Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F12239253
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
14 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/pillar/paas/docker/docker-002/main.sls b/pillar/paas/docker/docker-002/main.sls
index 767e447..861e40a 100644
--- a/pillar/paas/docker/docker-002/main.sls
+++ b/pillar/paas/docker/docker-002/main.sls
@@ -1,306 +1,307 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
docker_aliases:
- &ipv4_docker002 51.255.124.9
- &ipv4_docker002_restricted 172.27.27.5
# -------------------------------------------------------------
# Images
#
# You can append a :tag (by default, latest is used).
#
# It's not possible to specify Docker library images only by final name.
# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_images:
- certbot/certbot
# Core services
- library/postgres
- library/redis:3.2-alpine
- library/registry
- nasqueron/mysql
- nasqueron/mysql:5.7
- nasqueron/rabbitmq
# ACME DNS server
- joohoi/acme-dns
# Nasqueron services
- nasqueron/auth-grove
# Nasqueron API microservices
- nasqueron/docker-registry-api
- nasqueron/api-datasources
# Infrastructure and development services
- nasqueron/aphlict
- nasqueron/cachet
- nasqueron/notifications
- nasqueron/phabricator
- ghcr.io/hound-search/hound
# Pixelfed
- nasqueron/pixelfed
# Hauk
- bilde2910/hauk
# -------------------------------------------------------------
# Docker engine configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_daemon:
data-root: /srv/docker
# -------------------------------------------------------------
# Containers
#
# The docker_containers entry allow to declare containers
# by service. Generally a service matches an image.
#
# The hierarchy is so as following.
#
# docker_containers:
# service codename:
# instance name:
# container properties
#
# The service codename must match a state file in
# the roles/paas-docker/containers/ directory.
#
# The container will be run with the specified instance name.
#
# **nginx**
#
# The container properties can also describe the information
# needed to configure nginx with the host and app_port key.
#
# In such case, a matching vhost file should be declared as
# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_containers:
#
# Core services
#
mysql:
acquisitariat:
credentials:
root: nasqueron/acquisitariat/mysql
phpbb_db:
credentials:
root: espacewin/phpbb/mysql_root
redis:
pixelfed_redis: {}
registry:
registry:
host: registry.nasqueron.org
app_port: 5000
allowed_ips:
# Localhost
- 127.0.0.1
# Dwellers
- 172.27.27.4
# docker-002
- 172.27.27.5
rabbitmq:
white-rabbit:
ip: *ipv4_docker002_restricted
host: white-rabbit.nasqueron.org
app_port: 15672
credentials:
erlang_cookie: nasqueron/rabbitmq/white-rabbit/erlang-cookie
root: nasqueron/rabbitmq/white-rabbit/root
#
# Phabricator
#
phabricator:
# Nasqueron instance
devcentral:
app_port: 31080
host: devcentral.nasqueron.org
aliases:
- phabricator.nasqueron.org
blogs:
servers:
host: servers.nasqueron.org
aliases:
- server.nasqueron.org
- serveur.nasqueron.org
- serveurs.nasqueron.org
mailer: mailgun
credentials:
mysql: nasqueron/devcentral/mysql
mailgun: nasqueron/devcentral/mailgun
+ smtp: nasqueron/devcentral/mail_local
static_host: devcentral.nasqueron-user-content.org
title: Nasqueron DevCentral
mysql_link: acquisitariat
skip_container: True
config_managed: True
# Private instance for Dereckson
river_sector:
app_port: 23080
host: river-sector.dereckson.be
static_host: river-sector.nasqueron-user-content.org
mailer: _
credentials:
mysql: dereckson/phabricator/mysql
storage:
namespace: river_sector
title: River Sector
mysql_link: acquisitariat
# Wolfplex instance
wolfplex_phab:
app_port: 35080
host: phabricator.wolfplex.org
aliases:
- phabricator.wolfplex.be
static_host: wolfplex.phabricator.nasqueron-user-content.org
mailer: mailgun
credentials:
mailgun: wolfplex/phabricator/mailgun
mysql: wolfplex/phabricator/mysql
storage:
namespace: wolfphab
title: Wolfplex Phabricator
mysql_link: acquisitariat
