From 54eb1ebd31e8b6266f2dc2a1540b738401c4f744 Mon Sep 17 00:00:00 2001 From: Roberto Hidalgo Date: Mon, 22 Apr 2024 22:30:02 -0600 Subject: [PATCH] bump to 0.15 --- .gitignore | 1 + gotosocial.yaml | 16 +++++----------- gts.nomad | 33 ++++++++++++++++++++++++--------- gts.spec.yaml | 20 ++++++++++++++++++++ main.tf | 20 +++++++++++++++++++- 5 files changed, 69 insertions(+), 21 deletions(-) create mode 100644 gts.spec.yaml diff --git a/.gitignore b/.gitignore index 8bdfa91..02d9afe 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .terraform.lock.hcl .terraform +*.vars diff --git a/gotosocial.yaml b/gotosocial.yaml index e6fefde..69ade69 100644 --- a/gotosocial.yaml +++ b/gotosocial.yaml @@ -218,12 +218,12 @@ accounts-allow-custom-css: false # Int. Maximum allowed image upload size in bytes. # Examples: [2097152, 10485760] # Default: 10485760 -- aka 10MB -media-image-max-size: 10485760 +media-image-max-size: 10MiB # Int. Maximum allowed video upload size in bytes. # Examples: [2097152, 10485760] # Default: 41943040 -- aka 40MB -media-video-max-size: 41943040 +media-video-max-size: 40MiB # Int. Minimum amount of characters required as an image or video description. # Examples: [500, 1000, 1500] @@ -233,7 +233,7 @@ media-description-min-chars: 0 # Int. Maximum amount of characters permitted in an image or video description. # Examples: [500, 1000, 1500] # Default: 500 -media-description-max-chars: 500 +media-description-max-chars: 1500 # Int. Number of days to cache media from remote instances before they are removed from the cache. # A job will run every day at midnight to clean up any remote media older than the given amount of days. @@ -252,7 +252,7 @@ media-remote-cache-days: 30 # of your emojis to other instances, so beware. # Examples: [51200, 102400] # Default: 51200 -media-emoji-local-max-size: 51200 +media-emoji-local-max-size: 50KiB # Int. Max size in bytes of emojis to download from other instances. # By default this is 100kb, or twice the size of the default for media-emoji-local-max-size. @@ -260,7 +260,7 @@ media-emoji-local-max-size: 51200 # higher emoji size limits, and not taking up too much space in storage. # Examples: [51200, 102400] # Default: 51200 -media-emoji-remote-max-size: 102400 +media-emoji-remote-max-size: 100KiB ########################## ##### STORAGE CONFIG ##### @@ -290,12 +290,6 @@ storage-s3-bucket: "{{ .Data.cdn.bucket }}" # Default: 5000 statuses-max-chars: 1024 -# Int. Maximum amount of characters allowed in the CW/subject header of a status. -# Note that going way higher than the default might break federation. -# Examples: [100, 200] -# Default: 100 -statuses-cw-max-chars: 100 - # Int. Maximum amount of options to permit when creating a new poll. # Note that going way higher than the default might break federation. # Examples: [4, 6, 10] diff --git a/gts.nomad b/gts.nomad index b117b91..16c8447 100644 --- a/gts.nomad +++ b/gts.nomad @@ -1,13 +1,16 @@ +variable "package" { + type = map(object({ + image = string + version = string + })) + default = {} +} + job "club-patito" { datacenters = ["qro0"] region = "qro0" + namespace = "social" - vault { - policies = ["club-patito"] - - change_mode = "signal" - change_signal = "SIGHUP" - } group "club-patito" { reschedule { @@ -39,6 +42,10 @@ job "club-patito" { driver = "docker" user = "nobody" + vault { + role = "club-patito" + } + resources { cpu = 128 memory = 64 @@ -46,7 +53,7 @@ job "club-patito" { } config { - image = "litestream/litestream:0.3.12" + image = "${var.package.litestream.image}:${var.package.litestream.version}" args = ["restore", "/alloc/gotosocial.db"] volumes = ["secrets/litestream.yaml:/etc/litestream.yml"] } @@ -66,6 +73,10 @@ job "club-patito" { driver = "docker" user = "nobody" + vault { + role = "club-patito" + } + resources { cpu = 256 memory = 128 @@ -73,7 +84,7 @@ job "club-patito" { } config { - image = "litestream/litestream:0.3.12" + image = "${var.package.litestream.image}:${var.package.litestream.version}" args = ["replicate"] volumes = ["secrets/litestream.yaml:/etc/litestream.yml"] } @@ -88,8 +99,12 @@ job "club-patito" { driver = "docker" user = "nobody" + vault { + role = "club-patito" + } + config { - image = "superseriousbusiness/gotosocial:0.11.1" + image = "${var.package.self.image}:${var.package.self.version}" ports = ["gotosocial"] args = [ "--config-path", diff --git a/gts.spec.yaml b/gts.spec.yaml new file mode 100644 index 0000000..3c477d6 --- /dev/null +++ b/gts.spec.yaml @@ -0,0 +1,20 @@ +_config: !!joao + vault: none + name: none +description: activitypub server +docs: + - https://docs.gotosocial.org/en/latest/ + - https://litestream.io/ +packages: + self: + image: superseriousbusiness/gotosocial + source: https://github.com/superseriousbusiness/gotosocial + version: "0.15.0" + check: github-releases + comparison: suffix + litestream: + source: https://github.com/benbjohnson/litestream + image: litestream/litestream + check: github-releases + version: "0.3.13" + comparison: suffix diff --git a/main.tf b/main.tf index 8b8792a..e9afa8c 100644 --- a/main.tf +++ b/main.tf @@ -16,7 +16,7 @@ terraform { vault = { source = "hashicorp/vault" - version = "~> 3.18.0" + version = "~> 4.2.0" } } @@ -72,6 +72,24 @@ resource "vault_policy" "service" { HCL } +resource "vault_jwt_auth_backend_role" "service" { + backend = "nomad-workload" + role_type = "jwt" + role_name = "club-patito" + bound_audiences = ["vault.io"] + user_claim = "/nomad_job_id" + user_claim_json_pointer = true + claim_mappings = { + nomad_namespace = "nomad_namespace" + nomad_job_id = "nomad_job_id" + nomad_task = "nomad_task" + } + token_type = "service" + token_policies = [vault_policy.service.name] + token_period = 60 * 60 * 6 + token_explicit_max_ttl = 0 +} + resource "digitalocean_record" "to_pati_club" { domain = "pati.to" type = "A"