nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive
commit c20e436c8196cd1169b1fb7bc73aacc422f809ca
parent ffdcd8823bccd90fe27fd0b00d334d339d6b6361
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Sun,  3 Aug 2025 11:47:40 +0200

feat(pleroma): remove

Diffstat:

Dhcl/default/pleroma/data-volume.hcl | 31-------------------------------


Dhcl/default/pleroma/pleroma.nomad | 90-------------------------------------------------------------------------------


Dhcl/default/pleroma/templates/nginx.conf.tmpl | 81-------------------------------------------------------------------------------


Dhcl/default/pleroma/templates/pleroma.env.tmpl | 9---------


4 files changed, 0 insertions(+), 211 deletions(-)

diff --git a/hcl/default/pleroma/data-volume.hcl b/hcl/default/pleroma/data-volume.hcl
@@ -1,31 +0,0 @@
-# Register external nfs volume with Nomad CSI
-# https://www.nomadproject.io/docs/commands/volume/register
-type = "csi"
-# Unique ID of the volume, volume.source field in a job 
-id = "pleroma"
-# Display name of the volume.
-name = "pleroma"
-# ID of the physical volume from the storage provider
-external_id = "csi-pleroma"
-plugin_id = "nfs"
-
-# You must provide at least one capability block
-# You must provide a block for each capability
-# youintend to use in a job's volume block
-# https://www.nomadproject.io/docs/commands/volume/register
-capability {
-  access_mode = "multi-node-multi-writer"
-  attachment_mode = "file-system"
-}
-
-# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md
-context {
-  server = "turris"
-  share = "csi-pleroma"
-}
-
-mount_options {
-  # mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
-  mount_flags = ["nolock"]
-}
-
diff --git a/hcl/default/pleroma/pleroma.nomad b/hcl/default/pleroma/pleroma.nomad
@@ -1,90 +0,0 @@
-# https://git.pleroma.social/pleroma/pleroma-docker-compose
-
-job "pleroma" {
-  datacenters = ["dc1"]
-
-  vault {}
-
-  group "server" {
-    count = 1
-
-    volume "tls" {
-      type = "csi"
-      source = "certbot"
-      access_mode = "multi-node-multi-writer"
-      attachment_mode = "file-system"
-    }
-    volume "pleroma" {
-      type = "csi"
-      source = "pleroma"
-      access_mode = "multi-node-multi-writer"
-      attachment_mode = "file-system"
-    }
-
-    network {
-      port "http" {
-        to = 4000
-      }
-      port "https" {
-        static = 44393
-      }
-    }
-
-    task "nginx" {
-      driver = "podman"
-
-      config {
-        image = "docker.io/library/nginx:stable-alpine"
-        ports = ["https"]
-        volumes = [
-          # mount the templated config from the task directory to the container
-          "local/pleroma.conf:/etc/nginx/conf.d/pleroma.conf",
-        ]
-      }
-
-      volume_mount {
-        volume = "tls"
-        destination = "/etc/letsencrypt"
-      }
-
-      template {
-        destination = "${NOMAD_TASK_DIR}/pleroma.conf"
-        data = file("./templates/nginx.conf.tmpl")
-      }
-
-      resources {
-        memory = 50
-        memory_max = 256
-        cpu    = 200
-      }
-    }
-
-    task "pleroma" {
-      driver = "podman"
-
-      config {
-        image = "git.pleroma.social:5050/pleroma/pleroma:stable"
-        force_pull = true
-        ports = ["http"]
-      }
-
-      volume_mount {
-        volume = "pleroma"
-        destination = "/var/lib/pleroma/uploads"
-      }
-
-      template {
-        destination = "${NOMAD_TASK_DIR}/pleroma.env"
-        data = file("./templates/pleroma.env.tmpl")
-        env = true
-      }
-
-      resources {
-        memory = 512
-        memory_max = 1024
-        cpu    = 500
-      }
-    }
-
-  }
-}
diff --git a/hcl/default/pleroma/templates/nginx.conf.tmpl b/hcl/default/pleroma/templates/nginx.conf.tmpl
@@ -1,81 +0,0 @@
-proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
-                 inactive=720m use_temp_path=off;
-
-# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
-# and `localhost.` resolves to [::0] on some systems: see issue #930
-upstream phoenix {
-    server {{ env "NOMAD_ADDR_http" }} max_fails=5 fail_timeout=60s;
-}
-
-# Enable SSL session caching for improved performance
-ssl_session_cache shared:ssl_session_cache:10m;
-
-server {
-    server_name m.in0rdr.ch;
-
-    listen {{ env "NOMAD_PORT_https" }} ssl http2;
-    listen [::]:{{ env "NOMAD_PORT_https" }} ssl http2;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
-    ssl_session_tickets off;
-
-    ssl_trusted_certificate   /etc/letsencrypt/live/m.in0rdr.ch/chain.pem;
-    ssl_certificate           /etc/letsencrypt/live/m.in0rdr.ch/fullchain.pem;
-    ssl_certificate_key       /etc/letsencrypt/live/m.in0rdr.ch/privkey.pem;
-
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-    ssl_prefer_server_ciphers off;
-    # In case of an old server with an OpenSSL version of 1.0.2 or below,
-    # leave only prime256v1 or comment out the following line.
-    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
-
-    # the nginx default is 1m, not enough for large media uploads
-    client_max_body_size 16m;
-    ignore_invalid_headers off;
-
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-    location / {
-        proxy_pass http://phoenix;
-    }
-
-    # Uncomment this if you want notice compatibility routes for frontends like Soapbox.
-    # location ~ ^/@[^/]+/([^/]+)$ {
-    #     proxy_pass http://phoenix/notice/$1;
-    # }
-    #
-    # location ~ ^/@[^/]+/posts/([^/]+)$ {
-    #     proxy_pass http://phoenix/notice/$1;
-    # }
-    #
-    # location ~ ^/[^/]+/status/([^/]+)$ {
-    #     proxy_pass http://phoenix/notice/$1;
-    # }
-
-    location ~ ^/(media|proxy) {
-        proxy_cache        pleroma_media_cache;
-        slice              1m;
-        proxy_cache_key    $host$uri$is_args$args$slice_range;
-        proxy_set_header   Range $slice_range;
-        proxy_cache_valid  200 206 301 304 1h;
-        proxy_cache_lock   on;
-        proxy_ignore_client_abort on;
-        proxy_buffering    on;
-        chunked_transfer_encoding on;
-        proxy_pass         http://phoenix;
-    }
-}
diff --git a/hcl/default/pleroma/templates/pleroma.env.tmpl b/hcl/default/pleroma/templates/pleroma.env.tmpl
@@ -1,9 +0,0 @@
-DB_USER={{with secret "kv/pleroma"}}{{index .Data.data.db_user}}{{end}}
-DB_PASS={{with secret "kv/pleroma"}}{{index .Data.data.db_pass}}{{end}}
-DB_HOST={{with secret "kv/pleroma"}}{{index .Data.data.db_host}}{{end}}
-DB_NAME={{with secret "kv/pleroma"}}{{index .Data.data.db_name}}{{end}}
-INSTANCE_NAME=Pleroma
-ADMIN_EMAIL={{with secret "kv/pleroma"}}{{index .Data.data.admin_email}}{{end}}
-NOTIFY_EMAIL={{with secret "kv/pleroma"}}{{index .Data.data.notify_email}}{{end}}
-DOMAIN=m.in0rdr.ch
-PORT=4000