self/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

master #141

Merged
emmatveev merged 6 commits from master into prod 2025-09-14 23:57:25 +03:00
Conversation 0 Commits 6 Files Changed 9 +5 -116
9 changed files with 5 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.deploy-infra/deploy-dev.yaml
View File

@ -165,7 +165,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
- /sprint-data:/sprint-data
environment:
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
GITEA_RUNNER_NAME: dev
GITEA_RUNNER_LABELS: dev

55
.deploy-infra/deploy-prod.yaml
View File

@ -26,57 +26,6 @@ services:
update_config:
parallelism: 1
# order: start-first
zitadel:
image: ghcr.io/zitadel/zitadel:latest
networks:
- common-infra-nginx
command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
environment:
ZITADEL_DATABASE_POSTGRES_HOST: pg.sprinthub.ru
ZITADEL_DATABASE_POSTGRES_PORT: 5432
ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME: postgres
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: $DB_PASSWORD_PROD
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: $DB_PASSWORD_PROD
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
ZITADEL_EXTERNALSECURE: "false"
ZITADEL_EXTERNALDOMAIN: zitadel.chocomarsh.com
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
update_config:
parallelism: 1
# authelia:
# image: mathwave/sprint-repo:authelia
# networks:
# - common-infra-nginx
# environment:
# AUTHELIA_JWT_SECRET: $AUTHTHELIA_JWT_SECRET
# AUTHELIA_SESSION_SECRET: $AUTHTHELIA_SESSION_SECRET
# AUTHELIA_STORAGE_ENCRYPTION_KEY: $AUTHELIA_STORAGE_ENCRYPTION_KEY
# AUTHELIA_STORAGE_POSTGRES_PORT: "5432"
# AUTHELIA_STORAGE_POSTGRES_DATABASE: "authelia"
# AUTHELIA_STORAGE_POSTGRES_USERNAME: "postgres"
# AUTHELIA_STORAGE_POSTGRES_PASSWORD: $DB_PASSWORD_PROD
# AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: "one_factor"
# AUTHELIA_NOTIFIER_SMTP_ENABLED: "false"
# volumes:
# - /sprint-data/authelia/data:/var/lib/authelia
# deploy:
# mode: replicated
# replicas: 1
# restart_policy:
# condition: any
# placement:
# constraints: [node.labels.stage == production]
# update_config:
# parallelism: 1
grafana:
image: grafana/grafana
@ -234,7 +183,7 @@ services:
USER_UID: 1000
USER_GID: 1000
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: pg.sprinthub.ru:5432
GITEA__database__HOST: pg.chocomarsh.com:5432
GITEA__database__NAME: gitea
GITEA__database__USER: postgres
GITEA__database__PASSWD: $DB_PASSWORD_PROD
@ -254,7 +203,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
- /sprint-data:/sprint-data
environment:
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
GITEA_INSTANCE_URL: https://gitea.chocomarsh.com/
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
GITEA_RUNNER_NAME: prod
GITEA_RUNNER_LABELS: prod

2
.gitea/workflows/deploy-dev.yaml
View File

@ -19,8 +19,6 @@ jobs:
ref: dev
- name: build nginx dev
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-dev nginx/nginx-dev
- name: build gitea runner
run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
push:
name: Push
runs-on: [ prod ]

6
.gitea/workflows/deploy-prod.yaml
View File

@ -21,8 +21,6 @@ jobs:
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod
- name: build gitea runner
run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
- name: build authelia
run: docker build -t mathwave/sprint-repo:authelia authelia
push:
name: Push
runs-on: [ prod ]
@ -32,8 +30,6 @@ jobs:
run: docker push mathwave/sprint-repo:sprint-infra-nginx-prod
- name: push gitea runner
run: docker push mathwave/sprint-repo:gitea-runner
- name: push authelia
run: docker push mathwave/sprint-repo:authelia
prepare:
name: prepare
runs-on: [prod]
@ -58,8 +54,6 @@ jobs:
uses: actions/checkout@v4
with:
ref: prod
- name: deploy swarmpit
run: docker stack deploy --with-registry-auth -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
- name: deploy portainer
run: docker stack deploy --with-registry-auth -c ./.deploy-portainer/deploy-prod.yaml portainer
- name: deploy infra

3
authelia/Dockerfile
View File

@ -1,3 +0,0 @@
FROM authelia/authelia
COPY configuration.yml /config/configuration.yml
COPY users.yml /config/users.yml

44
authelia/configuration.yml
View File

@ -1,44 +0,0 @@
theme: dark
jwt_secret: secret-jwt-will-be-overridden-by-env
server:
host: 0.0.0.0
port: 9091
log:
level: info
authentication_backend:
file:
path: /config/users.yml
access_control:
default_policy: one_factor
rules:
- domain: "*.chocomarsh.com"
policy: one_factor
session:
name: authelia_session
expiration: 1h
inactivity: 5m
remember_me_duration: 1w
cookies:
- domain: chocomarsh.com
authelia_url: https://auth.chocomarsh.com
default_redirection_url: https://login.chocomarsh.com
storage:
encryption_key: "a_very_long_secret_32_characters_minimum"
postgres:
host: pg.sprinthub.ru
port: 5432
database: authelia
schema: public
username: postgres
password: autheliapass # also override with env if preferred
notifier:
filesystem:
filename: /config/notification.txt

5
authelia/users.yml
View File

@ -1,5 +0,0 @@
users:
emmatveev:
password: "$argon2id$v=19$m=65536,t=1,p=4$CixMXaAilVof3yk1rtghwg$V/kcl1HNDWeybrV3SrVjjdI00D1lFtuvLldkwAklSOE"
displayname: "Egor Matveev"
email: emmtvv@gmail.com

2
nginx/nginx-dev/prepare.py
View File

@ -6,7 +6,7 @@ from json import loads
minio_client = Minio(
"minio.develop.sprinthub.ru:9000",
"minio.dev.chocomarsh.com:9000",
access_key="serviceminioadmin",
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
secure=False,

2
nginx/nginx-prod/prepare.py
View File

@ -6,7 +6,7 @@ from json import loads
minio_client = Minio(
"minio.sprinthub.ru:9000",
"minio.chocomarsh.com:9000",
access_key="serviceminioadmin",
secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"),
secure=False,