources."lex-1.7.9"
|
|
||||||
sources."looper-3.0.0"
|
|
||||||
sources."media-typer-0.3.0"
|
|
||||||
sources."merge-descriptors-1.0.1"
|
|
||||||
sources."methods-1.1.2"
|
|
||||||
sources."mime-db-1.52.0"
|
|
||||||
sources."mime-types-2.1.35"
|
|
||||||
sources."ms-2.0.0"
|
|
||||||
sources."negotiator-0.6.3"
|
|
||||||
sources."netflux-websocket-0.1.21"
|
|
||||||
sources."nthen-0.1.8"
|
|
||||||
sources."on-finished-2.3.0"
|
|
||||||
sources."parseurl-1.3.3"
|
|
||||||
sources."path-to-regexp-0.1.7"
|
|
||||||
sources."proxy-addr-2.0.7"
|
|
||||||
sources."pull-stream-3.6.14"
|
|
||||||
sources."qs-6.5.2"
|
|
||||||
sources."range-parser-1.2.1"
|
|
||||||
sources."raw-body-2.3.3"
|
|
||||||
sources."safe-buffer-5.1.2"
|
|
||||||
sources."safer-buffer-2.1.2"
|
|
||||||
sources."saferphore-0.0.1"
|
|
||||||
(sources."send-0.16.2" // {
|
|
||||||
dependencies = [
|
|
||||||
sources."mime-1.4.1"
|
|
||||||
];
|
|
||||||
})
|
|
||||||
sources."serve-static-1.13.2"
|
|
||||||
sources."setprototypeof-1.1.0"
|
|
||||||
sources."sortify-1.0.4"
|
|
||||||
sources."statuses-1.4.0"
|
|
||||||
sources."stream-to-pull-stream-1.7.3"
|
|
||||||
sources."tiny-each-async-2.0.3"
|
|
||||||
sources."tweetnacl-0.12.2"
|
|
||||||
sources."type-is-1.6.18"
|
|
||||||
sources."ulimit-0.0.2"
|
|
||||||
sources."ultron-1.1.1"
|
|
||||||
sources."universalify-0.1.2"
|
|
||||||
sources."unpipe-1.0.0"
|
|
||||||
sources."utils-merge-1.0.1"
|
|
||||||
sources."vary-1.1.2"
|
|
||||||
sources."ws-3.3.3"
|
|
||||||
];
|
|
||||||
buildInputs = globalBuildInputs;
|
|
||||||
meta = {
|
|
||||||
description = "realtime collaborative visual editor with zero knowlege server";
|
|
||||||
license = "AGPL-3.0+";
|
|
||||||
};
|
|
||||||
production = true;
|
|
||||||
bypassCache = true;
|
|
||||||
reconstructLock = false;
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
args = args;
|
|
||||||
sources = sources;
|
|
||||||
tarball = nodeEnv.buildNodeSourceDist args;
|
|
||||||
package = nodeEnv.buildNodePackage args;
|
|
||||||
shell = nodeEnv.buildNodeShell args;
|
|
||||||
nodeDependencies = nodeEnv.buildNodeDependencies (lib.overrideExisting args {
|
|
||||||
src = stdenv.mkDerivation {
|
|
||||||
name = args.name + "-package-json";
|
|
||||||
src = nix-gitignore.gitignoreSourcePure [
|
|
||||||
"*"
|
|
||||||
"!package.json"
|
|
||||||
"!package-lock.json"
|
|
||||||
] args.src;
|
|
||||||
dontBuild = true;
|
|
||||||
installPhase = "mkdir -p $out; cp -r ./* $out;";
|
|
||||||
};
|
|
||||||
});
|
|
||||||
}
|
|
|
@ -1,17 +0,0 @@
|
||||||
# This file has been generated by node2nix 1.9.0. Do not edit!
|
|
||||||
|
|
||||||
{pkgs ? import <nixpkgs> {
|
|
||||||
inherit system;
|
|
||||||
}, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-12_x"}:
|
|
||||||
|
|
||||||
let
|
|
||||||
nodeEnv = import ./node-env.nix {
|
|
||||||
inherit (pkgs) stdenv lib python2 runCommand writeTextFile writeShellScript;
|
|
||||||
inherit pkgs nodejs;
|
|
||||||
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
|
|
||||||
};
|
|
||||||
in
|
|
||||||
import ./node-packages.nix {
|
|
||||||
inherit (pkgs) fetchurl nix-gitignore stdenv lib fetchgit;
|
|
||||||
inherit nodeEnv;
|
|
||||||
}
|
|
6618
cluster/prod/app/cryptpad/build/nix.lock/package-lock.json
generated
6618
cluster/prod/app/cryptpad/build/nix.lock/package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
@ -1,55 +0,0 @@
|
||||||
{
|
|
||||||
"name": "cryptpad",
|
|
||||||
"description": "realtime collaborative visual editor with zero knowlege server",
|
|
||||||
"version": "4.14.1",
|
|
||||||
"license": "AGPL-3.0+",
|
|
||||||
"repository": {
|
|
||||||
"type": "git",
|
|
||||||
"url": "git+https://github.com/xwiki-labs/cryptpad.git"
|
|
||||||
},
|
|
||||||
"funding": {
|
|
||||||
"type": "opencollective",
|
|
||||||
"url": "https://opencollective.com/cryptpad"
|
|
||||||
},
|
|
||||||
"dependencies": {
|
|
||||||
"@mcrowe/minibloom": "^0.2.0",
|
|
||||||
"chainpad-crypto": "^0.2.5",
|
|
||||||
"chainpad-server": "^5.1.0",
|
|
||||||
"express": "~4.16.0",
|
|
||||||
"fs-extra": "^7.0.0",
|
|
||||||
"get-folder-size": "^2.0.1",
|
|
||||||
"netflux-websocket": "^0.1.20",
|
|
||||||
"nthen": "0.1.8",
|
|
||||||
"pull-stream": "^3.6.1",
|
|
||||||
"saferphore": "0.0.1",
|
|
||||||
"sortify": "^1.0.4",
|
|
||||||
"stream-to-pull-stream": "^1.7.2",
|
|
||||||
"tweetnacl": "~0.12.2",
|
|
||||||
"ulimit": "0.0.2",
|
|
||||||
"ws": "^3.3.1"
|
|
||||||
},
|
|
||||||
"devDependencies": {
|
|
||||||
"jshint": "^2.13.4",
|
|
||||||
"less": "3.7.1",
|
|
||||||
"lesshint": "6.3.7",
|
|
||||||
"selenium-webdriver": "^3.6.0"
|
|
||||||
},
|
|
||||||
"scripts": {
|
|
||||||
"start": "node server.js",
|
|
||||||
"dev": "DEV=1 node server.js",
|
|
||||||
"fresh": "FRESH=1 node server.js",
|
|
||||||
"offline": "FRESH=1 OFFLINE=1 node server.js",
|
|
||||||
"offlinedev": "DEV=1 OFFLINE=1 node server.js",
|
|
||||||
"package": "PACKAGE=1 node server.js",
|
|
||||||
"lint": "jshint --config .jshintrc --exclude-path .jshintignore . && ./node_modules/lesshint/bin/lesshint -c ./.lesshintrc ./customize.dist/src/less2/",
|
|
||||||
"lint:js": "jshint --config .jshintrc --exclude-path .jshintignore .",
|
|
||||||
"lint:server": "jshint --config .jshintrc lib",
|
|
||||||
"lint:less": "./node_modules/lesshint/bin/lesshint -c ./.lesshintrc ./customize.dist/src/less2/",
|
|
||||||
"lint:translations": "node ./scripts/translations/lint-translations.js",
|
|
||||||
"unused-translations": "node ./scripts/translations/unused-translations.js",
|
|
||||||
"test": "node scripts/TestSelenium.js",
|
|
||||||
"test-rpc": "cd scripts/tests && node test-rpc",
|
|
||||||
"template": "cd customize.dist/src && for page in ../index.html ../privacy.html ../terms.html ../contact.html ../what-is-cryptpad.html ../features.html ../../www/login/index.html ../../www/register/index.html ../../www/user/index.html;do echo $page; cp template.html $page; done;",
|
|
||||||
"evict-inactive": "node scripts/evict-inactive.js"
|
|
||||||
}
|
|
||||||
}
|
|
14
cluster/prod/app/cryptpad/build/nix/sources.json
Normal file
14
cluster/prod/app/cryptpad/build/nix/sources.json
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"nixpkgs": {
|
||||||
|
"branch": "nixos-23.11",
|
||||||
|
"description": "Nix Packages collection",
|
||||||
|
"homepage": null,
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e",
|
||||||
|
"sha256": "0yqbwqbripb1bbhlwjfbqmg9qb0lai2fc0k1vfh674d6rrc8igwv",
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://github.com/NixOS/nixpkgs/archive/53a2c32bc66f5ae41a28d7a9a49d321172af621e.tar.gz",
|
||||||
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
|
}
|
||||||
|
}
|
198
cluster/prod/app/cryptpad/build/nix/sources.nix
Normal file
198
cluster/prod/app/cryptpad/build/nix/sources.nix
Normal file
|
@ -0,0 +1,198 @@
|
||||||
|
# This file has been generated by Niv.
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
#
|
||||||
|
# The fetchers. fetch_<type> fetches specs of type <type>.
|
||||||
|
#
|
||||||
|
|
||||||
|
fetch_file = pkgs: name: spec:
|
||||||
|
let
|
||||||
|
name' = sanitizeName name + "-src";
|
||||||
|
in
|
||||||
|
if spec.builtin or true then
|
||||||
|
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
|
||||||
|
else
|
||||||
|
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
|
||||||
|
|
||||||
|
fetch_tarball = pkgs: name: spec:
|
||||||
|
let
|
||||||
|
name' = sanitizeName name + "-src";
|
||||||
|
in
|
||||||
|
if spec.builtin or true then
|
||||||
|
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
|
||||||
|
else
|
||||||
|
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
|
||||||
|
|
||||||
|
fetch_git = name: spec:
|
||||||
|
let
|
||||||
|
ref =
|
||||||
|
spec.ref or (
|
||||||
|
if spec ? branch then "refs/heads/${spec.branch}" else
|
||||||
|
if spec ? tag then "refs/tags/${spec.tag}" else
|
||||||
|
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"
|
||||||
|
);
|
||||||
|
submodules = spec.submodules or false;
|
||||||
|
submoduleArg =
|
||||||
|
let
|
||||||
|
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
||||||
|
emptyArgWithWarning =
|
||||||
|
if submodules
|
||||||
|
then
|
||||||
|
builtins.trace
|
||||||
|
(
|
||||||
|
"The niv input \"${name}\" uses submodules "
|
||||||
|
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
||||||
|
+ "does not support them"
|
||||||
|
)
|
||||||
|
{ }
|
||||||
|
else { };
|
||||||
|
in
|
||||||
|
if nixSupportsSubmodules
|
||||||
|
then { inherit submodules; }
|
||||||
|
else emptyArgWithWarning;
|
||||||
|
in
|
||||||
|
builtins.fetchGit
|
||||||
|
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
|
||||||
|
|
||||||
|
fetch_local = spec: spec.path;
|
||||||
|
|
||||||
|
fetch_builtin-tarball = name: throw
|
||||||
|
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
|
||||||
|
$ niv modify ${name} -a type=tarball -a builtin=true'';
|
||||||
|
|
||||||
|
fetch_builtin-url = name: throw
|
||||||
|
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
|
||||||
|
$ niv modify ${name} -a type=file -a builtin=true'';
|
||||||
|
|
||||||
|
#
|
||||||
|
# Various helpers
|
||||||
|
#
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
|
||||||
|
sanitizeName = name:
|
||||||
|
(
|
||||||
|
concatMapStrings (s: if builtins.isList s then "-" else s)
|
||||||
|
(
|
||||||
|
builtins.split "[^[:alnum:]+._?=-]+"
|
||||||
|
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
# The set of packages used when specs are fetched using non-builtins.
|
||||||
|
mkPkgs = sources: system:
|
||||||
|
let
|
||||||
|
sourcesNixpkgs =
|
||||||
|
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
|
||||||
|
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
||||||
|
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
||||||
|
in
|
||||||
|
if builtins.hasAttr "nixpkgs" sources
|
||||||
|
then sourcesNixpkgs
|
||||||
|
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
|
||||||
|
import <nixpkgs> { }
|
||||||
|
else
|
||||||
|
abort
|
||||||
|
''
|
||||||
|
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||||
|
add a package called "nixpkgs" to your sources.json.
|
||||||
|
'';
|
||||||
|
|
||||||
|
# The actual fetching function.
|
||||||
|
fetch = pkgs: name: spec:
|
||||||
|
|
||||||
|
if ! builtins.hasAttr "type" spec then
|
||||||
|
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
||||||
|
else if spec.type == "file" then fetch_file pkgs name spec
|
||||||
|
else if spec.type == "tarball" then fetch_tarball pkgs name spec
|
||||||
|
else if spec.type == "git" then fetch_git name spec
|
||||||
|
else if spec.type == "local" then fetch_local spec
|
||||||
|
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
|
||||||
|
else if spec.type == "builtin-url" then fetch_builtin-url name
|
||||||
|
else
|
||||||
|
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
||||||
|
|
||||||
|
# If the environment variable NIV_OVERRIDE_${name} is set, then use
|
||||||
|
# the path directly as opposed to the fetched source.
|
||||||
|
replace = name: drv:
|
||||||
|
let
|
||||||
|
saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
|
||||||
|
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||||
|
in
|
||||||
|
if ersatz == "" then drv else
|
||||||
|
# this turns the string into an actual Nix path (for both absolute and
|
||||||
|
# relative paths)
|
||||||
|
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||||
|
|
||||||
|
# Ports of functions for older nix versions
|
||||||
|
|
||||||
|
# a Nix version of mapAttrs if the built-in doesn't exist
|
||||||
|
mapAttrs = builtins.mapAttrs or (
|
||||||
|
f: set: with builtins;
|
||||||
|
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
|
||||||
|
);
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
|
||||||
|
range = first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
|
||||||
|
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
|
||||||
|
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
|
||||||
|
concatMapStrings = f: list: concatStrings (map f list);
|
||||||
|
concatStrings = builtins.concatStringsSep "";
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
|
||||||
|
optionalAttrs = cond: as: if cond then as else { };
|
||||||
|
|
||||||
|
# fetchTarball version that is compatible between all the versions of Nix
|
||||||
|
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
|
||||||
|
let
|
||||||
|
inherit (builtins) lessThan nixVersion fetchTarball;
|
||||||
|
in
|
||||||
|
if lessThan nixVersion "1.12" then
|
||||||
|
fetchTarball ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
|
||||||
|
else
|
||||||
|
fetchTarball attrs;
|
||||||
|
|
||||||
|
# fetchurl version that is compatible between all the versions of Nix
|
||||||
|
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
|
||||||
|
let
|
||||||
|
inherit (builtins) lessThan nixVersion fetchurl;
|
||||||
|
in
|
||||||
|
if lessThan nixVersion "1.12" then
|
||||||
|
fetchurl ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
|
||||||
|
else
|
||||||
|
fetchurl attrs;
|
||||||
|
|
||||||
|
# Create the final "sources" from the config
|
||||||
|
mkSources = config:
|
||||||
|
mapAttrs
|
||||||
|
(
|
||||||
|
name: spec:
|
||||||
|
if builtins.hasAttr "outPath" spec
|
||||||
|
then
|
||||||
|
abort
|
||||||
|
"The values in sources.json should not have an 'outPath' attribute"
|
||||||
|
else
|
||||||
|
spec // { outPath = replace name (fetch config.pkgs name spec); }
|
||||||
|
)
|
||||||
|
config.sources;
|
||||||
|
|
||||||
|
# The "config" used by the fetchers
|
||||||
|
mkConfig =
|
||||||
|
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
|
||||||
|
, sources ? if sourcesFile == null then { } else builtins.fromJSON (builtins.readFile sourcesFile)
|
||||||
|
, system ? builtins.currentSystem
|
||||||
|
, pkgs ? mkPkgs sources system
|
||||||
|
}: {
|
||||||
|
# The sources, i.e. the attribute set of spec name to spec
|
||||||
|
inherit sources;
|
||||||
|
|
||||||
|
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
|
||||||
|
inherit pkgs;
|
||||||
|
};
|
||||||
|
|
||||||
|
in
|
||||||
|
mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); }
|
6000
cluster/prod/app/cryptpad/build/package-lock.json
generated
Normal file
6000
cluster/prod/app/cryptpad/build/package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load diff
|
@ -1,31 +0,0 @@
|
||||||
let
|
|
||||||
common = import ./common.nix;
|
|
||||||
pkgs = import common.pkgsSrc {};
|
|
||||||
|
|
||||||
bower2nixRepo = (import common.bower2nixSrc {
|
|
||||||
inherit pkgs;
|
|
||||||
});
|
|
||||||
bower2nix = bower2nixRepo // {
|
|
||||||
package = bower2nixRepo.package.override {
|
|
||||||
postInstall = "tsc";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
pkgs.mkShell {
|
|
||||||
nativeBuildInputs = [
|
|
||||||
bower2nix.package
|
|
||||||
pkgs.nodePackages.node2nix
|
|
||||||
];
|
|
||||||
|
|
||||||
shellHook = ''
|
|
||||||
function update_lock {
|
|
||||||
set -exuo pipefail
|
|
||||||
mkdir -p nix.lock
|
|
||||||
${pkgs.wget}/bin/wget https://raw.githubusercontent.com/xwiki-labs/cryptpad/${common.cryptpadCommit}/package.json -O nix.lock/package.json
|
|
||||||
${pkgs.wget}/bin/wget https://raw.githubusercontent.com/xwiki-labs/cryptpad/${common.cryptpadCommit}/package-lock.json -O nix.lock/package-lock.json
|
|
||||||
${pkgs.wget}/bin/wget https://raw.githubusercontent.com/xwiki-labs/cryptpad/${common.cryptpadCommit}/bower.json -O nix.lock/bower.json
|
|
||||||
${bower2nix.package}/bin/bower2nix nix.lock/bower.json nix.lock/bower.nix
|
|
||||||
${pkgs.nodePackages.node2nix}/bin/node2nix --input nix.lock/package.json --lock nix.lock/package-lock.json --composition nix.lock/npm.nix --node-env nix.lock/node-env.nix --output nix.lock/node-packages.nix
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -113,6 +113,10 @@ module.exports = {
|
||||||
*/
|
*/
|
||||||
adminKeys: [
|
adminKeys: [
|
||||||
"[quentin@pad.deuxfleurs.fr/EWtzm-CiqJnM9RZL9mj-YyTgAtX-Zh76sru1K5bFpN8=]",
|
"[quentin@pad.deuxfleurs.fr/EWtzm-CiqJnM9RZL9mj-YyTgAtX-Zh76sru1K5bFpN8=]",
|
||||||
|
"[adrn@pad.deuxfleurs.fr/PxDpkPwd-jDJWkfWdAzFX7wtnLpnPlBeYZ4MmoEYS6E=]",
|
||||||
|
"[lx@pad.deuxfleurs.fr/FwQzcXywx1FIb83z6COB7c3sHnz8rNSDX1xhjPuH3Fg=]",
|
||||||
|
"[trinity-1686a@pad.deuxfleurs.fr/Pu6Ef03jEsAGBbZI6IOdKd6+5pORD5N51QIYt4-Ys1c=]",
|
||||||
|
"[Jill@pad.deuxfleurs.fr/tLW7W8EVNB2KYETXEaOYR+HmNiBQtZj7u+SOxS3hGmg=]"
|
||||||
],
|
],
|
||||||
|
|
||||||
/* =====================
|
/* =====================
|
||||||
|
@ -186,7 +190,7 @@ module.exports = {
|
||||||
* Specify a directory where files should be stored.
