Move pispace to new wiki setup.

2025-04-17 11:01:42 +01:00
parent cd1f38229a
commit 27787f3a17
3 changed files with 49 additions and 151 deletions
--- a/services/couchdb.hcl
+++ b/services/couchdb.hcl
@@ -1,102 +0,0 @@
-job "couchdb" {
-  datacenters = ["alo"]
-
-  meta {
-    uuid = uuidv4()
-  }
-
-  group "db" {
-    network {
-      port "api" {
-        to = 5984
-      }
-    }
-
-    task "server" {
-      driver = "docker"
-
-      config {
-        image = "couchdb:3.3"
-        ports = ["api"]
-        volumes = [
-          "/data/compute/appdata/couchdb:/opt/couchdb/data",
-          "local/couchdb.ini:/opt/couchdb/etc/local.d/local.ini",
-          "local/vm.args:/opt/couchdb/etc/vm.args",
-        ]
-      }
-
-      service {
-        name = "couchdb"
-        port = "api"
-
-        tags = [
-          "traefik.enable=true",
-          "traefik.http.routers.couchdb.entryPoints=websecure",
-          "traefik.http.routers.couchdb.rule=Host(`pidb.paler.net`)",
-        ]
-      }
-
-      resources {
-        memory = 2000
-      }
-
-      template {
-        data = <<EOH
-# (Debian) Package-introduced administrative user
-[admins]
-admin = -pbkdf2-eeb3e20eb9b58edec62d10987d7aed3465c425d4,3cf6e90591d435fbfa9262693490b9c8,10
-
-[couchdb]
-uuid = 66ab957b6c21d9fd2ff6bda36da9f4b7
-
-[couch_httpd_auth]
-secret = a57bfaa045b960c301411bb0893d88ac
-allow_persistent_cookies = true
-; 8 weeks
-timeout = 4838400
-
-[cors]
-origins = https://pi.paler.net,https://noteself.org
-credentials = true
-headers = accept, authorization, content-type, origin, referer
-methods = GET, PUT, POST, HEAD, DELETE
-
-[httpd]
-enable_cors = true
-EOH
-        destination = "local/couchdb.ini"
-      }
-
-      template {
-        data = <<EOH
-name couchdb@127.0.0.1
-
-# All nodes must share the same magic cookie for distributed Erlang to work.
-# Comment out this line if you synchronized the cookies by other means (using
-# the ~/.erlang.cookie file, for example).
-#-setcookie monster
-
-# Tell kernel and SASL not to log anything
-kernel error_logger silent
-sasl sasl_error_logger false
-
-# Use kernel poll functionality if supported by emulator
-+K true
-
-# Start a pool of asynchronous IO threads
-+A 16
-
-# Comment this line out to enable the interactive Erlang shell on startup
-+Bd -noinput
-
-# Force use of the smp scheduler, fixes #1296
-smp enable
-
-# Set maximum SSL session lifetime to reap terminated replication readers
-ssl session_lifetime 300
-EOH
-        destination = "local/vm.args"
-      }
-    }
-  }
-}
--- a/services/pi.paler.net.hcl
+++ b/services/pi.paler.net.hcl
@@ -1,49 +0,0 @@
-job "pi.paler.net" {
-  datacenters = ["alo"]
-
-  group "apps" {
-    network {
-      port "http" {
-        #host_network = "tailscale"
-      }
-    }
-
-    service {
-      name = "pi-paler-net"
-      port = "http"
-
-      tags = [
-        "traefik.enable=true",
-        "traefik.http.routers.piserver.entryPoints=websecure",
-        "traefik.http.routers.piserver.rule=Host(`pi.paler.net`)",
-        "traefik.http.routers.piserver.middlewares=corsheader",
-        "traefik.http.middlewares.corsheader.headers.accesscontrolalloworiginlist=*",
-      ]
-
-      check {
-        type = "http"
-        path = "/health"
-        interval = "10s"
-        timeout = "2s"
-      } 
-    }
-
-    task "http-server" {
-      driver = "docker"
-
-      config {
-        image = "pierrezemb/gostatic"
-
-        ports = [ "http" ]
-
-        args = [
-          "-port=${NOMAD_PORT_http}",
-          "-enable-health",
-        ]
-
-        volumes = [ "/data/compute/sites/pi.paler.net:/srv/http" ]
-      }
-    }
-  }
-}
-
--- a/services/wiki.hcl
+++ b/services/wiki.hcl
@@ -21,6 +21,7 @@ job "wiki" {
    network {
        port "captainslog" { }
        port "alo" { }
+        port "pispace" { }
    }

    task "captainslog" {
@@ -119,5 +120,53 @@ job "wiki" {
        memory = 256
      }
    }
+
+    task "pispace" {
+      driver = "exec"
+
+      config {
+        command = "/sw/bin/node"
+        args = [
+            "/appdata/wiki/node_modules/tiddlywiki/tiddlywiki.js",
+            "/appdata/wiki/pispace",
+            "--listen",
+            "host=0.0.0.0",
+            "port=${NOMAD_PORT_pispace}",
+            "authenticated-user-header=X-authentik-username",
+            "readers=ppetru,ines",
+            "writers=ppetru,ines",
+            "admin=ppetru",
+        ]
+      }
+
+      volume_mount {
+        volume = "appdata"
+        destination = "/appdata"
+      }
+      volume_mount {
+        volume = "nix-store"
+        destination = "/nix/store"
+      }
+      volume_mount {
+        volume = "sw"
+        destination = "/sw"
+      }
+
+      service {
+        name = "pispace"
+        port = "pispace"
+        tags = [
+          "traefik.enable=true",
+          "traefik.http.routers.pispace.rule=Host(`pi.paler.net`)",
+          "traefik.http.routers.pispace.entryPoints=websecure",
+          "traefik.http.routers.pispace.middlewares=authentik@file",
+        ]
+      }
+
+      resources {
+        cpu = 500
+        memory = 256
+      }
+    }
  }
 }