self/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: self:master
Branches Tags
self:master self:prod self:dev self:gitea-migration
..
compare: self:767ea96b3186a53740c5ad9e286e3cea658e4a3b
Branches Tags
self:prod self:master self:dev self:gitea-migration

45 Commits
master ... 767ea96b31

Author SHA1 Message Date
emmatveev
767ea96b31 Merge pull request 'fix' (#131) from master into prod 
Reviewed-on: #131
 2025-07-11 22:19:01 +03:00
emmatveev
9c8df2d4d4 Merge pull request 'fix' (#130) from master into prod 
Reviewed-on: #130
 2025-07-11 22:07:25 +03:00
emmatveev
e076d505f1 Merge pull request 'fix' (#129) from master into prod 
Reviewed-on: #129
 2025-07-11 21:50:17 +03:00
emmatveev
5a8e6cfa76 Merge pull request 'fix' (#128) from master into prod 
Reviewed-on: #128
 2025-07-11 21:28:33 +03:00
emmatveev
6647b0df21 Merge pull request 'fix' (#127) from master into prod 
Reviewed-on: #127
 2025-07-11 21:20:37 +03:00
emmatveev
0e0b2e57da Merge pull request 'fix' (#126) from master into prod 
Reviewed-on: #126
 2025-07-11 21:05:40 +03:00
emmatveev
cac1e5c4e0 Merge pull request 'fix' (#125) from master into prod 
Reviewed-on: #125
 2025-07-11 20:36:23 +03:00
emmatveev
45201de406 Merge pull request 'fix' (#124) from master into prod 
Reviewed-on: #124
 2025-07-11 20:24:33 +03:00
emmatveev
74a45eb95c Merge pull request 'fix' (#123) from master into prod 
Reviewed-on: #123
 2025-07-11 19:57:57 +03:00
emmatveev
26159bd068 Merge pull request 'fix' (#122) from master into prod 
Reviewed-on: #122
 2025-07-11 19:52:26 +03:00
emmatveev
f963a7e196 Merge pull request 'fix' (#121) from master into prod 
Reviewed-on: #121
 2025-07-10 18:43:34 +03:00
emmatveev
60d65bfd10 Merge pull request 'fix' (#120) from master into prod 
Reviewed-on: #120
 2025-07-10 18:19:12 +03:00
emmatveev
7c16255c61 Merge pull request 'fix' (#119) from master into prod 
Reviewed-on: #119
 2025-07-10 18:12:17 +03:00
emmatveev
ee6e9b7d12 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#118) from master into prod 
Reviewed-on: #118
 2025-06-20 17:29:59 +03:00
emmatveev
1851bc0652 Merge pull request 'master' (#117) from master into prod 
Reviewed-on: #117
 2025-06-20 17:19:38 +03:00
emmatveev
0ba08e4a6d Merge pull request 'fix' (#115) from master into prod 
Reviewed-on: #115
 2025-06-14 23:01:18 +03:00
emmatveev
3e12bf6fe0 Merge pull request 'fix' (#114) from master into prod 
Reviewed-on: #114
 2025-06-14 22:55:18 +03:00
emmatveev
7fc4e7f086 Merge pull request 'master' (#113) from master into prod 
Reviewed-on: #113
 2025-06-14 22:45:41 +03:00
emmatveev
becb5c3aac Merge pull request 'fix' (#112) from master into prod 
Reviewed-on: #112
 2025-06-14 22:40:51 +03:00
emmatveev
a54f4a6eee Merge pull request 'fix' (#111) from master into prod 
Reviewed-on: #111
 2025-06-14 22:35:16 +03:00
emmatveev
fb4fcf5b27 Merge pull request 'fix' (#110) from master into prod 
Reviewed-on: #110
 2025-06-14 22:30:25 +03:00
emmatveev
45a035897d Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#109) from master into prod 
Reviewed-on: #109
 2025-06-14 20:21:54 +03:00
