keylighter: Initial config

This commit is contained in:
Kacper Donat 2024-01-10 22:24:42 +01:00
parent 4c95c79f05
commit 7acd968f52
6 changed files with 155 additions and 0 deletions

View File

@ -0,0 +1,9 @@
APP_ENV={{ keylighter_app_env|default("prod") }}
APP_SECRET={{ keylighter_app_secret }}
DATABASE_URL="sqlite:///%kernel.project_dir%/var/app.db"
MESSENGER_TRANSPORT_DSN=redis://redis:6379/messages
COMPOSER_PATH=composer
BOX_PATH=box

View File

@ -0,0 +1,24 @@
server {
root /var/www/public/;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /keylighter.css {
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass localhost:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
}

View File

@ -0,0 +1,89 @@
version: "{{ compose_version }}"
services:
redis:
image: redis:latest
deploy:
resources:
limits:
memory: 256M
site:
image: registry.kadet.net/podlike
command: -logs -ipc=false -pull
networks: ["{{ ingress_network }}", "default"]
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}.rule={{ traefik_routing_rule }}
- traefik.http.routers.{{ service }}.priority=100
- traefik.http.routers.{{ service }}.tls=true
- traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt-tls
- traefik.http.services.{{ service }}.loadbalancer.server.port=80
restart_policy:
condition: any
delay: 60s
labels:
pod.component.fpm: |
image: registry.kadet.net/keylighter.kadet.net/php-fpm:{{ keylighter_version }}
environment:
- TRUSTED_PROXIES=10.0.0.0/8
volumes:
- {{ service }}-www-data:/var/www
- {{ service }}-storage-data:/var/www/var
pod.component.nginx: |
image: nginx:latest
volumes:
- {{ service }}-www-data:/var/www
- {{ service }}-storage-data:/var/www/var
- {{ service }}-nginx-config:/etc/nginx/templates
pod.copy.fpm: /var/conf/keylighter/.env:/var/www/.env.local
pod.copy.nginx: /var/conf/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
pod.init.components: |
- image: registry.kadet.net/keylighter.kadet.net/php-fpm:{{ keylighter_version }}
entrypoint: ["/bin/sh", "-c"]
command: ["cp -a /var/www /mnt"]
volumes:
- {{ service }}-www-data:/mnt/www
configs:
- source: dotenv_{{ dotenv_file.checksum }}
target: /var/conf/keylighter/.env
- source: nginx_conf_{{ nginx_conf.checksum }}
target: /var/conf/nginx/nginx.conf
secrets:
- source: dockerregistryauth
target: /var/run/secrets/podlike/dockerregistryauth.json
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- nginx-config:/mnt/nginx-config
- www-data:/mnt/www-data
- storage-data:/mnt/storage-data
secrets:
dockerregistryauth:
name: dockerregistryauth
external: true
configs:
dotenv_{{ dotenv_file.checksum }}:
file: ./config/.env
nginx_conf_{{ nginx_conf.checksum }}:
file: ./config/nginx.conf
volumes:
nginx-config:
name: '{{ service }}-{{ "nginx-config.{{.Task.ID}}" }}'
labels:
com.github.rycus86.podlike.volume-ref: "{{ service }}-nginx-config"
www-data:
name: '{{ service }}-{{ "www-data.{{.Task.ID}}" }}'
labels:
com.github.rycus86.podlike.volume-ref: "{{ service }}-www-data"
storage-data:
labels:
com.github.rycus86.podlike.volume-ref: "{{ service }}-storage-data"

View File

@ -0,0 +1,16 @@
---
- name: 'Copy .env file for "{{ service }}"'
template:
src: "{{ service_path }}/config/.env"
dest: "{{ remote_service_path }}/config/.env"
register: dotenv_file
tags:
- config
- name: 'Copy nginx.conf file for "{{ service }}"'
template:
src: "{{ service_path }}/config/nginx.conf"
dest: "{{ remote_service_path }}/config/nginx.conf"
register: nginx_conf
tags:
- config

View File

@ -0,0 +1,5 @@
---
traefik_routing_rule: "Host(`{{ keylighter_host }}`)"
keylighter_host: keylighter.kadet.net
keylighter_version: latest

View File

@ -304,5 +304,17 @@ service_config:
65616339303364343737383065626665323766613035313563613131376661333336313437653037
65366633306635343662
allowed_services: ["echo"]
keylighter:
keylighter_version: latest
keylighter_app_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
63303033343833663565393866636164383062343661376230363032306530393066363138343837
6661633433663738333631396637646365643864643734380a343631616632393939373964396330
30653930323261333333666362323632303539666633636434663265623836396438323132323565
6366333138333465340a376431363939366164316163633030616130653465613532323765306339
30653966353632333164306262363031626137373761636166663533366231336637383334316637
3463613562343766613666666264646433353731313334336130
www_data_users:
- vagrant