Compare commits
18 Commits
dev
...
7b0a5ca568
| Author | SHA1 | Date | |
|---|---|---|---|
| 7b0a5ca568 | |||
| cab9ef5d08 | |||
| e4f6078e63 | |||
| 8ebf434fb2 | |||
| 2b0fc2dee3 | |||
| f72974a593 | |||
| 13518e77d6 | |||
| a424d7950e | |||
| fe415f0bd8 | |||
| 07008122a8 | |||
| 031960c451 | |||
| a1fcd98eba | |||
| 4e4bdf12cb | |||
| e1b8bdb230 | |||
| 893a357eca | |||
| feee9ffb6d | |||
| dd63cf69cd | |||
| 829d978ac8 |
@@ -7,7 +7,6 @@ services:
|
||||
networks:
|
||||
- common-infra-nginx-development
|
||||
- configurator
|
||||
- minio-development
|
||||
environment:
|
||||
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV
|
||||
ports:
|
||||
@@ -32,7 +31,6 @@ services:
|
||||
image: clickhouse
|
||||
networks:
|
||||
- clickhouse-development
|
||||
- common-infra-nginx-development
|
||||
volumes:
|
||||
- /sprint-data/clickhouse:/var/lib/clickhouse
|
||||
environment:
|
||||
@@ -49,8 +47,6 @@ services:
|
||||
|
||||
postgres:
|
||||
image: postgres:14-alpine3.19
|
||||
networks:
|
||||
- postgres-development
|
||||
volumes:
|
||||
- /sprint-data/postgres-data:/var/lib/postgresql/data
|
||||
environment:
|
||||
@@ -77,8 +73,6 @@ services:
|
||||
|
||||
mongo:
|
||||
image: mongo:6.0.2
|
||||
networks:
|
||||
- mongo-development
|
||||
volumes:
|
||||
- /sprint-data/mongo:/data/db
|
||||
environment:
|
||||
@@ -98,6 +92,29 @@ services:
|
||||
parallelism: 1
|
||||
order: start-first
|
||||
|
||||
rabbitmq:
|
||||
image: rabbitmq:3.10.7-management
|
||||
volumes:
|
||||
- /sprint-data/rabbitmq:/var/lib/rabbitmq
|
||||
ports:
|
||||
- published: 5672
|
||||
target: 5672
|
||||
mode: host
|
||||
- published: 15672
|
||||
target: 15672
|
||||
mode: host
|
||||
environment:
|
||||
RABBITMQ_DEFAULT_PASS: $RABBITMQ_PASSWORD_DEV
|
||||
deploy:
|
||||
mode: replicated
|
||||
restart_policy:
|
||||
condition: any
|
||||
placement:
|
||||
constraints: [node.labels.stage == development]
|
||||
update_config:
|
||||
parallelism: 1
|
||||
order: start-first
|
||||
|
||||
redis:
|
||||
image: redis:alpine3.16
|
||||
volumes:
|
||||
@@ -119,8 +136,6 @@ services:
|
||||
|
||||
minio:
|
||||
image: bitnami/minio:2022.10.8
|
||||
networks:
|
||||
- minio-development
|
||||
volumes:
|
||||
- minio_data:/data
|
||||
environment:
|
||||
@@ -149,7 +164,7 @@ services:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /sprint-data:/sprint-data
|
||||
environment:
|
||||
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
|
||||
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
|
||||
GITEA_RUNNER_NAME: dev
|
||||
GITEA_RUNNER_LABELS: dev
|
||||
@@ -174,9 +189,3 @@ networks:
|
||||
external: true
|
||||
clickhouse-development:
|
||||
external: true
|
||||
postgres-development:
|
||||
external: true
|
||||
mongo-development:
|
||||
external: true
|
||||
minio-development:
|
||||
external: true
|
||||
31
.deploy-infra/deploy-prod.yaml
Executable file → Normal file
31
.deploy-infra/deploy-prod.yaml
Executable file → Normal file
@@ -7,7 +7,6 @@ services:
|
||||
networks:
|
||||
- common-infra-nginx
|
||||
- configurator
|
||||
- minio
|
||||
environment:
|
||||
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
|
||||
ports:
|
||||
@@ -32,15 +31,10 @@ services:
|
||||
image: grafana/grafana
|
||||
networks:
|
||||
- common-infra-nginx
|
||||
- clickhouse
|
||||
volumes:
|
||||
- /sprint-data/grafana:/var/lib/grafana
|
||||
environment:
|
||||
GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com
|
||||
GF_CORS_ENABLED: "false"
|
||||
GF_AUTH_DISABLE_LOGIN_FORM: "false"
|
||||
GF_CORS_ALLOW_ORIGINS: "*"
|
||||
GF_SECURITY_CONTENT_SECURITY_POLICY: "false"
|
||||
- GF_SERVER_ROOT_URL=https://grafana.chocomarsh.com
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
@@ -68,18 +62,9 @@ services:
|
||||
constraints: [node.labels.stage == production]
|
||||
update_config:
|
||||
parallelism: 1
|
||||
resources:
|
||||
limits:
|
||||
memory: 2048M
|
||||
cpus: '2.0'
|
||||
reservations:
|
||||
memory: 1024M
|
||||
cpus: '1.0'
|
||||
|
||||
postgres:
|
||||
image: postgres:14-alpine3.19
|
||||
networks:
|
||||
- postgres
|
||||
volumes:
|
||||
- /sprint-data/postgres-data:/var/lib/postgresql/data
|
||||
environment:
|
||||
@@ -111,8 +96,6 @@ services:
|
||||
|
||||
mongo:
|
||||
image: mongo:6.0.2
|
||||
networks:
|
||||
- mongo
|
||||
volumes:
|
||||
- /sprint-data/mongo:/data/db
|
||||
environment:
|
||||
@@ -153,8 +136,6 @@ services:
|
||||
|
||||
minio:
|
||||
image: bitnami/minio:2022.10.8
|
||||
networks:
|
||||
- minio
|
||||
volumes:
|
||||
- minio_data:/data
|
||||
environment:
|