# Zed instance
zed_code:
app_port: 36080
host: code.zed.dereckson.be
static_host: zed.phabricator.nasqueron-user-content.org
mailer: sendgrid
credentials:
mysql: zed/phabricator/mysql
sendgrid: zed/phabricator/sendgrid
storage:
namespace: zedphab
title: Zed
mysql_link: acquisitariat
aphlict:
aphlict:
ports:
client: 22280
admin: 22281
#
# Notifications center
#
notifications:
notifications:
host: notifications.nasqueron.org
app_port: 37080
broker_link: white-rabbit
credentials:
broker: nasqueron/notifications/broker
mailgun: nasqueron/notifications/mailgun
sentry:
realm: nasqueron
project_id: 2
credential: nasqueron/notifications/sentry
#
# Community and development services
#
# Hauk
hauk:
hauk:
app_port: 43080
host: geo.nasqueron.org
api_entry_point: /hauk
#
# Let's Encrypt
#
acme_dns:
acme:
ip: *ipv4_docker002
app_port: 41080
host: acme.nasqueron.org
nsadmin: ops.nasqueron.org
#
# CI and CD
#
#
# Infrastructure and development services
#
hound:
hound:
app_port: 44080
host: code.nasqueron.org
github_account: nasqueron
cachet:
cachet:
app_port: 39080
host: status.nasqueron.org
credential: nasqueron/cachet/mysql
app_key: nasqueron/cachet/app_key
mysql_link: acquisitariat
auth-grove:
login:
app_port: 25080
host: login.nasqueron.org
credential: nasqueron/auth-grove/mysql
mysql_link: acquisitariat
# API microservices
docker-registry-api:
api-docker-registry:
app_port: 20080
api_entry_point: /docker/registry
registry_instance: registry
api-datasources:
api-datasources:
app_port: 19080
api_entry_point: /datasources
# phpBB SaaS
# The SaaS uses a MySQL instance, declared in the MySQL section.
# Pixelfed
pixelfed:
pixelfed:
app_port: 30080
host: photos.nasqueron.org
aliases:
- photo.nasqueron.org
links:
mysql: acquisitariat
redis: pixelfed_redis
credentials:
app_key: nasqueron/pixelfed/app_key
mailgun: nasqueron/pixelfed/mailgun
mysql: nasqueron/pixelfed/mysql
app:
title: Nasqueron Photos
max_album_length: 16
diff --git a/roles/paas-docker/containers/files/phabricator/devcentral/config.json.jinja b/roles/paas-docker/containers/files/phabricator/devcentral/config.json.jinja
index 64c8ae1..08c47bb 100644
--- a/roles/paas-docker/containers/files/phabricator/devcentral/config.json.jinja
+++ b/roles/paas-docker/containers/files/phabricator/devcentral/config.json.jinja
@@ -1,69 +1,69 @@
{
"cluster.mailers": [
{
"key": "nasqueron-mailgun",
"type": "mailgun",
"priority": 5,
"options": {
"domain": "{{ mailgun.domain }}",
"api-key": "{{ mailgun["api-key"] }}"
}
},
{
"key": "nasqueron-local",
"type": "smtp",
"priority": 10,
"options": {
- "host": "{{ mail_local.host }}",
- "port": {{ mail_local.port }},
- "user": "{{ mail_local.username }}",
- "password": "{{ mail_local.password }}",
+ "host": "{{ smtp.host }}",
+ "port": {{ smtp.port }},
+ "user": "{{ smtp.username }}",
+ "password": "{{ smtp.password }}",
"protocol": "tls"
}
}
],
"config.ignore-issues": [],
"diffusion.ssh-port": 5022,
"diffusion.ssh-user": "vcs",
"feed.http-hooks": [
"https://notifications.nasqueron.org/gate/Phabricator/Nasqueron"
],
- "metamta.reply-handler-domain": "devcentral.nasqueron.org",
- "metamta.default-address": "notifications-noreply@devcentral.nasqueron.org",
+ "metamta.reply-handler-domain": "{{ fqdn }}",
+ "metamta.default-address": "notifications-noreply@{{ fqdn }}",
"mysql.host": "{{ db.host }}",
"mysql.user": "{{ db.username }}",
"mysql.pass": "{{ db.password }}",
"notification.servers": [
{
"type": "client",
- "host": "devcentral.nasqueron.org",
+ "host": "{{ fqdn }}",
"port": 443,
"protocol": "https",
"path": "/ws/"
},
{
"type": "admin",
"host": "aphlict.nasqueron.org",
"port": 22281,
"protocol": "http"
}
],
"phabricator.show-prototypes": true,
- "phabricator.base-uri": "https://devcentral.nasqueron.org/",
+ "phabricator.base-uri": "https://{{ fqdn }}/",
"phd.user": "app",
"pygments.enabled": true,
"storage.default-namespace": "devcentral",
"security.alternate-file-domain": "https://devcentral.nasqueron-user-content.org"
}
