nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit 5b2a6d0e560dcf5a7eca3b3d37ca3504170c954f
parent 1554330bce1add0459eee1ded71f75d0c78d1cc9
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Sun, 16 Mar 2025 20:28:40 +0100

feat(meta): use uwsgi

Diffstat:
Mdocker/docker-meta/Dockerfile | 9+++++++++
Mdocker/docker-todo/Dockerfile | 9+++++++++
Mhcl/default/meta/meta.nomad | 8++++++--
Mhcl/default/meta/templates/config.ini.tmpl | 10+++++++---
Mhcl/default/meta/templates/nginx.conf.tmpl | 6+++++-
Ahcl/default/meta/templates/uwsgi.ini.tmpl | 9+++++++++
6 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/docker/docker-meta/Dockerfile b/docker/docker-meta/Dockerfile @@ -1,11 +1,18 @@ # https://man.sr.ht/hacking.md FROM docker.io/alpine:3.20 +# Set sr.ht versions ARG CORE_VERSION="0.75.7" ENV CORE_VERSION="$CORE_VERSION" ARG META_VERSION="0.72.1" ENV META_VERSION="$META_VERSION" +# Set user and group +ARG user=meta +ARG group=meta +ARG uid=1000 +ARG gid=1000 + # Install the officially documented dependencies RUN apk update && apk add --no-cache git make go sassc minify @@ -37,3 +44,5 @@ RUN mkdir -p /etc/sr.ht RUN cp /meta/config.example.ini /etc/sr.ht/config.ini ENV PYTHONPATH=/core:/meta + +USER ${uid}:${gid} diff --git a/docker/docker-todo/Dockerfile b/docker/docker-todo/Dockerfile @@ -1,11 +1,18 @@ # https://man.sr.ht/hacking.md FROM docker.io/alpine:3.20 +# Set sr.ht versions ARG CORE_VERSION="0.75.7" ENV CORE_VERSION="$CORE_VERSION" ARG TODO_VERSION="0.77.4" ENV TODO_VERSION="$TODO_VERSION" +# Set user and group +ARG user=meta +ARG group=meta +ARG uid=1000 +ARG gid=1000 + # Install the officially documented dependencies RUN apk update && apk add --no-cache git make go sassc minify @@ -41,3 +48,5 @@ RUN mkdir -p /etc/sr.ht RUN cp /todo/config.example.ini /etc/sr.ht/config.ini ENV PYTHONPATH=/core:/todo + +USER ${uid}:${gid} diff --git a/hcl/default/meta/meta.nomad b/hcl/default/meta/meta.nomad @@ -77,8 +77,8 @@ job "meta" { config { image = "127.0.0.1:5000/meta:0.72.1" - command = "python3" - args = ["/meta/run.py"] + command = "uwsgi" + args = ["${NOMAD_TASK_DIR}/uwsgi.ini"] force_pull = true ports = ["web"] volumes = [ @@ -88,6 +88,10 @@ job "meta" { } template { + destination = "${NOMAD_TASK_DIR}/uwsgi.ini" + data = file("./templates/uwsgi.ini.tmpl") + } + template { destination = "${NOMAD_TASK_DIR}/config.ini" data = file("./templates/config.ini.tmpl") } diff --git a/hcl/default/meta/templates/config.ini.tmpl b/hcl/default/meta/templates/config.ini.tmpl @@ -12,7 +12,7 @@ site-info=https://p0c.ch site-blurb=proof of concepts for fun and profit # # If this != production, we add a banner to each page -environment=development +environment=production # # Contact information for the site owners owner-name=Andreas Gruhler @@ -50,6 +50,10 @@ security-address=contact@p0c.ch # from the service URL: each service is assumed to be a sub-domain of the global # domain, i.e. of the form `meta.globaldomain.com`. global-domain= +# +# Path to static asses (default PREFIX from make installation) +# https://git.sr.ht/~sircmpwn/core.sr.ht/tree/master/item/Makefile +assets=/usr/local/share/sourcehut [abused] # @@ -116,8 +120,8 @@ private-key={{with secret "kv/meta"}}{{index .Data.data.webhook_private_key}}{{e origin=https://meta.p0c.ch # # Address and port to bind the debug server to -debug-host=0.0.0.0 -debug-port={{ env "NOMAD_PORT_web" }} +#debug-host=0.0.0.0 +#debug-port={{ env "NOMAD_PORT_web" }} # # Configures the SQLAlchemy connection string for the database. connection-string=postgresql://meta:{{with secret "kv/meta"}}{{index .Data.data.postgresql_password}}{{end}}:@turris/meta diff --git a/hcl/default/meta/templates/nginx.conf.tmpl b/hcl/default/meta/templates/nginx.conf.tmpl @@ -8,14 +8,18 @@ server { ssl_certificate_key /etc/letsencrypt/live/meta.p0c.ch/privkey.pem; location / { - proxy_pass http://{{ env "NOMAD_ADDR_web" }}; + # https://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html#putting-behind-a-full-webserver + include uwsgi_params; + uwsgi_pass {{ env "NOMAD_ADDR_web" }}; } location /query { + # the API is a binary, no uwsgi app proxy_pass http://{{ env "NOMAD_ADDR_api" }}; } location /static { + # static assets are served from the allocations ephemeral disk root /alloc/data; } } diff --git a/hcl/default/meta/templates/uwsgi.ini.tmpl b/hcl/default/meta/templates/uwsgi.ini.tmpl @@ -0,0 +1,9 @@ +[uwsgi] +# https://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html#putting-behind-a-full-webserver +plugins = python3 +socket = :{{ env "NOMAD_PORT_web" }} +wsgi-file = /meta/metasrht/app.py +callable = app +master = true +processes = 2 +threads = 1