||||
@@ -190,7 +171,7 @@ services:
|
||||
USER_UID: 1000
|
||||
USER_GID: 1000
|
||||
GITEA__database__DB_TYPE: postgres
|
||||
GITEA__database__HOST: pg.chocomarsh.com:5432
|
||||
GITEA__database__HOST: pg.sprinthub.ru:5432
|
||||
GITEA__database__NAME: gitea
|
||||
GITEA__database__USER: postgres
|
||||
GITEA__database__PASSWD: $DB_PASSWORD_PROD
|
||||
@@ -210,7 +191,7 @@ services:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /sprint-data:/sprint-data
|
||||
environment:
|
||||
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
|
||||
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
|
||||
GITEA_RUNNER_NAME: prod
|
||||
GITEA_RUNNER_LABELS: prod
|
||||
@@ -239,9 +220,3 @@ networks:
|
||||
external: true
|
||||
clickhouse:
|
||||
external: true
|
||||
postgres:
|
||||
external: true
|
||||
mongo:
|
||||
external: true
|
||||
minio:
|
||||
external: true
|
||||
|
||||
@@ -19,6 +19,8 @@ jobs:
|
||||
ref: dev
|
||||
- name: build nginx dev
|
||||
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev
|
||||
- name: build gitea runner
|
||||
run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
|
||||
push:
|
||||
name: Push
|
||||
runs-on: [ prod ]
|
||||
|
||||
@@ -54,6 +54,8 @@ jobs:
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: prod
|
||||
- name: deploy swarmpit
|
||||
run: docker stack deploy --with-registry-auth -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
|
||||
- name: deploy portainer
|
||||
run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer
|
||||
- name: deploy infra
|
||||
@@ -66,7 +68,4 @@ jobs:
|
||||
REDIS_PASSWORD_PROD: ${{ secrets.REDIS_PASSWORD_PROD }}
|
||||
RABBITMQ_PASSWORD_PROD: ${{ secrets.RABBITMQ_PASSWORD_PROD }}
|
||||
REGISTRATION_TOKEN: ${{ secrets.REGISTRATION_TOKEN }}
|
||||
AUTHTHELIA_JWT_SECRET: ${{ secrets.AUTHTHELIA_JWT_SECRET }}
|
||||
AUTHTHELIA_SESSION_SECRET: ${{ secrets.AUTHTHELIA_SESSION_SECRET }}
|
||||
AUTHELIA_STORAGE_ENCRYPTION_KEY: ${{ secrets.AUTHELIA_STORAGE_ENCRYPTION_KEY }}
|
||||
run: docker stack deploy --with-registry-auth -c ./.deploy-infra/deploy-prod.yaml infra
|
||||
|
||||
@@ -6,7 +6,7 @@ from json import loads
|
||||
|
||||
|
||||
minio_client = Minio(
|
||||
"minio:9000",
|
||||
"minio.develop.sprinthub.ru:9000",
|
||||
access_key="serviceminioadmin",
|
||||
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
|
||||
secure=False,
|
||||
@@ -43,10 +43,7 @@ for host, params in hosts.items():
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||
|
||||
location / {{
|
||||
resolver 127.0.0.11;
|
||||
|
||||
@@ -6,7 +6,7 @@ from json import loads
|
||||
|
||||
|
||||
minio_client = Minio(
|
||||
"minio:9000",
|
||||
"minio.sprinthub.ru:9000",
|
||||
access_key="serviceminioadmin",
|
||||
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
|
||||
secure=False,
|
||||
@@ -43,10 +43,7 @@ for host, params in hosts.items():
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||
|
||||
location / {{
|
||||
resolver 127.0.0.11;
|
||||
|
||||
@@ -8,25 +8,14 @@ docker network create -d overlay --attachable configurator || true
|
||||
docker network create -d overlay --attachable monitoring || true
|
||||
docker network create -d overlay --attachable configurator-development || true
|
||||
docker network create -d overlay --attachable clickhouse || true
|
||||
docker network create -d overlay --attachable postgres || true
|
||||
docker network create -d overlay --attachable postgres-development || true
|
||||
docker network create -d overlay --attachable mongo || true
|
||||
docker network create -d overlay --attachable mongo-development || true
|
||||
docker network create -d overlay --attachable minio || true
|
||||
docker network create -d overlay --attachable minio-development || true
|
||||
|
||||
docker network create -d overlay --attachable clickhouse-development || true
|
||||
mkdir /sprint-data/mongo || true
|
||||
mkdir /sprint-data/redis || true
|
||||
mkdir /sprint-data/rabbitmq || true
|
||||
mkdir /sprint-data/certs || true
|
||||
mkdir /sprint-data/gitea || true
|
||||
mkdir /sprint-data/clickhouse || true
|
||||
mkdir /sprint-data/grafana || true
|
||||
mkdir /sprint-data/authelia || true
|
||||
mkdir /sprint-data/authelia/config || true
|
||||
mkdir /sprint-data/authelia/data || true
|
||||
chmod 777 /sprint-data/authelia
|
||||
chmod 777 /sprint-data/authelia/config
|
||||
chmod 777 /sprint-data/authelia/data
|
||||
chmod 777 /sprint-data/redis
|
||||
chmod 777 /sprint-data/rabbitmq
|
||||
chmod 777 /sprint-data/gitea
|
||||
|
||||
Reference in New Issue
Block a user