|
* Specify a directory where files should be stored.
|
||||||
* It will be created automatically if it does not already exist.
|
* It will be created automatically if it does not already exist.
|
||||||
*/
|
*/
|
||||||
filePath: './root/mnt/datastore/',
|
filePath: '/mnt/datastore/',
|
||||||
|
|
||||||
/* CryptPad offers the ability to archive data for a configurable period
|
/* CryptPad offers the ability to archive data for a configurable period
|
||||||
* before deleting it, allowing a means of recovering data in the event
|
* before deleting it, allowing a means of recovering data in the event
|
||||||
|
@ -195,36 +199,36 @@ module.exports = {
|
||||||
* To set the location of this archive directory to a custom value, change
|
* To set the location of this archive directory to a custom value, change
|
||||||
* the path below:
|
* the path below:
|
||||||
*/
|
*/
|
||||||
archivePath: './root/mnt/data/archive',
|
archivePath: '/mnt/data/archive',
|
||||||
|
|
||||||
/* CryptPad allows logged in users to request that particular documents be
|
/* CryptPad allows logged in users to request that particular documents be
|
||||||
* stored by the server indefinitely. This is called 'pinning'.
|
* stored by the server indefinitely. This is called 'pinning'.
|
||||||
* Pin requests are stored in a pin-store. The location of this store is
|
* Pin requests are stored in a pin-store. The location of this store is
|
||||||
* defined here.
|
* defined here.
|
||||||
*/
|
*/
|
||||||
pinPath: './root/mnt/data/pins',
|
pinPath: '/mnt/data/pins',
|
||||||
|
|
||||||
/* if you would like the list of scheduled tasks to be stored in
|
/* if you would like the list of scheduled tasks to be stored in
|
||||||
a custom location, change the path below:
|
a custom location, change the path below:
|
||||||
*/
|
*/
|
||||||
taskPath: './root/mnt/data/tasks',
|
taskPath: '/mnt/data/tasks',
|
||||||
|
|
||||||
/* if you would like users' authenticated blocks to be stored in
|
/* if you would like users' authenticated blocks to be stored in
|
||||||
a custom location, change the path below:
|
a custom location, change the path below:
|
||||||
*/
|
*/
|
||||||
blockPath: './root/mnt/block',
|
blockPath: '/mnt/block',
|
||||||
|
|
||||||
/* CryptPad allows logged in users to upload encrypted files. Files/blobs
|
/* CryptPad allows logged in users to upload encrypted files. Files/blobs
|
||||||
* are stored in a 'blob-store'. Set its location here.
|
* are stored in a 'blob-store'. Set its location here.
|
||||||
*/
|
*/
|
||||||
blobPath: './root/mnt/blob',
|
blobPath: '/mnt/blob',
|
||||||
|
|
||||||
/* CryptPad stores incomplete blobs in a 'staging' area until they are
|
/* CryptPad stores incomplete blobs in a 'staging' area until they are
|
||||||
* fully uploaded. Set its location here.
|
* fully uploaded. Set its location here.
|
||||||
*/
|
*/
|
||||||
blobStagingPath: './root/mnt/data/blobstage',
|
blobStagingPath: '/mnt/data/blobstage',
|
||||||
|
|
||||||
decreePath: './root/mnt/data/decrees',
|
decreePath: '/mnt/data/decrees',
|
||||||
|
|
||||||
/* CryptPad supports logging events directly to the disk in a 'logs' directory
|
/* CryptPad supports logging events directly to the disk in a 'logs' directory
|
||||||
* Set its location here, or set it to false (or nothing) if you'd rather not log
|
* Set its location here, or set it to false (or nothing) if you'd rather not log
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "cryptpad" {
|
job "cryptpad" {
|
||||||
datacenters = ["neptune"]
|
datacenters = ["scorpio"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
|
||||||
group "cryptpad" {
|
group "cryptpad" {
|
||||||
|
@ -22,20 +22,20 @@ job "cryptpad" {
|
||||||
constraint {
|
constraint {
|
||||||
attribute = "${attr.unique.hostname}"
|
attribute = "${attr.unique.hostname}"
|
||||||
operator = "="
|
operator = "="
|
||||||
value = "concombre"
|
value = "abricot"
|
||||||
}
|
}
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/cryptpad:0p3s44hjh4s1x55kbwkmywmwmx4wfyb8"
|
image = "kokakiwi/cryptpad:2024.3.0"
|
||||||
ports = [ "http" ]
|
ports = [ "http" ]
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
"/mnt/ssd/cryptpad:/mnt",
|
"/mnt/ssd/cryptpad:/mnt",
|
||||||
"secrets/config.js:/etc/cryptpad/config.js",
|
"secrets/config.js:/cryptpad/config.js",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
env {
|
env {
|
||||||
CRYPTPAD_CONFIG = "/etc/cryptpad/config.js"
|
CRYPTPAD_CONFIG = "/cryptpad/config.js"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -63,6 +63,8 @@ job "cryptpad" {
|
||||||
"tricot pad-sandbox.deuxfleurs.fr",
|
"tricot pad-sandbox.deuxfleurs.fr",
|
||||||
"tricot-add-header Cross-Origin-Resource-Policy cross-origin",
|
"tricot-add-header Cross-Origin-Resource-Policy cross-origin",
|
||||||
"tricot-add-header Cross-Origin-Embedder-Policy require-corp",
|
"tricot-add-header Cross-Origin-Embedder-Policy require-corp",
|
||||||
|
"d53-cname pad.deuxfleurs.fr",
|
||||||
|
"d53-cname pad-sandbox.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
check {
|
check {
|
||||||
type = "http"
|
type = "http"
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
dbs:
|
|
||||||
- path: /ephemeral/drone.db
|
|
||||||
replicas:
|
|
||||||
- url: s3://{{ key "secrets/drone-ci/s3_db_bucket" | trimSpace }}/drone.db
|
|
||||||
region: garage
|
|
||||||
endpoint: https://garage.deuxfleurs.fr
|
|
||||||
access-key-id: {{ key "secrets/drone-ci/s3_ak" | trimSpace }}
|
|
||||||
secret-access-key: {{ key "secrets/drone-ci/s3_sk" | trimSpace }}
|
|
||||||
force-path-style: true
|
|
||||||
sync-interval: 60s
|
|
|
@ -1,69 +0,0 @@
|
||||||
## Install Debian
|
|
||||||
|
|
||||||
We recommend Debian Bullseye
|
|
||||||
|
|
||||||
## Install Docker CE from docker.io
|
|
||||||
|
|
||||||
Do not use the docker engine shipped by Debian
|
|
||||||
|
|
||||||
Doc:
|
|
||||||
|
|
||||||
- https://docs.docker.com/engine/install/debian/
|
|
||||||
- https://docs.docker.com/compose/install/
|
|
||||||
|
|
||||||
On a fresh install, as root:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
apt-get remove -y docker docker-engine docker.io containerd runc
|
|
||||||
apt-get update
|
|
||||||
apt-get install apt-transport-https ca-certificates curl gnupg lsb-release
|
|
||||||
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
|
||||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
|
||||||
apt-get update
|
|
||||||
apt-get install -y docker-ce docker-ce-cli containerd.io
|
|
||||||
|
|
||||||
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
||||||
chmod +x /usr/local/bin/docker-compose
|
|
||||||
```
|
|
||||||
|
|
||||||
## Install the runner
|
|
||||||
|
|
||||||
*This is our Nix runner version 2, previously we had another way to start Nix runners. This one has a proper way to handle concurrency, require less boilerplate, and should be safer and more idiomatic.*
|
|
||||||
|
|
||||||
|
|
||||||
```bash
|
|
||||||
wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/drone-ci/integration/nix.conf
|
|
||||||
wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/drone-ci/integration/docker-compose.yml
|
|
||||||
|
|
||||||
# Edit the docker-compose.yml to adapt its variables to your needs,
|
|
||||||
# especially the capacitiy value and its name.
|
|
||||||
COMPOSE_PROJECT_NAME=drone DRONE_SECRET=xxx docker-compose up -d
|
|
||||||
```
|
|
||||||
|
|
||||||
That's all folks.
|
|
||||||
|
|
||||||
## Check if a given job is built by your runner
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export URL=https://drone.deuxfleurs.fr
|
|
||||||
export REPO=Deuxfleurs/garage
|
|
||||||
export BUILD=1312
|
|
||||||
curl ${URL}/api/repos/${REPO}/builds/${BUILD} \
|
|
||||||
| jq -c '[.stages[] | { name: .name, machine: .machine }]'
|
|
||||||
```
|
|
||||||
|
|
||||||
It will give you the following result:
|
|
||||||
|
|
||||||
```json
|
|
||||||
[{"name":"default","machine":"1686a"},{"name":"release-linux-x86_64","machine":"vimaire"},{"name":"release-linux-i686","machine":"carcajou"},{"name":"release-linux-aarch64","machine":"caribou"},{"name":"release-linux-armv6l","machine":"cariacou"},{"name":"refresh-release-page","machine":null}]
|
|
||||||
```
|
|
||||||
|
|
||||||
## Random note
|
|
||||||
|
|
||||||
*This part might be deprecated!*
|
|
||||||
|
|
||||||
This setup is done mainly to allow nix builds with some cache.
|
|
||||||
To use the cache in Drone, you must set your repository as trusted.
|
|
||||||
The command line tool does not work (it says it successfully set your repository as trusted but it did nothing):
|
|
||||||
the only way to set your repository as trusted is to connect on the DB and set the `repo_trusted` field of your repo to true.
|
|
||||||
|
|
|
@ -1,54 +0,0 @@
|
||||||
version: '3.4'
|
|
||||||
services:
|
|
||||||
nix-daemon:
|
|
||||||
image: nixpkgs/nix:nixos-22.05
|
|
||||||
restart: always
|
|
||||||
command: nix-daemon
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
|
||||||
- "nix:/nix"
|
|
||||||
- "./nix.conf:/etc/nix/nix.conf:ro"
|
|
||||||
|
|
||||||
drone-runner:
|
|
||||||
image: drone/drone-runner-docker:1.8.2
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- DRONE_RPC_PROTO=https
|
|
||||||
- DRONE_RPC_HOST=drone.deuxfleurs.fr
|
|
||||||
- DRONE_RPC_SECRET=${DRONE_SECRET}
|
|
||||||
- DRONE_RUNNER_CAPACITY=3
|
|
||||||
- DRONE_DEBUG=true
|
|
||||||
- DRONE_LOGS_TRACE=true
|
|
||||||
- DRONE_RPC_DUMP_HTTP=true
|
|
||||||
- DRONE_RPC_DUMP_HTTP_BODY=true
|
|
||||||
- DRONE_RUNNER_NAME=i_forgot_to_change_my_runner_name
|
|
||||||
- DRONE_RUNNER_LABELS=nix-daemon:1
|
|
||||||
# we should put "nix:/nix:ro but it is not supported by
|
|
||||||
# drone-runner-docker because the dependency envconfig does
|
|
||||||
# not support having two colons (:) in the same stanza.
|
|
||||||
# Without the RO flag (or using docker userns), build isolation
|
|
||||||
# is broken.
|
|
||||||
# https://discourse.drone.io/t/allow-mounting-a-host-volume-as-read-only/10071
|
|
||||||
# https://github.com/kelseyhightower/envconfig/pull/153
|
|
||||||
#
|
|
||||||
# A workaround for isolation is to configure docker with a userns,
|
|
||||||
# so even if the folder is writable to root, it is not to any non
|
|
||||||
# privileged docker daemon ran by drone!
|
|
||||||
- DRONE_RUNNER_VOLUMES=drone_nix:/nix
|
|
||||||
- DRONE_RUNNER_ENVIRON=NIX_REMOTE:daemon
|
|
||||||
ports:
|
|
||||||
- "3000:3000/tcp"
|
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
|
|
||||||
drone-gc:
|
|
||||||
image: drone/gc:latest
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- GC_DEBUG=true
|
|
||||||
- GC_CACHE=10gb
|
|
||||||
- GC_INTERVAL=10m
|
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
volumes:
|
|
||||||
nix:
|
|
|
@ -1,48 +0,0 @@
|
||||||
# Drone's secrets
|
|
||||||
|
|
||||||
[secrets."drone-ci/rpc_secret"]
|
|
||||||
type = 'command'
|
|
||||||
command = 'openssl rand -hex 16'
|
|
||||||
# don't rotate, it would break all runners
|
|
||||||
|
|
||||||
[secrets."drone-ci/cookie_secret"]
|
|
||||||
type = 'command'
|
|
||||||
rotate = true
|
|
||||||
command = 'openssl rand -hex 16'
|
|
||||||
|
|
||||||
[secrets."drone-ci/db_enc_secret"]
|
|
||||||
type = 'command'
|
|
||||||
command = 'openssl rand -hex 16'
|
|
||||||
# don't rotate, it is used to encrypt data which we would lose if we change this
|
|
||||||
|
|
||||||
|
|
||||||
# Oauth config for gitea
|
|
||||||
|
|
||||||
[secrets."drone-ci/oauth_client_secret"]
|
|
||||||
type = 'user'
|
|
||||||
description = 'OAuth client secret (for gitea)'
|
|
||||||
|
|
||||||
[secrets."drone-ci/oauth_client_id"]
|
|
||||||
type = 'user'
|
|
||||||
description = 'OAuth client ID (on Gitea)'
|
|
||||||
|
|
||||||
|
|
||||||
# S3 config for Git LFS storage
|
|
||||||
|
|
||||||
[secrets."drone-ci/s3_db_bucket"]
|
|
||||||
type = 'constant'
|
|
||||||
value = 'drone-db'
|
|
||||||
|
|
||||||
[secrets."drone-ci/s3_sk"]
|
|
||||||
type = 'user'
|
|
||||||
description = 'S3 (garage) secret key for Drone'
|
|
||||||
|
|
||||||
[secrets."drone-ci/s3_ak"]
|
|
||||||
type = 'user'
|
|
||||||
description = 'S3 (garage) access key for Drone'
|
|
||||||
|
|
||||||
[secrets."drone-ci/s3_storage_bucket"]
|
|
||||||
type = 'constant'
|
|
||||||
value = 'drone-storage'
|
|
||||||
|
|
||||||
|
|
|
@ -26,9 +26,9 @@ services:
|
||||||
build:
|
build:
|
||||||
context: ./postfix
|
context: ./postfix
|
||||||
args:
|
args:
|
||||||
# https://packages.debian.org/fr/buster/postfix
|
# https://packages.debian.org/fr/trixie/postfix
|
||||||
VERSION: 3.4.14-0+deb10u1
|
VERSION: 3.8.4-1
|
||||||
image: superboum/amd64_postfix:v3
|
image: superboum/amd64_postfix:v4
|
||||||
|
|
||||||
opendkim:
|
opendkim:
|
||||||
build:
|
build:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
FROM amd64/debian:buster
|
FROM amd64/debian:trixie
|
||||||
|
|
||||||
ARG VERSION
|
ARG VERSION
|
||||||
|
|
||||||
|
|
|
@ -1,2 +1,9 @@
|
||||||
*@deuxfleurs.fr smtp._domainkey.deuxfleurs.fr
|
*@deuxfleurs.fr smtp._domainkey.deuxfleurs.fr
|
||||||
*@dufour.io smtp._domainkey.deuxfleurs.fr
|
*@dufour.io smtp._domainkey.deuxfleurs.fr
|
||||||
|
*@luxeylab.net smtp._domainkey.deuxfleurs.fr
|
||||||
|
*@estherbouquet.com smtp._domainkey.deuxfleurs.fr
|
||||||
|
*@pointecouteau.com smtp._domainkey.deuxfleurs.fr
|
||||||
|
*@maycausesideeffects.com smtp._domainkey.deuxfleurs.fr
|
||||||
|
*@e-x-t-r-a-c-t.me smtp._domainkey.deuxfleurs.fr
|
||||||
|
*@courderec.re smtp._domainkey.deuxfleurs.fr
|
||||||
|
*@trinity.fr.eu.org smtp._domainkey.deuxfleurs.fr
|
||||||
|
|
|
@ -77,7 +77,11 @@ smtpd_relay_restrictions =
|
||||||
permit_mynetworks
|
permit_mynetworks
|
||||||
reject_unauth_destination
|
reject_unauth_destination
|
||||||
|
|
||||||
smtpd_data_restrictions = reject_unauth_pipelining
|
# Disable SMTP smuggling attacks
|
||||||
|
# https://www.postfix.org/smtp-smuggling.html
|
||||||
|
smtpd_forbid_unauth_pipelining = yes
|
||||||
|
smtpd_discard_ehlo_keywords = chunking
|
||||||
|
smtpd_forbid_bare_newline = yes
|
||||||
|
|
||||||
smtpd_client_connection_rate_limit = 2
|
smtpd_client_connection_rate_limit = 2
|
||||||
|
|
||||||
|
@ -90,6 +94,7 @@ slow_destination_concurrency_limit = 2
|
||||||
#====
|
#====
|
||||||
# Transport configuration
|
# Transport configuration
|
||||||
#====
|
#====
|
||||||
|
default_transport = smtp-ipv4
|
||||||
transport_maps = hash:/etc/postfix/transport
|
transport_maps = hash:/etc/postfix/transport
|
||||||
virtual_mailbox_domains = ldap:/etc/postfix/ldap-virtual-domains.cf
|
virtual_mailbox_domains = ldap:/etc/postfix/ldap-virtual-domains.cf
|
||||||
virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf
|
virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
{
|
{
|
||||||
WONoDetach = NO;
|
WONoDetach = NO;
|
||||||
WOWorkersCount = 3;
|
WOWorkersCount = 3;
|
||||||
SxVMemLimit = 300;
|
SxVMemLimit = 600;
|
||||||
WOPort = "127.0.0.1:20000";
|
WOPort = "127.0.0.1:20000";
|
||||||
SOGoProfileURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_user_profile";
|
SOGoProfileURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_user_profile";
|
||||||
OCSFolderInfoURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_folder_info";
|
OCSFolderInfoURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_folder_info";
|