emmatveev
4da8e8e6e5 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#108) from master into prod 
Reviewed-on: #108
 2025-06-14 20:12:41 +03:00
emmatveev
2a09bb0f48 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#107) from master into prod 
Reviewed-on: #107
 2025-06-14 20:10:36 +03:00
emmatveev
d456e2d083 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#106) from master into prod 
Reviewed-on: #106
 2025-06-14 20:07:01 +03:00
emmatveev
3f07d0ad84 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#105) from master into prod 
Reviewed-on: #105
 2025-06-14 19:55:57 +03:00
emmatveev
f8488d72e7 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#104) from master into prod 
Reviewed-on: #104
 2025-06-14 19:53:17 +03:00
emmatveev
7b0a5ca568 Merge pull request 'fix' (#103) from master into prod 
Reviewed-on: #103
 2025-06-14 13:02:27 +03:00
emmatveev
cab9ef5d08 Merge pull request 'fix' (#102) from master into prod 
Reviewed-on: #102
 2025-06-14 12:42:45 +03:00
emmatveev
e4f6078e63 Merge pull request 'fix' (#101) from master into prod 
Reviewed-on: #101
 2025-06-14 04:44:16 +03:00
emmatveev
8ebf434fb2 Merge pull request 'master' (#100) from master into prod 
Reviewed-on: #100
 2025-06-14 03:37:48 +03:00
emmatveev
2b0fc2dee3 Merge pull request 'master' (#96) from master into prod 
Reviewed-on: #96
 2025-06-13 02:48:50 +03:00
emmatveev
f72974a593 Merge pull request 'fix' (#92) from master into prod 
Reviewed-on: #92
 2025-06-12 22:14:37 +03:00
emmatveev
13518e77d6 Merge pull request 'fix' (#90) from master into prod 
Reviewed-on: #90
 2025-06-12 13:52:39 +03:00
emmatveev
a424d7950e Merge pull request 'master' (#88) from master into prod 
Reviewed-on: #88
 2025-06-12 13:27:18 +03:00
emmatveev
fe415f0bd8 Merge pull request 'master' (#84) from master into prod 
Reviewed-on: #84
 2025-06-12 01:13:26 +03:00
emmatveev
07008122a8 Merge pull request 'master' (#73) from master into prod 
Reviewed-on: #73
 2025-06-04 21:20:54 +03:00
emmatveev
031960c451 Merge pull request 'master' (#71) from master into prod 
Reviewed-on: #71
 2025-06-04 03:43:12 +03:00
emmatveev
a1fcd98eba Merge pull request 'master' (#69) from master into prod 
Reviewed-on: #69
 2025-06-04 02:47:18 +03:00
emmatveev
4e4bdf12cb Merge pull request 'fix' (#42) from master into prod 
Reviewed-on: #42
 2025-03-28 21:49:37 +03:00
emmatveev
e1b8bdb230 Merge pull request 'keycloak' (#41) from master into prod 
Reviewed-on: #41
 2025-03-28 21:45:31 +03:00
emmatveev
893a357eca Merge pull request 'keycloak' (#40) from master into prod 
Reviewed-on: #40
 2025-03-28 21:43:05 +03:00
emmatveev
feee9ffb6d Merge pull request 'keycloak' (#39) from master into prod 
Reviewed-on: #39
 2025-03-28 21:34:56 +03:00
emmatveev
dd63cf69cd Merge pull request 'master' (#38) from master into prod 
Reviewed-on: #38
 2025-03-28 21:28:13 +03:00
emmatveev
829d978ac8 Merge pull request 'master' (#36) from master into prod 
Reviewed-on: #36
 2025-02-14 01:10:55 +03:00
12 changed files with 119 additions and 45 deletions
Expand all files Collapse all files

