Move sudosci to nomad
This commit is contained in:
parent
dbf2a604e0
commit
b6716cd784
11 changed files with 159 additions and 9 deletions
|
@ -6,5 +6,4 @@ Mah Infra
|
||||||
## Todo
|
## Todo
|
||||||
1. get a working wallabag instance
|
1. get a working wallabag instance
|
||||||
https://github.com/wallabag/docker/issues/242
|
https://github.com/wallabag/docker/issues/242
|
||||||
2. Proper networking so i'm not manually updating nginx like a chump
|
2. Fix up the user permissions and work towards rootless
|
||||||
3. Fix up the user permissions and work towards rootless
|
|
||||||
|
|
|
@ -5,5 +5,5 @@ haproxy_domains:
|
||||||
- { name: "radicale", url: "dav.minhas.io" }
|
- { name: "radicale", url: "dav.minhas.io" }
|
||||||
- { name: "wallabag", url: "wallabag.minhas.io" }
|
- { name: "wallabag", url: "wallabag.minhas.io" }
|
||||||
- { name: "kanban", url: "kanban.minhas.io" }
|
- { name: "kanban", url: "kanban.minhas.io" }
|
||||||
- { name: "api", url: "api.sudoscientist.com" }
|
- { name: "sudoscientist-go-backend", url: "api.sudoscientist.com" }
|
||||||
...
|
...
|
||||||
|
|
|
@ -46,17 +46,11 @@ frontend fe_default
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{% for domain in haproxy_domains %}
|
{% for domain in haproxy_domains %}
|
||||||
{% if domain.name != 'api' %}
|
|
||||||
backend be_{{ domain.name }}
|
backend be_{{ domain.name }}
|
||||||
balance leastconn
|
balance leastconn
|
||||||
server-template {{ domain.name }} 1 _{{ domain.name }}._tcp.service.masked.name resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check
|
server-template {{ domain.name }} 1 _{{ domain.name }}._tcp.service.masked.name resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
backend be_api
|
|
||||||
balance leastconn
|
|
||||||
server server1 192.168.122.77:8080
|
|
||||||
|
|
||||||
resolvers consul
|
resolvers consul
|
||||||
nameserver consul 127.0.0.1:8600
|
nameserver consul 127.0.0.1:8600
|
||||||
accepted_payload_size 8192
|
accepted_payload_size 8192
|
||||||
|
|
21
docker/sudoscientist-go-backend/Dockerfile
Normal file
21
docker/sudoscientist-go-backend/Dockerfile
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
FROM golang:alpine
|
||||||
|
|
||||||
|
# add ca-certificates package
|
||||||
|
RUN apk add --no-cache ca-certificates git && \
|
||||||
|
go get -u -d github.com/mattes/migrate/cli github.com/lib/pq && \
|
||||||
|
go build -tags 'postgres' -o ${GOPATH}/bin/migrate github.com/mattes/migrate/cli && \
|
||||||
|
mkdir -p ${GOPATH}/src/git.minhas.io/asara && \
|
||||||
|
cd ${GOPATH}/src/git.minhas.io/asara && \
|
||||||
|
git clone https://git.minhas.io/asara/sudoscientist-go-backend && \
|
||||||
|
cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend && \
|
||||||
|
go get && go build main.go && \
|
||||||
|
mv /go/bin/* /usr/local/bin/ && \
|
||||||
|
rm -rf /go/src && \
|
||||||
|
apk del git
|
||||||
|
|
||||||
|
# Copy masked.name root cert
|
||||||
|
COPY files/MaskedName_Root_CA.crt /usr/local/share/ca-certificates/MaskedName_Root_CA.crt
|
||||||
|
|
||||||
|
# update ca certs
|
||||||
|
RUN update-ca-certificates 2>/dev/null
|
||||||
