self/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: self:master
Branches Tags
self:master self:prod self:dev self:gitea-migration
..
compare: self:7fc4e7f086a0e2519bf1de9fc7daebebac01d1e5
Branches Tags
self:prod self:master self:dev self:gitea-migration

28 Commits
master ... 7fc4e7f086

Author SHA1 Message Date
emmatveev
7fc4e7f086 Merge pull request 'master' (#113) from master into prod 
Reviewed-on: #113
 2025-06-14 22:45:41 +03:00
emmatveev
becb5c3aac Merge pull request 'fix' (#112) from master into prod 
Reviewed-on: #112
 2025-06-14 22:40:51 +03:00
emmatveev
a54f4a6eee Merge pull request 'fix' (#111) from master into prod 
Reviewed-on: #111
 2025-06-14 22:35:16 +03:00
emmatveev
fb4fcf5b27 Merge pull request 'fix' (#110) from master into prod 
Reviewed-on: #110
 2025-06-14 22:30:25 +03:00
emmatveev
45a035897d Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#109) from master into prod 
Reviewed-on: #109
 2025-06-14 20:21:54 +03:00
emmatveev
4da8e8e6e5 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#108) from master into prod 
Reviewed-on: #108
 2025-06-14 20:12:41 +03:00
emmatveev
2a09bb0f48 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#107) from master into prod 
Reviewed-on: #107
 2025-06-14 20:10:36 +03:00
emmatveev
d456e2d083 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#106) from master into prod 
Reviewed-on: #106
 2025-06-14 20:07:01 +03:00
emmatveev
3f07d0ad84 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#105) from master into prod 
Reviewed-on: #105
 2025-06-14 19:55:57 +03:00
emmatveev
f8488d72e7 Merge pull request 'Update .deploy-infra/deploy-prod.yaml' (#104) from master into prod 
Reviewed-on: #104
 2025-06-14 19:53:17 +03:00
emmatveev
7b0a5ca568 Merge pull request 'fix' (#103) from master into prod 
Reviewed-on: #103
 2025-06-14 13:02:27 +03:00
emmatveev
cab9ef5d08 Merge pull request 'fix' (#102) from master into prod 
Reviewed-on: #102
 2025-06-14 12:42:45 +03:00
emmatveev
e4f6078e63 Merge pull request 'fix' (#101) from master into prod 
Reviewed-on: #101
 2025-06-14 04:44:16 +03:00
emmatveev
8ebf434fb2 Merge pull request 'master' (#100) from master into prod 
Reviewed-on: #100
 2025-06-14 03:37:48 +03:00
emmatveev
2b0fc2dee3 Merge pull request 'master' (#96) from master into prod 
Reviewed-on: #96
 2025-06-13 02:48:50 +03:00
emmatveev
f72974a593 Merge pull request 'fix' (#92) from master into prod 
Reviewed-on: #92
 2025-06-12 22:14:37 +03:00
emmatveev
13518e77d6 Merge pull request 'fix' (#90) from master into prod 
Reviewed-on: #90
 2025-06-12 13:52:39 +03:00
emmatveev
a424d7950e Merge pull request 'master' (#88) from master into prod 
Reviewed-on: #88
 2025-06-12 13:27:18 +03:00
emmatveev
fe415f0bd8 Merge pull request 'master' (#84) from master into prod 
Reviewed-on: #84
 2025-06-12 01:13:26 +03:00
emmatveev
07008122a8 Merge pull request 'master' (#73) from master into prod 
Reviewed-on: #73
 2025-06-04 21:20:54 +03:00
emmatveev
031960c451 Merge pull request 'master' (#71) from master into prod 
Reviewed-on: #71
 2025-06-04 03:43:12 +03:00
emmatveev
a1fcd98eba Merge pull request 'master' (#69) from master into prod 
Reviewed-on: #69
 2025-06-04 02:47:18 +03:00
emmatveev
4e4bdf12cb Merge pull request 'fix' (#42) from master into prod 
Reviewed-on: #42
 2025-03-28 21:49:37 +03:00
emmatveev
e1b8bdb230 Merge pull request 'keycloak' (#41) from master into prod 
Reviewed-on: #41
 2025-03-28 21:45:31 +03:00
emmatveev
893a357eca Merge pull request 'keycloak' (#40) from master into prod 
Reviewed-on: #40
 2025-03-28 21:43:05 +03:00
emmatveev
feee9ffb6d Merge pull request 'keycloak' (#39) from master into prod 
Reviewed-on: #39
 2025-03-28 21:34:56 +03:00
emmatveev
dd63cf69cd Merge pull request 'master' (#38) from master into prod 
Reviewed-on: #38
 2025-03-28 21:28:13 +03:00
emmatveev
829d978ac8 Merge pull request 'master' (#36) from master into prod 
Reviewed-on: #36
 2025-02-14 01:10:55 +03:00
9 changed files with 39 additions and 63 deletions
Expand all files Collapse all files