38
.deploy-infra/deploy-dev.yaml
View File

@@ -7,7 +7,6 @@ services:
networks: networks:
- common-infra-nginx-development - common-infra-nginx-development
- configurator - configurator
- minio-development
environment: environment:
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV
ports: ports:
@@ -49,8 +48,6 @@ services:
postgres: postgres:
image: postgres:14-alpine3.19 image: postgres:14-alpine3.19
networks:
- postgres-development
volumes: volumes:
- /sprint-data/postgres-data:/var/lib/postgresql/data - /sprint-data/postgres-data:/var/lib/postgresql/data
environment: environment:
@@ -77,8 +74,6 @@ services:
mongo: mongo:
image: mongo:6.0.2 image: mongo:6.0.2
networks:
- mongo-development
volumes: volumes:
- /sprint-data/mongo:/data/db - /sprint-data/mongo:/data/db
environment: environment:
@@ -98,6 +93,29 @@ services:
parallelism: 1 parallelism: 1
order: start-first order: start-first
rabbitmq:
image: rabbitmq:3.10.7-management
volumes:
- /sprint-data/rabbitmq:/var/lib/rabbitmq
ports:
- published: 5672
target: 5672
mode: host
- published: 15672
target: 15672
mode: host
environment:
RABBITMQ_DEFAULT_PASS: $RABBITMQ_PASSWORD_DEV
deploy:
mode: replicated
restart_policy:
condition: any
placement:
constraints: [node.labels.stage == development]
update_config:
parallelism: 1
order: start-first
redis: redis:
image: redis:alpine3.16 image: redis:alpine3.16
volumes: volumes:
@@ -119,8 +137,6 @@ services:
minio: minio:
image: bitnami/minio:2022.10.8 image: bitnami/minio:2022.10.8
networks:
- minio-development
volumes: volumes:
- minio_data:/data - minio_data:/data
environment: environment:
@@ -149,7 +165,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /sprint-data:/sprint-data - /sprint-data:/sprint-data
environment: environment:
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/ GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
GITEA_RUNNER_NAME: dev GITEA_RUNNER_NAME: dev
GITEA_RUNNER_LABELS: dev GITEA_RUNNER_LABELS: dev
@@ -174,9 +190,3 @@ networks:
external: true external: true
clickhouse-development: clickhouse-development:
external: true external: true
postgres-development:
external: true
mongo-development:
external: true
minio-development:
external: true

