Merge pull request 'fix' (#151) from master into prod

Reviewed-on: #151

.deploy-infra/deploy-dev.yaml

@@ -7,6 +7,7 @@ services:
     networks:
       - common-infra-nginx-development
       - configurator
+      - minio-development
     environment:
       MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV
     ports:
@@ -48,6 +49,8 @@ services:
 
   postgres:
     image: postgres:14-alpine3.19
+    networks:
+      - postgres-development
     volumes:
       - /sprint-data/postgres-data:/var/lib/postgresql/data
     environment:
@@ -74,6 +77,8 @@ services:
 
   mongo:
     image: mongo:6.0.2
+    networks:
+      - mongo-development
     volumes:
       - /sprint-data/mongo:/data/db
     environment:
@@ -93,29 +98,6 @@ services:
         parallelism: 1
         order: start-first 
 
-  rabbitmq:
-    image: rabbitmq:3.10.7-management
-    volumes:
-      - /sprint-data/rabbitmq:/var/lib/rabbitmq
-    ports:
-      - published: 5672
-        target: 5672
-        mode: host
-      - published: 15672
-        target: 15672
-        mode: host
-    environment:
-      RABBITMQ_DEFAULT_PASS: $RABBITMQ_PASSWORD_DEV
-    deploy:
-      mode: replicated
-      restart_policy:
-        condition: any
-      placement:
-        constraints: [node.labels.stage == development]
-      update_config:
-        parallelism: 1
-        order: start-first
-
   redis:
     image: redis:alpine3.16
     volumes:
@@ -137,6 +119,8 @@ services:
 
   minio:
     image: bitnami/minio:2022.10.8
+    networks:
+      - minio-development
     volumes:
       - minio_data:/data
     environment:
@@ -165,7 +149,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - /sprint-data:/sprint-data
     environment:
-      GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
+      GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
       GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
       GITEA_RUNNER_NAME: dev
       GITEA_RUNNER_LABELS: dev
@@ -190,3 +174,9 @@ networks:
     external: true
   clickhouse-development:
     external: true
+  postgres-development:
+    external: true
+  mongo-development:
+    external: true
+  minio-development:
+    external: true

.deploy-infra/deploy-prod.yaml

@@ -7,6 +7,7 @@ services:
     networks:
       - common-infra-nginx
       - configurator
+      - minio
     environment:
       MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
     ports:
@@ -27,33 +28,6 @@ services:
         parallelism: 1
         # order: start-first
 
-  authelia:
-    image: mathwave/sprint-repo:authelia
-    networks:
-      - common-infra-nginx
-    environment:
-      AUTHELIA_JWT_SECRET: $AUTHTHELIA_JWT_SECRET
-      AUTHELIA_SESSION_SECRET: $AUTHTHELIA_SESSION_SECRET
-      AUTHELIA_STORAGE_ENCRYPTION_KEY: $AUTHELIA_STORAGE_ENCRYPTION_KEY
-      AUTHELIA_STORAGE_POSTGRES_HOST: "postgres"
-      AUTHELIA_STORAGE_POSTGRES_PORT: "5432"
-      AUTHELIA_STORAGE_POSTGRES_DATABASE: "authelia"
-      AUTHELIA_STORAGE_POSTGRES_USERNAME: "postgres"
-      AUTHELIA_STORAGE_POSTGRES_PASSWORD: $DB_PASSWORD_PROD
-      AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: "one_factor"
-      AUTHELIA_NOTIFIER_SMTP_ENABLED: "false"
-    volumes:
-      - /sprint-data/authelia/data:/var/lib/authelia
-    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
-      placement:
-        constraints: [node.labels.stage == production]
-      update_config:
-        parallelism: 1
-
   grafana:
     image: grafana/grafana
     networks:
@@ -104,6 +78,8 @@ services:
 
   postgres:
     image: postgres:14-alpine3.19
+    networks:
+      - postgres
     volumes:
       - /sprint-data/postgres-data:/var/lib/postgresql/data
     environment:
@@ -135,6 +111,8 @@ services:
 
   mongo:
     image: mongo:6.0.2
+    networks:
+      - mongo
     volumes:
       - /sprint-data/mongo:/data/db
     environment:
@@ -175,6 +153,8 @@ services:
 
   minio:
     image: bitnami/minio:2022.10.8
+    networks:
+      - minio
     volumes:
       - minio_data:/data
     environment:
@@ -198,7 +178,9 @@ services:
         order: start-first
 
   gitea:
-    image: gitea/gitea:1.22.3
+    image: gitea/gitea:1.24.6
+    networks:
+      - postgres
     volumes:
       - /sprint-data/gitea:/data
       - /etc/timezone:/etc/timezone
@@ -210,7 +192,7 @@ services:
       USER_UID: 1000
       USER_GID: 1000
       GITEA__database__DB_TYPE: postgres
-      GITEA__database__HOST: pg.sprinthub.ru:5432
+      GITEA__database__HOST: postgres:5432
       GITEA__database__NAME: gitea
       GITEA__database__USER: postgres
       GITEA__database__PASSWD: $DB_PASSWORD_PROD
@@ -229,8 +211,9 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /sprint-data:/sprint-data
+      - /root/.cache/act:/root/.cache/act
     environment:
-      GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
+      GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
       GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
       GITEA_RUNNER_NAME: prod
       GITEA_RUNNER_LABELS: prod
@@ -259,3 +242,9 @@ networks:
     external: true
   clickhouse:
     external: true
+  postgres:
+    external: true
+  mongo:
+    external: true
+  minio:
+    external: true