39
.deploy-infra/deploy-dev.yaml
View File

@@ -7,7 +7,6 @@ services:
networks:
- common-infra-nginx-development
- configurator
- minio-development
environment:
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV
ports:
@@ -32,7 +31,6 @@ services:
image: clickhouse
networks:
- clickhouse-development
- common-infra-nginx-development
volumes:
- /sprint-data/clickhouse:/var/lib/clickhouse
environment:
@@ -49,8 +47,6 @@ services:
postgres:
image: postgres:14-alpine3.19
networks:
- postgres-development
volumes:
- /sprint-data/postgres-data:/var/lib/postgresql/data
environment:
@@ -77,8 +73,6 @@ services:
mongo:
image: mongo:6.0.2
networks:
- mongo-development
volumes:
- /sprint-data/mongo:/data/db
environment:
@@ -98,6 +92,29 @@ services:
parallelism: 1
order: start-first
rabbitmq:
image: rabbitmq:3.10.7-management
volumes:
- /sprint-data/rabbitmq:/var/lib/rabbitmq
ports:
- published: 5672
target: 5672
mode: host
- published: 15672
target: 15672
mode: host
environment:
RABBITMQ_DEFAULT_PASS: $RABBITMQ_PASSWORD_DEV
deploy:
mode: replicated
restart_policy:
condition: any
placement:
constraints: [node.labels.stage == development]
update_config:
parallelism: 1
order: start-first
redis:
image: redis:alpine3.16
volumes:
@@ -119,8 +136,6 @@ services:
minio:
image: bitnami/minio:2022.10.8
networks:
- minio-development
volumes:
- minio_data:/data
environment:
@@ -149,7 +164,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
- /sprint-data:/sprint-data
environment:
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
GITEA_RUNNER_NAME: dev
GITEA_RUNNER_LABELS: dev
@@ -174,9 +189,3 @@ networks:
external: true
clickhouse-development:
external: true
postgres-development:
external: true
mongo-development:
external: true
minio-development:
external: true

30
.deploy-infra/deploy-prod.yaml
View File

@@ -7,7 +7,6 @@ services:
networks:
- common-infra-nginx
- configurator
- minio
environment:
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
ports:
@@ -40,7 +39,6 @@ services:
GF_CORS_ENABLED: "false"
GF_AUTH_DISABLE_LOGIN_FORM: "false"
GF_CORS_ALLOW_ORIGINS: "*"
GF_SECURITY_CONTENT_SECURITY_POLICY: "false"
deploy:
mode: replicated
replicas: 1
@@ -68,18 +66,9 @@ services:
constraints: [node.labels.stage == production]
update_config:
parallelism: 1
resources:
limits:
memory: 2048M
cpus: '2.0'
reservations:
memory: 1024M
cpus: '1.0'
postgres:
image: postgres:14-alpine3.19
networks:
- postgres
volumes:
- /sprint-data/postgres-data:/var/lib/postgresql/data
environment:
@@ -111,8 +100,6 @@ services:
mongo:
image: mongo:6.0.2
networks:
- mongo
volumes:
- /sprint-data/mongo:/data/db
environment:
@@ -153,8 +140,6 @@ services:
minio:
image: bitnami/minio:2022.10.8
networks:
- minio
volumes:
- minio_data:/data
environment:
@@ -178,9 +163,7 @@ services:
order: start-first
gitea:
image: gitea/gitea:1.24.6
networks:
- postgres
image: gitea/gitea:1.22.3
volumes:
- /sprint-data/gitea:/data
- /etc/timezone:/etc/timezone
@@ -192,7 +175,7 @@ services:
USER_UID: 1000
USER_GID: 1000
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: postgres:5432
GITEA__database__HOST: pg.sprinthub.ru:5432
GITEA__database__NAME: gitea
GITEA__database__USER: postgres
GITEA__database__PASSWD: $DB_PASSWORD_PROD
@@ -211,9 +194,8 @@ services:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /sprint-data:/sprint-data
- /root/.cache/act:/root/.cache/act
environment:
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
GITEA_RUNNER_NAME: prod
GITEA_RUNNER_LABELS: prod
@@ -242,9 +224,3 @@ networks:
external: true
clickhouse:
external: true
postgres:
external: true
mongo:
external: true
minio:
external: true

