nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive
commit 0bd9d8a9c9440ae8f8c8baffe225003ea2db283f
parent fffb635c212ad629d415b5b5d04ba9af7e74b6eb
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Sun, 24 Nov 2024 08:16:57 +0100

feat: remove xmpp/snikket

Diffstat:

Dhcl/default/snikket/data-volume.hcl | 31-------------------------------


Dhcl/default/snikket/snikket.nomad | 135-------------------------------------------------------------------------------


Dhcl/default/snikket/templates/nginx-snippets.conf.tmpl | 88-------------------------------------------------------------------------------


Dhcl/default/snikket/templates/nginx.conf.tmpl | 113-------------------------------------------------------------------------------


Dhcl/default/snikket/templates/snikket.env.tmpl | 23-----------------------


5 files changed, 0 insertions(+), 390 deletions(-)

diff --git a/hcl/default/snikket/data-volume.hcl b/hcl/default/snikket/data-volume.hcl
@@ -1,31 +0,0 @@
-# Register external nfs volume with Nomad CSI
-# https://www.nomadproject.io/docs/commands/volume/register
-type = "csi"
-# Unique ID of the volume, volume.source field in a job 
-id = "snikket"
-# Display name of the volume.
-name = "snikket"
-# ID of the physical volume from the storage provider
-external_id = "csi-snikket"
-plugin_id = "nfs"
-
-# You must provide at least one capability block
-# You must provide a block for each capability
-# youintend to use in a job's volume block
-# https://www.nomadproject.io/docs/commands/volume/register
-capability {
-  access_mode = "multi-node-multi-writer"
-  attachment_mode = "file-system"
-}
-
-# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md
-context {
-  server = "turris"
-  share = "csi-snikket"
-}
-
-mount_options {
-  # mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
-  mount_flags = ["nolock"]
-}
-
diff --git a/hcl/default/snikket/snikket.nomad b/hcl/default/snikket/snikket.nomad
@@ -1,135 +0,0 @@
-# https://snikket.org/service/resources/docker-compose.yml
-
-job "snikket" {
-  datacenters = ["dc1"]
-
-  vault {}
-
-  group "server" {
-    count = 1
-
-    volume "tls" {
-      type = "csi"
-      source = "certbot"
-      access_mode = "multi-node-multi-writer"
-      attachment_mode = "file-system"
-    }
-    volume "snikket" {
-      type = "csi"
-      source = "snikket"
-      access_mode = "multi-node-multi-writer"
-      attachment_mode = "file-system"
-    }
-
-    network {
-      port "portal" {}
-      port "prosody" {
-        static = 44409
-      }
-      port "proxy" {
-        static = 44408
-      }
-    }
-
-    task "proxy" {
-      driver = "podman"
-
-      config {
-        image = "docker.io/library/nginx:stable-alpine"
-        ports = ["proxy"]
-        volumes = [
-          # mount the templated config from the task directory to the container
-          "local/snikket.conf:/etc/nginx/conf.d/snikket.conf",
-          "local/snikket-common.conf:/etc/nginx/snippets/snikket-common.conf",
-        ]
-      }
-
-      template {
-        destination = "${NOMAD_TASK_DIR}/snikket.conf"
-        data = file("./templates/nginx.conf.tmpl")
-      }
-      template {
-        destination = "${NOMAD_TASK_DIR}/snikket-common.conf"
-        data = file("./templates/nginx-snippets.conf.tmpl")
-      }
-
-      template {
-        destination = "${NOMAD_TASK_DIR}/snikket.env"
-        data = file("./templates/snikket.env.tmpl")
-        env = true
-      }
-
-      volume_mount {
-        volume = "snikket"
-        destination = "/snikket"
-      }
-      volume_mount {
-        volume = "tls"
-        destination = "/snikket/letsencrypt"
-      }
-
-      resources {
-        memory = 256
-        memory_max = 512
-        cpu    = 250
-      }
-    }
-
-    task "portal" {
-      driver = "podman"
-
-      config {
-        image = "docker.io/snikket/snikket-web-portal:stable"
-        ports = ["portal"]
-      }
-
-      volume_mount {
-        volume = "snikket"