49
.deploy-infra/deploy-prod.yaml
View File

@@ -7,7 +7,6 @@ services:
networks: networks:
- common-infra-nginx - common-infra-nginx
- configurator - configurator
- minio
environment: environment:
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
ports: ports:
@@ -28,6 +27,33 @@ services:
parallelism: 1 parallelism: 1
# order: start-first # order: start-first
authelia:
image: mathwave/sprint-repo:authelia
networks:
- common-infra-nginx
environment:
AUTHELIA_JWT_SECRET: $AUTHTHELIA_JWT_SECRET
AUTHELIA_SESSION_SECRET: $AUTHTHELIA_SESSION_SECRET
AUTHELIA_STORAGE_ENCRYPTION_KEY: $AUTHELIA_STORAGE_ENCRYPTION_KEY
AUTHELIA_STORAGE_POSTGRES_HOST: "postgres"
AUTHELIA_STORAGE_POSTGRES_PORT: "5432"
AUTHELIA_STORAGE_POSTGRES_DATABASE: "authelia"
AUTHELIA_STORAGE_POSTGRES_USERNAME: "postgres"
AUTHELIA_STORAGE_POSTGRES_PASSWORD: $DB_PASSWORD_PROD
AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: "one_factor"
AUTHELIA_NOTIFIER_SMTP_ENABLED: "false"
volumes:
- /sprint-data/authelia/data:/var/lib/authelia
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
placement:
constraints: [node.labels.stage == production]
update_config:
parallelism: 1
grafana: grafana:
image: grafana/grafana image: grafana/grafana
networks: networks:
@@ -78,8 +104,6 @@ services:
postgres: postgres:
image: postgres:14-alpine3.19 image: postgres:14-alpine3.19
networks:
- postgres
volumes: volumes:
- /sprint-data/postgres-data:/var/lib/postgresql/data - /sprint-data/postgres-data:/var/lib/postgresql/data
environment: environment:
@@ -111,8 +135,6 @@ services:
mongo: mongo:
image: mongo:6.0.2 image: mongo:6.0.2
networks:
- mongo
volumes: volumes:
- /sprint-data/mongo:/data/db - /sprint-data/mongo:/data/db
environment: environment:
@@ -153,8 +175,6 @@ services:
minio: minio:
image: bitnami/minio:2022.10.8 image: bitnami/minio:2022.10.8
networks:
- minio
volumes: volumes:
- minio_data:/data - minio_data:/data
environment: environment:
@@ -178,9 +198,7 @@ services:
order: start-first order: start-first
gitea: gitea:
image: gitea/gitea:1.24.6 image: gitea/gitea:1.22.3
networks:
- postgres
volumes: volumes:
- /sprint-data/gitea:/data - /sprint-data/gitea:/data
- /etc/timezone:/etc/timezone - /etc/timezone:/etc/timezone
@@ -192,7 +210,7 @@ services:
USER_UID: 1000 USER_UID: 1000
USER_GID: 1000 USER_GID: 1000
GITEA__database__DB_TYPE: postgres GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: postgres:5432 GITEA__database__HOST: pg.sprinthub.ru:5432
GITEA__database__NAME: gitea GITEA__database__NAME: gitea
GITEA__database__USER: postgres GITEA__database__USER: postgres
GITEA__database__PASSWD: $DB_PASSWORD_PROD GITEA__database__PASSWD: $DB_PASSWORD_PROD
@@ -211,9 +229,8 @@ services:
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /sprint-data:/sprint-data - /sprint-data:/sprint-data
- /root/.cache/act:/root/.cache/act
environment: environment:
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/ GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
GITEA_RUNNER_NAME: prod GITEA_RUNNER_NAME: prod
GITEA_RUNNER_LABELS: prod GITEA_RUNNER_LABELS: prod
@@ -242,9 +259,3 @@ networks:
external: true external: true
clickhouse: clickhouse:
external: true external: true
postgres:
external: true
mongo:
external: true
minio:
external: true

4
.deploy-portainer/deploy-prod.yaml
View File

@@ -2,7 +2,7 @@ version: '3.2'
services: services:
agent: agent:
image: portainer/agent:2.33.1 image: portainer/agent:2.11.1
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes - /var/lib/docker/volumes:/var/lib/docker/volumes
@@ -14,7 +14,7 @@ services:
constraints: [node.platform.os == linux] constraints: [node.platform.os == linux]
portainer: portainer:
image: portainer/portainer-ce:2.33.1 image: portainer/portainer-ce:2.11.1
command: -H tcp://tasks.agent:9001 --tlsskipverify command: -H tcp://tasks.agent:9001 --tlsskipverify
ports: ports:
- "9443:9443" - "9443:9443"

2
.gitea/workflows/deploy-dev.yaml
View File

@@ -19,6 +19,8 @@ jobs:
ref: dev ref: dev
- name: build nginx dev - name: build nginx dev
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev
- name: build gitea runner
run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
push: push:
name: Push name: Push
runs-on: [ prod ] runs-on: [ prod ]

6
.gitea/workflows/deploy-prod.yaml
View File

@@ -21,6 +21,8 @@ jobs:
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod
- name: build gitea runner - name: build gitea runner
run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
- name: build authelia
run: docker build -t mathwave/sprint-repo:authelia authelia
push: push:
name: Push name: Push
runs-on: [ prod ] runs-on: [ prod ]
@@ -30,6 +32,8 @@ jobs:
run: docker push mathwave/sprint-repo:sprint-infra-nginx-prod run: docker push mathwave/sprint-repo:sprint-infra-nginx-prod
- name: push gitea runner - name: push gitea runner
run: docker push mathwave/sprint-repo:gitea-runner run: docker push mathwave/sprint-repo:gitea-runner
- name: push authelia
run: docker push mathwave/sprint-repo:authelia
prepare: prepare:
name: prepare name: prepare
runs-on: [prod] runs-on: [prod]
@@ -54,6 +58,8 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
ref: prod ref: prod
- name: deploy swarmpit
run: docker stack deploy --with-registry-auth -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
- name: deploy portainer - name: deploy portainer
run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer
- name: deploy infra - name: deploy infra