||||||
OCSSessionsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_sessions_folder";
|
OCSSessionsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_sessions_folder";
|
||||||
OCSEMailAlarmsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_alarms_folder";
|
OCSEMailAlarmsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_alarms_folder";
|
||||||
OCSStoreURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_store";
|
OCSStoreURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_store";
|
||||||
OCSAclURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_acl";
|
OCSAclURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_acl";
|
||||||
OCSCacheFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.prod.consul:5432/sogo/sogo_cache_folder";
|
OCSCacheFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/sogo/sogo_cache_folder";
|
||||||
SOGoTimeZone = "Europe/Paris";
|
SOGoTimeZone = "Europe/Paris";
|
||||||
SOGoMailDomain = "deuxfleurs.fr";
|
SOGoMailDomain = "deuxfleurs.fr";
|
||||||
SOGoLanguage = French;
|
SOGoLanguage = French;
|
||||||
|
@ -46,6 +46,13 @@
|
||||||
|
|
||||||
SOGoLDAPContactInfoAttribute = "displayname";
|
SOGoLDAPContactInfoAttribute = "displayname";
|
||||||
|
|
||||||
|
SOGoDebugRequests = YES;
|
||||||
|
//SOGoEASDebugEnabled = YES;
|
||||||
|
//ImapDebugEnabled = YES;
|
||||||
|
LDAPDebugEnabled = YES;
|
||||||
|
//MySQL4DebugEnabled = YES;
|
||||||
|
PGDebugEnabled = YES;
|
||||||
|
|
||||||
SOGoUserSources = (
|
SOGoUserSources = (
|
||||||
{
|
{
|
||||||
type = ldap;
|
type = ldap;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "email-android7" {
|
job "email-android7" {
|
||||||
datacenters = ["neptune"]
|
datacenters = ["neptune", "bespin"]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 100
|
priority = 100
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "email" {
|
job "email" {
|
||||||
datacenters = ["orion"]
|
datacenters = ["scorpio"]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 65
|
priority = 65
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@ job "email" {
|
||||||
constraint {
|
constraint {
|
||||||
attribute = "${attr.unique.hostname}"
|
attribute = "${attr.unique.hostname}"
|
||||||
operator = "="
|
operator = "="
|
||||||
value = "doradille"
|
value = "ananas"
|
||||||
}
|
}
|
||||||
|
|
||||||
config {
|
config {
|
||||||
|
@ -63,7 +63,6 @@ job "email" {
|
||||||
port = "imap_port"
|
port = "imap_port"
|
||||||
tags = [
|
tags = [
|
||||||
"dovecot",
|
"dovecot",
|
||||||
"d53-a imap.deuxfleurs.fr",
|
|
||||||
]
|
]
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
|
@ -83,7 +82,9 @@ job "email" {
|
||||||
port = "imaps_port"
|
port = "imaps_port"
|
||||||
tags = [
|
tags = [
|
||||||
"dovecot",
|
"dovecot",
|
||||||
"(diplonat (tcp_port 993))"
|
"(diplonat (tcp_port 993))",
|
||||||
|
"d53-a imap.deuxfleurs.fr",
|
||||||
|
"d53-aaaa imap.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
|
|
||||||
check {
|
check {
|
||||||
|
@ -252,7 +253,7 @@ job "email" {
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_postfix:v3"
|
image = "superboum/amd64_postfix:v4"
|
||||||
readonly_rootfs = false
|
readonly_rootfs = false
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "smtp_port", "smtps_port", "submission_port" ]
|
ports = [ "smtp_port", "smtps_port", "submission_port" ]
|
||||||
|
@ -283,8 +284,7 @@ job "email" {
|
||||||
"postfix",
|
"postfix",
|
||||||
"(diplonat (tcp_port 25 465 587))",
|
"(diplonat (tcp_port 25 465 587))",
|
||||||
"d53-a smtp.deuxfleurs.fr",
|
"d53-a smtp.deuxfleurs.fr",
|
||||||
# ipv6 is commented for now as port is not open in firewall (TODO)
|
"d53-aaaa smtp.deuxfleurs.fr"
|
||||||
# "d53-aaaa smtp.deuxfleurs.fr"
|
|
||||||
]
|
]
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
|
@ -429,10 +429,8 @@ job "email" {
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
tags = [
|
tags = [
|
||||||
"alps",
|
"alps",
|
||||||
"traefik.enable=true",
|
|
||||||
"traefik.frontend.entryPoints=https,http",
|
|
||||||
"traefik.frontend.rule=Host:alps.deuxfleurs.fr",
|
|
||||||
"tricot alps.deuxfleurs.fr",
|
"tricot alps.deuxfleurs.fr",
|
||||||
|
"d53-cname alps.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
|
@ -474,9 +472,9 @@ job "email" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 200
|
cpu = 400
|
||||||
memory = 500
|
memory = 1500
|
||||||
memory_max = 1000
|
memory_max = 2000
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
@ -487,6 +485,7 @@ job "email" {
|
||||||
"sogo",
|
"sogo",
|
||||||
"tricot www.sogo.deuxfleurs.fr",
|
"tricot www.sogo.deuxfleurs.fr",
|
||||||
"tricot sogo.deuxfleurs.fr",
|
"tricot sogo.deuxfleurs.fr",
|
||||||
|
"d53-cname sogo.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
|
|
|
@ -6,8 +6,19 @@ db_engine = "lmdb"
|
||||||
|
|
||||||
replication_mode = "3"
|
replication_mode = "3"
|
||||||
|
|
||||||
rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3901"
|
metadata_auto_snapshot_interval = "24h"
|
||||||
rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3901"
|
|
||||||
|
# IPv6 config using the ipv6 address statically defined in Nomad's node metadata
|
||||||
|
# make sure to put back double { and } if re-enabling this
|
||||||
|
#rpc_bind_addr = "[{ env "meta.public_ipv6" }]:3901"
|
||||||
|
#rpc_public_addr = "[{ env "meta.public_ipv6" }]:3901"
|
||||||
|
|
||||||
|
# IPv6 config using the ipv6 address dynamically detected from diplonat
|
||||||
|
{{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
|
||||||
|
rpc_bind_addr = "[{{ $a.address }}]:3901"
|
||||||
|
rpc_public_addr = "[{{ $a.address }}]:3901"
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
rpc_secret = "{{ key "secrets/garage/rpc_secret" | trimSpace }}"
|
rpc_secret = "{{ key "secrets/garage/rpc_secret" | trimSpace }}"
|
||||||
|
|
||||||
[consul_discovery]
|
[consul_discovery]
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
job "garage" {
|
job "garage" {
|
||||||
datacenters = [ "neptune", "bespin", "orion", "scorpio" ]
|
datacenters = [ "neptune", "bespin", "scorpio" ]
|
||||||
type = "system"
|
type = "system"
|
||||||
priority = 80
|
priority = 80
|
||||||
|
|
||||||
update {
|
update {
|
||||||
max_parallel = 1
|
max_parallel = 2
|
||||||
min_healthy_time = "60s"
|
min_healthy_time = "60s"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@ job "garage" {
|
||||||
}
|
}
|
||||||
|
|
||||||
update {
|
update {
|
||||||
max_parallel = 1
|
max_parallel = 10
|
||||||
min_healthy_time = "30s"
|
min_healthy_time = "30s"
|
||||||
healthy_deadline = "5m"
|
healthy_deadline = "5m"
|
||||||
}
|
}
|
||||||
|
@ -26,8 +26,7 @@ job "garage" {
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
advertise_ipv6_address = true
|
image = "dxflrs/garage:v1.0.0-rc1"
|
||||||
image = "dxflrs/garage:v0.8.2"
|
|
||||||
command = "/garage"
|
command = "/garage"
|
||||||
args = [ "server" ]
|
args = [ "server" ]
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
|
@ -45,6 +44,7 @@ job "garage" {
|
||||||
template {
|
template {
|
||||||
data = file("../config/garage.toml")
|
data = file("../config/garage.toml")
|
||||||
destination = "secrets/garage.toml"
|
destination = "secrets/garage.toml"
|
||||||
|
#change_mode = "noop"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -70,6 +70,34 @@ job "garage" {
|
||||||
|
|
||||||
kill_timeout = "20s"
|
kill_timeout = "20s"
|
||||||
|
|
||||||
|
restart {
|
||||||
|
interval = "30m"
|
||||||
|
attempts = 10
|
||||||
|
delay = "15s"
|
||||||
|
mode = "delay"
|
||||||
|
}
|
||||||
|
|
||||||
|
#### Configuration for service ports: admin port (internal use only)
|
||||||
|
|
||||||
|
service {
|
||||||
|
port = "admin"
|
||||||
|
address_mode = "host"
|
||||||
|
name = "garage-admin"
|
||||||
|
# Check that Garage is alive and answering TCP connections
|
||||||
|
check {
|
||||||
|
type = "tcp"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "90s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#### Configuration for service ports: externally available ports (API, web)
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = [
|
tags = [
|
||||||
"garage_api",
|
"garage_api",
|
||||||
|
@ -77,13 +105,13 @@ job "garage" {
|
||||||
"tricot *.garage.deuxfleurs.fr",
|
"tricot *.garage.deuxfleurs.fr",
|
||||||
"tricot-site-lb",
|
"tricot-site-lb",
|
||||||
]
|
]
|
||||||
port = 3900
|
port = "s3"
|
||||||
address_mode = "driver"
|
address_mode = "host"
|
||||||
name = "garage-api"
|
name = "garage-api"
|
||||||
|
# Check 1: Garage is alive and answering TCP connections
|
||||||
check {
|
check {
|
||||||
|
name = "garage-api-live"
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
port = 3900
|
|
||||||
address_mode = "driver"
|
|
||||||
interval = "60s"
|
interval = "60s"
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
check_restart {
|
check_restart {
|
||||||
|
@ -92,25 +120,35 @@ job "garage" {
|
||||||
ignore_warnings = false
|
ignore_warnings = false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
# Check 2: Garage is in a healthy state and requests should be routed here
|
||||||
|
check {
|
||||||
|
name = "garage-api-healthy"
|
||||||
|
port = "admin"
|
||||||
|
type = "http"
|
||||||
|
path = "/health"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = [
|
tags = [
|
||||||
"garage-web",
|
"garage-web",
|
||||||
"tricot * 1",
|
"tricot * 1",
|
||||||
#"tricot-add-header Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://code.jquery.com/; frame-ancestors 'self'",
|
|
||||||
"tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
|
"tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
|
||||||
"tricot-add-header X-Frame-Options SAMEORIGIN",
|
"tricot-add-header X-Frame-Options SAMEORIGIN",
|
||||||
"tricot-add-header X-XSS-Protection 1; mode=block",
|
"tricot-add-header X-XSS-Protection 1; mode=block",
|
||||||
|
"tricot-add-header X-Content-Type-Options nosniff",
|
||||||
|
"tricot-on-demand-tls-ask http://garage-admin.service.prod.consul:3903/check",
|
||||||
"tricot-site-lb",
|
"tricot-site-lb",
|
||||||
]
|
]
|
||||||
port = 3902
|
port = "web"
|
||||||
address_mode = "driver"
|
address_mode = "host"
|
||||||
name = "garage-web"
|
name = "garage-web"
|
||||||
|
# Check 1: Garage is alive and answering TCP connections
|
||||||
check {
|
check {
|
||||||
|
name = "garage-web-live"
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
port = 3902
|
|
||||||
address_mode = "driver"
|
|
||||||
interval = "60s"
|
interval = "60s"
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
check_restart {
|
check_restart {
|
||||||
|
@ -119,39 +157,47 @@ job "garage" {
|
||||||
ignore_warnings = false
|
ignore_warnings = false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
# Check 2: Garage is in a healthy state and requests should be routed here
|
||||||
|
check {
|
||||||
|
name = "garage-web-healthy"
|
||||||
|
port = "admin"
|
||||||
|
type = "http"
|
||||||
|
path = "/health"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
port = 3903
|
tags = [
|
||||||
address_mode = "driver"
|
"garage-redirect-dummy",
|
||||||
name = "garage-admin"
|
"tricot www.deuxfleurs.fr 2",
|
||||||
check {
|
"tricot osuny.org 2",
|
||||||
type = "tcp"
|
"tricot www.degrowth.net 2",
|
||||||
port = 3903
|
"tricot-add-redirect www.deuxfleurs.fr deuxfleurs.fr 301",
|
||||||
address_mode = "driver"
|
"tricot-add-redirect osuny.org www.osuny.org 301",
|
||||||
interval = "60s"
|
"tricot-add-redirect www.degrowth.net degrowth.net 301",
|
||||||
timeout = "5s"
|
]
|
||||||
check_restart {
|
name = "garage-redirect-dummy"
|
||||||
limit = 3
|
address_mode = "host"
|
||||||
grace = "90s"
|
port = "web"
|
||||||
ignore_warnings = false
|
on_update = "ignore"
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = [
|
tags = [
|
||||||
"garage_k2v",
|
"garage_k2v",
|
||||||
"tricot k2v.deuxfleurs.fr",
|
"tricot k2v.deuxfleurs.fr",
|
||||||
"tricot-site-lb",
|
"tricot-site-lb",
|
||||||
]
|
]
|
||||||
port = 3904
|
port = "k2v"
|
||||||
address_mode = "driver"
|
address_mode = "host"
|
||||||
name = "garage-k2v"
|
name = "garage-k2v"
|
||||||
|
# Check 1: Garage is alive and answering TCP connections
|
||||||
check {
|
check {
|
||||||
|
name = "garage-k2v-live"
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
port = 3904
|
|
||||||
address_mode = "driver"
|
|
||||||
interval = "60s"
|
interval = "60s"
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
check_restart {
|
check_restart {
|
||||||
|
@ -160,13 +206,15 @@ job "garage" {
|
||||||
ignore_warnings = false
|
ignore_warnings = false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
# Check 2: Garage is in a healthy state and requests should be routed here
|
||||||
|
check {
|
||||||
|
name = "garage-k2v-healthy"
|
||||||
|
port = "admin"
|
||||||
|
type = "http"
|
||||||
|
path = "/health"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
}
|
}
|
||||||
|
|
||||||
restart {
|
|
||||||
interval = "30m"
|
|
||||||
attempts = 10
|
|
||||||
delay = "15s"
|
|
||||||
mode = "delay"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,6 +28,9 @@
|
||||||
"group_can_admin": "cn=admin,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}",
|
"group_can_admin": "cn=admin,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}",
|
||||||
"group_can_invite": "cn=asso_deuxfleurs,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}",
|
"group_can_invite": "cn=asso_deuxfleurs,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}",
|
||||||
|
|
||||||
|
"s3_admin_endpoint": "garage-admin.service.prod.consul:3903",
|
||||||
|
"s3_admin_token": "{{ key "secrets/garage/admin_token" | trimSpace }}",
|
||||||
|
|
||||||
"s3_endpoint": "{{ key "secrets/directory/guichet/s3_endpoint" }}",
|
"s3_endpoint": "{{ key "secrets/directory/guichet/s3_endpoint" }}",
|
||||||
"s3_access_key": "{{ key "secrets/directory/guichet/s3_access_key" | trimSpace }}",
|
"s3_access_key": "{{ key "secrets/directory/guichet/s3_access_key" | trimSpace }}",
|
||||||
"s3_secret_key": "{{ key "secrets/directory/guichet/s3_secret_key" | trimSpace }}",
|
"s3_secret_key": "{{ key "secrets/directory/guichet/s3_secret_key" | trimSpace }}",
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "guichet" {
|
job "guichet" {
|
||||||
datacenters = [ "neptune", "orion" ]
|
datacenters = [ "neptune", "scorpio" ]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 90
|
priority = 90
|
||||||
|
|
||||||
|
@ -13,11 +13,12 @@ job "guichet" {
|
||||||
task "guichet" {
|
task "guichet" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "dxflrs/guichet:17"
|
image = "dxflrs/guichet:m1gzk1r00xp0kz566fwbpc87z7haq7xj"
|
||||||
|
args = [ "server", "-config", "/etc/config.json" ]
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
ports = [ "web_port" ]
|
ports = [ "web_port" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/config.json:/config.json"
|
"secrets/config.json:/etc/config.json"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -368,7 +368,8 @@ var config = {
|
||||||
|
|
||||||
// Message to show the users. Example: 'The service will be down for
|
// Message to show the users. Example: 'The service will be down for
|
||||||
// maintenance at 01:00 AM GMT,
|
// maintenance at 01:00 AM GMT,
|
||||||
// noticeMessage: '',
|
// Does only support plaintext. No line skip.