|
CMD ["/usr/local/bin/sudoscientist-go-backend"]
|
43
docker/sudoscientist-go-backend/files/MaskedName_Root_CA.crt
Executable file
43
docker/sudoscientist-go-backend/files/MaskedName_Root_CA.crt
Executable file
|
@ -0,0 +1,43 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyMzEyWhcNMzAw
|
||||||
|
ODI3MTkyMzQyWjAWMRQwEgYDVQQDEwttYXNrZWQubmFtZTCCASIwDQYJKoZIhvcN
|
||||||
|
AQEBBQADggEPADCCAQoCggEBAMI7oR+KHvvznfnaAXDMO5qpSTCAYCyfjFEohYJf
|
||||||
|
lOcnLONXb3f6sP5d1eltL+UTq0RVU5UP0aNW7hqDTa41MRw0JCDtB68yKdYq2hZf
|
||||||
|
97gA+lj3MEJU6RTAKLrg75GRh/AbNEIgwvPuHKW6hMbtwOyM9DFU//W3xpusalXy
|
||||||
|
RMFzAHfSDj9ci+UygUt9HINWd/SmMGG/8PghaRhfE44wRFMqYezeliIt2JIs43BV
|
||||||
|
7HqG0Oev9WPeXmiaZUYKQetHiQqR14Mxiv1IGzCmwwN+9b4tZtZTa58oM5dPXfbb
|
||||||
|
lrELQE5OsPaNtMtER3MgxovDN3VSCGH/O/GyaEWVanY5UF8CAwEAAaN7MHkwDgYD
|
||||||
|
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBY8jW3fDVUp
|
||||||
|
URt1prhmDMjkVikgMB8GA1UdIwQYMBaAFBY8jW3fDVUpURt1prhmDMjkVikgMBYG
|
||||||
|
A1UdEQQPMA2CC21hc2tlZC5uYW1lMA0GCSqGSIb3DQEBCwUAA4IBAQAWQz4d3QzE
|
||||||
|
W8NGA16ZPamlVubOLB5DtZz2qrSrn3DeObLIDShInV3qtRlDx9HYJLTCA75Ket0J
|
||||||
|
NTsyMcTy2txd4I8hgdF30XJeEciN9wZ0mKEeP/YKDwe8V2XwWq4XYkDechlWHpZo
|
||||||
|
PfWcoLprKwVUI4HzaqkNmwcmMUI4xAsC+SLe1mrebseKm49oOwdQs/oPVLK+0nEp
|
||||||
|
RvD0aOvohILIa/2ZtKczvhB/L3fo5pg9Ex/0JDBdDHIedMabD3qn8Idse+P5Dfwa
|
||||||
|
Ju2Ctyb+n1TTPxRDMxs2cFbA5irr+2ARJd8jtGS+1fyxogjOWS1RR523F+qIS3su
|
||||||
|
KibGel+gFPpq
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIID0zCCArugAwIBAgIUM52uhXSeTCim1pmzucm/cnIgNp8wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyNzAwWhcNMjUw
|
||||||
|
ODI4MTkyNzMwWjAtMSswKQYDVQQDEyJtYXNrZWQubmFtZSBJbnRlcm1lZGlhdGUg
|
||||||
|
QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LuGo+As
|
||||||
|
ICYWdJjBCY0snF/X+jF1tdcrQzNiRKESEb5dsDiy979bugCblPQDQ+g5WGqXX4pj
|
||||||
|
UyZZE3ZwhOufISlGK0ow1aMjqS+pFlQ85KRD/jUtLPRUJuQF+m2YwId/Mg6/B7Qk
|
||||||
|
d166uJkNxS+MGZCi2OYXeoivnOY7Q0Kj/0vIbc5Vt3kCRVg2ljLSQhoBd+85AHMR
|
||||||
|
jeRjZMeYEYF2HTVwrg4DrC/r00MVtDcNqs6+M7YZ/rzny73GvfJWfWoB1C4piZlg
|
||||||
|
fvUcSDL5HAhjiu5cSeIR7DTuVx7t4PoK6AqUkPygDtq1ZaLybXT7X6d072dR5AXO
|
||||||
|
nWFLPaaGJ979iwIDAQABo4IBADCB/TAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
|
||||||
|
BAUwAwEB/zAdBgNVHQ4EFgQUIkhVYBaK9CcvXG8FM2jKVZ16oZAwHwYDVR0jBBgw
|
||||||
|
FoAUFjyNbd8NVSlRG3WmuGYMyORWKSAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUF
|
||||||
|
BzAChjVodHRwOi8vdmF1bHQuY29sdW1iaWEubWFza2VkLm5hbWU6ODIwMC92MS9w
|
||||||
|
a2lfcm9vdC9jYTBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vdmF1bHQuY29sdW1i
|
||||||
|
aWEubWFza2VkLm5hbWU6ODIwMC92MS9wa2lfcm9vdC9jcmwwDQYJKoZIhvcNAQEL
|
||||||
|
BQADggEBAK6HMgR+hpwjZCmf5NszDSHr7dYKZXP4LrcHPWs94nLM33UZ572ubGHs
|
||||||
|
dKjRw8YD0cncrsypsYmEgR57U+DHkys394wkb7UOwy1Zvd5IIRXdP0cDylz0QzqM
|
||||||
|
APnQYN+ismkoljhk9ey0Qbo3CmPjM+UQcAxuZQtA4M+riC1+jkude1uYL0szC6Y9
|
||||||
|
4KetfvbNkedSaV5yJaRKCBhRcC4/GjpBG/odQ/5AfBPAFjZqhcIJWBrVYbTQVC79
|
||||||
|
hMA1iwWJPmT9LsjMSUfxFTPzxRnNXQiKFz5kT2OiS1nqh8aOcyU9YC928pkifNJV
|
||||||
|
KokuDezJFM7ie3d+EcBk1V9lHwOWdto=
|
||||||
|
-----END CERTIFICATE-----
|
93