-        destination = "/snikket"
-      }
-
-      template {
-        destination = "${NOMAD_TASK_DIR}/snikket.env"
-        data = file("./templates/snikket.env.tmpl")
-        env = true
-      }
-
-      resources {
-        memory = 256
-        memory_max = 512
-        cpu    = 250
-      }
-    }
-
-    task "snikket" {
-      driver = "podman"
-
-      config {
-        image = "docker.io/snikket/snikket-server:stable"
-        ports = ["prosody"]
-      }
-
-      volume_mount {
-        volume = "snikket"
-        destination = "/snikket"
-      }
-      # Snikket prosody service waits for certificates
-      volume_mount {
-        volume = "tls"
-        destination = "/snikket/letsencrypt"
-      }
-
-      template {
-        destination = "${NOMAD_TASK_DIR}/snikket.env"
-        data = file("./templates/snikket.env.tmpl")
-        env = true
-      }
-
-      resources {
-        memory = 256
-        memory_max = 512
-        cpu    = 200
-      }
-    }
-  }
-}
diff --git a/hcl/default/snikket/templates/nginx-snippets.conf.tmpl b/hcl/default/snikket/templates/nginx-snippets.conf.tmpl
@@ -1,88 +0,0 @@
-root /var/www/html;
-
-location / {
-	try_files $uri /static/$uri @portal;
-}
-
-location /admin_api {
-	try_files none @prosody;
-}
-
-location /invites_api {
-	try_files none @prosody;
-}
-
-location /invites_bootstrap {
-	try_files none @prosody;
-}
-
-location /share {
-	alias /usr/share/javascript;
-}
-
-location /upload {
-	client_max_body_size 104857616; # 100MB + 16 bytes (see Prosody config)
-	proxy_request_buffering off;
-	proxy_http_version 1.1;
-	try_files none @prosody;
-}
-
-location /http-bind {
-	try_files none @prosodyws;
-}
-
-location /xmpp-websocket {
-	try_files none @prosodyws;
-}
-
-location = /.well-known/host-meta {
-	try_files none @prosody;
-}
-
-location = /.well-known/host-meta.json {
-	try_files none @prosody;
-}
-
-location @portal {
-	proxy_pass http://{{ env "NOMAD_ADDR_portal" }};
-	proxy_set_header  Host            $host;
-	proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header  X-Forwarded-Proto https;
-}
-
-location @prosody {
-	proxy_pass http://{{ env "NOMAD_ADDR_prosody" }};
-	proxy_set_header  Host            $host;
-	proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header  X-Forwarded-Proto https;
-}
-
-location @prosodyws {
-	proxy_pass http://{{ env "NOMAD_ADDR_prosody" }};
-	proxy_http_version 1.1;
-	proxy_set_header  Host            $host;
-	proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header  X-Forwarded-Proto https;
-	proxy_set_header Connection $http_connection;
-	proxy_set_header Upgrade $http_upgrade;
-
-	proxy_read_timeout 900s;
-}
-
-location /_health/portal {
-	proxy_pass http://{{ env "NOMAD_ADDR_portal" }}/_health;
-	proxy_set_header  Host            $host;
-	proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header  X-Forwarded-Proto https;
-}
-
-location /_health/xmpp {
-	proxy_pass http://{{ env "NOMAD_ADDR_prosody" }}/host_status_check;
-	proxy_set_header  Host            $host;
-	proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header  X-Forwarded-Proto https;
-}
-
-error_page 502 /_errors/502.html;
-error_page 503 /_errors/503.html;
-error_page 504 /_errors/504.html;
diff --git a/hcl/default/snikket/templates/nginx.conf.tmpl b/hcl/default/snikket/templates/nginx.conf.tmpl
@@ -1,113 +0,0 @@
-server {
-    listen {{ env "NOMAD_PORT_proxy" }} ssl;
-    listen [::]:{{ env "NOMAD_PORT_proxy" }} ssl;
-
-    ssl_certificate     /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem;
-    ssl_certificate_key /snikket/letsencrypt/live/chat.in0rdr.ch-0001/privkey.pem;
-
-    ssl_session_cache shared:le_nginx_SSL:1m;
-    ssl_session_timeout 1440m;
-    ssl_prefer_server_ciphers off;
-
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    ssl_trusted_certificate  /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem;
-
-    add_header Strict-Transport-Security "max-age=63072000" always;
-