|
||||||
|
// noticeMessage: "Suite à une utilisation contraire à nos CGU, Deuxfleurs surveille activement cette instance Jitsi et enverra tout contenu illégal à la police. Pour toute question, commentaire ou suggestion, contactez moderation@deuxfleurs.fr . Following usage breaching our TOS, Deuxfleurs actively monitors this Jitsi instance and will send any illegal behavior to the Police. For any question, remark or suggestion, reach moderation@deuxfleurs.fr",
|
||||||
|
|
||||||
// Enables calendar integration, depends on googleApiApplicationClientID
|
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||||
// and microsoftApiApplicationClientID
|
// and microsoftApiApplicationClientID
|
||||||
|
|
|
@ -37,6 +37,12 @@ http {
|
||||||
access_log /dev/stdout;
|
access_log /dev/stdout;
|
||||||
server_names_hash_bucket_size 64;
|
server_names_hash_bucket_size 64;
|
||||||
|
|
||||||
|
# Log real IPs
|
||||||
|
set_real_ip_from 10.0.0.0/8;
|
||||||
|
set_real_ip_from 172.16.0.0/12;
|
||||||
|
set_real_ip_from 192.168.0.0/16;
|
||||||
|
real_ip_header X-Forwarded-For;
|
||||||
|
|
||||||
# inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
|
# inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
|
||||||
server {
|
server {
|
||||||
#listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
#listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||||
|
@ -85,7 +91,16 @@ http {
|
||||||
# tcp_nodelay on;
|
# tcp_nodelay on;
|
||||||
#}
|
#}
|
||||||
|
|
||||||
|
|
||||||
|
location ~ "2daut2wank2|2duat2wank|2duat2wank0|2duat2wank1|2duat2wank2|2duat2wank3|2duatr2wank|2duatr2wank0|2duatr2wank1|2duatr2wank2|2wank2daut2|daut1|duat2wank|duat2wank2|duatr2wank2|prettypanties|slutgfs|wabk2daugther|wank2daugther|wank2daut|wank2daut2|wank2daut3|wankwatch" {
|
||||||
|
return 302 https://www.service-public.fr/particuliers/vosdroits/R17674;
|
||||||
|
}
|
||||||
|
|
||||||
location = /http-bind {
|
location = /http-bind {
|
||||||
|
if ($args ~ "2daut2wank2|2duat2wank|2duat2wank0|2duat2wank1|2duat2wank2|2duat2wank3|2duatr2wank|2duatr2wank0|2duatr2wank1|2duatr2wank2|2wank2daut2|daut1|duat2wank|duat2wank2|duatr2wank2|prettypanties|slutgfs|wabk2daugther|wank2daugther|wank2daut|wank2daut2|wank2daut3|wankwatch") {
|
||||||
|
return 403 'forbidden';
|
||||||
|
}
|
||||||
|
|
||||||
# We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL
|
# We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL
|
||||||
add_header 'Access-Control-Allow-Headers' 'content-type';
|
add_header 'Access-Control-Allow-Headers' 'content-type';
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS';
|
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS';
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "jitsi" {
|
job "jitsi" {
|
||||||
datacenters = ["neptune", "orion"]
|
datacenters = ["neptune", "scorpio"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
|
||||||
priority = 50
|
priority = 50
|
||||||
|
@ -112,6 +112,11 @@ EOF
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
logs {
|
||||||
|
max_files = 25
|
||||||
|
max_file_size = 10
|
||||||
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = file("../config/config.js")
|
data = file("../config/config.js")
|
||||||
destination = "secrets/config.js"
|
destination = "secrets/config.js"
|
||||||
|
@ -221,7 +226,7 @@ EOF
|
||||||
# Our container can autodetect the public IP with the ifconfig.me service
|
# Our container can autodetect the public IP with the ifconfig.me service
|
||||||
# However we would like to avoid relying on a 3rd party service for production use
|
# However we would like to avoid relying on a 3rd party service for production use
|
||||||
# That's why I am setting the public IP address statically here VVVV
|
# That's why I am setting the public IP address statically here VVVV
|
||||||
#JITSI_NAT_PUBLIC_IP = "82.66.80.201"
|
JITSI_NAT_PUBLIC_IP = "${meta.public_ipv4}"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
|
|
@ -5,19 +5,19 @@ services:
|
||||||
build:
|
build:
|
||||||
context: ./riotweb
|
context: ./riotweb
|
||||||
args:
|
args:
|
||||||
# https://github.com/vector-im/riot-web/releases
|
# https://github.com/vector-im/element-web/releases
|
||||||
VERSION: 1.11.25
|
VERSION: 1.11.49
|
||||||
image: superboum/amd64_riotweb:v33
|
image: lxpz/amd64_elementweb:v35
|
||||||
|
|
||||||
synapse:
|
synapse:
|
||||||
build:
|
build:
|
||||||
context: ./matrix-synapse
|
context: ./matrix-synapse
|
||||||
args:
|
args:
|
||||||
# https://github.com/matrix-org/synapse/releases
|
# https://github.com/matrix-org/synapse/releases
|
||||||
VERSION: 1.79.0
|
VERSION: 1.95.1
|
||||||
# https://github.com/matrix-org/synapse-s3-storage-provider/commits/main
|
# https://github.com/matrix-org/synapse-s3-storage-provider/commits/main
|
||||||
# Update with the latest commit on main each time you update the synapse version
|
# Update with the latest commit on main each time you update the synapse version
|
||||||
# otherwise synapse may fail to launch due to incompatibility issues
|
# otherwise synapse may fail to launch due to incompatibility issues
|
||||||
# see this issue for an example: https://github.com/matrix-org/synapse-s3-storage-provider/issues/64
|
# see this issue for an example: https://github.com/matrix-org/synapse-s3-storage-provider/issues/64
|
||||||
S3_VERSION: v1.2.0
|
S3_VERSION: v1.2.1
|
||||||
image: superboum/amd64_synapse:v56
|
image: lxpz/amd64_synapse:v58
|
||||||
|
|
|
@ -61,7 +61,7 @@ database:
|
||||||
user: {{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
|
user: {{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
|
||||||
password: {{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
|
password: {{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
|
||||||
database: {{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
|
database: {{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
|
||||||
host: psql-proxy.service.prod.consul
|
host: {{ env "meta.site" }}.psql-proxy.service.prod.consul
|
||||||
port: 5432
|
port: 5432
|
||||||
cp_min: 5
|
cp_min: 5
|
||||||
cp_max: 10
|
cp_max: 10
|
||||||
|
@ -340,7 +340,7 @@ room_prejoin_state:
|
||||||
|
|
||||||
|
|
||||||
# A list of application service config file to use
|
# A list of application service config file to use
|
||||||
app_service_config_files:
|
#app_service_config_files:
|
||||||
#- "/etc/matrix-synapse/easybridge_registration.yaml"
|
#- "/etc/matrix-synapse/easybridge_registration.yaml"
|
||||||
#- "/etc/matrix-synapse/fb2mx_registration.yaml"
|
#- "/etc/matrix-synapse/fb2mx_registration.yaml"
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "matrix" {
|
job "matrix" {
|
||||||
datacenters = ["orion"]
|
datacenters = ["scorpio", "neptune"]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 40
|
priority = 40
|
||||||
|
|
||||||
|
@ -8,13 +8,14 @@ job "matrix" {
|
||||||
|
|
||||||
network {
|
network {
|
||||||
port "api_port" { static = 8008 }
|
port "api_port" { static = 8008 }
|
||||||
|
port "web_port" { to = 8043 }
|
||||||
}
|
}
|
||||||
|
|
||||||
task "synapse" {
|
task "synapse" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_synapse:v56"
|
image = "lxpz/amd64_synapse:v58"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
ports = [ "api_port" ]
|
ports = [ "api_port" ]
|
||||||
|
@ -65,7 +66,8 @@ job "matrix" {
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 1000
|
cpu = 1000
|
||||||
memory = 1000
|
memory = 500
|
||||||
|
memory_max = 1000
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
@ -78,6 +80,7 @@ job "matrix" {
|
||||||
"tricot im.deuxfleurs.fr:443/_matrix 100",
|
"tricot im.deuxfleurs.fr:443/_matrix 100",
|
||||||
"tricot im.deuxfleurs.fr/_synapse 100",
|
"tricot im.deuxfleurs.fr/_synapse 100",
|
||||||
"tricot-add-header Access-Control-Allow-Origin *",
|
"tricot-add-header Access-Control-Allow-Origin *",
|
||||||
|
"d53-cname im.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
|
@ -98,7 +101,7 @@ job "matrix" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_synapse:v56"
|
image = "lxpz/amd64_synapse:v58"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
command = "/usr/local/bin/matrix-s3-async"
|
command = "/usr/local/bin/matrix-s3-async"
|
||||||
work_dir = "/tmp"
|
work_dir = "/tmp"
|
||||||
|
@ -111,7 +114,8 @@ job "matrix" {
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 100
|
cpu = 100
|
||||||
memory = 100
|
memory = 200
|
||||||
|
memory_max = 500
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -122,27 +126,18 @@ AWS_DEFAULT_REGION=garage
|
||||||
PG_USER={{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
|
PG_USER={{ key "secrets/chat/synapse/postgres_user" | trimSpace }}
|
||||||
PG_PASS={{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
|
PG_PASS={{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }}
|
||||||
PG_DB={{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
|
PG_DB={{ key "secrets/chat/synapse/postgres_db" | trimSpace }}
|
||||||
PG_HOST=psql-proxy.service.2.cluster.deuxfleurs.fr
|
PG_HOST={{ env "meta.site" }}.psql-proxy.service.2.cluster.deuxfleurs.fr
|
||||||
PG_PORT=5432
|
PG_PORT=5432
|
||||||
EOH
|
EOH
|
||||||
destination = "secrets/env"
|
destination = "secrets/env"
|
||||||
env = true
|
env = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
task "riotweb" {
|
||||||
group "riotweb" {
|
|
||||||
count = 1
|
|
||||||
|
|
||||||
network {
|
|
||||||
port "web_port" { to = 8043 }
|
|
||||||
}
|
|
||||||
|
|
||||||
task "server" {
|
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_riotweb:v33"
|
image = "lxpz/amd64_elementweb:v35"
|
||||||
ports = [ "web_port" ]
|
ports = [ "web_port" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/config.json:/srv/http/config.json"
|
"secrets/config.json:/srv/http/config.json"
|
||||||
|
@ -163,6 +158,7 @@ EOH
|
||||||
"webstatic",
|
"webstatic",
|
||||||
"tricot im.deuxfleurs.fr 10",
|
"tricot im.deuxfleurs.fr 10",
|
||||||
"tricot riot.deuxfleurs.fr 10",
|
"tricot riot.deuxfleurs.fr 10",
|
||||||
|
"d53-cname riot.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
port = "web_port"
|
port = "web_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
|
@ -181,5 +177,70 @@ EOH
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
group "syncv3" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "syncv3_api" { to = 8009 }
|
||||||
|
port "syncv3_metrics" { to = 2112 }
|
||||||
|
}
|
||||||
|
|
||||||
|
task "syncv3" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "ghcr.io/matrix-org/sliding-sync:v0.99.12"
|
||||||
|
ports = [ "syncv3_api", "syncv3_metrics" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 1000
|
||||||
|
memory = 500
|
||||||
|
memory_max = 1000
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
SYNCV3_SERVER=http://synapse.service.prod.consul:8008
|
||||||
|
SYNCV3_DB=postgresql://{{ key "secrets/chat/syncv3/postgres_user"|trimSpace }}:{{ key "secrets/chat/syncv3/postgres_pwd"|trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul/{{ key "secrets/chat/syncv3/postgres_db"|trimSpace }}?sslmode=disable
|
||||||
|
SYNCV3_SECRET={{ key "secrets/chat/syncv3/secret"|trimSpace }}
|
||||||
|
SYNCV3_BINDADDR=0.0.0.0:8009
|
||||||
|
SYNCV3_PROM=0.0.0.0:2112
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "matrix-syncv3"
|
||||||
|
port = "syncv3_api"
|
||||||
|
address_mode = "host"
|
||||||
|
tags = [
|
||||||
|
"matrix",
|
||||||
|
"tricot im-syncv3.deuxfleurs.fr 100",
|
||||||
|
"tricot-add-header Access-Control-Allow-Origin *",
|
||||||
|
"d53-cname im-syncv3.deuxfleurs.fr",
|
||||||
|
]
|
||||||
|
check {
|
||||||
|
type = "tcp"
|
||||||
|
port = "syncv3_api"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "90s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "matrix-syncv3-metrics"
|
||||||
|
port = "syncv3_metrics"
|
||||||
|
address_mode = "host"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,5 +4,5 @@ services:
|
||||||
build:
|
build:
|
||||||
context: ./plume
|
context: ./plume
|
||||||
args:
|
args:
|
||||||
VERSION: 8709f6cf9f8ff7e3c5ee7ea699ee7c778e92fefc
|
PLUME_VERSION: 61e65a55ad1f5094321c111e395d00dddcb05e96
|
||||||
image: superboum/plume:v8
|
image: superboum/plume:v8
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
FROM rust:1.58.1-slim-bullseye as builder
|
#FROM rust:1.69-bullseye as builder
|
||||||
|
FROM rustlang/rust:nightly-bullseye as builder
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y \
|
apt-get install -y \
|
||||||
|
@ -18,21 +19,25 @@ RUN apt-get update && \
|
||||||
libssl-dev \
|
libssl-dev \
|
||||||
libclang-dev
|
libclang-dev
|
||||||
|
|
||||||
ARG VERSION
|
RUN cargo install wasm-pack
|
||||||
|
|
||||||
|
ARG PLUME_VERSION
|
||||||
WORKDIR /opt
|
WORKDIR /opt
|
||||||
RUN git clone -n https://git.joinplu.me/Plume/Plume.git plume
|
RUN git clone -n https://git.joinplu.me/lx/Plume.git plume
|
||||||
|
|
||||||
WORKDIR /opt/plume
|
WORKDIR /opt/plume
|
||||||
RUN git checkout ${VERSION}
|
RUN git checkout ${PLUME_VERSION}
|
||||||
|
# Small style patch to make text column wider
|
||||||
|
RUN git merge 397e3b4d9720475257817b322c05323d12918216
|
||||||
|
RUN rm rust-toolchain
|
||||||
|
|
||||||
WORKDIR /opt/plume/script
|
WORKDIR /opt/plume/script
|
||||||
RUN chmod a+x ./wasm-deps.sh && ./wasm-deps.sh
|
RUN chmod a+x ./wasm-deps.sh && ./wasm-deps.sh
|
||||||
|
|
||||||
WORKDIR /opt/plume
|
WORKDIR /opt/plume
|
||||||
RUN cargo install wasm-pack
|
|
||||||
RUN chmod a+x ./script/plume-front.sh && ./script/plume-front.sh
|
RUN chmod a+x ./script/plume-front.sh && ./script/plume-front.sh
|
||||||
RUN cargo install --path ./ --force --no-default-features --features postgres
|
RUN cargo install --path ./ --force --no-default-features --features postgres,s3
|
||||||
RUN cargo install --path plume-cli --force --no-default-features --features postgres
|
RUN cargo install --path plume-cli --force --no-default-features --features postgres,s3
|
||||||
RUN cargo clean
|
RUN cargo clean
|
||||||
|
|
||||||
#-----------------------------
|
#-----------------------------
|
||||||
|
|
|
@ -8,11 +8,22 @@ ROCKET_SECRET_KEY={{ key "secrets/plume/secret_key" | trimSpace }}
|
||||||
#MAIL_PASSWORD=123456
|
#MAIL_PASSWORD=123456
|
||||||
#MAIL_HELO_NAME=example.org
|
#MAIL_HELO_NAME=example.org
|
||||||
|
|
||||||
|
# S3 settings
|
||||||
|
S3_BUCKET=plume
|
||||||
|
AWS_ACCESS_KEY_ID={{ key "secrets/plume/s3_access_key" | trimSpace }}
|
||||||
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/s3_secret_key" | trimSpace }}
|
||||||
|
S3_REGION=garage
|
||||||
|
S3_HOSTNAME={{ env "attr.unique.network.ip-address" }}:3900
|
||||||
|
S3_PROTOCOL=http
|
||||||
|
S3_PATH_STYLE=true
|
||||||
|
S3_DIRECT_DOWNLOAD=true
|
||||||
|
S3_ALIAS_HOST=plume.web.deuxfleurs.fr
|
||||||
|
|
||||||
# DATABASE SETUP
|
# DATABASE SETUP
|
||||||
POSTGRES_PASSWORD={{ key "secrets/plume/pgsql_pw" | trimSpace }}
|
POSTGRES_PASSWORD={{ key "secrets/plume/pgsql_pw" | trimSpace }}
|
||||||
POSTGRES_USER=plume
|
POSTGRES_USER=plume
|
||||||
POSTGRES_DB=plume
|
POSTGRES_DB=plume
|
||||||
DATABASE_URL=postgres://plume:{{ key "secrets/plume/pgsql_pw" | trimSpace }}@psql-proxy.service.prod.consul:5432/plume
|
DATABASE_URL=postgres://plume:{{ key "secrets/plume/pgsql_pw" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/plume
|
||||||
MIGRATION_DIRECTORY=migrations/postgres
|
MIGRATION_DIRECTORY=migrations/postgres
|
||||||
|
|
||||||
USE_HTTPS=0
|
USE_HTTPS=0
|
||||||
|
|
|
@ -1,12 +1,7 @@
|
||||||
job "plume-blog" {
|
job "plume-blog" {
|
||||||
datacenters = ["orion"]
|
datacenters = ["scorpio", "neptune"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
|
||||||
constraint {
|
|
||||||
attribute = "${attr.cpu.arch}"
|
|
||||||
value = "amd64"
|
|
||||||
}
|
|
||||||
|
|
||||||
group "plume" {
|
group "plume" {
|
||||||
count = 1
|
count = 1
|
||||||
|
|
||||||
|
@ -15,23 +10,13 @@ job "plume-blog" {
|
||||||
}
|
}
|
||||||
|
|
||||||
task "plume" {
|
task "plume" {
|
||||||
constraint {
|
|
||||||
attribute = "${attr.unique.hostname}"
|
|
||||||
operator = "="
|
|
||||||
value = "dahlia"
|
|
||||||
}
|
|
||||||
|
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/plume:v8"
|
image = "lxpz/plume_s3:v1"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "web_port" ]
|
ports = [ "web_port" ]
|
||||||
#command = "cat"
|
command = "sh"
|
||||||
#args = [ "/dev/stdout" ]
|
args = [ "-c", "plm search init; plm search refill; plume" ]
|
||||||
volumes = [
|
|
||||||
"/mnt/ssd/plume/search_index:/app/search_index",
|
|
||||||
"/mnt/ssd/plume/media:/app/static/media"
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -51,6 +36,7 @@ job "plume-blog" {
|
||||||
tags = [
|
tags = [
|
||||||
"plume",
|
"plume",
|
||||||
"tricot plume.deuxfleurs.fr",
|
"tricot plume.deuxfleurs.fr",
|
||||||
|
"d53-cname plume.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
port = "web_port"
|
port = "web_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
|
|
|
@ -1,10 +1,15 @@
|
||||||
[service_user."plume"]
|
[service_user."plume"]
|
||||||
password_secret = "plume/pgsql_pw"
|
password_secret = "plume/pgsql_pw"
|
||||||
|
|
||||||
|
|
||||||
[secrets."plume/secret_key"]
|
[secrets."plume/secret_key"]
|
||||||
type = 'command'
|
type = 'command'
|
||||||
rotate = true
|
rotate = true
|
||||||
command = 'openssl rand -base64 32'
|
command = 'openssl rand -base64 32'
|
||||||
|
|
||||||
|
[secrets."plume/s3_access_key"]
|
||||||
|
type = 'user'
|
||||||
|
description = 'S3 access key ID for database and media storage'
|
||||||
|
|
||||||
|
[secrets."plume/s3_secret_key"]
|
||||||
|
type = 'user'
|
||||||
|
description = 'S3 secret key for database and media storage'
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "postgres14" {
|
job "postgres14" {
|
||||||
datacenters = ["orion"]
|
datacenters = ["neptune", "bespin", "scorpio"]
|
||||||
type = "system"
|
type = "system"
|
||||||
priority = 90
|
priority = 90
|
||||||
|
|
||||||
|
@ -16,6 +16,20 @@ job "postgres14" {
|
||||||
port "psql_port" { static = 5433 }
|
port "psql_port" { static = 5433 }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${attr.unique.hostname}"
|
||||||
|
operator = "set_contains_any"
|
||||||
|
value = "courgette,df-ymf,abricot"
|
||||||
|
# old (orion) = diplotaxis
|
||||||
|
}
|
||||||
|
|
||||||
|
restart {
|
||||||
|
interval = "10m"
|
||||||
|
attempts = 10
|
||||||
|
delay = "15s"
|
||||||
|
mode = "delay"
|
||||||
|
}
|
||||||
|
|
||||||
task "sentinel" {
|
task "sentinel" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
|
@ -37,7 +51,8 @@ job "postgres14" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
resources {
|
resources {
|
||||||
memory = 100
|
memory = 20
|
||||||
|
memory_max = 100
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -80,7 +95,8 @@ job "postgres14" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 100
|
memory = 20
|
||||||
|
memory_max = 100
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -97,7 +113,7 @@ job "postgres14" {
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = ["sql"]
|
tags = ["sql", "${meta.site}"]
|
||||||
port = "psql_proxy_port"
|
port = "psql_proxy_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "psql-proxy"
|
name = "psql-proxy"
|
||||||
|
@ -172,11 +188,12 @@ job "postgres14" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 600
|
memory = 400
|
||||||
|
memory_max = 600
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = ["sql"]
|
tags = ["sql", "${meta.site}"]
|
||||||
port = "psql_port"
|
port = "psql_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "psql-keeper"
|
name = "psql-keeper"
|
||||||
|
|
|
@ -0,0 +1,761 @@
|
||||||
|
{
|
||||||
|
"__inputs": [
|
||||||
|
{
|
||||||
|
"name": "DS_DS_PROMETHEUS",
|
||||||
|
"label": "DS_PROMETHEUS",
|
||||||
|
"description": "",
|
||||||
|
"type": "datasource",
|
||||||
|
"pluginId": "prometheus",
|
||||||
|
"pluginName": "Prometheus"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"__elements": {},
|
||||||
|
"__requires": [
|
||||||
|
{
|
||||||
|
"type": "grafana",
|
||||||
|
"id": "grafana",
|
||||||
|
"name": "Grafana",
|
||||||
|
"version": "9.5.1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "datasource",
|
||||||
|
"id": "prometheus",
|
||||||
|
"name": "Prometheus",
|
||||||
|
"version": "1.0.0"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "panel",
|
||||||
|
"id": "stat",
|
||||||
|
"name": "Stat",
|
||||||
|
"version": ""
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "panel",
|
||||||
|
"id": "timeseries",
|
||||||
|
"name": "Time series",
|
||||||
|
"version": ""
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"annotations": {
|
||||||
|
"list": [
|
||||||
|
{
|
||||||
|
"builtIn": 1,
|
||||||
|
"datasource": {
|
||||||
|
"type": "datasource",
|
||||||
|
"uid": "grafana"
|
||||||
|
},
|
||||||
|
"enable": true,
|
||||||
|
"hide": true,
|
||||||
|
"iconColor": "rgba(0, 211, 255, 1)",
|
||||||
|
