.deploy-infra/deploy-dev.yaml

@@ -165,7 +165,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - /sprint-data:/sprint-data
     environment:
-      GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
+      GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
       GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
       GITEA_RUNNER_NAME: dev
       GITEA_RUNNER_LABELS: dev

.deploy-infra/deploy-prod.yaml

@@ -67,6 +67,13 @@ services:
         constraints: [node.labels.stage == production]
       update_config:
         parallelism: 1
+      resources:
+        limits:
+          memory: 2048M
+          cpus: '2.0'
+        reservations:
+          memory: 1024M
+          cpus: '1.0'
 
   postgres:
     image: postgres:14-alpine3.19
@@ -176,7 +183,7 @@ services:
       USER_UID: 1000
       USER_GID: 1000
       GITEA__database__DB_TYPE: postgres
-      GITEA__database__HOST: pg.sprinthub.ru:5432
+      GITEA__database__HOST: pg.chocomarsh.com:5432
       GITEA__database__NAME: gitea
       GITEA__database__USER: postgres
       GITEA__database__PASSWD: $DB_PASSWORD_PROD
@@ -196,7 +203,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - /sprint-data:/sprint-data
     environment:
-      GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
+      GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
       GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
       GITEA_RUNNER_NAME: prod
       GITEA_RUNNER_LABELS: prod

.gitea/workflows/deploy-dev.yaml

@@ -19,8 +19,6 @@ jobs:
           ref: dev
       - name: build nginx dev
         run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev
-      - name: build gitea runner
-        run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
   push:
     name: Push
     runs-on: [ prod ]

.gitea/workflows/deploy-prod.yaml

@@ -54,8 +54,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: prod
-      - name: deploy swarmpit
-        run: docker stack deploy --with-registry-auth -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
       - name: deploy portainer
         run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer
       - name: deploy infra
@@ -68,4 +66,7 @@ jobs:
           REDIS_PASSWORD_PROD: ${{ secrets.REDIS_PASSWORD_PROD }}
           RABBITMQ_PASSWORD_PROD: ${{ secrets.RABBITMQ_PASSWORD_PROD }}
           REGISTRATION_TOKEN: ${{ secrets.REGISTRATION_TOKEN }}
+          AUTHTHELIA_JWT_SECRET: ${{ secrets.AUTHTHELIA_JWT_SECRET }}
+          AUTHTHELIA_SESSION_SECRET: ${{ secrets.AUTHTHELIA_SESSION_SECRET }}
+          AUTHELIA_STORAGE_ENCRYPTION_KEY: ${{ secrets.AUTHELIA_STORAGE_ENCRYPTION_KEY }}
         run: docker stack deploy --with-registry-auth -c ./.deploy-infra/deploy-prod.yaml infra

nginx/nginx-dev/prepare.py

@@ -6,7 +6,7 @@ from json import loads
 
 
 minio_client = Minio(
-    "minio.develop.sprinthub.ru:9000",
+    "minio.dev.chocomarsh.com:9000",
     access_key="serviceminioadmin",
     secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
     secure=False,

nginx/nginx-prod/prepare.py

@@ -6,7 +6,7 @@ from json import loads
 
 
 minio_client = Minio(
-    "minio.sprinthub.ru:9000",
+    "minio.chocomarsh.com:9000",
     access_key="serviceminioadmin",
     secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
     secure=False,

prepare/run-production.sh

@@ -16,6 +16,12 @@ mkdir /sprint-data/certs || true
 mkdir /sprint-data/gitea || true
 mkdir /sprint-data/clickhouse || true
 mkdir /sprint-data/grafana || true
+mkdir /sprint-data/authelia || true
+mkdir /sprint-data/authelia/config || true
+mkdir /sprint-data/authelia/data || true
+chmod 777 /sprint-data/authelia
+chmod 777 /sprint-data/authelia/config
+chmod 777 /sprint-data/authelia/data
 chmod 777 /sprint-data/redis
 chmod 777 /sprint-data/rabbitmq
 chmod 777 /sprint-data/gitea