-    server_name chat.in0rdr.ch;
-
-    include "/etc/nginx/snippets/snikket-common.conf";
-}
-
-server {
-    listen {{ env "NOMAD_PORT_proxy" }} ssl;
-    listen [::]:{{ env "NOMAD_PORT_proxy" }} ssl;
-
-    ssl_certificate     /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem;
-    ssl_certificate_key /snikket/letsencrypt/live/chat.in0rdr.ch-0001/privkey.pem;
-
-    ssl_session_cache shared:le_nginx_SSL:1m;
-    ssl_session_timeout 1440m;
-    ssl_prefer_server_ciphers off;
-
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    ssl_trusted_certificate  /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem;
-
-    add_header Strict-Transport-Security "max-age=63072000" always;
-
-    server_name share.chat.in0rdr.ch;
-
-    root /var/www/html;
-
-    location / {
-        return 301 https://chat.in0rdr.ch/;
-    }
-
-    location /upload/ {
-        client_max_body_size 104857616; # 100MB + 16 bytes (see Prosody config)
-        proxy_request_buffering off;
-        proxy_http_version 1.1;
-        proxy_pass http://{{ env "NOMAD_ADDR_prosody" }};
-        proxy_set_header  Host            $host;
-        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header  X-Forwarded-Proto https;
-    }
-}
-
-server {
-    listen {{ env "NOMAD_PORT_proxy" }} ssl;
-    listen [::]:{{ env "NOMAD_PORT_proxy" }} ssl;
-
-    ssl_certificate     /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem;
-    ssl_certificate_key /snikket/letsencrypt/live/chat.in0rdr.ch-0001/privkey.pem;
-
-    ssl_session_cache shared:le_nginx_SSL:1m;
-    ssl_session_timeout 1440m;
-    ssl_prefer_server_ciphers off;
-
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    ssl_trusted_certificate  /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem;
-
-    add_header Strict-Transport-Security "max-age=63072000" always;
-
-    server_name groups.chat.in0rdr.ch;
-
-    root /var/www/html;
-
-    location / {
-        return 301 https://chat.in0rdr.ch/;
-    }
-}
-
-# Fail requests to unknown domains
-server {
-    listen {{ env "NOMAD_PORT_proxy" }} ssl default_server;
-    listen [::]:{{ env "NOMAD_PORT_proxy" }} ssl default_server;
-
-    ssl_certificate     /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem;
-    ssl_certificate_key /snikket/letsencrypt/live/chat.in0rdr.ch-0001/privkey.pem;
-
-    ssl_session_cache shared:le_nginx_SSL:1m;
-    ssl_session_timeout 1440m;
-    ssl_prefer_server_ciphers off;
-
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    ssl_trusted_certificate  /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem;
-
-    add_header Strict-Transport-Security "max-age=63072000" always;
-
-    error_page 404 /_errors/404_site.html;
-
-    location = /_errors/404_site.html {
-        root /var/www/html;
-        internal;
-    }
-
-    location / {
-        try_files none =404;
-    }
-}
diff --git a/hcl/default/snikket/templates/snikket.env.tmpl b/hcl/default/snikket/templates/snikket.env.tmpl
@@ -1,23 +0,0 @@
-# The domain of your Snikket instance
-SNIKKET_DOMAIN=chat.in0rdr.ch
-
-# The email address of the primary admin
-SNIKKET_ADMIN_EMAIL={{with secret "kv/snikket"}}{{index .Data.data.admin_email}}{{end}}
-
-# Server bind settings
-# https://github.com/snikket-im/snikket-server/blob/master/Dockerfile
-SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE=0.0.0.0
-SNIKKET_TWEAK_INTERNAL_HTTP_PORT={{ env "NOMAD_PORT_prosody" }}
-
-# Web portal bind settings
-# https://github.com/snikket-im/snikket-web-portal/blob/master/Dockerfile
-SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE=0.0.0.0
-SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT={{ env "NOMAD_PORT_portal" }}
-SNIKKET_WEB_PROSODY_ENDPOINT=http://{{ env "NOMAD_ADDR_prosody" }}
-
-# Proxy ports
-# https://github.com/snikket-im/snikket-server/blob/master/docs/advanced/reverse_proxy.md
-#SNIKKET_TWEAK_HTTP_PORT={{ env "NOMAD_PORT_prosody" }}
-#SNIKKET_TWEAK_HTTPS_PORT={{ env "NOMAD_PORT_proxy" }}
-
-SNIKKET_LOGLEVEL=debug