"name": "Annotations & Alerts",
|
||||||
|
"target": {
|
||||||
|
"limit": 100,
|
||||||
|
"matchAny": false,
|
||||||
|
"tags": [],
|
||||||
|
"type": "dashboard"
|
||||||
|
},
|
||||||
|
"type": "dashboard"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"editable": true,
|
||||||
|
"fiscalYearStartMonth": 0,
|
||||||
|
"graphTooltip": 0,
|
||||||
|
"id": null,
|
||||||
|
"links": [],
|
||||||
|
"liveNow": false,
|
||||||
|
"panels": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "thresholds"
|
||||||
|
},
|
||||||
|
"mappings": [
|
||||||
|
{
|
||||||
|
"options": {
|
||||||
|
"match": "null",
|
||||||
|
"result": {
|
||||||
|
"text": "N/A"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "special"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "none"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 4,
|
||||||
|
"w": 4,
|
||||||
|
"x": 0,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 2,
|
||||||
|
"links": [],
|
||||||
|
"maxDataPoints": 100,
|
||||||
|
"options": {
|
||||||
|
"colorMode": "none",
|
||||||
|
"graphMode": "none",
|
||||||
|
"justifyMode": "auto",
|
||||||
|
"orientation": "horizontal",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"textMode": "auto"
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.5.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "drone_build_count",
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "",
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Total Builds",
|
||||||
|
"type": "stat"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 10,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "never",
|
||||||
|
"spanNulls": 3600000,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "none"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"decimals": 0,
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "short"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 12,
|
||||||
|
"w": 10,
|
||||||
|
"x": 4,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 6,
|
||||||
|
"links": [],
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "multi",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.5.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "sum(drone_running_jobs)",
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "Running jobs",
|
||||||
|
"refId": "A"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "sum(drone_pending_jobs)",
|
||||||
|
"hide": false,
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "Pending jobs",
|
||||||
|
"refId": "B"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Jobs",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 10,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "never",
|
||||||
|
"spanNulls": 3600000,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "none"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"decimals": 0,
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "short"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 12,
|
||||||
|
"w": 10,
|
||||||
|
"x": 14,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 8,
|
||||||
|
"links": [],
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "multi",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.5.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "sum(drone_running_builds)",
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "Running builds",
|
||||||
|
"refId": "A"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "sum(drone_pending_builds)",
|
||||||
|
"hide": false,
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "Pending builds",
|
||||||
|
"refId": "B"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Builds",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "thresholds"
|
||||||
|
},
|
||||||
|
"mappings": [
|
||||||
|
{
|
||||||
|
"options": {
|
||||||
|
"match": "null",
|
||||||
|
"result": {
|
||||||
|
"text": "N/A"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "special"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "none"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 4,
|
||||||
|
"w": 4,
|
||||||
|
"x": 0,
|
||||||
|
"y": 4
|
||||||
|
},
|
||||||
|
"id": 4,
|
||||||
|
"links": [],
|
||||||
|
"maxDataPoints": 100,
|
||||||
|
"options": {
|
||||||
|
"colorMode": "none",
|
||||||
|
"graphMode": "none",
|
||||||
|
"justifyMode": "auto",
|
||||||
|
"orientation": "horizontal",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"textMode": "auto"
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.5.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "drone_repo_count",
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "",
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Activated Repos",
|
||||||
|
"type": "stat"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "thresholds"
|
||||||
|
},
|
||||||
|
"mappings": [
|
||||||
|
{
|
||||||
|
"options": {
|
||||||
|
"match": "null",
|
||||||
|
"result": {
|
||||||
|
"text": "N/A"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "special"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "none"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 4,
|
||||||
|
"w": 4,
|
||||||
|
"x": 0,
|
||||||
|
"y": 8
|
||||||
|
},
|
||||||
|
"id": 7,
|
||||||
|
"links": [],
|
||||||
|
"maxDataPoints": 100,
|
||||||
|
"options": {
|
||||||
|
"colorMode": "none",
|
||||||
|
"graphMode": "none",
|
||||||
|
"justifyMode": "auto",
|
||||||
|
"orientation": "horizontal",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"textMode": "auto"
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.5.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "drone_user_count",
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "",
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Total Users",
|
||||||
|
"type": "stat"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 0,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": 3600000,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "none"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 11,
|
||||||
|
"w": 12,
|
||||||
|
"x": 0,
|
||||||
|
"y": 12
|
||||||
|
},
|
||||||
|
"id": 10,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "sum(rate(process_cpu_seconds_total{job=\"drone\"}[$__rate_interval]))",
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "Server CPU usage",
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Server CPU usage",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 0,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": 3600000,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "none"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "bytes"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 11,
|
||||||
|
"w": 12,
|
||||||
|
"x": 12,
|
||||||
|
"y": 12
|
||||||
|
},
|
||||||
|
"id": 11,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "sum(process_resident_memory_bytes{job=\"drone\"})",
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "Resident memory",
|
||||||
|
"refId": "A"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"exemplar": true,
|
||||||
|
"expr": "sum(process_virtual_memory_bytes{job=\"drone\"})",
|
||||||
|
"hide": true,
|
||||||
|
"interval": "",
|
||||||
|
"legendFormat": "Virtual memory",
|
||||||
|
"refId": "B"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Server RAM usage",
|
||||||
|
"type": "timeseries"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"refresh": "10s",
|
||||||
|
"schemaVersion": 38,
|
||||||
|
"style": "dark",
|
||||||
|
"tags": [
|
||||||
|
"drone",
|
||||||
|
"drone-ci",
|
||||||
|
"ci/cd"
|
||||||
|
],
|
||||||
|
"templating": {
|
||||||
|
"list": []
|
||||||
|
},
|
||||||
|
"time": {
|
||||||
|
"from": "now-30m",
|
||||||
|
"to": "now"
|
||||||
|
},
|
||||||
|
"timepicker": {
|
||||||
|
"refresh_intervals": [
|
||||||
|
"5s",
|
||||||
|
"10s",
|
||||||
|
"30s",
|
||||||
|
"1m",
|
||||||
|
"5m",
|
||||||
|
"15m",
|
||||||
|
"30m",
|
||||||
|
"1h",
|
||||||
|
"2h",
|
||||||
|
"1d"
|
||||||
|
],
|
||||||
|
"time_options": [
|
||||||
|
"5m",
|
||||||
|
"15m",
|
||||||
|
"1h",
|
||||||
|
"6h",
|
||||||
|
"12h",
|
||||||
|
"24h",
|
||||||
|
"2d",
|
||||||
|
"7d",
|
||||||
|
"30d"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"timezone": "",
|
||||||
|
"title": "Drone CI",
|
||||||
|
"uid": "IT4-bnNik",
|
||||||
|
"version": 9,
|
||||||
|
"weekStart": ""
|
||||||
|
}
|
1052
cluster/prod/app/telemetry/dashboards/Garage-1683628137523.json
Normal file
1052
cluster/prod/app/telemetry/dashboards/Garage-1683628137523.json
Normal file
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
2629
cluster/prod/app/telemetry/dashboards/Nomad-1683628101002.json
Normal file
2629
cluster/prod/app/telemetry/dashboards/Nomad-1683628101002.json
Normal file
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,964 @@
|
||||||
|
{
|
||||||
|
"__inputs": [
|
||||||
|
{
|
||||||
|
"name": "DS_DS_PROMETHEUS",
|
||||||
|
"label": "DS_PROMETHEUS",
|
||||||
|
"description": "",
|
||||||
|
"type": "datasource",
|
||||||
|
"pluginId": "prometheus",
|
||||||
|
"pluginName": "Prometheus"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"__elements": {},
|
||||||
|
"__requires": [
|
||||||
|
{
|
||||||
|
"type": "panel",
|
||||||
|
"id": "gauge",
|
||||||
|
"name": "Gauge",
|
||||||
|
"version": ""
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "grafana",
|
||||||
|
"id": "grafana",
|
||||||
|
"name": "Grafana",
|
||||||
|
"version": "9.5.1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "panel",
|
||||||
|
"id": "piechart",
|
||||||
|
"name": "Pie chart",
|
||||||
|
"version": ""
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "datasource",
|
||||||
|
"id": "prometheus",
|
||||||
|
"name": "Prometheus",
|
||||||
|
"version": "1.0.0"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "panel",
|
||||||
|
"id": "timeseries",
|
||||||
|
"name": "Time series",
|
||||||
|
"version": ""
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"annotations": {
|
||||||
|
"list": [
|
||||||
|
{
|
||||||
|
"builtIn": 1,
|
||||||
|
"datasource": {
|
||||||
|
"type": "grafana",
|
||||||
|
"uid": "-- Grafana --"
|
||||||
|
},
|
||||||
|
"enable": true,
|
||||||
|
"hide": true,
|
||||||
|
"iconColor": "rgba(0, 211, 255, 1)",
|
||||||
|
"name": "Annotations & Alerts",
|
||||||
|
"target": {
|
||||||
|
"limit": 100,
|
||||||
|
"matchAny": false,
|
||||||
|
"tags": [],
|
||||||
|
"type": "dashboard"
|
||||||
|
},
|
||||||
|
"type": "dashboard"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"editable": false,
|
||||||
|
"fiscalYearStartMonth": 0,
|
||||||
|
"graphTooltip": 0,
|
||||||
|
"id": null,
|
||||||
|
"links": [],
|
||||||
|
"liveNow": false,
|
||||||
|
"panels": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "thresholds"
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"max": 300,
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "yellow",
|
||||||
|
"value": 100
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 200
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 6,
|
||||||
|
"x": 0,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 8,
|
||||||
|
"options": {
|
||||||
|
"orientation": "auto",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"showThresholdLabels": false,
|
||||||
|
"showThresholdMarkers": true
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.5.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum (rate(https_requests_served{job=\"tricot\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "__auto",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Request rate",
|
||||||
|
"type": "gauge"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 0,
|
||||||
|
"gradientMode": "opacity",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "never",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "none"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "s"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 6,
|
||||||
|
"x": 6,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 14,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.2.6",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum(rate(https_request_proxy_duration_sum{job=\"tricot\"}[$__rate_interval])) / sum(rate(https_request_proxy_duration_count{job=\"tricot\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "Average",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "histogram_quantile(0.5, sum(rate(https_request_proxy_duration_bucket[$__rate_interval])) by (le))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "50%",
|
||||||
|
"range": true,
|
||||||
|
"refId": "D"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "histogram_quantile(0.90, sum(rate(https_request_proxy_duration_bucket[$__rate_interval])) by (le))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "90%",
|
||||||
|
"range": true,
|
||||||
|
"refId": "B"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "histogram_quantile(0.99, sum(rate(https_request_proxy_duration_bucket[$__rate_interval])) by (le))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "99%",
|
||||||
|
"range": true,
|
||||||
|
"refId": "C"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Response time",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 4,
|
||||||
|
"x": 12,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 11,
|
||||||
|
"options": {
|
||||||
|
"displayLabels": [
|
||||||
|
"name"
|
||||||
|
],
|
||||||
|
"legend": {
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": false
|
||||||
|
},
|
||||||
|
"pieType": "pie",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "multi",
|
||||||
|
"sort": "desc"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum by(service) (rate(https_requests_served{status_code=~\"2.+\", job=\"tricot\"}[$__range]))",
|
||||||
|
"instant": true,
|
||||||
|
"interval": "",
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{service}}",
|
||||||
|
"range": false,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Requests per service",
|
||||||
|
"type": "piechart"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "bars",
|
||||||
|
"fillOpacity": 100,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 8,
|
||||||
|
"x": 16,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 4,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"expr": "sum by(method, status_code) (rate(https_requests_served{status_code=~\"2.+\", job=\"tricot\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{method}} {{status_code}}",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Status success",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "bars",
|
||||||
|
"fillOpacity": 100,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 9,
|
||||||
|
"w": 12,
|
||||||
|
"x": 0,
|
||||||
|
"y": 8
|
||||||
|
},
|
||||||
|
"id": 1,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [
|
||||||
|
"mean",
|
||||||
|
"max"
|
||||||
|
],
|
||||||
|
"displayMode": "table",
|
||||||
|
"placement": "right",
|
||||||
|
"showLegend": true,
|
||||||
|
"sortBy": "Mean",
|
||||||
|
"sortDesc": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum by(service) (rate(https_requests_served{job=\"tricot\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "__auto",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Requests served per service",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "bars",
|
||||||
|
"fillOpacity": 100,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 9,
|
||||||
|
"w": 12,
|
||||||
|
"x": 12,
|
||||||
|
"y": 8
|
||||||
|
},
|
||||||
|
"id": 7,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [
|
||||||
|
"mean",
|
||||||
|
"max"
|
||||||
|
],
|
||||||
|
"displayMode": "table",
|
||||||
|
"placement": "right",
|
||||||
|
"showLegend": true,
|
||||||
|
"sortBy": "Max",
|
||||||
|
"sortDesc": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum by(method, status_code) (rate(https_requests_served{status_code!~\"2.+\", job=\"tricot\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{method}} {{status_code}}",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Status != 200 OK",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 17,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "never",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "none"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 9,
|
||||||
|
"w": 7,
|
||||||
|
"x": 0,
|
||||||
|
"y": 17
|
||||||
|
},
|
||||||
|
"id": 6,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"expr": "sum by(host) (proxy_config_entries{job=\"tricot\"})",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-f0ebfca9-6429-43f7-8617-af76a4be3918-0",
|
||||||
|
"legendFormat": "{{host}}",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Backends per domain",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": []
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 9,
|
||||||
|
"w": 4,
|
||||||
|
"x": 7,
|
||||||
|
"y": 17
|
||||||
|
},
|
||||||
|
"id": 16,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"pieType": "donut",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.3.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum (rate(https_requests_served{job=\"tricot\", same_site=\"true\", same_node=\"true\"}[$__range]))",
|
||||||
|
"instant": true,
|
||||||
|
"legendFormat": "Local node",
|
||||||
|
"range": false,
|
||||||
|
"refId": "A"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum (rate(https_requests_served{job=\"tricot\", same_site=\"true\", same_node=\"false\"}[$__range]))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": true,
|
||||||
|
"legendFormat": "Node in same site",
|
||||||
|
"range": false,
|
||||||
|
"refId": "B"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum (rate(https_requests_served{job=\"tricot\", same_site=\"false\"}[$__range]))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": true,
|
||||||
|
"legendFormat": "Node in another site",
|
||||||
|
"range": false,
|
||||||
|
"refId": "C"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Requests served by",
|
||||||
|
"type": "piechart"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "bars",
|
||||||
|
"fillOpacity": 100,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 9,
|
||||||
|
"w": 13,
|
||||||
|
"x": 11,
|
||||||
|
"y": 17
|
||||||
|
},
|
||||||
|
"id": 2,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [
|
||||||
|
"min",
|
||||||
|
"mean",
|
||||||
|
"max"
|
||||||
|
],
|
||||||
|
"displayMode": "table",
|
||||||
|
"placement": "right",
|
||||||
|
"showLegend": true,
|
||||||
|
"sortBy": "Mean",
|
||||||
|
"sortDesc": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "builder",
|
||||||
|
"expr": "sum by(service, target_addr) (rate(https_requests_served{job=\"tricot\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{service}}@{{target_addr}}",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Requests served per backend server",
|
||||||
|
"type": "timeseries"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"refresh": "10s",
|
||||||
|
"schemaVersion": 38,
|
||||||
|
"style": "dark",
|
||||||
|
"tags": [],
|
||||||
|
"templating": {
|
||||||
|
"list": []
|
||||||
|
},
|
||||||
|
"time": {
|
||||||
|
"from": "now-30m",
|
||||||
|
"to": "now"
|
||||||
|
},
|
||||||
|
"timepicker": {},
|
||||||
|
"timezone": "",
|
||||||
|
"title": "Tricot global",
|
||||||
|
"uid": "H6ChABK4k",
|
||||||
|
"version": 1,
|
||||||
|
"weekStart": ""
|
||||||
|
}
|
|
@ -0,0 +1,994 @@
|
||||||
|
{
|
||||||
|
"__inputs": [
|
||||||
|
{
|
||||||
|
"name": "DS_DS_PROMETHEUS",
|
||||||
|
"label": "DS_PROMETHEUS",
|
||||||
|
"description": "",
|
||||||
|
"type": "datasource",
|
||||||
|
"pluginId": "prometheus",
|
||||||
|
"pluginName": "Prometheus"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"__elements": {},
|
||||||
|
"__requires": [
|
||||||
|
{
|
||||||
|
"type": "panel",
|
||||||
|
"id": "gauge",
|
||||||
|
"name": "Gauge",
|
||||||
|
"version": ""
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "grafana",
|
||||||
|
"id": "grafana",
|
||||||
|
"name": "Grafana",
|
||||||
|
"version": "9.5.1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "panel",
|
||||||
|
"id": "piechart",
|
||||||
|
"name": "Pie chart",
|
||||||
|
"version": ""
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "datasource",
|
||||||
|
"id": "prometheus",
|
||||||
|
"name": "Prometheus",
|
||||||
|
"version": "1.0.0"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "panel",
|
||||||
|
"id": "timeseries",
|
||||||
|
"name": "Time series",
|
||||||
|
"version": ""
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"annotations": {
|
||||||
|
"list": [
|
||||||
|
{
|
||||||
|
"builtIn": 1,
|
||||||
|
"datasource": {
|
||||||
|
"type": "grafana",
|
||||||
|
"uid": "-- Grafana --"
|
||||||
|
},
|
||||||
|
"enable": true,
|
||||||
|
"hide": true,
|
||||||
|
"iconColor": "rgba(0, 211, 255, 1)",
|
||||||
|
"name": "Annotations & Alerts",
|
||||||
|
"target": {
|
||||||
|
"limit": 100,
|
||||||
|
"matchAny": false,
|
||||||
|
"tags": [],
|
||||||
|
"type": "dashboard"
