From ff1b340c4401413c01c3cd9c99fbe7b955b1c0cb Mon Sep 17 00:00:00 2001 From: wizzdom Date: Sun, 4 Feb 2024 13:47:12 +0000 Subject: [PATCH 01/20] add 11ty-website (#20) --- jobs/nginx/11ty-website.hcl | 46 +++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 jobs/nginx/11ty-website.hcl diff --git a/jobs/nginx/11ty-website.hcl b/jobs/nginx/11ty-website.hcl new file mode 100644 index 0000000..bbc0a86 --- /dev/null +++ b/jobs/nginx/11ty-website.hcl @@ -0,0 +1,46 @@ +job "11ty-website" { + datacenters = ["aperture"] + type = "service" + + group "nginx-11ty-website" { + count = 1 + + network { + port "http" { + to = 80 + } + } + + service { + port = "http" + + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.nginx-11ty-website.rule=Host(`canary.redbrick.dcu.ie`)", + "traefik.http.routers.nginx-11ty-website.entrypoints=web,websecure", + "traefik.http.routers.nginx-11ty-website.tls.certresolver=lets-encrypt", + ] + } + + task "webserver" { + driver = "docker" + + config { + image = "ghcr.io/redbrick/11ty-website:latest" + ports = ["http"] + } + + resources { + cpu = 100 + memory = 500 + } + } + } +} From f05a112264b8ca65ae316f3998f7be78b1bd74d0 Mon Sep 17 00:00:00 2001 From: wizzdom Date: Mon, 12 Feb 2024 18:06:58 +0000 Subject: [PATCH 02/20] user-vms: add config admin exam VMs (#21) --- jobs/user-vms/README.md | 4 ++ jobs/user-vms/admin-exams.hcl | 95 +++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) create mode 100644 jobs/user-vms/admin-exams.hcl diff --git a/jobs/user-vms/README.md b/jobs/user-vms/README.md index 665fbfe..4af0a33 100644 --- a/jobs/user-vms/README.md +++ b/jobs/user-vms/README.md @@ -81,12 +81,16 @@ files can be served by any HTTP server, and the address is placed into the job f ... args = [ ... + "virtio-net-pci,netdev=hn0,id=nic1,mac=52:54:84:ba:49:22", "-smbios", "type=1,serial=ds=nocloud-net;s=http://136.206.16.5:8000/", ] ... ``` +> [!NOTE] Note! +> If you're running multiple VMS on the same host make sure to set different MAC addresses for each VM, otherwise you'll have a bad time. + ## Creating a new VM To create a new VM, you'll need to create a new job file and a cloud-init configuration file. Copy diff --git a/jobs/user-vms/admin-exams.hcl b/jobs/user-vms/admin-exams.hcl new file mode 100644 index 0000000..46cdb44 --- /dev/null +++ b/jobs/user-vms/admin-exams.hcl @@ -0,0 +1,95 @@ +job "admin-exams" { + datacenters = ["aperture"] + + group "ayden-vm" { + + network { + mode = "host" + } + + service { + name = "ayden-vm" + } + + task "ayden-vm" { + constraint { + attribute = "${attr.unique.hostname}" + value = "chell" # task must be scheduled on a host with the bridge device configured + } + + resources { + cpu = 12000 + memory = 4096 + } + + artifact { + source = "http://136.206.16.5:8000/base-images/debian-12-genericcloud-amd64-30G.qcow2" + destination = "local/ayden-vm.qcow2" + mode = "file" + } + + driver = "qemu" + + config { + image_path = "local/ayden-vm.qcow2" + accelerator = "kvm" + drive_interface = "virtio" + + args = [ + "-netdev", + "bridge,id=hn0", + "-device", + "virtio-net-pci,netdev=hn0,id=nic1,mac=52:54:84:ba:49:20", # mac address must be unique or else you will regret it + "-smbios", + "type=1,serial=ds=nocloud-net;s=http://136.206.16.5:8000/ayden-vm/", + ] + } + } + } + + group "hypnoant-vm" { + + network { + mode = "host" + } + + service { + name = "hypnoant-vm" + } + + task "hypnoant-vm" { + constraint { + attribute = "${attr.unique.hostname}" + value = "wheatley" + } + + resources { + cpu = 12000 + memory = 4096 + } + + artifact { + source = "http://136.206.16.5:8000/base-images/debian-12-genericcloud-amd64-30G.qcow2" + destination = "local/hypnoant-vm.qcow2" + mode = "file" + } + + driver = "qemu" + + config { + image_path = "local/hypnoant-vm.qcow2" + accelerator = "kvm" + drive_interface = "virtio" + + args = [ + "-netdev", + "bridge,id=hn0", + "-device", + "virtio-net-pci,netdev=hn0,id=nic1,mac=52:54:84:ba:49:22", + "-smbios", + "type=1,serial=ds=nocloud-net;s=http://136.206.16.5:8000/hypnoant-vm/", + ] + } + } + } +} From 6585eb3f33566e91611ace2b171bdf76a8dd3dce Mon Sep 17 00:00:00 2001 From: wizzdom Date: Sun, 18 Feb 2024 00:02:48 +0000 Subject: [PATCH 03/20] add hedgedoc job (#22) --- jobs/services/hedgedoc-backup.hcl | 50 +++++++++++++ jobs/services/hedgedoc.hcl | 115 ++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 jobs/services/hedgedoc-backup.hcl create mode 100644 jobs/services/hedgedoc.hcl diff --git a/jobs/services/hedgedoc-backup.hcl b/jobs/services/hedgedoc-backup.hcl new file mode 100644 index 0000000..71cd9a2 --- /dev/null +++ b/jobs/services/hedgedoc-backup.hcl @@ -0,0 +1,50 @@ +job "hedgedoc-backup" { + datacenters = ["aperture"] + type = "batch" + + periodic { + crons = ["0 */3 * * * *"] + prohibit_overlap = true + } + + group "db-backup" { + task "postgres-backup" { + driver = "raw_exec" + + config { + command = "/bin/bash" + args = ["local/script.sh"] + } + + template { + data = < "${file}" + +find /storage/backups/nomad/postgres/hedgedoc/postgresql-hedgedoc* -ctime +3 -exec rm {} \; || true + +if [ -s "$file" ]; then # check if file exists and is not empty + echo "Backup successful" + exit 0 +else + rm $file + curl -H "Content-Type: application/json" -d \ + '{"content": "<@&585512338728419341> `PostgreSQL` backup for **'"${job_name}"'** has just **FAILED**\nFile name: `'"$file"'`\nDate: `'"$(TZ=Europe/Dublin date)"'`\nTurn off this script with `nomad job stop '"${job_name}"'` \n\n## Remember to restart this backup job when fixed!!!"}' \ + {{ key "postgres/webhook/discord" }} +fi +EOH + destination = "local/script.sh" + } + } + } +} + diff --git a/jobs/services/hedgedoc.hcl b/jobs/services/hedgedoc.hcl new file mode 100644 index 0000000..18add3d --- /dev/null +++ b/jobs/services/hedgedoc.hcl @@ -0,0 +1,115 @@ +job "hedgedoc" { + datacenters = ["aperture"] + + type = "service" + + group "web" { + network { + # mode = "bridge" + port "http" { + to = 3000 + } + + port "db" { + to = 5432 + } + } + + service { + name = "hedgedoc" + port = "http" + + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + + tags = [ + "traefik.frontend.headers.STSSeconds=63072000", + "traefik.frontend.headers.browserXSSFilter=true", + "traefik.frontend.headers.contentTypeNosniff=true", + "traefik.frontend.headers.customResponseHeaders=alt-svc:h2=l3sb47bzhpbelafss42pspxzqo3tipuk6bg7nnbacxdfbz7ao6semtyd.onion:443; ma=2592000", + "traefik.enable=true", + "traefik.port=${NOMAD_PORT_http}", + "traefik.http.routers.md.rule=Host(`md.redbrick.dcu.ie`,`md.rb.dcu.ie`)", + "traefik.http.routers.md.tls=true", + "traefik.http.routers.md.tls.certresolver=lets-encrypt", + ] + } + + task "app" { + driver = "docker" + + constraint { + attribute = "${attr.unique.hostname}" + value = "chell" + } + + config { + image = "quay.io/hedgedoc/hedgedoc:1.6.0" + ports = ["http"] + } + + template { + data = < Date: Sun, 18 Feb 2024 22:21:57 +0000 Subject: [PATCH 04/20] add postgres job (#23) Co-authored-by: James Hackett --- jobs/services/postgres.hcl | 96 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 jobs/services/postgres.hcl diff --git a/jobs/services/postgres.hcl b/jobs/services/postgres.hcl new file mode 100644 index 0000000..cf861c6 --- /dev/null +++ b/jobs/services/postgres.hcl @@ -0,0 +1,96 @@ +job "postgres" { + datacenters = ["aperture"] + + constraint { + attribute = "${attr.unique.hostname}" + value = "wheatley" + } + + group "db" { + network { + port "db" { + static = 5432 + } + } + + task "postgres-db" { + driver = "docker" + + template { + data = < Date: Sun, 18 Feb 2024 22:47:24 +0000 Subject: [PATCH 05/20] add privatebin (#24) --- jobs/services/privatebin.hcl | 215 +++++++++++++++++++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100644 jobs/services/privatebin.hcl diff --git a/jobs/services/privatebin.hcl b/jobs/services/privatebin.hcl new file mode 100644 index 0000000..633803c --- /dev/null +++ b/jobs/services/privatebin.hcl @@ -0,0 +1,215 @@ +job "privatebin" { + datacenters = ["aperture"] + + type = "service" + + group "privatebin" { + count = 1 + + network { + port "http" { + to = 8080 + } + } + + service { + name = "privatebin" + port = "http" + + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.privatebin.rule=Host(`paste.rb.dcu.ie`)", + "traefik.http.routers.privatebin.entrypoints=web,websecure", + "traefik.http.routers.privatebin.tls.certresolver=lets-encrypt", + ] + } + + task "privatebin" { + driver = "docker" + + config { + image = "privatebin/nginx-fpm-alpine:stable" + ports = ["http"] + + volumes = [ + "local/conf.php:/srv/data/conf.php", + ] + } + template { + destination = "local/.env" + env = true + change_mode = "restart" + data = < Date: Mon, 19 Feb 2024 00:25:08 +0000 Subject: [PATCH 06/20] Include all directories in script --- fixperms.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixperms.sh b/fixperms.sh index ff4cfbc..4dc8ef2 100644 --- a/fixperms.sh +++ b/fixperms.sh @@ -1,6 +1,6 @@ #!/bin/bash -sudo chown -R root:nomad ./jobs +sudo chown -R root:nomad ./ sudo find . -type d -exec chmod 775 {} \; From f6fbf5f1b74ab7936dbe2520b1018666c7789029 Mon Sep 17 00:00:00 2001 From: wizzdom Date: Mon, 19 Feb 2024 03:01:22 +0000 Subject: [PATCH 07/20] add postgres backup job (#25) --- jobs/services/postgres-backup.hcl | 50 +++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 jobs/services/postgres-backup.hcl diff --git a/jobs/services/postgres-backup.hcl b/jobs/services/postgres-backup.hcl new file mode 100644 index 0000000..e29964b --- /dev/null +++ b/jobs/services/postgres-backup.hcl @@ -0,0 +1,50 @@ +job "postgres-backup" { + datacenters = ["aperture"] + type = "batch" + + periodic { + crons = ["0 */3 * * * *"] + prohibit_overlap = true + } + + group "db-backup" { + task "postgres-backup" { + driver = "raw_exec" + + config { + command = "/bin/bash" + args = ["local/script.sh"] + } + + template { + data = < "${file}" + +find /storage/backups/nomad/postgres/hedgedoc/postgres* -ctime +3 -exec rm {} \; || true + +if [ -s "$file" ]; then # check if file exists and is not empty + echo "Backup successful" + exit 0 +else + rm $file + curl -H "Content-Type: application/json" -d \ + '{"content": "<@&585512338728419341> `PostgreSQL` backup for **'"${job_name}"'** has just **FAILED**\nFile name: `'"$file"'`\nDate: `'"$(TZ=Europe/Dublin date)"'`\nTurn off this script with `nomad job stop '"${job_name}"'` \n\n## Remember to restart this backup job when fixed!!!"}' \ + {{ key "postgres/webhook/discord" }} +fi +EOH + destination = "local/script.sh" + } + } + } +} + From c3e9e6e4f657f5b55759d7aca6fda57f62a8b3c1 Mon Sep 17 00:00:00 2001 From: wizzdom Date: Mon, 19 Feb 2024 03:02:06 +0000 Subject: [PATCH 08/20] add shlink job (#26) Co-authored-by: James Hackett --- jobs/services/shlink.hcl | 91 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 jobs/services/shlink.hcl diff --git a/jobs/services/shlink.hcl b/jobs/services/shlink.hcl new file mode 100644 index 0000000..cf61d6c --- /dev/null +++ b/jobs/services/shlink.hcl @@ -0,0 +1,91 @@ +job "shlink" { + datacenters = ["aperture"] + + type = "service" + + group "web" { + network { + port "api" { + to = 8080 + } + port "web" { + to = 8080 + } + } + + service { + name = "shlink" + port = "api" + + tags = [ + "traefik.enable=true", + "traefik.http.routers.shlink-api.rule=Host(`s.rb.dcu.ie`)", + "traefik.http.routers.shlink-api.tls=true", + "traefik.http.routers.shlink-api.tls.certresolver=lets-encrypt", + ] + } + + task "shlink" { + driver = "docker" + + config { + image = "shlinkio/shlink" + ports = ["api"] + } + + template { + data = < Date: Mon, 19 Feb 2024 03:56:04 +0000 Subject: [PATCH 09/20] pastebin: add URL shortener (#27) --- jobs/services/privatebin.hcl | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/jobs/services/privatebin.hcl b/jobs/services/privatebin.hcl index 633803c..ff6fe0e 100644 --- a/jobs/services/privatebin.hcl +++ b/jobs/services/privatebin.hcl @@ -96,7 +96,7 @@ languagedefault = "en" ; (optional) URL shortener address to offer after a new paste is created. ; It is suggested to only use this with self-hosted shorteners as this will leak ; the pastes encryption key. -; urlshortener = "https://shortener.example.com/api?link=" +urlshortener = "https://s.rb.dcu.ie/rest/v1/short-urls/shorten?apiKey={{ key "privatebin/shlink/api" }}&format=txt&longUrl=" qrcode = true email = true @@ -149,7 +149,6 @@ never = 0 plaintext = "Plain Text" markdown = "Markdown" syntaxhighlighting = "Source Code" -syntaxhighlightingtheme = "sons-of-obsidian" [traffic] ; time limit between calls from the same IP address in seconds @@ -191,23 +190,6 @@ tbl = "privatebin_" ; table prefix usr = "{{ key "privatebin/db/user" }}" pwd = "{{ key "privatebin/db/password" }}" opt[12] = true ; PDO::ATTR_PERSISTENT ; use persistent connections - default - -[yourls] -; When using YOURLS as a "urlshortener" config item: -; - By default, "urlshortener" will point to the YOURLS API URL, with or without -; credentials, and will be visible in public on the PrivateBin web page. -; Only use this if you allow short URL creation without credentials. -; - Alternatively, using the parameters in this section ("signature" and -; "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin -; instance with "shortenviayourls?link=" appended. For example: -; urlshortener = "${basepath}shortenviayourls?link=" -; This URL will in turn call YOURLS on the server side, using the URL from -; "apiurl" and the "access signature" from the "signature" parameters below. - -; (optional) the "signature" (access key) issued by YOURLS for the using account -; signature = "" -; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL -; apiurl = "https://yourls.example.com/yourls-api.php" EOH } } From 8a47822eefaf7316bb5692dda3aa6ecdf86890be Mon Sep 17 00:00:00 2001 From: wizzdom Date: Mon, 19 Feb 2024 04:34:17 +0000 Subject: [PATCH 10/20] add plausible analytics (#28) --- jobs/services/plausible.hcl | 125 ++++++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 jobs/services/plausible.hcl diff --git a/jobs/services/plausible.hcl b/jobs/services/plausible.hcl new file mode 100644 index 0000000..2a6f88b --- /dev/null +++ b/jobs/services/plausible.hcl @@ -0,0 +1,125 @@ +job "plausible" { + datacenters = ["aperture"] + type = "service" + + group "web" { + network { + port "http" { + to = 8000 + } + port "db" { + static = 8123 + } + } + + task "plausible" { + service { + name = "plausible" + port = "http" + + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.plausible.rule=Host(`plausible.redbrick.dcu.ie`)", + "traefik.http.routers.plausible.entrypoints=websecure", + "traefik.http.routers.plausible.tls.certresolver=lets-encrypt" + ] + } + + driver = "docker" + + config { + image = "plausible/analytics:latest" + ports = ["http"] + + command = "/bin/sh" + args = ["-c", "sleep 10 && /entrypoint.sh db migrate && /entrypoint.sh run"] + } + + template { + data = < + + warning + true + + + + + + + + + + + + +EOH + destination = "local/clickhouse.xml" + } + + template { + data = < + + + 0 + 0 + + + +EOH + destination = "local/clickhouse-user-config.xml" + } + + resources { + memory = 800 + } + } + } +} From fd122c629741828c6c25a3c976ae13ad5b869487 Mon Sep 17 00:00:00 2001 From: wizzdom Date: Tue, 20 Feb 2024 03:46:31 +0000 Subject: [PATCH 11/20] add vaultwarden job (#29) Co-authored-by: James Hackett --- jobs/services/vaultwarden.hcl | 68 +++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 jobs/services/vaultwarden.hcl diff --git a/jobs/services/vaultwarden.hcl b/jobs/services/vaultwarden.hcl new file mode 100644 index 0000000..66c5c9c --- /dev/null +++ b/jobs/services/vaultwarden.hcl @@ -0,0 +1,68 @@ +job "vaultwarden" { + datacenters = ["aperture"] + type = "service" + + group "vaultwarden" { + count = 1 + + network { + port "http" { + to = 80 + } + } + + service { + name = "vaultwarden" + port = "http" + + tags = [ + "traefik.enable=true", + "traefik.http.routers.vaultwarden.rule=Host(`vault.redbrick.dcu.ie`)", + "traefik.http.routers.vaultwarden.entrypoints=websecure", + "traefik.http.routers.vaultwarden.tls.certresolver=lets-encrypt", + ] + } + + task "vaultwarden" { + driver = "docker" + + config { + image = "vaultwarden/server:latest-alpine" + ports = ["http"] + + volumes = [ + "/storage/nomad/vaultwarden:/data" + ] + } + + template { + data = < Date: Tue, 20 Feb 2024 23:47:44 +0000 Subject: [PATCH 12/20] privatebin: add paste.redbrick (#30) --- jobs/services/privatebin.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jobs/services/privatebin.hcl b/jobs/services/privatebin.hcl index ff6fe0e..12524d2 100644 --- a/jobs/services/privatebin.hcl +++ b/jobs/services/privatebin.hcl @@ -25,7 +25,7 @@ job "privatebin" { tags = [ "traefik.enable=true", - "traefik.http.routers.privatebin.rule=Host(`paste.rb.dcu.ie`)", + "traefik.http.routers.privatebin.rule=Host(`paste.rb.dcu.ie`) || Host(`paste.redbrick.dcu.ie`)", "traefik.http.routers.privatebin.entrypoints=web,websecure", "traefik.http.routers.privatebin.tls.certresolver=lets-encrypt", ] From 9b120392c2f7a4aa165a052b975fc6d6f1b3b332 Mon Sep 17 00:00:00 2001 From: wizzdom Date: Thu, 22 Feb 2024 22:46:28 +0000 Subject: [PATCH 13/20] atlas: new name, new domain, new redirects (#31) --- jobs/nginx/11ty-website.hcl | 46 -------------------------------- jobs/nginx/atlas.hcl | 53 +++++++++++++++++++++++++++++++++++++ jobs/traefik.hcl | 2 +- 3 files changed, 54 insertions(+), 47 deletions(-) delete mode 100644 jobs/nginx/11ty-website.hcl create mode 100644 jobs/nginx/atlas.hcl diff --git a/jobs/nginx/11ty-website.hcl b/jobs/nginx/11ty-website.hcl deleted file mode 100644 index bbc0a86..0000000 --- a/jobs/nginx/11ty-website.hcl +++ /dev/null @@ -1,46 +0,0 @@ -job "11ty-website" { - datacenters = ["aperture"] - type = "service" - - group "nginx-11ty-website" { - count = 1 - - network { - port "http" { - to = 80 - } - } - - service { - port = "http" - - check { - type = "http" - path = "/" - interval = "10s" - timeout = "2s" - } - - tags = [ - "traefik.enable=true", - "traefik.http.routers.nginx-11ty-website.rule=Host(`canary.redbrick.dcu.ie`)", - "traefik.http.routers.nginx-11ty-website.entrypoints=web,websecure", - "traefik.http.routers.nginx-11ty-website.tls.certresolver=lets-encrypt", - ] - } - - task "webserver" { - driver = "docker" - - config { - image = "ghcr.io/redbrick/11ty-website:latest" - ports = ["http"] - } - - resources { - cpu = 100 - memory = 500 - } - } - } -} diff --git a/jobs/nginx/atlas.hcl b/jobs/nginx/atlas.hcl