4
.deploy-portainer/deploy-prod.yaml
View File

@@ -2,7 +2,7 @@ version: '3.2'
services:
agent:
image: portainer/agent:2.33.1
image: portainer/agent:2.11.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
@@ -14,7 +14,7 @@ services:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.33.1
image: portainer/portainer-ce:2.11.1
command: -H tcp://tasks.agent:9001 --tlsskipverify
ports:
- "9443:9443"

2
.gitea/workflows/deploy-dev.yaml
View File

@@ -19,6 +19,8 @@ jobs:
ref: dev
- name: build nginx dev
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev
- name: build gitea runner
run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
push:
name: Push
runs-on: [ prod ]

5
.gitea/workflows/deploy-prod.yaml
View File

@@ -54,6 +54,8 @@ jobs:
uses: actions/checkout@v4
with:
ref: prod
- name: deploy swarmpit
run: docker stack deploy --with-registry-auth -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
- name: deploy portainer
run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer
- name: deploy infra
@@ -66,7 +68,4 @@ jobs:
REDIS_PASSWORD_PROD: ${{ secrets.REDIS_PASSWORD_PROD }}
RABBITMQ_PASSWORD_PROD: ${{ secrets.RABBITMQ_PASSWORD_PROD }}
REGISTRATION_TOKEN: ${{ secrets.REGISTRATION_TOKEN }}
AUTHTHELIA_JWT_SECRET: ${{ secrets.AUTHTHELIA_JWT_SECRET }}
AUTHTHELIA_SESSION_SECRET: ${{ secrets.AUTHTHELIA_SESSION_SECRET }}
AUTHELIA_STORAGE_ENCRYPTION_KEY: ${{ secrets.AUTHELIA_STORAGE_ENCRYPTION_KEY }}
run: docker stack deploy --with-registry-auth -c ./.deploy-infra/deploy-prod.yaml infra

1
gitea-runner/Dockerfile
View File

@@ -3,4 +3,3 @@ FROM gitea/act_runner:nightly
RUN apk add docker
RUN apk add git
RUN apk add --no-cache nodejs
RUN apk add --no-cache make

3
nginx/nginx-dev/prepare.py
View File

@@ -6,7 +6,7 @@ from json import loads
minio_client = Minio(
"minio:9000",
"minio.develop.sprinthub.ru:9000",
access_key="serviceminioadmin",
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
secure=False,
@@ -43,6 +43,7 @@ for host, params in hosts.items():
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

3
nginx/nginx-prod/prepare.py
View File

@@ -6,7 +6,7 @@ from json import loads
minio_client = Minio(
"minio:9000",
"minio.sprinthub.ru:9000",
access_key="serviceminioadmin",
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
secure=False,
@@ -43,6 +43,7 @@ for host, params in hosts.items():
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

15
prepare/run-production.sh
View File

@@ -8,25 +8,14 @@ docker network create -d overlay --attachable configurator || true
docker network create -d overlay --attachable monitoring || true
docker network create -d overlay --attachable configurator-development || true
docker network create -d overlay --attachable clickhouse || true
docker network create -d overlay --attachable postgres || true
docker network create -d overlay --attachable postgres-development || true
docker network create -d overlay --attachable mongo || true
docker network create -d overlay --attachable mongo-development || true
docker network create -d overlay --attachable minio || true
docker network create -d overlay --attachable minio-development || true
docker network create -d overlay --attachable clickhouse-development || true
mkdir /sprint-data/mongo || true
mkdir /sprint-data/redis || true
mkdir /sprint-data/rabbitmq || true
mkdir /sprint-data/certs || true
mkdir /sprint-data/gitea || true
mkdir /sprint-data/clickhouse || true
mkdir /sprint-data/grafana || true
mkdir /sprint-data/authelia || true
mkdir /sprint-data/authelia/config || true
mkdir /sprint-data/authelia/data || true
chmod 777 /sprint-data/authelia
chmod 777 /sprint-data/authelia/config
chmod 777 /sprint-data/authelia/data
chmod 777 /sprint-data/redis
chmod 777 /sprint-data/rabbitmq
chmod 777 /sprint-data/gitea