|
||||||
|
},
|
||||||
|
"type": "dashboard"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"editable": false,
|
||||||
|
"fiscalYearStartMonth": 0,
|
||||||
|
"graphTooltip": 0,
|
||||||
|
"id": null,
|
||||||
|
"links": [],
|
||||||
|
"liveNow": false,
|
||||||
|
"panels": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "thresholds"
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"max": 300,
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "yellow",
|
||||||
|
"value": 100
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 200
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 6,
|
||||||
|
"x": 0,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 8,
|
||||||
|
"options": {
|
||||||
|
"orientation": "auto",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"showThresholdLabels": false,
|
||||||
|
"showThresholdMarkers": true
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.5.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum (rate(https_requests_served{job=\"tricot\",service=\"$service\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "__auto",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Request rate",
|
||||||
|
"type": "gauge"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 6,
|
||||||
|
"x": 6,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 11,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"pieType": "pie",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum by(method, status_code) (rate(https_requests_served{status_code=~\"2.+\", job=\"tricot\", service=\"$service\"}[$__range]))",
|
||||||
|
"instant": true,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{method}} {{status_code}}",
|
||||||
|
"range": false,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Status success",
|
||||||
|
"type": "piechart"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "bars",
|
||||||
|
"fillOpacity": 100,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 12,
|
||||||
|
"x": 12,
|
||||||
|
"y": 0
|
||||||
|
},
|
||||||
|
"id": 4,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [
|
||||||
|
"mean",
|
||||||
|
"max"
|
||||||
|
],
|
||||||
|
"displayMode": "table",
|
||||||
|
"placement": "right",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"expr": "sum by(method, status_code) (rate(https_requests_served{status_code=~\"2.+\", job=\"tricot\", service=\"$service\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{method}} {{status_code}}",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Status success",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "bars",
|
||||||
|
"fillOpacity": 100,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 9,
|
||||||
|
"w": 10,
|
||||||
|
"x": 0,
|
||||||
|
"y": 8
|
||||||
|
},
|
||||||
|
"id": 1,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [
|
||||||
|
"mean",
|
||||||
|
"max"
|
||||||
|
],
|
||||||
|
"displayMode": "table",
|
||||||
|
"placement": "right",
|
||||||
|
"showLegend": true,
|
||||||
|
"sortBy": "Mean",
|
||||||
|
"sortDesc": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum by(target_addr) (rate(https_requests_served{job=\"tricot\",service=\"$service\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "__auto",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Requests served per backend",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 0,
|
||||||
|
"gradientMode": "opacity",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "never",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "none"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "s"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 9,
|
||||||
|
"w": 5,
|
||||||
|
"x": 10,
|
||||||
|
"y": 8
|
||||||
|
},
|
||||||
|
"id": 14,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.2.6",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum(rate(https_request_proxy_duration_sum{job=\"tricot\",service=\"$service\"}[$__rate_interval])) / sum(rate(https_request_proxy_duration_count{job=\"tricot\",service=\"$service\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "Average",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "histogram_quantile(0.5, sum(rate(https_request_proxy_duration_bucket{job=\"tricot\",service=\"$service\"}[$__rate_interval])) by (le))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "50%",
|
||||||
|
"range": true,
|
||||||
|
"refId": "D"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "histogram_quantile(0.90, sum(rate(https_request_proxy_duration_bucket{job=\"tricot\",service=\"$service\"}[$__rate_interval])) by (le))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "90%",
|
||||||
|
"range": true,
|
||||||
|
"refId": "B"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "histogram_quantile(0.99, sum(rate(https_request_proxy_duration_bucket{job=\"tricot\",service=\"$service\"}[$__rate_interval])) by (le))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "99%",
|
||||||
|
"range": true,
|
||||||
|
"refId": "C"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Response time",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "bars",
|
||||||
|
"fillOpacity": 100,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 9,
|
||||||
|
"w": 9,
|
||||||
|
"x": 15,
|
||||||
|
"y": 8
|
||||||
|
},
|
||||||
|
"id": 7,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [
|
||||||
|
"mean",
|
||||||
|
"max"
|
||||||
|
],
|
||||||
|
"displayMode": "table",
|
||||||
|
"placement": "right",
|
||||||
|
"showLegend": true,
|
||||||
|
"sortBy": "Max",
|
||||||
|
"sortDesc": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum by(method, status_code) (rate(https_requests_served{status_code!~\"2.+\", job=\"tricot\", service=\"$service\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{method}} {{status_code}}",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Status != 200 OK",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 0,
|
||||||
|
"gradientMode": "opacity",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "never",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "none"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "s"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 10,
|
||||||
|
"x": 0,
|
||||||
|
"y": 17
|
||||||
|
},
|
||||||
|
"id": 16,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [
|
||||||
|
"mean",
|
||||||
|
"max"
|
||||||
|
],
|
||||||
|
"displayMode": "table",
|
||||||
|
"placement": "right",
|
||||||
|
"showLegend": true,
|
||||||
|
"sortBy": "Mean",
|
||||||
|
"sortDesc": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.2.6",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum by (target_addr)(rate(https_request_proxy_duration_sum{job=\"tricot\",service=\"$service\"}[$__rate_interval])) / sum by (target_addr)(rate(https_request_proxy_duration_count{job=\"tricot\",service=\"$service\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"interval": "",
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{target_addr}}",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Response time per backend",
|
||||||
|
"type": "timeseries"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": []
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 4,
|
||||||
|
"x": 10,
|
||||||
|
"y": 17
|
||||||
|
},
|
||||||
|
"id": 18,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"pieType": "donut",
|
||||||
|
"reduceOptions": {
|
||||||
|
"calcs": [
|
||||||
|
"lastNotNull"
|
||||||
|
],
|
||||||
|
"fields": "",
|
||||||
|
"values": false
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pluginVersion": "9.3.1",
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum (rate(https_requests_served{job=\"tricot\", same_site=\"true\", same_node=\"true\", service=\"$service\"}[$__range]))",
|
||||||
|
"instant": true,
|
||||||
|
"legendFormat": "Local node",
|
||||||
|
"range": false,
|
||||||
|
"refId": "A"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum (rate(https_requests_served{job=\"tricot\", same_site=\"true\", same_node=\"false\",service=\"$service\"}[$__range]))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": true,
|
||||||
|
"legendFormat": "Node in same site",
|
||||||
|
"range": false,
|
||||||
|
"refId": "B"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum (rate(https_requests_served{job=\"tricot\", same_site=\"false\",service=\"$service\"}[$__range]))",
|
||||||
|
"hide": false,
|
||||||
|
"instant": true,
|
||||||
|
"legendFormat": "Node in another site",
|
||||||
|
"range": false,
|
||||||
|
"refId": "C"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Requests served by",
|
||||||
|
"type": "piechart"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"fieldConfig": {
|
||||||
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "bars",
|
||||||
|
"fillOpacity": 100,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "auto",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "reqps"
|
||||||
|
},
|
||||||
|
"overrides": []
|
||||||
|
},
|
||||||
|
"gridPos": {
|
||||||
|
"h": 8,
|
||||||
|
"w": 10,
|
||||||
|
"x": 14,
|
||||||
|
"y": 17
|
||||||
|
},
|
||||||
|
"id": 15,
|
||||||
|
"options": {
|
||||||
|
"legend": {
|
||||||
|
"calcs": [
|
||||||
|
"mean",
|
||||||
|
"max"
|
||||||
|
],
|
||||||
|
"displayMode": "table",
|
||||||
|
"placement": "right",
|
||||||
|
"showLegend": true,
|
||||||
|
"sortBy": "Max",
|
||||||
|
"sortDesc": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "single",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"editorMode": "code",
|
||||||
|
"exemplar": false,
|
||||||
|
"expr": "sum by(target_addr, method, status_code) (rate(https_requests_served{status_code!~\"2.+\", job=\"tricot\", service=\"$service\"}[$__rate_interval]))",
|
||||||
|
"instant": false,
|
||||||
|
"key": "Q-b2139746-a221-47de-a50b-fadc128d0021-0",
|
||||||
|
"legendFormat": "{{target_addr}} {{method}} {{status_code}}",
|
||||||
|
"range": true,
|
||||||
|
"refId": "A"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"title": "Status != 200 OK, per backend",
|
||||||
|
"type": "timeseries"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"refresh": "10s",
|
||||||
|
"schemaVersion": 38,
|
||||||
|
"style": "dark",
|
||||||
|
"tags": [],
|
||||||
|
"templating": {
|
||||||
|
"list": [
|
||||||
|
{
|
||||||
|
"current": {},
|
||||||
|
"datasource": {
|
||||||
|
"type": "prometheus",
|
||||||
|
"uid": "${DS_DS_PROMETHEUS}"
|
||||||
|
},
|
||||||
|
"definition": "https_requests_served{job=\"tricot\"}",
|
||||||
|
"hide": 0,
|
||||||
|
"includeAll": false,
|
||||||
|
"multi": false,
|
||||||
|
"name": "service",
|
||||||
|
"options": [],
|
||||||
|
"query": {
|
||||||
|
"query": "https_requests_served{job=\"tricot\"}",
|
||||||
|
"refId": "StandardVariableQuery"
|
||||||
|
},
|
||||||
|
"refresh": 1,
|
||||||
|
"regex": "/service=\"([a-z0-9-]+)\"/",
|
||||||
|
"skipUrlSync": false,
|
||||||
|
"sort": 0,
|
||||||
|
"type": "query"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"time": {
|
||||||
|
"from": "now-30m",
|
||||||
|
"to": "now"
|
||||||
|
},
|
||||||
|
"timepicker": {},
|
||||||
|
"timezone": "",
|
||||||
|
"title": "Tricot per-service",
|
||||||
|
"uid": "u930OPFVz",
|
||||||
|
"version": 1,
|
||||||
|
"weekStart": ""
|
||||||
|
}
|
|
@ -1,5 +1,5 @@
|
||||||
job "telemetry-service" {
|
job "telemetry-service" {
|
||||||
datacenters = ["neptune", "orion"]
|
datacenters = ["neptune", "scorpio"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
|
||||||
group "grafana" {
|
group "grafana" {
|
||||||
|
@ -19,7 +19,7 @@ job "telemetry-service" {
|
||||||
|
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "litestream/litestream:0.3.7"
|
image = "litestream/litestream:0.3.13"
|
||||||
args = [
|
args = [
|
||||||
"restore", "-config", "/etc/litestream.yml", "/ephemeral/grafana.db"
|
"restore", "-config", "/etc/litestream.yml", "/ephemeral/grafana.db"
|
||||||
]
|
]
|
||||||
|
@ -36,7 +36,8 @@ job "telemetry-service" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 200
|
memory = 50
|
||||||
|
memory_max = 200
|
||||||
cpu = 100
|
cpu = 100
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -44,7 +45,7 @@ job "telemetry-service" {
|
||||||
task "grafana" {
|
task "grafana" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "grafana/grafana:9.3.2"
|
image = "grafana/grafana:10.3.4"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "grafana" ]
|
ports = [ "grafana" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
|
@ -75,7 +76,8 @@ EOH
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 500
|
memory = 100
|
||||||
|
memory_max = 400
|
||||||
cpu = 500
|
cpu = 500
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -106,7 +108,7 @@ EOH
|
||||||
task "replicate-db" {
|
task "replicate-db" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "litestream/litestream:0.3.7"
|
image = "litestream/litestream:0.3.13"
|
||||||
args = [
|
args = [
|
||||||
"replicate", "-config", "/etc/litestream.yml"
|
"replicate", "-config", "/etc/litestream.yml"
|
||||||
]
|
]
|
||||||
|
@ -123,7 +125,8 @@ EOH
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 200
|
memory = 50
|
||||||
|
memory_max = 200
|
||||||
cpu = 100
|
cpu = 100
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ job "telemetry-storage" {
|
||||||
task "prometheus" {
|
task "prometheus" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "prom/prometheus:v2.41.0"
|
image = "prom/prometheus:v2.46.0"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "prometheus" ]
|
ports = [ "prometheus" ]
|
||||||
args = [
|
args = [
|
||||||
|
@ -70,7 +70,8 @@ job "telemetry-storage" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 1000
|
memory = 1500
|
||||||
|
memory_max = 4000
|
||||||
cpu = 1000
|
cpu = 1000
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "telemetry-system" {
|
job "telemetry-system" {
|
||||||
datacenters = ["neptune", "orion", "bespin"]
|
datacenters = ["neptune", "scorpio", "bespin"]
|
||||||
type = "system"
|
type = "system"
|
||||||
priority = "100"
|
priority = "100"
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@ job "telemetry-system" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "quay.io/prometheus/node-exporter:v1.4.0"
|
image = "quay.io/prometheus/node-exporter:v1.6.1"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
volumes = [
|
volumes = [
|
||||||
"/:/host:ro,rslave"
|
"/:/host:ro,rslave"
|
||||||
|
|
159
cluster/prod/app/woodpecker-ci/deploy/server.hcl
Normal file
159
cluster/prod/app/woodpecker-ci/deploy/server.hcl
Normal file
|
@ -0,0 +1,159 @@
|
||||||
|
job "woodpecker-ci" {
|
||||||
|
datacenters = ["neptune", "scorpio"]
|
||||||
|
type = "service"
|
||||||
|
|
||||||
|
group "server" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "web_port" {
|
||||||
|
static = 14080
|
||||||
|
to = 14080
|
||||||
|
}
|
||||||
|
port "grpc_port" {
|
||||||
|
static = 14090
|
||||||
|
to = 14090
|
||||||
|
}
|
||||||
|
port "grpc_tls_port" {
|
||||||
|
static = 14453
|
||||||
|
to = 14453
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "server" {
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
image = "woodpeckerci/woodpecker-server:v2.3.0"
|
||||||
|
ports = [ "web_port", "grpc_port" ]
|
||||||
|
network_mode = "host"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
WOODPECKER_OPEN=true
|
||||||
|
WOODPECKER_ORGS=Deuxfleurs
|
||||||
|
WOODPECKER_ADMIN=lx
|
||||||
|
|
||||||
|
WOODPECKER_HOST=https://woodpecker.deuxfleurs.fr
|
||||||
|
WOODPECKER_AGENT_SECRET={{ key "secrets/woodpecker-ci/agent_secret" }}
|
||||||
|
|
||||||
|
# secret encryption is broken in woodpecker currently
|
||||||
|
# WOODPECKER_ENCRYPTION_KEY={{ key "secrets/woodpecker-ci/secrets_encryption_key" }}
|
||||||
|
|
||||||
|
WOODPECKER_SERVER_ADDR=[::]:14080
|
||||||
|
WOODPECKER_GRPC_ADDR=[::]:14090
|
||||||
|
# WOODPECKER_GRPC_SECRET={{ key "secrets/woodpecker-ci/grpc_secret" }}
|
||||||
|
|
||||||
|
WOODPECKER_DATABASE_DRIVER=postgres
|
||||||
|
WOODPECKER_DATABASE_DATASOURCE=postgres://woodpecker:{{ key "secrets/woodpecker-ci/db_password" | trimSpace }}@{{ env "meta.site" }}.psql-proxy.service.prod.consul:5432/woodpecker?sslmode=disable
|
||||||
|
|
||||||
|
WOODPECKER_GITEA=true
|
||||||
|
WOODPECKER_GITEA_URL=https://git.deuxfleurs.fr
|
||||||
|
WOODPECKER_GITEA_CLIENT={{ key "secrets/woodpecker-ci/oauth_client_id" }}
|
||||||
|
WOODPECKER_GITEA_SECRET={{ key "secrets/woodpecker-ci/oauth_client_secret" }}
|
||||||
|
|
||||||
|
WOODPECKER_LOG_LEVEL=debug
|
||||||
|
WOODPECKER_ENVIRONMENT=NIX_REMOTE:daemon
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 100
|
||||||
|
memory = 200
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "woodpecker"
|
||||||
|
tags = [
|
||||||
|
"woodpecker",
|
||||||
|
"tricot woodpecker.deuxfleurs.fr",
|
||||||
|
"d53-cname woodpecker.deuxfleurs.fr",
|
||||||
|
]
|
||||||
|
port = "web_port"
|
||||||
|
address_mode = "host"
|
||||||
|
/*
|
||||||
|
check {
|
||||||
|
type = "http"
|
||||||
|
protocol = "http"
|
||||||
|
port = "web_port"
|
||||||
|
path = "/"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "600s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
service {
|
||||||
|
name = "woodpecker-grpc"
|
||||||
|
tags = [
|
||||||
|
"woodpecker-grpc",
|
||||||
|
]
|
||||||
|
port = "grpc_port"
|
||||||
|
address_mode = "host"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "grpc_tls" {
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
image = "nginx:1.25.3"
|
||||||
|
ports = [ "grpc_tls_port" ]
|
||||||
|
volumes = [
|
||||||
|
"secrets/ssl/certs:/etc/ssl/certs",
|
||||||
|
"secrets/ssl/private:/etc/ssl/private",
|
||||||
|
"secrets/conf/:/etc/nginx/",
|
||||||
|
]
|
||||||
|
network_mode = "host"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
events {}
|
||||||
|
http {
|
||||||
|
server {
|
||||||
|
listen 0.0.0.0:14453 ssl;
|
||||||
|
listen [::]:14453 ssl;
|
||||||
|
http2 on;
|
||||||
|
server_name woodpecker.deuxfleurs.fr;
|
||||||
|
|
||||||
|
ssl_certificate "/etc/ssl/certs/woodpecker.cert";
|
||||||
|
ssl_certificate_key "/etc/ssl/certs/woodpecker.key";
|
||||||
|
|
||||||
|
location / {
|
||||||
|
grpc_pass grpc://woodpecker-grpc.service.prod.consul:14090;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOH
|
||||||
|
destination = "secrets/conf/nginx.conf"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ with $d := key \"tricot/certs/woodpecker.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
|
||||||
|
destination = "secrets/ssl/certs/woodpecker.key"
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
data = "{{ with $d := key \"tricot/certs/woodpecker.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
|
||||||
|
destination = "secrets/ssl/certs/woodpecker.cert"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "woodpecker-grpc-tls"
|
||||||
|
tags = [
|
||||||
|
"woodpecker-grpc-tls",
|
||||||
|
"d53-a woodpecker-grpc.deuxfleurs.fr",
|
||||||
|
"d53-aaaa woodpecker-grpc.deuxfleurs.fr",
|
||||||
|
"(diplonat (tcp_port 14453))"
|
||||||
|
]
|
||||||
|
port = "grpc_tls_port"
|
||||||
|
address_mode = "host"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
54
cluster/prod/app/woodpecker-ci/integration/README.md
Normal file
54
cluster/prod/app/woodpecker-ci/integration/README.md
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
## Install Debian
|
||||||
|
|
||||||
|
We recommend Debian Bullseye
|
||||||
|
|
||||||
|
## Install Docker CE from docker.io
|
||||||
|
|
||||||
|
Do not use the docker engine shipped by Debian
|
||||||
|
|
||||||
|
Doc:
|
||||||
|
|
||||||
|
- https://docs.docker.com/engine/install/debian/
|
||||||
|
- https://docs.docker.com/compose/install/
|
||||||
|
|
||||||
|
On a fresh install, as root:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Remove all pre-existing packages
|
||||||
|
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do apt-get remove $pkg; done
|
||||||
|
|
||||||
|
# Add Docker's official GPG key:
|
||||||
|
apt-get update
|
||||||
|
apt-get install ca-certificates curl
|
||||||
|
install -m 0755 -d /etc/apt/keyrings
|
||||||
|
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||||||
|
chmod a+r /etc/apt/keyrings/docker.asc
|
||||||
|
|
||||||
|
# Add the repository to Apt sources:
|
||||||
|
echo \
|
||||||
|
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
|
||||||
|
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
|
||||||
|
tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||||
|
apt-get update
|
||||||
|
|
||||||
|
# Install Docker
|
||||||
|
apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||||||
|
```
|
||||||
|
|
||||||
|
## Install the runner
|
||||||
|
|
||||||
|
```bash
|
||||||
|
wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/nix.conf
|
||||||
|
wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/docker-compose.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
Create a new Agent for your runner in the Woodpecker admin, and copy the agent secret value.
