bas.sh / pulumi
Pulumi code for my server setup
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

add static ip for postgres-relay

Bas van den Wollenberg de3c73fa 5fe70c2c

+14 -7
+5 -2
services/haring/atproto/relay.ts
··· 4 4 import { interpolate } from "@pulumi/pulumi"; 5 5 import { confMount, dataMount } from "~lib/service/mounts"; 6 6 import { ensure, getLatestCommit } from "~lib/util"; 7 - import { UNBOUND_ADDRESS, unboundService } from "../networking/unbound/unbound"; 7 + import { unboundService } from "../networking/unbound/unbound"; 8 + import { STATIC_IPS } from "../ips"; 9 + import { defaultNetwork } from "~lib/service/networks"; 8 10 9 11 const postgresRelayService = new ContainerService("postgres-relay", { 10 12 image: "postgres", ··· 13 15 POSTGRES_PASSWORD: getEnv("POSTGRES_PASSWORD"), 14 16 POSTGRES_DB: "relay", 15 17 }, 18 + networksAdvanced: [{ name: defaultNetwork.name, ipv4Address: STATIC_IPS.POSTGRES_RELAY }], 16 19 }); 17 20 18 21 const relayImage = new dockerBuild.Image( ··· 51 54 networkMode: "host", 52 55 mounts: [dataMount("media/relay", "/data/relay/persist")], 53 56 middlewares: ["relay"], 54 - dns: [UNBOUND_ADDRESS], 57 + dns: [STATIC_IPS.UNBOUND], 55 58 envs: { 56 59 RELAY_ADMIN_PASSWORD: getEnv("RELAY_ADMIN_PASSWORD"), 57 60 DATABASE_URL: interpolate`postgres://postgres:${getEnv("POSTGRES_PASSWORD")}@${postgresRelayService.ip}/relay`,
+4
services/haring/ips.ts
··· 1 + export const STATIC_IPS = { 2 + UNBOUND: "172.18.1.1", 3 + POSTGRES_RELAY: "172.18.1.2", 4 + } as const;
+3 -3
services/haring/networking/unbound/unbound.ts
··· 5 5 import { confMount } from "~lib/service/mounts"; 6 6 import { defaultNetwork } from "~lib/service/networks"; 7 7 import { ContainerService, defaultConnection } from "~lib/service/service"; 8 + import { STATIC_IPS } from "../../ips"; 8 9 9 10 const unboundConfMount = confMount("unbound/custom.conf.d", "/etc/unbound/custom.conf.d"); 10 11 ··· 42 43 }, 43 44 ); 44 45 45 - export const UNBOUND_ADDRESS = "172.18.1.1"; 46 - 47 46 export const unboundService = new ContainerService( 48 47 "unbound", 49 48 { 50 49 image: "klutchell/unbound", 51 50 mounts: [unboundConfMount], 52 - networksAdvanced: [{ name: defaultNetwork.name, ipv4Address: UNBOUND_ADDRESS }], 51 + ulimits: [{ name: "nofile", soft: 65790, hard: 65790 }], 52 + networksAdvanced: [{ name: defaultNetwork.name, ipv4Address: STATIC_IPS.UNBOUND }], 53 53 }, 54 54 { 55 55 dependsOn: valkeyUnboundService.container,
+2 -2
services/haring/web/traefik.ts
··· 3 3 import { dockerSocket } from "~lib/service/mounts"; 4 4 import { getEnv } from "~lib/env"; 5 5 import { haringDockerProvider } from "~lib/service/providers"; 6 - import { secretLabels } from "./traefik-secrets"; 6 + import { SECRET_LABELS } from "./traefik-secrets"; 7 7 8 8 const traefikVolume = new Volume( 9 9 "traefik", ··· 116 116 "traefik.http.routers.metrics.entrypoints": "https", 117 117 "traefik.http.routers.metrics.middlewares": "cloudflare,auth", 118 118 119 - ...secretLabels, 119 + ...SECRET_LABELS, 120 120 }, 121 121 }, 122 122 {