From ec8365dfb5cbe9e1acd47a4747e918a02942f29c Mon Sep 17 00:00:00 2001
From: Kacper Donat <kadet1090@gmail.com>
Date: Fri, 4 Jun 2021 09:53:11 +0200
Subject: [PATCH] cojedzie-next: Create service

---
 services/cojedzie-next/environment       |   3 +
 services/cojedzie-next/stack.yml         | 108 +++++++++++++++++++++++
 services/cojedzie-next/tasks/config.yaml |   7 ++
 services/cojedzie-next/vars/main.yml     |  20 +++++
 vars/services.yml                        |   9 ++
 5 files changed, 147 insertions(+)
 create mode 100644 services/cojedzie-next/environment
 create mode 100644 services/cojedzie-next/stack.yml
 create mode 100644 services/cojedzie-next/tasks/config.yaml
 create mode 100644 services/cojedzie-next/vars/main.yml

diff --git a/services/cojedzie-next/environment b/services/cojedzie-next/environment
new file mode 100644
index 0000000..0b1f011
--- /dev/null
+++ b/services/cojedzie-next/environment
@@ -0,0 +1,3 @@
+MERCURE_URL=http://mercure/.well-known/mercure
+MERCURE_PUBLIC_URL=https://{{ cojedzie_domain }}/.well-known/mercure
+MERCURE_JWT_SECRET="{{ cojedzie_mercure_publisher_jwt_key }}"
diff --git a/services/cojedzie-next/stack.yml b/services/cojedzie-next/stack.yml
new file mode 100644
index 0000000..ce03294
--- /dev/null
+++ b/services/cojedzie-next/stack.yml
@@ -0,0 +1,108 @@
+version: '{{ compose_version }}'
+
+services:
+  api:
+    image: registry.kadet.net/cojedzie/api:next
+    networks: 
+      - "{{ ingress_network }}"
+      - default
+    volumes: 
+      - db_data:/var/db
+    environment:
+      - TRUSTED_PROXIES=10.0.0.0/8
+    env_file:
+      - ./environment
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-api.rule=Host(`{{ cojedzie_domain }}`) && PathPrefix(`/api/`)
+        - traefik.http.routers.{{ service }}-api.priority=100
+        - traefik.http.routers.{{ service }}-api.tls=true
+        - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
+
+  update-job:
+    image: registry.kadet.net/cojedzie/api:next
+    command: ["console", "app:update", "--async"]
+    networks: 
+      - default
+    volumes: 
+      - db_data:/var/db
+    env_file:
+      - ./environment
+    deploy:
+      mode: replicated
+      replicas: 0
+      labels:
+        - "swarm.cronjob.enable=true"
+        - "swarm.cronjob.schedule={{ cojedzie_update_cron }}"
+      restart_policy:
+        condition: none
+  
+  cron:
+    image: registry.kadet.net/cojedzie/cron:next
+    env_file:
+      - ./environment
+    volumes: 
+      - db_data:/var/db
+    depends_on:
+      - api
+  
+  worker:
+    image: registry.kadet.net/cojedzie/worker:next
+    env_file:
+      - ./environment
+    volumes: 
+      - db_data:/var/db
+    depends_on:
+      - api
+
+  mercure:
+    image: dunglas/mercure
+    networks: 
+      - "{{ ingress_network }}"
+      - default
+    environment:
+      SERVER_NAME: ':80'
+      USE_FORWARDED_HEADERS: 1
+      MERCURE_PUBLISHER_JWT_KEY: '{{ cojedzie_mercure_publisher_jwt_key }}'
+      MERCURE_SUBSCRIBER_JWT_KEY: '{{ cojedzie_mercure_subscriber_jwt_key }}'
+    volumes:
+      - mercure_data:/data
+      - mercure_config:/config
+    command: /usr/bin/caddy run -config /etc/caddy/Caddyfile.dev
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-mercure.rule=Host(`{{ cojedzie_domain }}`) && PathPrefix(`/.well-known/mercure`)
+        - traefik.http.routers.{{ service }}-mercure.tls=true
+        - traefik.http.routers.{{ service }}-mercure.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-mercure.loadbalancer.server.port=80
+
+  front:
+    image: registry.kadet.net/cojedzie/front:next
+    networks: 
+      - "{{ ingress_network }}"
+      - default
+    depends_on:
+      - api
+    environment:
+      - APP_GTM={{ cojedzie_gtm }}
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)
+        - traefik.http.routers.{{ service }}-front.tls=true
+        - traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000
+
+volumes:
+  db_data: ~
+  mercure_data: ~
+  mercure_config: ~
diff --git a/services/cojedzie-next/tasks/config.yaml b/services/cojedzie-next/tasks/config.yaml
new file mode 100644
index 0000000..f2a679a
--- /dev/null
+++ b/services/cojedzie-next/tasks/config.yaml
@@ -0,0 +1,7 @@
+---
+- name: 'Generate env_file for "{{ service }}"'
+  template:
+    src: "{{ service_path }}/environment"
+    dest: "{{ remote_service_path }}/environment"
+  tags:
+    - config
diff --git a/services/cojedzie-next/vars/main.yml b/services/cojedzie-next/vars/main.yml
new file mode 100644
index 0000000..d8a1cb3
--- /dev/null
+++ b/services/cojedzie-next/vars/main.yml
@@ -0,0 +1,20 @@
+---
+cojedzie_domain: next.cojedzie.pl
+cojedzie_update_cron: 0 0 4 * * * 
+cojedzie_gtm: ""
+cojedzie_mercure_subscriber_jwt_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30383839613764393562623137373934333530636564313633303062323661376333653136383066
+          6635653934313233346662653632356365343731396139330a663035636537646465353537646162
+          30356136613430316564346665653263383164333833383531353532316239316433306636303165
+          3931313836313133390a316562333130366435633335613066373232363439623932656532373032
+          62646432343334346165653466633634356635323038306435343932386233323164633134373964
+          6232656562626566663964643634366532393136383261333931
+cojedzie_mercure_publisher_jwt_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63343966303066626336623630636330363437646133393865303933613337336362343638363862
+          6438346633663334626136353033663536633937623239660a303032306564323462626638616534
+          39373765623739623134336332326537613338353936376434353263616630393062613365613638
+          3739383365353837310a613931333264386365663730646163383639383563313066643438326465
+          30633666343736323539326133626664356462356466323366633738613436636535353963663536
+          3837383838613130646365633232613530303863393866613830
diff --git a/vars/services.yml b/vars/services.yml
index c25b236..845431c 100644
--- a/vars/services.yml
+++ b/vars/services.yml
@@ -49,6 +49,15 @@ service_config:
           6330386139356263390a663366633232346637346233653261373330343864613262313465336432
           31366633323433653632366633376533343764343565653737633837383330323630313433323836
           6530363533656439663631636532363864373666343163376632
+      - name: docker-swarm
+        password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62333030343330666634643234323865303633343330333030303066363264323434656637356233
+          6165386664316536366235366336393561306139346235610a393566633363383734353933366331
+          36343364643366626230303463633164393336363736633662643536646539616235393232643930
+          3266326630393535660a393764376130343264643064613131393663333836356337613566343130
+          65353438613864373962636463613836313034633963613834393233376136313861303538346265
+          6139666332373137303962646530353364333732353339313262
     registry_storage:
       s3:
         accesskey: !vault |