|
||||||
|
|
||||||
|
Edit `docker-compose.yml` and insert your agent secret as the value for WOODPECKER_AGENT_SECRET.
|
||||||
|
Update other values including hostname and max workflows for your runner.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
COMPOSE_PROJECT_NAME=woodpecker docker-compose up -d
|
||||||
|
```
|
||||||
|
|
||||||
|
That's all folks.
|
|
@ -0,0 +1,33 @@
|
||||||
|
version: '3.4'
|
||||||
|
services:
|
||||||
|
nix-daemon:
|
||||||
|
image: nixpkgs/nix:nixos-22.05
|
||||||
|
restart: always
|
||||||
|
command: nix-daemon
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- "nix:/nix"
|
||||||
|
- "./nix.conf:/etc/nix/nix.conf:ro"
|
||||||
|
|
||||||
|
woodpecker-runner:
|
||||||
|
image: woodpeckerci/woodpecker-agent:v2.3.0
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
# -- change these for each agent
|
||||||
|
- WOODPECKER_HOSTNAME=i_forgot_to_change_my_runner_name
|
||||||
|
- WOODPECKER_AGENT_SECRET=xxxx
|
||||||
|
- WOODPECKER_MAX_WORKFLOWS=4
|
||||||
|
# -- if not using COMPOSE_PROJECT_NAME=woodpecker, change name of volume to mount
|
||||||
|
- WOODPECKER_BACKEND_DOCKER_VOLUMES=woodpecker_nix:/nix:ro
|
||||||
|
# -- should not need change
|
||||||
|
- WOODPECKER_SERVER=woodpecker-grpc.deuxfleurs.fr:14453
|
||||||
|
- WOODPECKER_HEALTHCHECK=false
|
||||||
|
- WOODPECKER_GRPC_SECURE=true
|
||||||
|
- WOODPECKER_LOG_LEVEL=info
|
||||||
|
- WOODPECKER_DEBUG_PRETTY=true
|
||||||
|
- WOODPECKER_ENVIRONMENT=NIX_REMOTE:daemon
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
nix:
|
|
@ -1,84 +1,85 @@
|
||||||
{ config, pkgs, ... } @ args:
|
{ config, pkgs, ... } @ args:
|
||||||
|
|
||||||
{
|
{
|
||||||
deuxfleurs.cluster_name = "prod";
|
deuxfleurs.clusterName = "prod";
|
||||||
|
|
||||||
# The IP range to use for the Wireguard overlay of this cluster
|
# The IP range to use for the Wireguard overlay of this cluster
|
||||||
deuxfleurs.cluster_prefix = "10.83.0.0";
|
deuxfleurs.clusterPrefix = "10.83.0.0/16";
|
||||||
deuxfleurs.cluster_prefix_length = 16;
|
|
||||||
|
|
||||||
deuxfleurs.cluster_nodes = [
|
deuxfleurs.clusterNodes = {
|
||||||
{
|
"concombre" = {
|
||||||
hostname = "concombre";
|
siteName = "neptune";
|
||||||
site_name = "neptune";
|
|
||||||
publicKey = "VvXT0fPDfWsHxumZqVShpS33dJQAdpJ1E79ZbCBJP34=";
|
publicKey = "VvXT0fPDfWsHxumZqVShpS33dJQAdpJ1E79ZbCBJP34=";
|
||||||
IP = "10.83.1.1";
|
address = "10.83.1.1";
|
||||||
endpoint = "77.207.15.215:33731";
|
endpoint = "82.67.87.112:33731";
|
||||||
}
|
};
|
||||||
{
|
"courgette" = {
|
||||||
hostname = "courgette";
|
siteName = "neptune";
|
||||||
site_name = "neptune";
|
|
||||||
publicKey = "goTkBJGmzrGDOAjUcdH9G0JekipqSMoaYQdB6IHnzi0=";
|
publicKey = "goTkBJGmzrGDOAjUcdH9G0JekipqSMoaYQdB6IHnzi0=";
|
||||||
IP = "10.83.1.2";
|
address = "10.83.1.2";
|
||||||
endpoint = "77.207.15.215:33732";
|
endpoint = "82.67.87.112:33732";
|
||||||
}
|
};
|
||||||
{
|
"celeri" = {
|
||||||
hostname = "celeri";
|
siteName = "neptune";
|
||||||
site_name = "neptune";
|
|
||||||
publicKey = "oZDAb8LoLW87ktUHyFFec0VaIar97bqq47mGbdVqJ0U=";
|
publicKey = "oZDAb8LoLW87ktUHyFFec0VaIar97bqq47mGbdVqJ0U=";
|
||||||
IP = "10.83.1.3";
|
address = "10.83.1.3";
|
||||||
endpoint = "77.207.15.215:33733";
|
endpoint = "82.67.87.112:33733";
|
||||||
}
|
};
|
||||||
{
|
/*
|
||||||
hostname = "dahlia";
|
"dahlia" = {
|
||||||
site_name = "orion";
|
siteName = "orion";
|
||||||
publicKey = "EtRoWBYCdjqgXX0L+uWLg8KxNfIK8k9OTh30tL19bXU=";
|
publicKey = "EtRoWBYCdjqgXX0L+uWLg8KxNfIK8k9OTh30tL19bXU=";
|
||||||
IP = "10.83.2.1";
|
address = "10.83.2.1";
|
||||||
endpoint = "82.66.80.201:33731";
|
endpoint = "82.66.80.201:33731";
|
||||||
}
|
};
|
||||||
{
|
"diplotaxis" = {
|
||||||
hostname = "diplotaxis";
|
siteName = "orion";
|
||||||
site_name = "orion";
|
|
||||||
publicKey = "HbLC938mysadMSOxWgq8+qrv+dBKzPP/43OMJp/3phA=";
|
publicKey = "HbLC938mysadMSOxWgq8+qrv+dBKzPP/43OMJp/3phA=";
|
||||||
IP = "10.83.2.2";
|
address = "10.83.2.2";
|
||||||
endpoint = "82.66.80.201:33732";
|
endpoint = "82.66.80.201:33732";
|
||||||
}
|
};
|
||||||
{
|
"doradille" = {
|
||||||
hostname = "doradille";
|
siteName = "orion";
|
||||||
site_name = "orion";
|
|
||||||
publicKey = "e1C8jgTj9eD20ywG08G1FQZ+Js3wMK/msDUE1wO3l1Y=";
|
publicKey = "e1C8jgTj9eD20ywG08G1FQZ+Js3wMK/msDUE1wO3l1Y=";
|
||||||
IP = "10.83.2.3";
|
address = "10.83.2.3";
|
||||||
endpoint = "82.66.80.201:33733";
|
endpoint = "82.66.80.201:33733";
|
||||||
}
|
};
|
||||||
{
|
*/
|
||||||
hostname = "df-ykl";
|
"df-ykl" = {
|
||||||
site_name = "bespin";
|
siteName = "bespin";
|
||||||
publicKey = "bIjxey/VhBgVrLa0FxN/KISOt2XFmQeSh1MPivUq9gg=";
|
publicKey = "bIjxey/VhBgVrLa0FxN/KISOt2XFmQeSh1MPivUq9gg=";
|
||||||
IP = "10.83.3.1";
|
address = "10.83.3.1";
|
||||||
endpoint = "109.136.55.235:33731";
|
endpoint = "109.136.139.78:33731";
|
||||||
}
|
};
|
||||||
{
|
"df-ymf" = {
|
||||||
hostname = "df-ymf";
|
siteName = "bespin";
|
||||||
site_name = "bespin";
|
|
||||||
publicKey = "pUIKv8UBl586O7DBrHBsb9BgNU7WlYQ2r2RSNkD+JAQ=";
|
publicKey = "pUIKv8UBl586O7DBrHBsb9BgNU7WlYQ2r2RSNkD+JAQ=";
|
||||||
IP = "10.83.3.2";
|
address = "10.83.3.2";
|
||||||
endpoint = "109.136.55.235:33732";
|
endpoint = "109.136.139.78:33732";
|
||||||
}
|
};
|
||||||
{
|
"df-ymk" = {
|
||||||
hostname = "df-ymk";
|
siteName = "bespin";
|
||||||
site_name = "bespin";
|
|
||||||
publicKey = "VBmpo15iIJP7250NAsF+ryhZc3j+8TZFnE1Djvn5TXI=";
|
publicKey = "VBmpo15iIJP7250NAsF+ryhZc3j+8TZFnE1Djvn5TXI=";
|
||||||
IP = "10.83.3.3";
|
address = "10.83.3.3";
|
||||||
endpoint = "109.136.55.235:33733";
|
endpoint = "109.136.139.78:33733";
|
||||||
}
|
};
|
||||||
{
|
"abricot" = {
|
||||||
hostname = "abricot";
|
siteName = "scorpio";
|
||||||
site_name = "scorpio";
|
|
||||||
publicKey = "Sm9cmNZ/BfWVPFflMO+fuyiera4r203b/dKhHTQmBFg=";
|
publicKey = "Sm9cmNZ/BfWVPFflMO+fuyiera4r203b/dKhHTQmBFg=";
|
||||||
IP = "10.83.4.1";
|
address = "10.83.4.1";
|
||||||
endpoint = "82.65.41.110:33741";
|
endpoint = "82.65.41.110:33741";
|
||||||
}
|
};
|
||||||
];
|
"ananas" = {
|
||||||
|
siteName = "scorpio";
|
||||||
|
publicKey = "YC78bXUaAQ02gz0bApenM4phIo/oMPR78QCmyG0tay4=";
|
||||||
|
address = "10.83.4.2";
|
||||||
|
endpoint = "82.65.41.110:33742";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Pin Nomad version
|
||||||
|
services.nomad.package = pkgs.nomad_1_6;
|
||||||
|
nixpkgs.config.allowUnfree = true; # Accept nomad's BSL license
|
||||||
|
|
||||||
# Bootstrap IPs for Consul cluster,
|
# Bootstrap IPs for Consul cluster,
|
||||||
# these are IPs on the Wireguard overlay
|
# these are IPs on the Wireguard overlay
|
||||||
|
@ -88,7 +89,7 @@
|
||||||
"10.83.3.1" # df-ykl
|
"10.83.3.1" # df-ykl
|
||||||
];
|
];
|
||||||
|
|
||||||
deuxfleurs.admin_accounts = {
|
deuxfleurs.adminAccounts = {
|
||||||
lx = [
|
lx = [
|
||||||
# Keys for accessing nodes from outside
|
# Keys for accessing nodes from outside
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
|
||||||
|
@ -111,6 +112,31 @@
|
||||||
baptiste = [
|
baptiste = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax"
|
||||||
];
|
];
|
||||||
|
aeddis = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
|
||||||
|
];
|
||||||
|
boris = [
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
|
||||||
|
];
|
||||||
|
vincent = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
|
||||||
|
];
|
||||||
|
armael = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOoPghSM72AVp1zATgQzeLkuoGuP9uUTTAtwliyWoix"
|
||||||
|
];
|
||||||
|
marion = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzOhSTEOudBWCHi5wHc6MP0xjJJhuIDZEcx+hP6kz9N"
|
||||||
|
];
|
||||||
|
darkgallium = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJX0A2P59or83EKhh32o8XumGz0ToTEsoq89hMbMtr7h"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB540H9kn+Ocs4Wjc1Y3f3OkHFYEqc5IM/FiCyoVVoh3"
|
||||||
|
];
|
||||||
|
kokakiwi = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPTsEgcOtb2bij+Ih8eg8ZqO7d3IMiWykv6deMzlSSS kokakiwi@kira"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# For Garage external communication
|
# For Garage external communication
|
||||||
|
|
|
@ -7,6 +7,5 @@ df-ymf.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2el374ejNXqF+
|
||||||
celeri.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuY1CvhxBP9BtKkTlmOUu6Hhy8OQTB3R8OCFXbHA/RA
|
celeri.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuY1CvhxBP9BtKkTlmOUu6Hhy8OQTB3R8OCFXbHA/RA
|
||||||
concombre.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR
|
concombre.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR
|
||||||
courgette.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
|
courgette.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
|
||||||
192.168.1.115 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhHUQtc5lukPMFkiWf/sTgaUpwNFXHCJoQKu4ooRFy+
|
|
||||||
192.168.1.41 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhHUQtc5lukPMFkiWf/sTgaUpwNFXHCJoQKu4ooRFy+
|
|
||||||
abricot.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhHUQtc5lukPMFkiWf/sTgaUpwNFXHCJoQKu4ooRFy+
|
abricot.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhHUQtc5lukPMFkiWf/sTgaUpwNFXHCJoQKu4ooRFy+
|
||||||
|
ananas.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHs0zAyBy70oyV56qaMaMAKR7VjEDnsm5LEyZJbM95BL
|
||||||
|
|
|
@ -8,12 +8,7 @@
|
||||||
boot.loader.timeout = 20;
|
boot.loader.timeout = 20;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "abricot";
|
deuxfleurs.hostName = "abricot";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.1.41";
|
||||||
deuxfleurs.network_interface = "eno1";
|
deuxfleurs.staticIPv6.address = "2a01:e0a:e4:2dd0::41";
|
||||||
deuxfleurs.lan_ip = "192.168.1.41";
|
|
||||||
deuxfleurs.ipv6 = "2a01:e0a:e4:2dd0::41";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.4.1";
|
|
||||||
deuxfleurs.is_raft_server = false;
|
|
||||||
}
|
}
|
||||||
|
|
15
cluster/prod/node/ananas.nix
Normal file
15
cluster/prod/node/ananas.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# Configuration file local to this node
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.timeout = 20;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
deuxfleurs.hostName = "ananas";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.1.42";
|
||||||
|
deuxfleurs.staticIPv6.address = "2a01:e0a:e4:2dd0::42";
|
||||||
|
deuxfleurs.isRaftServer = true;
|
||||||
|
}
|
1
cluster/prod/node/ananas.site.nix
Symbolic link
1
cluster/prod/node/ananas.site.nix
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../site/scorpio.nix
|
|
@ -8,12 +8,7 @@
|
||||||
boot.loader.timeout = 20;
|
boot.loader.timeout = 20;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "celeri";
|
deuxfleurs.hostName = "celeri";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.1.33";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2001:910:1204:1::33";
|
||||||
deuxfleurs.lan_ip = "192.168.1.33";
|
|
||||||
deuxfleurs.ipv6 = "2001:910:1204:1::33";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.1.3";
|
|
||||||
deuxfleurs.is_raft_server = false;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,12 +8,8 @@
|
||||||
boot.loader.timeout = 20;
|
boot.loader.timeout = 20;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "concombre";
|
deuxfleurs.hostName = "concombre";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.1.31";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2001:910:1204:1::31";
|
||||||
deuxfleurs.lan_ip = "192.168.1.31";
|
deuxfleurs.isRaftServer = true;
|
||||||
deuxfleurs.ipv6 = "2001:910:1204:1::31";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.1.1";
|
|
||||||
deuxfleurs.is_raft_server = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,12 +8,7 @@
|
||||||
boot.loader.timeout = 20;
|
boot.loader.timeout = 20;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "courgette";
|
deuxfleurs.hostName = "courgette";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.1.32";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2001:910:1204:1::32";
|
||||||
deuxfleurs.lan_ip = "192.168.1.32";
|
|
||||||
deuxfleurs.ipv6 = "2001:910:1204:1::32";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.1.2";
|
|
||||||
deuxfleurs.is_raft_server = false;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,12 +7,7 @@
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "dahlia";
|
deuxfleurs.hostName = "dahlia";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.1.11";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2a01:e0a:28f:5e60::11";
|
||||||
deuxfleurs.lan_ip = "192.168.1.11";
|
|
||||||
deuxfleurs.ipv6 = "2a01:e0a:28f:5e60::11";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.2.1";
|
|
||||||
deuxfleurs.is_raft_server = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,14 +7,10 @@
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "df-ykl";
|
deuxfleurs.hostName = "df-ykl";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.5.117";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e86c";
|
||||||
deuxfleurs.lan_ip = "192.168.5.117";
|
deuxfleurs.isRaftServer = true;
|
||||||
deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e86c";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.3.1";
|
|
||||||
deuxfleurs.is_raft_server = true;
|
|
||||||
|
|
||||||
fileSystems."/mnt" = {
|
fileSystems."/mnt" = {
|
||||||
device = "/dev/disk/by-uuid/f7aa396f-23d0-44d3-89cf-3cb00bbb6c3b";
|
device = "/dev/disk/by-uuid/f7aa396f-23d0-44d3-89cf-3cb00bbb6c3b";
|
||||||
|
|
|
@ -7,14 +7,9 @@
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "df-ymf";
|
deuxfleurs.hostName = "df-ymf";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.5.134";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2a02:a03f:6510:5102:6e4b:90ff:fe3a:6174";
|
||||||
deuxfleurs.lan_ip = "192.168.5.134";
|
|
||||||
deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3a:6174";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.3.2";
|
|
||||||
deuxfleurs.is_raft_server = false;
|
|
||||||
|
|
||||||
fileSystems."/mnt" = {
|
fileSystems."/mnt" = {
|
||||||
device = "/dev/disk/by-uuid/fec20a7e-5019-4747-8f73-77f3f196c122";
|
device = "/dev/disk/by-uuid/fec20a7e-5019-4747-8f73-77f3f196c122";
|
||||||
|
|
|
@ -7,14 +7,9 @@
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "df-ymk";
|
deuxfleurs.hostName = "df-ymk";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.5.116";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e939";
|
||||||
deuxfleurs.lan_ip = "192.168.5.116";
|
|
||||||
deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e939";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.3.3";
|
|
||||||
deuxfleurs.is_raft_server = false;
|
|
||||||
|
|
||||||
fileSystems."/mnt" = {
|
fileSystems."/mnt" = {
|
||||||
device = "/dev/disk/by-uuid/51d95b17-0e06-4a73-9e4e-ae5363cc4015";
|
device = "/dev/disk/by-uuid/51d95b17-0e06-4a73-9e4e-ae5363cc4015";
|
||||||
|
|
|
@ -8,12 +8,7 @@
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only
|
boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only
|
||||||
|
|
||||||
networking.hostName = "diplotaxis";
|
deuxfleurs.hostName = "diplotaxis";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.1.12";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2a01:e0a:28f:5e60::12";
|
||||||
deuxfleurs.lan_ip = "192.168.1.12";
|
|
||||||
deuxfleurs.ipv6 = "2a01:e0a:28f:5e60::12";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.2.2";
|
|
||||||
deuxfleurs.is_raft_server = false;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,12 +8,7 @@
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only
|
boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only
|
||||||
|
|
||||||
networking.hostName = "doradille";
|
deuxfleurs.hostName = "doradille";
|
||||||
|
deuxfleurs.staticIPv4.address = "192.168.1.13";
|
||||||
deuxfleurs.network_interface = "enp0s31f6";
|
deuxfleurs.staticIPv6.address = "2a01:e0a:28f:5e60::13";
|
||||||
deuxfleurs.lan_ip = "192.168.1.13";
|
|
||||||
deuxfleurs.ipv6 = "2a01:e0a:28f:5e60::13";
|
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.83.2.3";
|
|
||||||
deuxfleurs.is_raft_server = false;
|
|
||||||
}
|
}
|
||||||
|
|
44
cluster/prod/register_external_services.sh
Executable file
44
cluster/prod/register_external_services.sh
Executable file
|
@ -0,0 +1,44 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# Bruxelles (bespin): git forge at git.deuxfleurs.fr
|
||||||
|
|
||||||
|
curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
|
||||||
|
{
|
||||||
|
"Datacenter": "prod",
|
||||||
|
"Node": "gitea",
|
||||||
|
"Address": "192.168.5.200",
|
||||||
|
"NodeMeta": {
|
||||||
|
"site": "bespin",
|
||||||
|
"cname_target": "bespin.site.deuxfleurs.fr."
|
||||||
|
},
|
||||||
|
"Service": {
|
||||||
|
"Service": "gitea",
|
||||||
|
"Tags": ["tricot git.deuxfleurs.fr"],
|
||||||
|
"Address": "192.168.5.200",
|
||||||
|
"Port": 3001
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Lille (scorpio): ADRN's personnal services under luxeylab.net
|
||||||
|
|
||||||
|
curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
|
||||||
|
{
|
||||||
|
"Datacenter": "prod",
|
||||||
|
"Node": "spoutnik",
|
||||||
|
"Address": "192.168.1.51",
|
||||||
|
"NodeMeta": {
|
||||||
|
"site": "scorpio",
|
||||||
|
"cname_target": "scorpio.site.deuxfleurs.fr."
|
||||||
|
},
|
||||||
|
"Service": {
|
||||||
|
"Service": "adrien-nginx",
|
||||||
|
"Tags": [
|
||||||
|
"tricot-https *.luxeylab.net",
|
||||||
|
"tricot-https *.zinz.dev"
|
||||||
|
],
|
||||||
|
"Address": "192.168.1.51",
|
||||||
|
"Port": 443
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
|
@ -1,17 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
|
|
||||||
curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
|
|
||||||
{
|
|
||||||
"Datacenter": "prod",
|
|
||||||
"Node": "spoutnik",
|
|
||||||
"Address": "192.168.1.60",
|
|
||||||
"NodeMeta": { "somekey": "bidon" },
|
|
||||||
"Service": {
|
|
||||||
"Service": "adrien-nginx",
|
|
||||||
"Tags": ["tricot-https *.luxeylab.net"],
|
|
||||||
"Address": "192.168.1.60",
|
|
||||||
"Port": 443
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
|
@ -1,13 +1,17 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
deuxfleurs.site_name = "bespin";
|
deuxfleurs.siteName = "bespin";
|
||||||
deuxfleurs.lan_default_gateway = "192.168.5.254";
|
deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254";
|
||||||
deuxfleurs.ipv6_default_gateway = "2a02:a03f:6510:5102::1";
|
deuxfleurs.cnameTarget = "bespin.site.deuxfleurs.fr.";
|
||||||
deuxfleurs.lan_ip_prefix_length = 24;
|
|
||||||
deuxfleurs.ipv6_prefix_length = 64;
|
|
||||||
deuxfleurs.nameservers = [ "192.168.5.254" ];
|
|
||||||
deuxfleurs.cname_target = "bespin.site.deuxfleurs.fr.";
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
# Allow all ports from gateway for janky UPnP/IGD daemon
|
||||||
|
# networking.firewall = {
|
||||||
|
# extraCommands = ''
|
||||||
|
# iptables -A INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
|
||||||
|
# '';
|
||||||
|
# extraStopCommands = ''
|
||||||
|
# iptables -D INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
|
||||||
|
# '';
|
||||||
|
# };
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
deuxfleurs.site_name = "neptune";
|
deuxfleurs.siteName = "neptune";
|
||||||
deuxfleurs.lan_default_gateway = "192.168.1.1";
|
deuxfleurs.staticIPv4.defaultGateway = "192.168.1.254";
|
||||||
deuxfleurs.ipv6_default_gateway = "2001:910:1204:1::1";
|
deuxfleurs.cnameTarget = "neptune.site.deuxfleurs.fr.";
|
||||||
deuxfleurs.lan_ip_prefix_length = 24;
|
deuxfleurs.publicIPv4 = "77.207.15.215";
|
||||||
deuxfleurs.ipv6_prefix_length = 64;
|
|
||||||
deuxfleurs.nameservers = [ "192.168.1.1" ];
|
|
||||||
deuxfleurs.cname_target = "neptune.site.deuxfleurs.fr.";
|
|
||||||
deuxfleurs.public_ipv4 = "77.207.15.215";
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
deuxfleurs.site_name = "orion";
|
deuxfleurs.siteName = "orion";
|
||||||
deuxfleurs.lan_default_gateway = "192.168.1.254";
|
deuxfleurs.staticIPv4.defaultGateway = "192.168.1.254";
|
||||||
deuxfleurs.ipv6_default_gateway = "2a01:e0a:28f:5e60::1";
|
deuxfleurs.cnameTarget = "orion.site.deuxfleurs.fr.";
|
||||||
deuxfleurs.lan_ip_prefix_length = 24;
|
deuxfleurs.publicIPv4 = "82.66.80.201";
|
||||||
deuxfleurs.ipv6_prefix_length = 64;
|
|
||||||
deuxfleurs.nameservers = [ "192.168.1.254" ];
|
|
||||||
deuxfleurs.cname_target = "orion.site.deuxfleurs.fr.";
|
|
||||||
deuxfleurs.public_ipv4 = "82.66.80.201";
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
deuxfleurs.site_name = "scorpio";
|
deuxfleurs.siteName = "scorpio";
|
||||||
deuxfleurs.lan_default_gateway = "192.168.1.254";
|
deuxfleurs.staticIPv4.defaultGateway = "192.168.1.254";
|
||||||
deuxfleurs.ipv6_default_gateway = "2a01:e0a:e4:2dd0::1";
|
deuxfleurs.cnameTarget = "scorpio.site.deuxfleurs.fr.";
|
||||||
deuxfleurs.lan_ip_prefix_length = 24;
|
deuxfleurs.publicIPv4 = "82.65.41.110";
|
||||||
deuxfleurs.ipv6_prefix_length = 64;
|
|
||||||
deuxfleurs.nameservers = [ "192.168.1.254" ];
|
|
||||||
deuxfleurs.cname_target = "scorpio.site.deuxfleurs.fr.";
|
|
||||||
deuxfleurs.public_ipv4 = "82.65.41.110";
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,3 +29,7 @@ Host df-ymk
|
||||||
|
|
||||||
Host abricot
|
Host abricot
|
||||||
HostName abricot.machine.deuxfleurs.fr
|
HostName abricot.machine.deuxfleurs.fr
|
||||||
|
|
||||||
|
Host ananas
|
||||||
|
HostName ananas.machine.deuxfleurs.fr
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ job "albatros" {
|
||||||
task "controller" {
|
task "controller" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "dxflrs/albatros:750015b3fff91af8b9b86869411216a06bd13614"
|
image = "dxflrs/albatros:0.9.0-rc.3"
|
||||||
ports = [ "http" ]
|
ports = [ "http" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/certs:/var/run/secrets/albatros"
|
"secrets/certs:/var/run/secrets/albatros"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
job "core-service" {
|
job "core-d53" {
|
||||||
datacenters = ["neptune", "jupiter", "corrin", "bespin"]
|
datacenters = ["neptune", "jupiter", "corrin", "bespin"]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 90
|
priority = 90
|
||||||
|
@ -11,7 +11,7 @@ job "core-service" {
|
||||||
|
|
||||||
config {
|
config {
|
||||||
packages = [
|
packages = [
|
||||||
"git+https://git.deuxfleurs.fr/lx/D53.git?ref=main&rev=86c255dfeabc60b0ef46ff78bc487c61c9548c79"
|
"git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=49d94dae1d753c1f3349be7ea9bc7e7978c0af15"
|
||||||
]
|
]
|
||||||
command = "d53"
|
command = "d53"
|
||||||
}
|
}
|
||||||
|
@ -52,7 +52,7 @@ D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
|
||||||
D53_PROVIDERS=deuxfleurs.org:gandi
|
D53_PROVIDERS=deuxfleurs.org:gandi
|
||||||
D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
|
D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
|
||||||
D53_ALLOWED_DOMAINS=staging.deuxfleurs.org
|
D53_ALLOWED_DOMAINS=staging.deuxfleurs.org
|
||||||
RUST_LOG=d53=info
|
RUST_LOG=d53=debug
|
||||||
EOH
|
EOH
|
||||||
destination = "secrets/env"
|
destination = "secrets/env"
|
||||||
env = true
|
env = true
|
75
cluster/staging/app/core/deploy/diplonat.hcl
Normal file
75
cluster/staging/app/core/deploy/diplonat.hcl
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
job "core-diplonat" {
|
||||||
|
datacenters = ["neptune", "jupiter", "corrin", "bespin"]
|
||||||
|
type = "system"
|
||||||
|
priority = 90
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${attr.cpu.arch}"
|
||||||
|
value = "amd64"
|
||||||
|
}
|
||||||
|
|
||||||
|
update {
|
||||||
|
max_parallel = 3
|
||||||
|
stagger = "20s"
|
||||||
|
}
|
||||||
|
|
||||||
|
group "diplonat" {
|
||||||
|
task "diplonat" {
|
||||||
|
driver = "nix2"
|
||||||
|
|
||||||
|
config {
|
||||||
|
packages = [
|
||||||
|
"#iptables",
|
||||||
|
"#bash",
|
||||||
|
"#coreutils",
|
||||||
|
"git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=843104dad73bfdebb674d3c3ec82af225c20c493"
|
||||||
|
]
|
||||||
|
command = "diplonat"
|
||||||
|
}
|
||||||
|
user = "root"
|
||||||
|
|
||||||
|
restart {
|
||||||
|
interval = "30m"
|
||||||
|
attempts = 2
|
||||||
|
delay = "15s"
|
||||||
|
mode = "delay"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
|
||||||
|
destination = "etc/diplonat/consul-ca.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
||||||
|
destination = "etc/diplonat/consul-client.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
||||||
|
destination = "etc/diplonat/consul-client.key"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
DIPLONAT_REFRESH_TIME=60
|
||||||
|
DIPLONAT_EXPIRATION_TIME=300
|
||||||
|
DIPLONAT_IPV6_ONLY=true
|
||||||
|
DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
|
||||||
|
DIPLONAT_CONSUL_URL=https://localhost:8501
|
||||||
|
DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
|
||||||
|
DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
|
||||||
|
DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
|
||||||
|
RUST_LOG=debug
|
||||||
|
RUST_BACKTRACE=1
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
memory = 100
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
job "core-system" {
|
job "core-tricot" {
|
||||||
datacenters = ["neptune", "jupiter", "corrin", "bespin"]
|
datacenters = ["neptune", "jupiter", "corrin", "bespin"]
|
||||||
type = "system"
|
type = "system"
|
||||||
priority = 90
|
priority = 90
|
||||||
|
@ -13,64 +13,6 @@ job "core-system" {
|
||||||
stagger = "1m"
|
stagger = "1m"
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
group "diplonat" {
|
|
||||||
task "diplonat" {
|
|
||||||
driver = "nix2"
|
|
||||||
|
|
||||||
config {
|
|
||||||
packages = [
|
|
||||||
"#iptables",
|
|
||||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=f306e8dc8d0e93478353ce39b6064e8c06a8bca6"
|
|
||||||
]
|
|
||||||
command = "diplonat"
|
|
||||||
}
|
|
||||||
user = "root"
|
|
||||||
|
|
||||||
restart {
|
|
||||||
interval = "30m"
|
|
||||||
attempts = 2
|
|
||||||
delay = "15s"
|
|
||||||
mode = "delay"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
|
|
||||||
destination = "etc/diplonat/consul-ca.crt"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
|
|
||||||
destination = "etc/diplonat/consul-client.crt"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/consul/consul-client.key\" }}"
|
|
||||||
destination = "etc/diplonat/consul-client.key"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = <<EOH
|
|
||||||
DIPLONAT_REFRESH_TIME=60
|
|
||||||
DIPLONAT_EXPIRATION_TIME=300
|
|
||||||
DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
|
|
||||||
DIPLONAT_CONSUL_URL=https://localhost:8501
|
|
||||||
DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
|
|
||||||
DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
|
|
||||||
DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
|
|
||||||
RUST_LOG=debug
|
|
||||||
EOH
|
|
||||||
destination = "secrets/env"
|
|
||||||
env = true
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
memory = 40
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
group "tricot" {
|
group "tricot" {
|
||||||
network {
|
network {
|
||||||
port "http_port" { static = 80 }
|
port "http_port" { static = 80 }
|
||||||
|
@ -83,7 +25,7 @@ EOH
|
||||||
|
|
||||||
config {
|
config {
|
||||||
packages = [
|
packages = [
|
||||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=f163d1d348c78a27bb19a86a6158f4b5d1287f6f"
|
"git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=redirect&rev=b76b6dcbcc47ebc61848389a6b0d5d4e8d8cde48"
|
||||||
]
|
]
|
||||||
command = "tricot"
|
command = "tricot"
|
||||||
# cap_add = [ "net_bind_service" ] # this doesn't work for whatever reason, so we need to put user = "root" instead
|
# cap_add = [ "net_bind_service" ] # this doesn't work for whatever reason, so we need to put user = "root" instead
|
||||||
|
@ -130,6 +72,7 @@ TRICOT_HTTP_BIND_ADDR=[::]:80
|
||||||
TRICOT_HTTPS_BIND_ADDR=[::]:443
|
TRICOT_HTTPS_BIND_ADDR=[::]:443
|
||||||
TRICOT_METRICS_BIND_ADDR=[::]:9334
|
TRICOT_METRICS_BIND_ADDR=[::]:9334
|
||||||
RUST_LOG=tricot=debug
|
RUST_LOG=tricot=debug
|
||||||
|
RUST_BACKTRACE=1
|
||||||
EOH
|
EOH
|
||||||
destination = "secrets/env"
|
destination = "secrets/env"
|
||||||
env = true
|
env = true
|
||||||
|
@ -139,9 +82,10 @@ EOH
|
||||||
name = "tricot-http"
|
name = "tricot-http"
|
||||||
port = "http_port"
|
port = "http_port"
|
||||||
tags = [
|
tags = [
|
||||||
|
"d53-aaaa ${attr.unique.hostname}.machine.staging.deuxfleurs.org",
|
||||||
"d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
|
"d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
|
||||||
"d53-aaaa staging.deuxfleurs.org",
|
"d53-aaaa staging.deuxfleurs.org",
|
||||||
# "(diplonat (tcp_port 80))"
|
"(diplonat (tcp_port 80))"
|
||||||
]
|
]
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
}
|
}
|
||||||
|
@ -150,7 +94,7 @@ EOH
|
||||||
name = "tricot-https"
|
name = "tricot-https"
|
||||||
port = "https_port"
|
port = "https_port"
|
||||||
tags = [
|
tags = [
|
||||||
# "(diplonat (tcp_port 443))"
|
"(diplonat (tcp_port 443))"
|
||||||
]
|
]
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
}
|
}
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Reference in a new issue