3
authelia/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM authelia/authelia
COPY configuration.yml /config/configuration.yml
COPY users.yml /config/users.yml

45
authelia/configuration.yml Normal file
View File

@@ -0,0 +1,45 @@
theme: dark
jwt_secret: secret-jwt-will-be-overridden-by-env
default_redirection_url: https://auth.chocomarsh.com
server:
host: 0.0.0.0
port: 9091
log:
level: info
authentication_backend:
file:
path: /config/users.yml
access_control:
default_policy: one_factor
rules:
- domain: "*.chocomarsh.com"
policy: one_factor
session:
name: authelia_session
expiration: 1h
inactivity: 5m
remember_me_duration: 1w
cookies:
- domain: chocomarsh.com
authelia_url: https://auth.chocomarsh.com
default_redirection_url: https://login.chocomarsh.com
storage:
encryption_key: "a_very_long_secret_32_characters_minimum"
postgres:
host: pg.chocomarsh.com
port: 5432
database: authelia
schema: public
username: postgres
password: autheliapass # also override with env if preferred
notifier:
filesystem:
filename: /config/notification.txt

3
authelia/users.yml Normal file
View File

@@ -0,0 +1,3 @@
users:
emmatveev:
password: "$argon2id$v=19$m=65536,t=1,p=4$CixMXaAilVof3yk1rtghwg$V/kcl1HNDWeybrV3SrVjjdI00D1lFtuvLldkwAklSOE"

1
gitea-runner/Dockerfile
View File

@@ -3,4 +3,3 @@ FROM gitea/act_runner:nightly
RUN apk add docker RUN apk add docker
RUN apk add git RUN apk add git
RUN apk add --no-cache nodejs RUN apk add --no-cache nodejs
RUN apk add --no-cache make

2
nginx/nginx-dev/prepare.py
View File

@@ -6,7 +6,7 @@ from json import loads
minio_client = Minio( minio_client = Minio(
"minio:9000", "minio.develop.sprinthub.ru:9000",
access_key="serviceminioadmin", access_key="serviceminioadmin",
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
secure=False, secure=False,

2
nginx/nginx-prod/prepare.py
View File

@@ -6,7 +6,7 @@ from json import loads
minio_client = Minio( minio_client = Minio(
"minio:9000", "minio.sprinthub.ru:9000",
access_key="serviceminioadmin", access_key="serviceminioadmin",
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
secure=False, secure=False,

9
prepare/run-production.sh
View File

@@ -8,15 +8,10 @@ docker network create -d overlay --attachable configurator || true
docker network create -d overlay --attachable monitoring || true docker network create -d overlay --attachable monitoring || true
docker network create -d overlay --attachable configurator-development || true docker network create -d overlay --attachable configurator-development || true
docker network create -d overlay --attachable clickhouse || true docker network create -d overlay --attachable clickhouse || true
docker network create -d overlay --attachable postgres || true docker network create -d overlay --attachable clickhouse-development || true
docker network create -d overlay --attachable postgres-development || true
docker network create -d overlay --attachable mongo || true
docker network create -d overlay --attachable mongo-development || true
docker network create -d overlay --attachable minio || true
docker network create -d overlay --attachable minio-development || true
mkdir /sprint-data/mongo || true mkdir /sprint-data/mongo || true
mkdir /sprint-data/redis || true mkdir /sprint-data/redis || true
mkdir /sprint-data/rabbitmq || true
mkdir /sprint-data/certs || true mkdir /sprint-data/certs || true
mkdir /sprint-data/gitea || true mkdir /sprint-data/gitea || true
mkdir /sprint-data/clickhouse || true mkdir /sprint-data/clickhouse || true