nomad/sudoscientist-go-backend.nomad
Normal file
93
nomad/sudoscientist-go-backend.nomad
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
job "sudoscientist-go-backend" {
|
||||||
|
datacenters = ["columbia"]
|
||||||
|
region = "global"
|
||||||
|
type = "service"
|
||||||
|
|
||||||
|
update {
|
||||||
|
stagger = "30s"
|
||||||
|
max_parallel = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
group "sudoscientist-go-backend" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
task "sudoscientist-go-backend" {
|
||||||
|
vault {
|
||||||
|
policies = ["default", "ansible"]
|
||||||
|
change_mode = "restart"
|
||||||
|
}
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
image = "docker.service.masked.name:8082/sudoscientist-go-backend"
|
||||||
|
ports = ["http"]
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "sudoscientist-go-backend"
|
||||||
|
port = "http"
|
||||||
|
|
||||||
|
check {
|
||||||
|
name = "sudoscientist-go-backend"
|
||||||
|
type = "tcp"
|
||||||
|
interval = "10s"
|
||||||
|
timeout = "2s"
|
||||||
|
address_mode = "driver"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
{{- with secret "pki_int/issue/masked-dot-name" "common_name=sudoscientist-go-backend.service.masked.name" "alt_names=sudoscientist-go-backend.service.columbia.masked.name" -}}
|
||||||
|
{{- .Data.certificate -}}
|
||||||
|
{{- end -}}
|
||||||
|
EOH
|
||||||
|
destination = "${NOMAD_SECRETS_DIR}/sudoscientist-go-backend.crt"
|
||||||
|
change_mode = "restart"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
{{- with secret "pki_int/issue/masked-dot-name" "common_name=sudoscientist-go-backend.service.masked.name" "alt_names=sudoscientist-go-backend.service.columbia.masked.name" -}}
|
||||||
|
{{- .Data.private_key -}}
|
||||||
|
{{- end -}}
|
||||||
|
EOH
|
||||||
|
destination = "${NOMAD_SECRETS_DIR}/sudoscientist-go-backend.key"
|
||||||
|
change_mode = "restart"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
API_ADDR = https://api.sudoscientist.com
|
||||||
|
API_PORT = 8080
|
||||||
|
DB_HOST = ivyking.node.masked.name
|
||||||
|
DB_NAME = sudosci
|
||||||
|
DB_PORT = 5432
|
||||||
|
DB_PW = "{{ with secret "kv/data/sudoscientist/go-backend" }}{{ .Data.data.db_pw }}{{ end }}"
|
||||||
|
DB_SSL = disable
|
||||||
|
DB_USER = sudosci
|
||||||
|
EMAIL_SECRET = "{{ with secret "kv/data/sudoscientist/go-backend" }}{{ .Data.data.email_secret }}{{ end }}"
|
||||||
|
JWT_SECRET = "{{ with secret "kv/data/sudoscientist/go-backend" }}{{ .Data.data.jwt_secret }}{{ end }}"
|
||||||
|
POSTAL_API = https://postal.sudoscientist.com
|
||||||
|
POSTAL_KEY = "{{ with secret "kv/data/sudoscientist/go-backend" }}{{ .Data.data.jwt_secret }}{{ end }}"
|
||||||
|
POSTAL_SRC_EMAIL = send-mail@postal.sudoscientist.com
|
||||||
|
UI_ADDR = sudoscientist.com
|
||||||
|
UI_PROTO = https://
|
||||||
|
EOH
|
||||||
|
destination = "secrets/sudoscientist-go-backend.env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 2000
|
||||||
|
memory = 2560
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "http" {
|
||||||
|
to = 8080
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue