system-praktyk: Initial config

wipe-stg: Mark emails as #stg
registry: Bump UI version to 2.5.6
2024-04-07 17:48:20 +02:00 · 2024-04-07 17:48:08 +02:00 · 2024-04-07 17:47:45 +02:00 · 2024-04-07 17:47:19 +02:00 · 2024-04-07 17:46:42 +02:00 · 2024-04-07 17:45:56 +02:00
13 changed files with 285 additions and 4 deletions
--- a/services/cojedzie@next/stack.yml
+++ b/services/cojedzie@next/stack.yml
@ -0,0 +1,100 @@
+version: "{{ compose_version }}"
+
+x-defaults: 
+  worker: &worker
+    image: {{ cojedzie_image_base }}/worker:{{ cojedzie_worker_version }}
+    env_file:
+      - ./api.env
+      - ./sentry.env
+    volumes:
+      - db_data:/var/db
+    depends_on:
+      - api
+
+services:
+  api:
+    image: {{ cojedzie_image_base }}/api:{{ cojedzie_api_version }}
+    networks:
+      - "{{ ingress_network }}"
+      - default
+    volumes:
+      - db_data:/var/db
+    environment:
+      - TRUSTED_PROXIES=10.0.0.0/8
+    env_file:
+      - ./api.env
+      - ./sentry.env
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-api.rule=({{ traefik_routing_rule }}) && (PathPrefix(`/api/`) || PathPrefix(`/bundles/`))
+        - traefik.http.routers.{{ service }}-api.priority=100
+        - traefik.http.routers.{{ service }}-api.tls=true
+        - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
+
+  schedule:
+    <<: *worker
+    environment:
+      COJEDZIE_WORKER_OPTS: '-vv'
+      COJEDZIE_WORKER_QUEUES: 'scheduler_default scheduler_hub'
+
+  worker:
+    <<: *worker
+
+  mercure:
+    image: dunglas/mercure:{{ cojedzie_mercure_version|default('latest') }}
+    networks:
+      - "{{ ingress_network }}"
+      - default
+    environment:
+      SERVER_NAME: ":80"
+      USE_FORWARDED_HEADERS: 1
+      MERCURE_PUBLISHER_JWT_KEY: "{{ cojedzie_mercure_jwt_key }}"
+      MERCURE_SUBSCRIBER_JWT_KEY: "{{ cojedzie_mercure_jwt_key }}"
+    volumes:
+      - mercure_data:/data
+      - mercure_config:/config
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-mercure.rule=({{ traefik_routing_rule }}) && PathPrefix(`/.well-known/mercure`)
+        - traefik.http.routers.{{ service }}-mercure.tls=true
+        - traefik.http.routers.{{ service }}-mercure.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-mercure.loadbalancer.server.port=80
+
+  front:
+    image: {{ cojedzie_image_base }}/front:{{ cojedzie_front_version }}
+    networks:
+      - "{{ ingress_network }}"
+      - default
+    depends_on:
+      - api
+    env_file:
+      - ./front.env
+      - ./sentry.env
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-front.rule={{ traefik_routing_rule }}
+        - traefik.http.routers.{{ service }}-front.tls=true
+        - traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
+        - traefik.http.routers.{{ service }}-front.middlewares=gzip@file
+        - traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000
+
+volumes:
+  db_data: ~
+  mercure_data: ~
+  mercure_config: ~
--- a/services/cojedzie@next/tasks/config.yaml
+++ b/services/cojedzie@next/tasks/config.yaml
@ -0,0 +1,13 @@
+---
+- name: 'Generate env files for "{{ service }}"'
+  template:
+    src: "{{ service_path }}/templates/{{ file }}"
+    dest: "{{ remote_service_path }}/{{ file }}"
+  tags:
+    - config
+  loop_control:
+    loop_var: file
+  with_items:
+    - api.env
+    - front.env
+    - sentry.env
--- a/services/cojedzie@next/tasks/pre-deploy.yaml
+++ b/services/cojedzie@next/tasks/pre-deploy.yaml
@ -0,0 +1,15 @@
+---
+- name: 'Pull all images for "{{ service }}"'
+  when: cojedzie_force_pull_images|default(false)
+  community.docker.docker_image:
+    name: "{{ image }}"
+    source: pull
+    force_source: yes
+  with_items:
+    - "{{ cojedzie_image_base }}/front:{{ cojedzie_front_version }}"
+    - "{{ cojedzie_image_base }}/api:{{ cojedzie_api_version }}"
+    - "{{ cojedzie_image_base }}/worker:{{ cojedzie_worker_version }}"
+  loop_control:
+    loop_var: image
+  notify:
+    - Restart services
--- a/services/cojedzie@next/templates/api.env
+++ b/services/cojedzie@next/templates/api.env
@ -0,0 +1,8 @@
+MERCURE_URL=http://mercure/.well-known/mercure
+MERCURE_PUBLIC_URL=https://{{ cojedzie_domain }}/.well-known/mercure
+MERCURE_JWT_SECRET={{ cojedzie_mercure_jwt_key }}
+
+DATABASE_URL=mysql://{{ cojedzie_database.user }}:{{ cojedzie_database.password }}@{{ database_mysql_host }}/{{ cojedzie_database.name }}?serverVersion=mariadb-10.7.1
+
+SENTRY_DSN={{ sentry_dsn_api }}
+SENTRY_SAMPLE_RATE={{ sentry_sample_rate_api }}
--- a/services/cojedzie@next/templates/front.env
+++ b/services/cojedzie@next/templates/front.env
@ -0,0 +1,9 @@
+COJEDZIE_GTM={{ cojedzie_gtm }}
+COJEDZIE_MAPTILER_KEY={{ cojedzie_maptiler }}
+COJEDZIE_API=http://api:8080
+COJEDZIE_API_HUB=https://{{ cojedzie_domain }}
+
+SENTRY_DSN={{ sentry_dsn_front }}
+SENTRY_SAMPLE_RATE={{ sentry_sample_rate_front }}
+SENTRY_TRACE_RATE={{ sentry_trace_rate|default(0.1) }}
+SENTRY_SESSION_RATE={{ sentry_session_rate|default(0.1) }}
--- a/services/cojedzie@next/templates/sentry.env
+++ b/services/cojedzie@next/templates/sentry.env
@ -0,0 +1 @@
+SENTRY_ENVIRONMENT={{ sentry_environment }}
--- a/services/cojedzie@next/vars/main.yml
+++ b/services/cojedzie@next/vars/main.yml
@ -0,0 +1,30 @@
+---
+cojedzie_domain: cojedzie.pl
+cojedzie_update_cron: 0 0 4 * * *
+cojedzie_gtm: ""
+cojedzie_mercure_jwt_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  30383839613764393562623137373934333530636564313633303062323661376333653136383066
+  6635653934313233346662653632356365343731396139330a663035636537646465353537646162
+  30356136613430316564346665653263383164333833383531353532316239316433306636303165
+  3931313836313133390a316562333130366435633335613066373232363439623932656532373032
+  62646432343334346165653466633634356635323038306435343932386233323164633134373964
+  6232656562626566663964643634366532393136383261333931
+cojedzie_maptiler: 8GX5FRUNgk4lB83GZT8Q
+
+cojedzie_image_base: docker.io/cojedzie
+
+cojedzie_version: latest
+cojedzie_front_version: "{{ cojedize_version }}"
+cojedzie_api_version: "{{ cojedize_version }}"
+cojedzie_worker_version: "{{ cojedize_version }}"
+
+sentry_dsn_api: https://fd114053dd724e0eb16011ac0da16ba1@o4505224124891136.ingest.sentry.io/4505224126332928
+sentry_dsn_front: https://2815d4e0251240fcb9cd8c81c31e86fe@o4505224124891136.ingest.sentry.io/4505224128233472
+sentry_sample_rate_api: 0.05
+sentry_sample_rate_front: 0.01
+sentry_session_replay_rate: 0.01
+sentry_error_replay_rate: 0.25
+sentry_environment: production
+
+traefik_routing_rule: "Host(`{{ cojedzie_domain }}`) || Host(`{{ service }}.{{ main_domain }}`)"
--- a/services/keylighter/stack.yml
+++ b/services/keylighter/stack.yml
@ -8,6 +8,15 @@ services:
        limits:
          memory: 256M

+  worker:
+    image: registry.kadet.net/keylighter.kadet.net/php-fpm:{{ keylighter_version }}
+    command: ['./bin/console', 'messenger:consume', '-vvv']
+    volumes:
+      - storage-data:/var/www/var
+    configs:
+      - source: dotenv_{{ dotenv_file.checksum }}
+        target: /var/www/.env.local
+
  site:
    image: registry.kadet.net/podlike
    command: -logs -ipc=false -pull
--- a/services/registry/config/config.yml
+++ b/services/registry/config/config.yml
@ -1,7 +1,7 @@
 version: 0.1

 log:
-  level: debug
+  level: warn
  fields:
    service: registry

--- a/services/registry/stack.yml
+++ b/services/registry/stack.yml
@ -25,7 +25,7 @@ services:
    networks: ['default']

  ui:
-    image: joxit/docker-registry-ui:2.2.1
+    image: joxit/docker-registry-ui:2.5.6
    environment:
        - DELETE_IMAGES=true
        - REGISTRY_TITLE=Kadet's private registry
--- a/services/system-praktyk/stack.yml
+++ b/services/system-praktyk/stack.yml
@ -0,0 +1,68 @@
+version: "{{ compose_version }}"
+
+services:
+  frontend:
+    image: {{ system_praktyk_image_group }}/front:{{ system_praktyk_version }}
+    networks:
+      - "{{ ingress_network }}"
+      - default
+    environment:
+      APP_API_BASE: https://system-praktyk.stg.kadet.net
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-front.rule=({{ traefik_routing_rule }})
+        - traefik.http.routers.{{ service }}-front.priority=200
+        - traefik.http.routers.{{ service }}-front.tls=true
+        - traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-front.loadbalancer.server.port=80
+        
+  api:
+    image: {{ system_praktyk_image_group }}/api:{{ system_praktyk_version }}
+    networks:
+      - "{{ ingress_network }}"
+      - default
+    environment:
+      TRUSTED_PROXIES: 10.0.0.0/8
+      CONNECTIONSTRINGS__INTERNSHIPDATABASE: "Host=postgres;Port=5432;Database=praktyki;Username=praktyki;Password=praktyki"
+      ASPNETCORE_ENVIRONMENT: Development
+      ASPNETCORE_URLS: http://0.0.0.0:80
+      SECURITYOPTIONS__SECRET: iewaiwie3aig9wi3chieBai9eephai
+      SECURITYOPTIONS__EXPIRATION: 1440     # 24h in minutes
+      SECURITYOPTIONS__BASEURL: https://logowanie.pg.edu.pl
+      SECURITYOPTIONS__TOKENPATH: /oauth2.0/accessToken
+      SECURITYOPTIONS__PROFILEPATH: /oauth2.0/profile
+      SECURITYOPTIONS__CLIENTID: PraktykiClientId
+      SECURITYOPTIONS__REDIRECTURL: https://system-praktyk.stg.kadet.net/user/login/check/pg
+      FILLER__USE_DEFAULT_DATA: "true"
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-api.rule=({{ traefik_routing_rule }}) && (PathPrefix(`/api/`))
+        - traefik.http.routers.{{ service }}-api.priority=300
+        - traefik.http.routers.{{ service }}-api.tls=true
+        - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
+        - traefik.http.routers.{{ service }}-api.middlewares={{ service }}-api-strip
+        - traefik.http.services.{{ service }}-api.loadbalancer.server.port=80
+        - traefik.http.middlewares.{{ service }}-api-strip.stripprefix.prefixes=/api
+
+  postgres:
+    image: postgres:12.
+    environment:
+      - POSTGRES_DB=praktyki
+      - POSTGRES_USER=praktyki
+      - POSTGRES_PASSWORD=praktyki
+
+
+volumes:
+  pg_data: ~
--- a/services/system-praktyk/vars/main.yml
+++ b/services/system-praktyk/vars/main.yml
@ -0,0 +1,5 @@
+---
+system_praktyk_image_group: registry.kadet.net/system-praktyk
+system_praktyk_version: latest
+
+traefik_routing_rule: "Host(`{{ service }}.stg.{{ main_domain }}`)"
--- a/vars/services.yml
+++ b/vars/services.yml
@ -109,7 +109,7 @@ service_config:
      623838613832393239343036396439383561
    wipe_mail:
      host: email-smtp.eu-north-1.amazonaws.com
-      from: "WIPE <no-reply@wipozaekranem.pl>"
+      from: "WIPE#stg <no-reply@wipozaekranem.pl>"
      encryption: "ssl"
      port: 465
      user: !vault |
@ -186,8 +186,9 @@ service_config:
      name: cojedzie
      user: cojedzie
      password: "{{ mysql_user_passwords['cojedzie'] }}"
+
  cojedzie-next:
-    template: cojedzie
+    template: cojedzie@next