.deploy-portainer/deploy-prod.yaml

@@ -2,7 +2,7 @@ version: '3.2'
 
 services:
   agent:
-    image: portainer/agent:2.11.1
+    image: portainer/agent:2.33.1
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /var/lib/docker/volumes:/var/lib/docker/volumes
@@ -14,7 +14,7 @@ services:
         constraints: [node.platform.os == linux]
 
   portainer:
-    image: portainer/portainer-ce:2.11.1
+    image: portainer/portainer-ce:2.33.1
     command: -H tcp://tasks.agent:9001 --tlsskipverify
     ports:
       - "9443:9443"

.gitea/workflows/deploy-dev.yaml

@@ -19,8 +19,6 @@ jobs:
           ref: dev
       - name: build nginx dev
         run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev
-      - name: build gitea runner
-        run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
   push:
     name: Push
     runs-on: [ prod ]

.gitea/workflows/deploy-prod.yaml

@@ -21,8 +21,6 @@ jobs:
         run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod
       - name: build gitea runner
         run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
-      - name: build authelia
-        run: docker build -t mathwave/sprint-repo:authelia authelia
   push:
     name: Push
     runs-on: [ prod ]
@@ -32,8 +30,6 @@ jobs:
         run: docker push mathwave/sprint-repo:sprint-infra-nginx-prod
       - name: push gitea runner
         run: docker push mathwave/sprint-repo:gitea-runner
-      - name: push authelia
-        run: docker push mathwave/sprint-repo:authelia
   prepare:
     name: prepare
     runs-on: [prod]
@@ -58,8 +54,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: prod
-      - name: deploy swarmpit
-        run: docker stack deploy --with-registry-auth -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
       - name: deploy portainer
         run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer
       - name: deploy infra

authelia/Dockerfile

@@ -1,2 +0,0 @@
-FROM authelia/authelia
-COPY configuration.yml /config/configuration.yml

authelia/configuration.yml

@@ -1,48 +0,0 @@
-theme: dark
-
-jwt_secret: secret-jwt-will-be-overridden-by-env
-default_redirection_url: https://auth.chocomarsh.com
-
-server:
-  host: 0.0.0.0
-  port: 9091
-
-log:
-  level: info
-
-authentication_backend:
-  file:
-    users:
-      emmatveev:
-        password: "$argon2id$v=19$m=65536,t=1,p=4$CixMXaAilVof3yk1rtghwg$V/kcl1HNDWeybrV3SrVjjdI00D1lFtuvLldkwAklSOE"
-        displayname: "Egor Matveev"
-        email: emmtvv@gmail.com
-
-access_control:
-  default_policy: one_factor
-  rules:
-    - domain: "*.chocomarsh.com"
-      policy: one_factor
-
-session:
-  name: authelia_session
-  expiration: 1h
-  inactivity: 5m
-  remember_me_duration: 1w
-  cookies:
-    - domain: chocomarsh.com
-      authelia_url: https://auth.chocomarsh.com
-
-storage:
-  encryption_key: "a_very_long_secret_32_characters_minimum"
-  postgres:
-    host: pg.chocomarsh.com
-    port: 5432
-    database: authelia
-    schema: public
-    username: postgres
-    password: autheliapass  # also override with env if preferred
-
-notifier:
-  filesystem:
-    filename: /config/notification.txt

gitea-runner/Dockerfile

@@ -3,3 +3,4 @@ FROM gitea/act_runner:nightly
 RUN apk add docker
 RUN apk add git
 RUN apk add --no-cache nodejs
+RUN apk add --no-cache make

nginx/nginx-dev/prepare.py

@@ -6,7 +6,7 @@ from json import loads
 
 
 minio_client = Minio(
-    "minio.develop.sprinthub.ru:9000",
+    "minio:9000",
     access_key="serviceminioadmin",
     secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
     secure=False,

nginx/nginx-prod/prepare.py

@@ -6,7 +6,7 @@ from json import loads
 
 
 minio_client = Minio(
-    "minio.sprinthub.ru:9000",
+    "minio:9000",
     access_key="serviceminioadmin",
     secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
     secure=False,

prepare/run-production.sh

@@ -8,10 +8,15 @@ docker network create -d overlay --attachable configurator || true
 docker network create -d overlay --attachable monitoring || true
 docker network create -d overlay --attachable configurator-development || true
 docker network create -d overlay --attachable clickhouse || true
-docker network create -d overlay --attachable clickhouse-development || true
+docker network create -d overlay --attachable postgres || true
+docker network create -d overlay --attachable postgres-development || true
+docker network create -d overlay --attachable mongo || true
+docker network create -d overlay --attachable mongo-development || true
+docker network create -d overlay --attachable minio || true
+docker network create -d overlay --attachable minio-development || true
+
 mkdir /sprint-data/mongo || true
 mkdir /sprint-data/redis || true
-mkdir /sprint-data/rabbitmq || true
 mkdir /sprint-data/certs || true
 mkdir /sprint-data/gitea || true
 mkdir /sprint-data/clickhouse || true