Merge pull request 'fix' (#145) from master into dev

Reviewed-on: #145

.deploy-infra/deploy-dev.yaml

@@ -7,6 +7,7 @@ services:
     networks:
       - common-infra-nginx-development
       - configurator
+      - minio-development
     environment:
       MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV
     ports:
@@ -48,6 +49,8 @@ services:
 
   postgres:
     image: postgres:14-alpine3.19
+    networks:
+      - postgres-development
     volumes:
       - /sprint-data/postgres-data:/var/lib/postgresql/data
     environment:
@@ -74,6 +77,8 @@ services:
 
   mongo:
     image: mongo:6.0.2
+    networks:
+      - mongo-development
     volumes:
       - /sprint-data/mongo:/data/db
     environment:
@@ -93,29 +98,6 @@ services:
         parallelism: 1
         order: start-first 
 
-  rabbitmq:
-    image: rabbitmq:3.10.7-management
-    volumes:
-      - /sprint-data/rabbitmq:/var/lib/rabbitmq
-    ports:
-      - published: 5672
-        target: 5672
-        mode: host
-      - published: 15672
-        target: 15672
-        mode: host
-    environment:
-      RABBITMQ_DEFAULT_PASS: $RABBITMQ_PASSWORD_DEV
-    deploy:
-      mode: replicated
-      restart_policy:
-        condition: any
-      placement:
-        constraints: [node.labels.stage == development]
-      update_config:
-        parallelism: 1
-        order: start-first
-
   redis:
     image: redis:alpine3.16
     volumes:
@@ -137,6 +119,8 @@ services:
 
   minio:
     image: bitnami/minio:2022.10.8
+    networks:
+      - minio-development
     volumes:
       - minio_data:/data
     environment:
@@ -165,7 +149,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - /sprint-data:/sprint-data
     environment:
-      GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
+      GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
       GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
       GITEA_RUNNER_NAME: dev
       GITEA_RUNNER_LABELS: dev
@@ -190,3 +174,9 @@ networks:
     external: true
   clickhouse-development:
     external: true
+  postgres-development:
+    external: true
+  mongo-development:
+    external: true
+  minio-development:
+    external: true

.deploy-infra/deploy-prod.yaml

@@ -7,6 +7,7 @@ services:
     networks:
       - common-infra-nginx
       - configurator
+      - minio
     environment:
       MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
     ports:
@@ -26,55 +27,6 @@ services:
       update_config:
         parallelism: 1
         # order: start-first
-  
-  zitadel:
-    image: ghcr.io/zitadel/zitadel:latest
-    networks:
-      - common-infra-nginx
-    environment:
-      ZITADEL_DATABASE_POSTGRES_HOST: pg.sprinthub.ru
-      ZITADEL_DATABASE_POSTGRES_PORT: 5432
-      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
-      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: postgres
-      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: $DB_PASSWORD_PROD
-      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
-      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
-      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: $DB_PASSWORD_PROD
-      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
-      ZITADEL_EXTERNALSECURE: false
-      deploy:
-        mode: replicated
-        replicas: 1
-        restart_policy:
-          condition: any
-        update_config:
-          parallelism: 1
-    
-  # authelia:
-  #   image: mathwave/sprint-repo:authelia
-  #   networks:
-  #     - common-infra-nginx
-  #   environment:
-  #     AUTHELIA_JWT_SECRET: $AUTHTHELIA_JWT_SECRET
-  #     AUTHELIA_SESSION_SECRET: $AUTHTHELIA_SESSION_SECRET
-  #     AUTHELIA_STORAGE_ENCRYPTION_KEY: $AUTHELIA_STORAGE_ENCRYPTION_KEY
-  #     AUTHELIA_STORAGE_POSTGRES_PORT: "5432"
-  #     AUTHELIA_STORAGE_POSTGRES_DATABASE: "authelia"
-  #     AUTHELIA_STORAGE_POSTGRES_USERNAME: "postgres"
-  #     AUTHELIA_STORAGE_POSTGRES_PASSWORD: $DB_PASSWORD_PROD
-  #     AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: "one_factor"
-  #     AUTHELIA_NOTIFIER_SMTP_ENABLED: "false"
-  #   volumes:
-  #     - /sprint-data/authelia/data:/var/lib/authelia
-  #   deploy:
-  #     mode: replicated
-  #     replicas: 1
-  #     restart_policy:
-  #       condition: any
-  #     placement:
-  #       constraints: [node.labels.stage == production]
-  #     update_config:
-  #       parallelism: 1
 
   grafana:
     image: grafana/grafana
@@ -126,6 +78,8 @@ services:
 
   postgres:
     image: postgres:14-alpine3.19
+    networks:
+      - postgres
     volumes:
       - /sprint-data/postgres-data:/var/lib/postgresql/data
     environment:
@@ -157,6 +111,8 @@ services:
 
   mongo:
     image: mongo:6.0.2
+    networks:
+      - mongo
     volumes:
       - /sprint-data/mongo:/data/db
     environment:
@@ -197,6 +153,8 @@ services:
 
   minio:
     image: bitnami/minio:2022.10.8
+    networks:
+      - minio
     volumes:
       - minio_data:/data
     environment:
@@ -232,7 +190,7 @@ services:
       USER_UID: 1000
       USER_GID: 1000
       GITEA__database__DB_TYPE: postgres
-      GITEA__database__HOST: pg.sprinthub.ru:5432
+      GITEA__database__HOST: pg.chocomarsh.com:5432
       GITEA__database__NAME: gitea
       GITEA__database__USER: postgres
       GITEA__database__PASSWD: $DB_PASSWORD_PROD
@@ -252,7 +210,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - /sprint-data:/sprint-data
     environment:
-      GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
+      GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
       GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
       GITEA_RUNNER_NAME: prod
       GITEA_RUNNER_LABELS: prod
@@ -281,3 +239,9 @@ networks:
     external: true
   clickhouse:
     external: true
+  postgres:
+    external: true
+  mongo:
+    external: true
+  minio:
+    external: true

.gitea/workflows/deploy-dev.yaml

@@ -19,8 +19,6 @@ jobs:
           ref: dev
       - name: build nginx dev
         run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev
-      - name: build gitea runner
-        run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
   push:
     name: Push
     runs-on: [ prod ]

.gitea/workflows/deploy-prod.yaml

@@ -21,8 +21,6 @@ jobs:
         run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod
       - name: build gitea runner
         run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
-      - name: build authelia
-        run: docker build -t mathwave/sprint-repo:authelia authelia
   push:
     name: Push
     runs-on: [ prod ]
@@ -32,8 +30,6 @@ jobs:
         run: docker push mathwave/sprint-repo:sprint-infra-nginx-prod
       - name: push gitea runner
         run: docker push mathwave/sprint-repo:gitea-runner
-      - name: push authelia
-        run: docker push mathwave/sprint-repo:authelia
   prepare:
     name: prepare
     runs-on: [prod]
@@ -58,8 +54,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: prod
-      - name: deploy swarmpit
-        run: docker stack deploy --with-registry-auth -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
       - name: deploy portainer
         run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer
       - name: deploy infra

authelia/Dockerfile

@@ -1,3 +0,0 @@
-FROM authelia/authelia
-COPY configuration.yml /config/configuration.yml
-COPY users.yml /config/users.yml

authelia/configuration.yml

@@ -1,44 +0,0 @@
-theme: dark
-
-jwt_secret: secret-jwt-will-be-overridden-by-env
-
-server:
-  host: 0.0.0.0
-  port: 9091
-
-log:
-  level: info
-
-authentication_backend:
-  file:
-    path: /config/users.yml
-
-access_control:
-  default_policy: one_factor
-  rules:
-    - domain: "*.chocomarsh.com"
-      policy: one_factor
-
-session:
-  name: authelia_session
-  expiration: 1h
-  inactivity: 5m
-  remember_me_duration: 1w
-  cookies:
-    - domain: chocomarsh.com
-      authelia_url: https://auth.chocomarsh.com
-      default_redirection_url: https://login.chocomarsh.com
-
-storage:
-  encryption_key: "a_very_long_secret_32_characters_minimum"
-  postgres:
-    host: pg.sprinthub.ru
-    port: 5432
-    database: authelia
-    schema: public
-    username: postgres
-    password: autheliapass  # also override with env if preferred
-
-notifier:
-  filesystem:
-    filename: /config/notification.txt

authelia/users.yml

@@ -1,5 +0,0 @@
-users:
-  emmatveev:
-    password: "$argon2id$v=19$m=65536,t=1,p=4$CixMXaAilVof3yk1rtghwg$V/kcl1HNDWeybrV3SrVjjdI00D1lFtuvLldkwAklSOE"
-    displayname: "Egor Matveev"
-    email: emmtvv@gmail.com

nginx/nginx-dev/prepare.py

@@ -6,7 +6,7 @@ from json import loads
 
 
 minio_client = Minio(
-    "minio.develop.sprinthub.ru:9000",
+    "minio:9000",
     access_key="serviceminioadmin",
     secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
     secure=False,

nginx/nginx-prod/prepare.py

@@ -6,7 +6,7 @@ from json import loads
 
 
 minio_client = Minio(
-    "minio.sprinthub.ru:9000",
+    "minio:9000",
     access_key="serviceminioadmin",
     secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
     secure=False,

prepare/run-production.sh

@@ -8,10 +8,15 @@ docker network create -d overlay --attachable configurator || true
 docker network create -d overlay --attachable monitoring || true
 docker network create -d overlay --attachable configurator-development || true
 docker network create -d overlay --attachable clickhouse || true
-docker network create -d overlay --attachable clickhouse-development || true
+docker network create -d overlay --attachable postgres || true
+docker network create -d overlay --attachable postgres-development || true
+docker network create -d overlay --attachable mongo || true
+docker network create -d overlay --attachable mongo-development || true
+docker network create -d overlay --attachable minio || true
+docker network create -d overlay --attachable minio-development || true
+
 mkdir /sprint-data/mongo || true
 mkdir /sprint-data/redis || true
-mkdir /sprint-data/rabbitmq || true
 mkdir /sprint-data/certs || true
 mkdir /sprint-data/gitea || true
 mkdir /sprint-data/clickhouse || true