    cojedzie_version: next
    cojedzie_domain: next.cojedzie.pl
@ -211,6 +212,7 @@ service_config:
    sentry_environment: next
    sentry_sample_rate_front: 0.01
    sentry_sample_rate_api: 0.01
+
  registry:
    registry_users:
      - "{{ swarm_registry_user }}"
@ -304,6 +306,27 @@ service_config:
          65616339303364343737383065626665323766613035313563613131376661333336313437653037
          65366633306635343662
        allowed_services: ["echo"]
+      - token: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31613736666563373031616530643138343036333339663837653732343635303334396534666661
+          3963656435393335623438343065666636653633343164350a393237333034383932346463656337
+          61346666383035373230646233373636663635383563663466393438643339346363383139353765
+          3535316366623639350a663737666366396439343932636262313939633234363065336331643833
+          32333863313763363535343236613563306236383431313663616438303033366636666238396535
+          3134623165653432316664623939376631333861626332653165
+        allowed_services: ["cojedzie-next"]
+      - token: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64613263316636313262356435316666356539396430313030653462303961366632653732383538
+          3430386132356537303134353065636334346433613561640a303937306165613364633931626330
+          37373864656366386636626637636136333538646465646365393539393461626633343334313964
+          3734386437643239360a656236613063636632633439633664666637343232646362346438363238
+          38373734636562383737373962616536636366396331313835613637333563636264313064353534
+          32616135306433393631383764326566336531623333616338326637363930336535353265623865
+          30663666626663366436326662393036633232383832356634313665663661373130323037386531
+          64666630383063306533336634373234313862383066396238336136666165643862346436663539
+          3665
+        allowed_services: ["cojedzie"]
  
  keylighter:
    keylighter_version: latest
Author	SHA1	Message	Date
Kacper Donat	0ce22c72e3	system-praktyk: Initial config	2024-04-07 17:48:20 +02:00
Kacper Donat	561557b00b	wipe-stg: Mark emails as #stg	2024-04-07 17:48:08 +02:00
Kacper Donat	2d7d110e41	registry: Bump UI version to 2.5.6	2024-04-07 17:47:45 +02:00
Kacper Donat	13dbde9971	keylighter: Add missing worker service	2024-04-07 17:47:19 +02:00
Kacper Donat	430676881b	cojedzie-next: Use cojedzie@next template	2024-04-07 17:46:42 +02:00
Kacper Donat	6c4fa8c1c3	management: Add cojedzie and cojedzie-next	2024-04-07 17:45:56 +02:00