diff --git a/roles/paas-docker/containers/phabricator.sls b/roles/paas-docker/containers/phabricator.sls
index e5ff956..f1f2e5e 100644
--- a/roles/paas-docker/containers/phabricator.sls
+++ b/roles/paas-docker/containers/phabricator.sls
@@ -1,104 +1,112 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-06
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
{% for instance, container in pillar['docker_containers']['phabricator'].items() %}
{% set create_container = "skip_container" not in container or not container['skip_container'] %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/phabricator/{{ instance }}:
file.directory:
- user: 431
- group: 433
- makedirs: True
{% if "config_managed" in container %}
/srv/phabricator/{{ instance }}/conf/local/local.json:
file.managed:
- - source: salt://roles/paas-docker/containers/files/phabricator/devcentral/config.json.jinja
+ - source: salt://roles/paas-docker/containers/files/phabricator/{{ instance }}/config.json.jinja
- template: jinja
- context:
- mailgun:
- domain: devcentral.nasqueron.org
- api-key: "{{ salt["credentials.get_password"](container["credentials"]["mailgun"]) }}"
+ fqdn: {{ container["host"] }}
+
db:
host: "mysql"
username: "{{ salt["credentials.get_username"](container["credentials"]["mysql"]) }}"
password: "{{ salt["credentials.get_password"](container["credentials"]["mysql"]) }}"
- mail_local:
+
+ {% if "mailgun" in container["credentials"] %}
+ mailgun:
+ domain: {{ container["host"] }}
+ api-key: "{{ salt["credentials.get_password"](container["credentials"]["mailgun"]) }}"
+ {% endif %}
+
+ {% if "smtp" in container["credentials"] %}
+ smtp:
host: mail.nasqueron.org
port: 587
- username: "{{ salt["credentials.get_username"]("nasqueron/devcentral/mail_local") }}"
- password: "{{ salt["credentials.get_password"]("nasqueron/devcentral/mail_local") }}"
+ username: "{{ salt["credentials.get_username"](container["credentials"]["smtp"]) }}"
+ password: "{{ salt["credentials.get_password"](container["credentials"]["smtp"]) }}"
+ {% endif %}
{% endif %}
{% if has_selinux %}
selinux_context_{{ instance }}_data:
selinux.fcontext_policy_present:
- name: /srv/phabricator/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/phabricator/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Container
#
# /!\ DEVCENTRAL DEPLOYMENT ISSUE /!\
#
# The DevCentral container is currently not managed
# by a reproducible Dockerfile. As such, this container
# is deployed manually from the registry. See T1547.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if create_container %}
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/phabricator
- binds:
- /srv/phabricator/{{ instance }}/conf:/opt/phabricator/conf
- /srv/phabricator/{{ instance }}/repo:/var/repo
- environment:
PHABRICATOR_URL: https://{{ container['host'] }}
PHABRICATOR_TITLE: {{ container['title'] }}
PHABRICATOR_DOMAIN: {{ container['host'] }}
PHABRICATOR_ALT_FILE_DOMAIN: https://{{ container['static_host'] }}
DB_USER: {{ salt['credentials.get_username'](container['credentials']['mysql']) }}
DB_PASS: {{ salt['credentials.get_password'](container['credentials']['mysql']) }}
PHABRICATOR_STORAGE_NAMESPACE: {{ container['storage']['namespace'] }}
{% if container['mailer'] == 'sendgrid' %}
PHABRICATOR_USE_SENDGRID: 1
PHABRICATOR_SENDGRID_APIUSER: {{ salt['credentials.get_username'](container['credentials']['sendgrid']) }}
PHABRICATOR_SENDGRID_APIKEY: {{ salt['credentials.get_password'](container['credentials']['sendgrid']) }}
{% elif container['mailer'] == 'mailgun' %}
PHABRICATOR_USE_MAILGUN: 1
PHABRICATOR_MAILGUN_APIKEY: {{ salt['credentials.get_token'](container['credentials']['mailgun']) }}
{% endif %}
- links: {{ container['mysql_link'] }}:mysql
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
{% endif %}
{% endfor %}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Oct 11, 21:02 (12 h, 23 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3063115
Default Alt Text
(14 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment