chore: [WIP] Moving off and off-pro to off2

confs/off-memcached/memcached.conf

@@ -0,0 +1,48 @@
+# memcached default config file
+# 2003 - Jay Bonci <[email protected]>
+# This configuration file is read by the start-memcached script provided as
+# part of the Debian GNU/Linux distribution.
+
+# Run memcached as a daemon. This command is implied, and is not needed for the
+# daemon to run. See the README.Debian that comes with this package for more
+# information.
+-d
+
+# Log memcached's output to /var/log/memcached
+logfile /var/log/memcached.log
+
+# Be verbose
+# -v
+
+# Be even more verbose (print client commands as well)
+# -vv
+
+# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
+# Note that the daemon will grow to this size, but does not start out holding this much
+# memory
+# 3,5 G
+-m 3584
+
+# Default connection port is 11211
+-p 11211
+
+# Run the daemon as root. The start-memcached will default to running as root if no
+# -u command is present in this config file
+-u memcache
+
+# Specify which IP address to listen on. The default is to listen on all IP addresses
+# This parameter is one of the only security measures that memcached has, so make sure
+# it's listening on a firewalled interface.
+-l 0.0.0.0
+
+# Limit the number of simultaneous incoming connections. The daemon default is 1024
+# -c 1024
+
+# Lock down all paged memory. Consult with the README and homepage before you do this
+# -k
+
+# Return error when memory is exhausted (rather than removing items)
+# -M
+
+# Maximize core file limit
+# -r

confs/off2/munin/munin-node.conf

@@ -0,0 +1,67 @@
+#
+# Example config-file for munin-node
+#
+
+log_level 4
+log_file /var/log/munin/munin-node.log
+pid_file /var/run/munin/munin-node.pid
+
+background 1
+setsid 1
+
+user root
+group root
+
+# This is the timeout for the whole transaction.
+# Units are in sec. Default is 15 min
+#
+# global_timeout 900
+
+# This is the timeout for each plugin.
+# Units are in sec. Default is 1 min
+#
+# timeout 60
+
+# Regexps for files to ignore
+ignore_file [\#~]$
+ignore_file DEADJOE$
+ignore_file \.bak$
+ignore_file %$
+ignore_file \.dpkg-(tmp|new|old|dist)$
+ignore_file \.rpm(save|new)$
+ignore_file \.pod$
+
+# Set this if the client doesn't report the correct hostname when
+# telnetting to localhost, port 4949
+#
+#host_name localhost.localdomain
+
+# A list of addresses that are allowed to connect.  This must be a
+# regular expression, since Net::Server does not understand CIDR-style
+# network notation unless the perl module Net::CIDR is installed.  You
+# may repeat the allow line as many times as you'd like
+
+allow ^127\.0\.0\.1$
+allow ^::1$
+allow ^10\.0\.0
+
+# If you have installed the Net::CIDR perl module, you can use one or more
+# cidr_allow and cidr_deny address/mask patterns.  A connecting client must
+# match any cidr_allow, and not match any cidr_deny.  Note that a netmask
+# *must* be provided, even if it's /32
+#
+# Example:
+#
+# cidr_allow 127.0.0.1/32
+# cidr_allow 192.0.2.0/24
+# cidr_deny  192.0.2.42/32
+
+cidr_allow 82.64.249.221/32 # cquest freebox
+cidr_allow 212.129.55.232/32 # cquest gateway
+
+# Which address to bind to;
+host *
+# host 127.0.0.1
+
+# And which port
+port 4949

confs/off2/pve/lxc_101.conf

@@ -0,0 +1,17 @@
+arch: amd64
+cores: 2
+hostname: proxy
+memory: 2048
+mp0: /zfs-hdd/off-pro/sftp,mp=/mnt/off-pro/sftp
+net0: name=eth0,bridge=vmbr1,firewall=1,hwaddr=82:B8:56:FD:98:6E,ip=10.1.0.101/24,type=veth
+net1: name=net1,bridge=vmbr0,firewall=1,gw=213.36.253.222,hwaddr=8A:54:38:D6:95:DB,ip=213.36.253.214/27,type=veth
+onboot: 1
+ostype: debian
+protection: 1
+rootfs: zfs-hdd:subvol-101-disk-0,size=32G
+swap: 0
+unprivileged: 1
+lxc.idmap: u 0 100000 999
+lxc.idmap: g 0 100000 999
+lxc.idmap: u 1000 1000 64536
+lxc.idmap: g 1000 1000 64536

confs/off2/pve/lxc_110.conf

@@ -26,12 +26,11 @@ mp9: /zfs-hdd/opf/images,mp=/mnt/opf/images
 net0: name=eth0,bridge=vmbr1,firewall=1,gw=10.0.0.2,hwaddr=AA:ED:55:47:6B:EF,ip=10.1.0.110/24,type=veth
 onboot: 1
 ostype: debian
+protection: 1
 rootfs: zfs-hdd:subvol-110-disk-0,size=30G
 swap: 0
 unprivileged: 1
 lxc.idmap: u 0 100000 999
 lxc.idmap: g 0 100000 999
-lxc.idmap: u 1000 1000 10
-lxc.idmap: g 1000 1000 10
-lxc.idmap: u 1011 101011 64525
-lxc.idmap: g 1011 101011 64525
+lxc.idmap: u 1000 1000 64536
+lxc.idmap: g 1000 1000 64536

confs/off2/pve/lxc_111.conf

@@ -16,13 +16,13 @@ mp7: /zfs-hdd/off/images,mp=/mnt/off/images
 mp8: /zfs-hdd/opff/products,mp=/mnt/opff/products
 mp9: /zfs-hdd/opff/images,mp=/mnt/opff/images
 net0: name=eth0,bridge=vmbr1,firewall=1,gw=10.0.0.2,hwaddr=E2:FC:A7:2D:02:A9,ip=10.1.0.111/24,type=veth
+onboot: 1
 ostype: debian
+protection: 1
 rootfs: zfs-hdd:subvol-111-disk-0,size=30G
 swap: 0
 unprivileged: 1
 lxc.idmap: u 0 100000 999
 lxc.idmap: g 0 100000 999
-lxc.idmap: u 1000 1000 10
-lxc.idmap: g 1000 1000 10
-lxc.idmap: u 1011 101011 64525
-lxc.idmap: g 1011 101011 64525
+lxc.idmap: u 1000 1000 64536
+lxc.idmap: g 1000 1000 64536

confs/off2/pve/lxc_112.conf

@@ -16,13 +16,13 @@ mp7: /zfs-hdd/off/images,mp=/mnt/off/images
 mp8: /zfs-hdd/opff/products,mp=/mnt/opff/products
 mp9: /zfs-hdd/opff/images,mp=/mnt/opff/images
 net0: name=eth0,bridge=vmbr1,firewall=1,gw=10.0.0.2,hwaddr=EE:91:F9:92:F2:89,ip=10.1.0.112/24,type=veth
+onboot: 1
 ostype: debian
+protection: 1
 rootfs: zfs-hdd:subvol-112-disk-0,size=30G
 swap: 0
 unprivileged: 1
 lxc.idmap: u 0 100000 999
 lxc.idmap: g 0 100000 999
-lxc.idmap: u 1000 1000 10
-lxc.idmap: g 1000 1000 10
-lxc.idmap: u 1011 101011 64525
-lxc.idmap: g 1011 101011 64525
+lxc.idmap: u 1000 1000 64536
+lxc.idmap: g 1000 1000 64536

confs/off2/pve/lxc_113.conf

@@ -0,0 +1,29 @@
+arch: amd64
+cores: 8
+features: nesting=1
+hostname: off
+memory: 40960
+mp0: /zfs-hdd/off,mp=/mnt/off
+mp1: /zfs-nvme/off/products,mp=/mnt/off/products
+mp10: /zfs-hdd/opff/images,mp=/mnt/opff/images
+mp11: /zfs-hdd/opf/products,mp=/mnt/opf/products
+mp12: /zfs-hdd/opf/images,mp=/mnt/opf/images
+mp13: /zfs-hdd/off/logs,mp=/mnt/off/logs
+mp14: /zfs-hdd/off-pro/cache/export_files,mp=/mnt/off-pro/cache/export_files
+mp2: /zfs-hdd/off/users,mp=/mnt/off/users
+mp3: /zfs-hdd/off/orgs,mp=/mnt/off/orgs
+mp4: /zfs-hdd/off/images,mp=/mnt/off/images
+mp5: /zfs-hdd/off/html_data,mp=/mnt/off/html_data
+mp6: /zfs-hdd/off/cache,mp=/mnt/off/cache
+mp7: /zfs-hdd/obf/products,mp=/mnt/obf/products
+mp8: /zfs-hdd/obf/images,mp=/mnt/obf/images
+mp9: /zfs-hdd/opff/products,mp=/mnt/opff/products
+net0: name=eth0,bridge=vmbr1,firewall=1,gw=10.0.0.2,hwaddr=62:79:6B:52:14:A3,ip=10.1.0.113/24,type=veth
+ostype: debian
+rootfs: zfs-hdd:subvol-113-disk-0,size=30G
+swap: 0
+unprivileged: 1
+lxc.idmap: u 0 100000 999
+lxc.idmap: g 0 100000 999
+lxc.idmap: u 1000 1000 64536
+lxc.idmap: g 1000 1000 64536

confs/off2/pve/lxc_114.conf

@@ -0,0 +1,25 @@
+arch: amd64
+cores: 4
+features: nesting=1
+hostname: off-pro
+memory: 6144
+mp0: /zfs-hdd/off-pro,mp=/mnt/off-pro
+mp1: /zfs-nvme/off-pro/products,mp=/mnt/off-pro/products
+mp2: /zfs-hdd/off/users,mp=/mnt/off-pro/users
+mp3: /zfs-hdd/off/orgs,mp=/mnt/off-pro/orgs
+mp4: /zfs-hdd/off-pro/images,mp=/mnt/off-pro/images
+mp5: /zfs-hdd/off-pro/html_data,mp=/mnt/off-pro/html_data
+mp6: /zfs-hdd/off-pro/cache,mp=/mnt/off-pro/cache
+mp7: /zfs-hdd/off/data,mp=/mnt/off-pro/data
+mp8: /zfs-hdd/off-pro/sftp,mp=/mnt/off-pro/sftp
+net0: name=eth0,bridge=vmbr1,firewall=1,gw=10.0.0.2,hwaddr=6E:F7:BA:06:2D:90,ip=10.1.0.114/24,type=veth
+onboot: 1
+ostype: debian
+protection: 1
+rootfs: zfs-hdd:subvol-114-disk-0,size=30G
+swap: 0
+unprivileged: 1
+lxc.idmap: u 0 100000 999
+lxc.idmap: g 0 100000 999
+lxc.idmap: u 1000 1000 64536
+lxc.idmap: g 1000 1000 64536

confs/off2/pve/lxc_120.conf

@@ -0,0 +1,14 @@
+#Host postgresql for off minions.
+arch: amd64
+cores: 2
+features: nesting=1
+hostname: off-postgres
+memory: 2048
+mp0: zfs-nvme:subvol-120-disk-0,mp=/var/lib/postgresql/,backup=1,mountoptions=noatime,size=5G
+net0: name=eth0,bridge=vmbr1,firewall=1,gw=10.0.0.2,hwaddr=82:79:7C:ED:7A:FF,ip=10.1.0.120/24,type=veth
+onboot: 1
+ostype: debian
+protection: 1
+rootfs: zfs-hdd:subvol-120-disk-0,size=20G
+swap: 0
+unprivileged: 1

confs/off2/pve/lxc_121.conf

@@ -0,0 +1,13 @@
+#This machine only host a simple memcached.
+arch: amd64
+cores: 2
+features: nesting=1
+hostname: off-memcached
+memory: 4096
+net0: name=eth0,bridge=vmbr1,firewall=1,gw=10.0.0.2,hwaddr=D6:C7:BB:09:0D:F1,ip=10.1.0.121/24,type=veth
+onboot: 1
+ostype: debian
+protection: 1
+rootfs: zfs-hdd:subvol-121-disk-0,size=15G
+swap: 0
+unprivileged: 1

confs/off2/sanoid/sanoid.conf

@@ -66,14 +66,66 @@
 
 # off
 
+[zfs-hdd/off]
+  use_template=prod_data
+  recursive=no
+
+[zfs-hdd/off/cache]
+  use_template=prod_data
+  recursive=no
+
+[zfs-hdd/off/html_data]
+  use_template=prod_data
+  recursive=no
+
 [zfs-hdd/off/images]
   use_template=prod_data
   recursive=no
 
+[zfs-hdd/off/logs]
+  use_template=prod_data
+  recursive=no
+
+[zfs-hdd/off/orgs]
+  use_template=prod_data
+  recursive=no
+
+# not yet !
+# [zfs-nvme/off/products]
+#  use_template=prod_data
+#  recursive=no
+
 [zfs-hdd/off/users]
   use_template=synced_data
   recursive=no
 
+# off-pro
+
+[zfs-hdd/off-pro]
+  use_template=prod_data
+  recursive=no
+
+[zfs-hdd/off-pro/cache]
+  use_template=prod_data
+  recursive=no
+
+[zfs-hdd/off-pro/html_data]
+  use_template=prod_data
+  recursive=no
+
+[zfs-hdd/off-pro/images]
+  use_template=prod_data
+  recursive=no
+
+[zfs-hdd/off-pro/logs]
+  use_template=prod_data
+  recursive=no
+
+# not yet !
+# [zfs-nvme/off-pro/products]
+#  use_template=prod_data
+#  recursive=no
+
 
 [template_prod_data]
   # How often snapshots should be taken under an hour

confs/off2/sanoid/syncoid-args.conf

@@ -21,4 +21,16 @@
 --no-sync-snap zfs-hdd/opff/images [email protected]:rpool/opff/images
 --no-sync-snap zfs-hdd/opff/products [email protected]:rpool/opff/products
 # off
+--no-sync-snap zfs-hdd/off/cache [email protected]:rpool/off/cache
+--no-sync-snap zfs-hdd/off/html_data [email protected]:rpool/off/html_data
+--no-sync-snap zfs-hdd/off/logs [email protected]:rpool/off/logs
 --no-sync-snap zfs-hdd/off/images [email protected]:rpool/off/images
+# not yet --no-sync-snap zfs-nvme/off/products [email protected]:rpool/off/products
+--no-sync-snap zfs-hdd/off/orgs [email protected]:rpool/off/orgs
+--no-sync-snap zfs-hdd/off/users [email protected]:rpool/off/users
+# off-pro
+--no-sync-snap zfs-hdd/off-pro/cache [email protected]:rpool/off-pro/cache
+--no-sync-snap zfs-hdd/off-pro/html_data [email protected]:rpool/off-pro/html_data
+--no-sync-snap zfs-hdd/off-pro/logs [email protected]:rpool/off-pro/logs
+--no-sync-snap zfs-hdd/off-pro/images [email protected]:rpool/off-pro/images
+# not yet --no-sync-snap zfs-nvme/off-pro/products [email protected]:rpool/off-pro/products

confs/off2/subgid

@@ -0,0 +1,7 @@
+root:1000:64536
+root:100000:65536
+alex:165536:65536
+stephane:231072:65536
+teolemon:296608:65536
+raphael:362144:65536
+CharlesNepote:427680:65536

confs/off2/subuid

@@ -0,0 +1,7 @@
+root:1000:64536
+root:100000:65536
+alex:165536:65536
+stephane:231072:65536
+teolemon:296608:65536
+raphael:362144:65536
+CharlesNepote:427680:65536

confs/proxy-off/nginx/openbeautyfacts.org

@@ -32,7 +32,10 @@ server {
     add_header X-Content-Type-Options nosniff;
     add_header X-Frame-Options DENY;
 
+    # enable large uploads
+    client_max_body_size 20M;
 
+    # logs location
     access_log  /var/log/nginx/openbeautyfacts.org.log  main;
     error_log   /var/log/nginx/openbeautyfacts.org.errors.log;