Compare commits
32 Commits
49e99f2721
...
prod
| Author | SHA1 | Date | |
|---|---|---|---|
| eeeec03ab8 | |||
|
7795898546 | ||
| ff5ae0220d | |||
|
|
d8c68a2307 | ||
| 6ea0e23869 | |||
| e706e91a2a | |||
| 5fe5b5ed6f | |||
| b0b3dbdbd6 | |||
| 5d2c174fce | |||
|
|
1347bcc321 | ||
|
|
f6371f8813 | ||
| 624eddee2a | |||
|
|
1af2cfa4e2 | ||
| ba43261482 | |||
|
|
975ae0cedc | ||
| 59287f8240 | |||
|
|
0ba70d2e60 | ||
|
|
5a7d51e253 | ||
|
|
e4670693cd | ||
| 0877334a4b | |||
| d6669a1d11 | |||
|
|
90b875752b | ||
| 8f823afc21 | |||
|
|
557aae3678 | ||
| 489b5d00cc | |||
|
|
501769b234 | ||
| 073ee88a84 | |||
|
|
f784e8b45b | ||
| 054186bfcd | |||
|
|
b0284f699b | ||
| 2d66d20e41 | |||
|
|
d394210099 |
@@ -7,6 +7,7 @@ services:
|
||||
networks:
|
||||
- common-infra-nginx-development
|
||||
- configurator
|
||||
- minio-development
|
||||
environment:
|
||||
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV
|
||||
ports:
|
||||
@@ -48,6 +49,8 @@ services:
|
||||
|
||||
postgres:
|
||||
image: postgres:14-alpine3.19
|
||||
networks:
|
||||
- postgres-development
|
||||
volumes:
|
||||
- /sprint-data/postgres-data:/var/lib/postgresql/data
|
||||
environment:
|
||||
@@ -74,6 +77,8 @@ services:
|
||||
|
||||
mongo:
|
||||
image: mongo:6.0.2
|
||||
networks:
|
||||
- mongo-development
|
||||
volumes:
|
||||
- /sprint-data/mongo:/data/db
|
||||
environment:
|
||||
@@ -93,29 +98,6 @@ services:
|
||||
parallelism: 1
|
||||
order: start-first
|
||||
|
||||
rabbitmq:
|
||||
image: rabbitmq:3.10.7-management
|
||||
volumes:
|
||||
- /sprint-data/rabbitmq:/var/lib/rabbitmq
|
||||
ports:
|
||||
- published: 5672
|
||||
target: 5672
|
||||
mode: host
|
||||
- published: 15672
|
||||
target: 15672
|
||||
mode: host
|
||||
environment:
|
||||
RABBITMQ_DEFAULT_PASS: $RABBITMQ_PASSWORD_DEV
|
||||
deploy:
|
||||
mode: replicated
|
||||
restart_policy:
|
||||
condition: any
|
||||
placement:
|
||||
constraints: [node.labels.stage == development]
|
||||
update_config:
|
||||
parallelism: 1
|
||||
order: start-first
|
||||
|
||||
redis:
|
||||
image: redis:alpine3.16
|
||||
volumes:
|
||||
@@ -137,6 +119,8 @@ services:
|
||||
|
||||
minio:
|
||||
image: bitnami/minio:2022.10.8
|
||||
networks:
|
||||
- minio-development
|
||||
volumes:
|
||||
- minio_data:/data
|
||||
environment:
|
||||
@@ -165,7 +149,7 @@ services:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /sprint-data:/sprint-data
|
||||
environment:
|
||||
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
|
||||
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
|
||||
GITEA_RUNNER_NAME: dev
|
||||
GITEA_RUNNER_LABELS: dev
|
||||
@@ -190,3 +174,9 @@ networks:
|
||||
external: true
|
||||
clickhouse-development:
|
||||
external: true
|
||||
postgres-development:
|
||||
external: true
|
||||
mongo-development:
|
||||
external: true
|
||||
minio-development:
|
||||
external: true
|
||||
@@ -7,6 +7,7 @@ services:
|
||||
networks:
|
||||
- common-infra-nginx
|
||||
- configurator
|
||||
- minio
|
||||
environment:
|
||||
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
|
||||
ports:
|
||||
@@ -26,32 +27,6 @@ services:
|
||||
update_config:
|
||||
parallelism: 1
|
||||
# order: start-first
|
||||
|
||||
authelia:
|
||||
image: mathwave/sprint-repo:authelia
|
||||
networks:
|
||||
- common-infra-nginx
|
||||
environment:
|
||||
AUTHELIA_JWT_SECRET: $AUTHTHELIA_JWT_SECRET
|
||||
AUTHELIA_SESSION_SECRET: $AUTHTHELIA_SESSION_SECRET
|
||||
AUTHELIA_STORAGE_ENCRYPTION_KEY: $AUTHELIA_STORAGE_ENCRYPTION_KEY
|
||||
AUTHELIA_STORAGE_POSTGRES_PORT: "5432"
|
||||
AUTHELIA_STORAGE_POSTGRES_DATABASE: "authelia"
|
||||
AUTHELIA_STORAGE_POSTGRES_USERNAME: "postgres"
|
||||
AUTHELIA_STORAGE_POSTGRES_PASSWORD: $DB_PASSWORD_PROD
|
||||
AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: "one_factor"
|
||||
AUTHELIA_NOTIFIER_SMTP_ENABLED: "false"
|
||||
volumes:
|
||||
- /sprint-data/authelia/data:/var/lib/authelia
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
restart_policy:
|
||||
condition: any
|
||||
placement:
|
||||
constraints: [node.labels.stage == production]
|
||||
update_config:
|
||||
parallelism: 1
|
||||
|
||||
grafana:
|
||||
image: grafana/grafana
|
||||
@@ -103,6 +78,8 @@ services:
|
||||
|
||||
postgres:
|
||||
image: postgres:14-alpine3.19
|
||||
networks:
|
||||
- postgres
|
||||
volumes:
|
||||
- /sprint-data/postgres-data:/var/lib/postgresql/data
|
||||
environment:
|
||||
@@ -134,6 +111,8 @@ services:
|
||||
|
||||
mongo:
|
||||
image: mongo:6.0.2
|
||||
networks:
|
||||
- mongo
|
||||
volumes:
|
||||
- /sprint-data/mongo:/data/db
|
||||
environment:
|
||||
@@ -174,6 +153,8 @@ services:
|
||||
|
||||
minio:
|
||||
image: bitnami/minio:2022.10.8
|
||||
networks:
|
||||
- minio
|
||||
volumes:
|
||||
- minio_data:/data
|
||||
environment:
|
||||
@@ -197,7 +178,9 @@ services:
|
||||
order: start-first
|
||||
|
||||
gitea:
|
||||
image: gitea/gitea:1.22.3
|
||||
image: gitea/gitea:1.24.6
|
||||
networks:
|
||||
- postgres
|
||||
volumes:
|
||||
- /sprint-data/gitea:/data
|
||||
- /etc/timezone:/etc/timezone
|
||||
@@ -209,7 +192,7 @@ services:
|
||||
USER_UID: 1000
|
||||
USER_GID: 1000
|
||||
GITEA__database__DB_TYPE: postgres
|
||||
GITEA__database__HOST: pg.sprinthub.ru:5432
|
||||
GITEA__database__HOST: postgres:5432
|
||||
GITEA__database__NAME: gitea
|
||||
GITEA__database__USER: postgres
|
||||
GITEA__database__PASSWD: $DB_PASSWORD_PROD
|
||||
@@ -228,8 +211,9 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /sprint-data:/sprint-data
|
||||
- /root/.cache/act:/root/.cache/act
|
||||
environment:
|
||||
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
|
||||
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
|
||||
GITEA_RUNNER_NAME: prod
|
||||
GITEA_RUNNER_LABELS: prod
|
||||
@@ -258,3 +242,9 @@ networks:
|
||||
external: true
|
||||
clickhouse:
|
||||
external: true
|
||||
postgres:
|
||||
external: true
|
||||
mongo:
|
||||
external: true
|
||||
minio:
|
||||
external: true
|
||||
|
||||
@@ -2,7 +2,7 @@ version: '3.2'
|
||||
|
||||
services:
|
||||
agent:
|
||||
image: portainer/agent:2.11.1
|
||||
image: portainer/agent:2.33.1
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /var/lib/docker/volumes:/var/lib/docker/volumes
|
||||
@@ -14,7 +14,7 @@ services:
|
||||
constraints: [node.platform.os == linux]
|
||||
|
||||
portainer:
|
||||
image: portainer/portainer-ce:2.11.1
|
||||
image: portainer/portainer-ce:2.33.1
|
||||
command: -H tcp://tasks.agent:9001 --tlsskipverify
|
||||
ports:
|
||||
- "9443:9443"
|
||||
|
||||
@@ -19,8 +19,6 @@ jobs:
|
||||
ref: dev
|
||||
- name: build nginx dev
|
||||
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev
|
||||
- name: build gitea runner
|
||||
run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
|
||||
push:
|
||||
name: Push
|
||||
runs-on: [ prod ]
|
||||
|
||||
@@ -21,8 +21,6 @@ jobs:
|
||||
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod
|
||||
- name: build gitea runner
|
||||
run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
|
||||
- name: build authelia
|
||||
run: docker build -t mathwave/sprint-repo:authelia authelia
|
||||
push:
|
||||
name: Push
|
||||
runs-on: [ prod ]
|
||||
@@ -32,8 +30,6 @@ jobs:
|
||||
run: docker push mathwave/sprint-repo:sprint-infra-nginx-prod
|
||||
- name: push gitea runner
|
||||
run: docker push mathwave/sprint-repo:gitea-runner
|
||||
- name: push authelia
|
||||
run: docker push mathwave/sprint-repo:authelia
|
||||
prepare:
|
||||
name: prepare
|