new file mode 100644 index 0000000..0f1b5a7 --- /dev/null +++ b/jobs/nginx/atlas.hcl @@ -0,0 +1,53 @@ +job "atlas" { + datacenters = ["aperture"] + type = "service" + + meta { + git-sha = "" + } + + group "nginx-atlas" { + count = 1 + + network { + port "http" { + to = 80 + } + } + + service { + port = "http" + + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.nginx-atlas.rule=Host(`redbrick.dcu.ie`) || Host(`rb.dcu.ie`)", + "traefik.http.routers.nginx-atlas.entrypoints=web,websecure", + "traefik.http.routers.nginx-atlas.tls.certresolver=lets-encrypt", + "traefik.http.routers.nginx-atlas.middlewares=redirect-user-web", + "traefik.http.middlewares.redirect-user-web.redirectregex.regex=https://redbrick\\.dcu\\.ie/~([^/]*)/?([^/].*)?", + "traefik.http.middlewares.redirect-user-web.redirectregex.replacement=https://$1.redbrick.dcu.ie/$2", + ] + } + + task "web" { + driver = "docker" + + config { + image = "ghcr.io/redbrick/atlas:latest" + ports = ["http"] + } + + resources { + cpu = 100 + memory = 50 + } + } + } +} diff --git a/jobs/traefik.hcl b/jobs/traefik.hcl index 7074f9c..5a69962 100644 --- a/jobs/traefik.hcl +++ b/jobs/traefik.hcl @@ -27,7 +27,7 @@ job "traefik" { config { image = "traefik" network_mode = "host" - + volumes = [ "local/traefik.toml:/etc/traefik/traefik.toml", ] From cbcc4100cbb78e3ccbc5c6e787d0fb2571565336 Mon Sep 17 00:00:00 2001 From: wizzdom Date: Mon, 11 Mar 2024 15:16:15 +0000 Subject: [PATCH 14/20] ayden discord bot: add mongodb --- jobs/user-projects/general/ayden-discord-bot.hcl | 1 + 1 file changed, 1 insertion(+) diff --git a/jobs/user-projects/general/ayden-discord-bot.hcl b/jobs/user-projects/general/ayden-discord-bot.hcl index e79a219..5251dc3 100644 --- a/jobs/user-projects/general/ayden-discord-bot.hcl +++ b/jobs/user-projects/general/ayden-discord-bot.hcl @@ -28,6 +28,7 @@ DISCORD_TOKEN={{ key "user-projects/ayden/gomlbot/discord/token" }} DOCKER_USER={{ key "user-projects/ayden/ghcr/username" }} DOCKER_PASS={{ key "user-projects/ayden/ghcr/password" }} DEBUG=false +MONGO_DB={{ key "user-projects/ayden/gomlbot/mongo/db" }} EOH destination = "local/.env" env = true From cc1b9f83cc956539ee01855982b13c3a4dca52ca Mon Sep 17 00:00:00 2001 From: wizzdom Date: Thu, 14 Mar 2024 17:39:54 +0000 Subject: [PATCH 15/20] add midnight calendarbot job (#32) --- .../general/midnight-calendarbot.hcl | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 jobs/user-projects/general/midnight-calendarbot.hcl diff --git a/jobs/user-projects/general/midnight-calendarbot.hcl b/jobs/user-projects/general/midnight-calendarbot.hcl new file mode 100644 index 0000000..1362e7b --- /dev/null +++ b/jobs/user-projects/general/midnight-calendarbot.hcl @@ -0,0 +1,26 @@ +job "midnight-calendarbot" { + datacenters = ["aperture"] + type = "service" + + group "calendarbot" { + count = 1 + + task "calendarbot" { + driver = "docker" + + config { + image = "ghcr.io/nightmarishblue/calendarbot:master" + force_pull = true + } + + template { + data = < Date: Sun, 17 Mar 2024 01:31:17 +0000 Subject: [PATCH 16/20] update minecraft servers, move ingress to ingress/ (#33) --- jobs/games/minecraft.hcl | 84 ++++++-------------------- jobs/{games => ingress}/gate-proxy.hcl | 6 +- jobs/{ => ingress}/traefik.hcl | 0 3 files changed, 20 insertions(+), 70 deletions(-) rename jobs/{games => ingress}/gate-proxy.hcl (86%) rename jobs/{ => ingress}/traefik.hcl (100%) diff --git a/jobs/games/minecraft.hcl b/jobs/games/minecraft.hcl index f09e1c1..8cd5cac 100644 --- a/jobs/games/minecraft.hcl +++ b/jobs/games/minecraft.hcl @@ -31,16 +31,16 @@ job "minecraft" { resources { cpu = 3000 # 3000 MHz - memory = 8192 # 8gb + memory = 8192 # 8GB } env { EULA = "TRUE" TYPE = "PAPER" ICON = "https://docs.redbrick.dcu.ie/assets/logo.png" - MEMORY = "6G" USE_AIKAR_FLAGS=true MOTD = "LONG LIVE THE REDBRICK" + MAX_PLAYERS = "20" } } } @@ -76,111 +76,63 @@ job "minecraft" { } resources { - cpu = 7000 # 7000 MHz - memory = 17408 # 17GB + cpu = 3000 # 3000 MHz + memory = 8192 # 8GB } env { EULA = "TRUE" TYPE = "PURPUR" VERSION = "1.20.1" - MOTD = "DCU Games Minecraft Server" + MOTD = "DCU Games Soc Minecraft Server" USE_AIKAR_FLAGS=true OPS = "" + MAX_PLAYERS = "20" } } } - - group "fugitives-mc" { + group "olim909-mc" { count = 1 network { - port "mc-fugitives-port" { - static = 25566 - to = 25565 - } - - port "mc-fugitives-rcon" { - to = 25575 - } - } - - service { - name = "fugitives-mc" - } - - task "minecraft-fugitives" { - driver = "docker" - - config { - image = "itzg/minecraft-server" - ports = ["mc-fugitives-port","mc-fugitives-rcon"] - } - - resources { - cpu = 3000 # 3000 MHz - memory = 8168 # 8gb - } - - env { - EULA = "TRUE" - MEMORY = "6G" - USE_AIKAR_FLAGS=true - } - } - } - - group "shemek-mc" { - count = 1 - - network { - port "mc-shemek-port" { + port "mc-olim909-port" { static = 25568 to = 25565 } - port "mc-shemek-rcon" { + port "mc-olim909-rcon" { to = 25575 } } service { - name = "shemek-mc" + name = "olim909-mc" } - task "minecraft-shemek" { + task "minecraft-olim909" { driver = "docker" config { image = "itzg/minecraft-server" - ports = ["mc-shemek-port","mc-shemek-rcon"] - + ports = ["mc-olim909-port","mc-olim909-rcon"] + volumes = [ "/storage/nomad/${NOMAD_TASK_NAME}:/data" ] } resources { - cpu = 7000 # 7000 MHz - memory = 17408 # 17GB + cpu = 3000 # 3000 MHz + memory = 4096 # 4GB } env { EULA = "TRUE" - TYPE = "FORGE" - VERSION = "1.20.1" - FORGE_INSTALLER = "forge-1.20.1-47.2.19-installer.jar" - OVERRIDE_SERVER_PROPERTIES = "TRUE" - JVM_XX_OPTS = "-Xms12G -Xmx16G -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1" + TYPE = "PAPER" + VERSION = "1.20.4" USE_AIKAR_FLAGS=true - MAX_MEMORY = "16G" + OPS = "Olim909" MAX_PLAYERS = "5" - MOTD = "Minecraft ATM 9" - DIFFICULTY = "normal" - SPAWN_PROTECTION = "0" - ENFORCE_WHITELIST = "true" - WHITELIST = "Shmickey02" - OPS = "Shmickey02" } } } diff --git a/jobs/games/gate-proxy.hcl b/jobs/ingress/gate-proxy.hcl similarity index 86% rename from jobs/games/gate-proxy.hcl rename to jobs/ingress/gate-proxy.hcl index 636d379..d78afb0 100644 --- a/jobs/games/gate-proxy.hcl +++ b/jobs/ingress/gate-proxy.hcl @@ -48,12 +48,10 @@ config: lite: enabled: true routes: - - host: fugitives.rb.dcu.ie - backend: fugitives-mc.service.consul:25566 - host: mc.rb.dcu.ie backend: vanilla-mc.service.consul:25567 - - host: shemek.rb.dcu.ie - backend: shemek-mc.service.consul:25568 + - host: olim909.rb.dcu.ie + backend: olim909-mc.service.consul:25568 - host: games.rb.dcu.ie backend: games-mc.service.consul:25569 EOH diff --git a/jobs/traefik.hcl b/jobs/ingress/traefik.hcl similarity index 100% rename from jobs/traefik.hcl rename to jobs/ingress/traefik.hcl From c00b1e9243675a4811eb2ad2828ea82e17e88b28 Mon Sep 17 00:00:00 2001 From: wizzdom Date: Thu, 28 Mar 2024 20:01:04 +0000 Subject: [PATCH 17/20] ansible: mount oldstorage (#34) Co-authored-by: James Hackett --- ansible/roles/configure-nfs-client/tasks/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/ansible/roles/configure-nfs-client/tasks/main.yml b/ansible/roles/configure-nfs-client/tasks/main.yml index aab11b1..5d78f3f 100644 --- a/ansible/roles/configure-nfs-client/tasks/main.yml +++ b/ansible/roles/configure-nfs-client/tasks/main.yml @@ -6,7 +6,7 @@ - nfs-common when: ansible_os_family == "Debian" -- name: create mount point +- name: create /storage mount point become: true ansible.builtin.file: path: /storage @@ -14,6 +14,14 @@ mode: "0755" when: ansible_os_family == "Debian" +- name: create /oldstorage mount directory + become: true + ansible.builtin.file: + path: /oldstorage + state: directory + mode: "0755" + when: ansible_os_family == "Debian" + - name: add nfs entry to fstab become: true ansible.builtin.lineinfile: @@ -23,6 +31,7 @@ create: yes with_items: - "10.10.0.7:/storage /storage nfs defaults 0 0" + - "192.168.0.150:/zbackup /oldstorage nfs defaults 0 0" - name: mount nfs become: true From 3511ad653b873e32e3cf187845f5a0bf9e8e3d57 Mon Sep 17 00:00:00 2001 From: wizzdom Date: Sun, 31 Mar 2024 17:22:28 +0100 Subject: [PATCH 18/20] add admin api job (#35) --- jobs/services/api.hcl | 82 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 jobs/services/api.hcl diff --git a/jobs/services/api.hcl b/jobs/services/api.hcl new file mode 100644 index 0000000..1015b48 --- /dev/null +++ b/jobs/services/api.hcl @@ -0,0 +1,82 @@ +job "api" { + datacenters = ["aperture"] + + type = "service" + + group "api" { + count = 1 + + network { + port "http" { + to = 80 + } + } + + service { + name = "api" + port = "http" + + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.api.rule=Host(`api.redbrick.dcu.ie`)", + "traefik.http.routers.api.entrypoints=web,websecure", + "traefik.http.routers.api.tls.certresolver=lets-encrypt", + ] + } + + task "api" { + driver = "docker" + + config { + image = "ghcr.io/redbrick/api:latest" + ports = ["http"] + volumes = [ + "/oldstorage:/storage", + "/oldstorage/home:/home", + "local/ldap.secret:/etc/ldap.secret", + ] + auth { + username = "${DOCKER_USER}" + password = "${DOCKER_PASS}" + } + } + template { + destination = "local/.env" + env = true + change_mode = "restart" + data = < Date: Tue, 2 Apr 2024 16:16:19 +0100 Subject: [PATCH 19/20] add wetty to aperture (#36) --- jobs/services/wetty.hcl | 51 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 jobs/services/wetty.hcl diff --git a/jobs/services/wetty.hcl b/jobs/services/wetty.hcl new file mode 100644 index 0000000..8ada614 --- /dev/null +++ b/jobs/services/wetty.hcl @@ -0,0 +1,51 @@ +job "wetty" { + datacenters = ["aperture"] + + type = "service" + + group "wetty" { + count = 1 + + network { + port "http" { + to = 3000 + } + } + + service { + name = "wetty" + port = "http" + + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.wetty.rule=Host(`wetty.rb.dcu.ie`)", + "traefik.http.routers.wetty.entrypoints=web,websecure", + "traefik.http.routers.wetty.tls.certresolver=lets-encrypt", + ] + } + + task "wetty" { + driver = "docker" + + config { + image = "wettyoss/wetty" + ports = ["http"] + } + template { + destination = "local/.env" + env = true + data = < Date: Wed, 3 Apr 2024 15:21:01 +0100 Subject: [PATCH 20/20] add brickbot2 job (#37) Co-authored-by: wizzdom --- jobs/services/brickbot.hcl | 54 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 jobs/services/brickbot.hcl diff --git a/jobs/services/brickbot.hcl b/jobs/services/brickbot.hcl new file mode 100644 index 0000000..1fcb3b8 --- /dev/null +++ b/jobs/services/brickbot.hcl @@ -0,0 +1,54 @@ +job "brickbot2" { + datacenters = ["aperture"] + + type = "service" + + group "brickbot2" { + count = 1 + + task "brickbot2" { + driver = "docker" + + config { + image = "ghcr.io/redbrick/brickbot2:latest" + auth { + username = "${DOCKER_USER}" + password = "${DOCKER_PASS}" + } + volumes = [ + "local/ldap.secret:/etc/ldap.secret:ro", + ] + } + + template { + destination = "local/ldap.secret" + data = "{{ key \"api/ldap/secret\" }}" # this is necessary as the secret has no EOF + } + + template { + destination = "local/.env" + env = true + change_mode = "restart" + data = <