||||
runs-on: [prod]
|
||||
@@ -58,8 +54,6 @@ jobs:
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: prod
|
||||
- name: deploy swarmpit
|
||||
run: docker stack deploy --with-registry-auth -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
|
||||
- name: deploy portainer
|
||||
run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer
|
||||
- name: deploy infra
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
FROM authelia/authelia
|
||||
COPY configuration.yml /config/configuration.yml
|
||||
COPY users.yml /config/users.yml
|
||||
@@ -1,44 +0,0 @@
|
||||
theme: dark
|
||||
|
||||
jwt_secret: secret-jwt-will-be-overridden-by-env
|
||||
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
|
||||
log:
|
||||
level: info
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users.yml
|
||||
|
||||
access_control:
|
||||
default_policy: one_factor
|
||||
rules:
|
||||
- domain: "*.chocomarsh.com"
|
||||
policy: one_factor
|
||||
|
||||
session:
|
||||
name: authelia_session
|
||||
expiration: 1h
|
||||
inactivity: 5m
|
||||
remember_me_duration: 1w
|
||||
cookies:
|
||||
- domain: chocomarsh.com
|
||||
authelia_url: https://auth.chocomarsh.com
|
||||
default_redirection_url: https://login.chocomarsh.com
|
||||
|
||||
storage:
|
||||
encryption_key: "a_very_long_secret_32_characters_minimum"
|
||||
postgres:
|
||||
host: pg.sprinthub.ru
|
||||
port: 5432
|
||||
database: authelia
|
||||
schema: public
|
||||
username: postgres
|
||||
password: autheliapass # also override with env if preferred
|
||||
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: /config/notification.txt
|
||||
@@ -1,5 +0,0 @@
|
||||
users:
|
||||
emmatveev:
|
||||
password: "$argon2id$v=19$m=65536,t=1,p=4$CixMXaAilVof3yk1rtghwg$V/kcl1HNDWeybrV3SrVjjdI00D1lFtuvLldkwAklSOE"
|
||||
displayname: "Egor Matveev"
|
||||
email: emmtvv@gmail.com
|
||||
@@ -3,3 +3,4 @@ FROM gitea/act_runner:nightly
|
||||
RUN apk add docker
|
||||
RUN apk add git
|
||||
RUN apk add --no-cache nodejs
|
||||
RUN apk add --no-cache make
|
||||
|
||||
@@ -6,7 +6,7 @@ from json import loads
|
||||
|
||||
|
||||
minio_client = Minio(
|
||||
"minio.develop.sprinthub.ru:9000",
|
||||
"minio:9000",
|
||||
access_key="serviceminioadmin",
|
||||
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
|
||||
secure=False,
|
||||
|
||||
@@ -6,7 +6,7 @@ from json import loads
|
||||
|
||||
|
||||
minio_client = Minio(
|
||||
"minio.sprinthub.ru:9000",
|
||||
"minio:9000",
|
||||
access_key="serviceminioadmin",
|
||||
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
|
||||
secure=False,
|
||||
|
||||
@@ -8,10 +8,15 @@ docker network create -d overlay --attachable configurator || true
|
||||
docker network create -d overlay --attachable monitoring || true
|
||||
docker network create -d overlay --attachable configurator-development || true
|
||||
docker network create -d overlay --attachable clickhouse || true
|
||||
docker network create -d overlay --attachable clickhouse-development || true
|
||||
docker network create -d overlay --attachable postgres || true
|
||||
docker network create -d overlay --attachable postgres-development || true
|
||||
docker network create -d overlay --attachable mongo || true
|
||||
docker network create -d overlay --attachable mongo-development || true
|
||||
docker network create -d overlay --attachable minio || true
|
||||
docker network create -d overlay --attachable minio-development || true
|
||||
|
||||
mkdir /sprint-data/mongo || true
|
||||
mkdir /sprint-data/redis || true
|
||||
mkdir /sprint-data/rabbitmq || true
|
||||
mkdir /sprint-data/certs || true
|
||||
mkdir /sprint-data/gitea || true
|
||||
mkdir /sprint-data/clickhouse || true
|
||||
|
||||
Reference in New Issue
Block a user