kadet.net/servers
1
0
Fork 0
Code Releases Activity

Compare commits

base: kadet.net:7acd968f52ae6544736756c335934426f2746766
Branches Tags
kadet.net:master
kadet.net:feature/mgmt-server
...
compare: kadet.net:0ce22c72e37cfd618a19ad0e4bb0bc6f7b2d58c1
Branches Tags
kadet.net:master
kadet.net:feature/mgmt-server

6 Commits
7acd968f52 ... 0ce22c72e3

Author SHA1 Message Date
Kacper Donat
0ce22c72e3 system-praktyk: Initial config 2024-04-07 17:48:20 +02:00
Kacper Donat
561557b00b wipe-stg: Mark emails as #stg 2024-04-07 17:48:08 +02:00
Kacper Donat
2d7d110e41 registry: Bump UI version to 2.5.6 2024-04-07 17:47:45 +02:00
Kacper Donat
13dbde9971 keylighter: Add missing worker service 2024-04-07 17:47:19 +02:00
Kacper Donat
430676881b cojedzie-next: Use cojedzie@next template 2024-04-07 17:46:42 +02:00
Kacper Donat
6c4fa8c1c3 management: Add cojedzie and cojedzie-next 2024-04-07 17:45:56 +02:00
13 changed files with 285 additions and 4 deletions
Show Stats Expand all files Collapse all files

100
services/cojedzie@next/stack.yml Normal file
View File

@ -0,0 +1,100 @@
version: "{{ compose_version }}"
x-defaults:
worker: &worker
image: {{ cojedzie_image_base }}/worker:{{ cojedzie_worker_version }}
env_file:
- ./api.env
- ./sentry.env
volumes:
- db_data:/var/db
depends_on:
- api
services:
api:
image: {{ cojedzie_image_base }}/api:{{ cojedzie_api_version }}
networks:
- "{{ ingress_network }}"
- default
volumes:
- db_data:/var/db
environment:
- TRUSTED_PROXIES=10.0.0.0/8
env_file:
- ./api.env
- ./sentry.env
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}-api.rule=({{ traefik_routing_rule }}) && (PathPrefix(`/api/`) || PathPrefix(`/bundles/`))
- traefik.http.routers.{{ service }}-api.priority=100
- traefik.http.routers.{{ service }}-api.tls=true
- traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
schedule:
<<: *worker
environment:
COJEDZIE_WORKER_OPTS: '-vv'
COJEDZIE_WORKER_QUEUES: 'scheduler_default scheduler_hub'
worker:
<<: *worker
mercure:
image: dunglas/mercure:{{ cojedzie_mercure_version|default('latest') }}
networks:
- "{{ ingress_network }}"
- default
environment:
SERVER_NAME: ":80"
USE_FORWARDED_HEADERS: 1
MERCURE_PUBLISHER_JWT_KEY: "{{ cojedzie_mercure_jwt_key }}"
MERCURE_SUBSCRIBER_JWT_KEY: "{{ cojedzie_mercure_jwt_key }}"
volumes:
- mercure_data:/data
- mercure_config:/config
deploy:
mode: replicated
replicas: 1
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}-mercure.rule=({{ traefik_routing_rule }}) && PathPrefix(`/.well-known/mercure`)
- traefik.http.routers.{{ service }}-mercure.tls=true
- traefik.http.routers.{{ service }}-mercure.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}-mercure.loadbalancer.server.port=80
front:
image: {{ cojedzie_image_base }}/front:{{ cojedzie_front_version }}
networks:
- "{{ ingress_network }}"
- default
depends_on:
- api
env_file:
- ./front.env
- ./sentry.env
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}-front.rule={{ traefik_routing_rule }}
- traefik.http.routers.{{ service }}-front.tls=true
- traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
- traefik.http.routers.{{ service }}-front.middlewares=gzip@file
- traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000
volumes:
db_data: ~
mercure_data: ~
mercure_config: ~

13
services/cojedzie@next/tasks/config.yaml Normal file
View File

@ -0,0 +1,13 @@
---
- name: 'Generate env files for "{{ service }}"'
template:
src: "{{ service_path }}/templates/{{ file }}"
dest: "{{ remote_service_path }}/{{ file }}"
tags:
- config
loop_control:
loop_var: file
with_items:
- api.env
- front.env
- sentry.env

15
services/cojedzie@next/tasks/pre-deploy.yaml Normal file
View File

@ -0,0 +1,15 @@
---
- name: 'Pull all images for "{{ service }}"'
when: cojedzie_force_pull_images|default(false)
community.docker.docker_image:
name: "{{ image }}"
source: pull
force_source: yes
with_items:
- "{{ cojedzie_image_base }}/front:{{ cojedzie_front_version }}"
- "{{ cojedzie_image_base }}/api:{{ cojedzie_api_version }}"
- "{{ cojedzie_image_base }}/worker:{{ cojedzie_worker_version }}"
loop_control:
loop_var: image
notify:
- Restart services

8
services/cojedzie@next/templates/api.env Normal file
View File

@ -0,0 +1,8 @@
MERCURE_URL=http://mercure/.well-known/mercure
MERCURE_PUBLIC_URL=https://{{ cojedzie_domain }}/.well-known/mercure
MERCURE_JWT_SECRET={{ cojedzie_mercure_jwt_key }}
DATABASE_URL=mysql://{{ cojedzie_database.user }}:{{ cojedzie_database.password }}@{{ database_mysql_host }}/{{ cojedzie_database.name }}?serverVersion=mariadb-10.7.1
SENTRY_DSN={{ sentry_dsn_api }}
SENTRY_SAMPLE_RATE={{ sentry_sample_rate_api }}

9
services/cojedzie@next/templates/front.env Normal file
View File

@ -0,0 +1,9 @@
COJEDZIE_GTM={{ cojedzie_gtm }}
COJEDZIE_MAPTILER_KEY={{ cojedzie_maptiler }}
COJEDZIE_API=http://api:8080
COJEDZIE_API_HUB=https://{{ cojedzie_domain }}
SENTRY_DSN={{ sentry_dsn_front }}
SENTRY_SAMPLE_RATE={{ sentry_sample_rate_front }}
SENTRY_TRACE_RATE={{ sentry_trace_rate|default(0.1) }}
SENTRY_SESSION_RATE={{ sentry_session_rate|default(0.1) }}

1
services/cojedzie@next/templates/sentry.env Normal file
View File

@ -0,0 +1 @@
SENTRY_ENVIRONMENT={{ sentry_environment }}

30
services/cojedzie@next/vars/main.yml Normal file
View File

@ -0,0 +1,30 @@
---
cojedzie_domain: cojedzie.pl
cojedzie_update_cron: 0 0 4 * * *
cojedzie_gtm: ""
cojedzie_mercure_jwt_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
30383839613764393562623137373934333530636564313633303062323661376333653136383066
6635653934313233346662653632356365343731396139330a663035636537646465353537646162
30356136613430316564346665653263383164333833383531353532316239316433306636303165
3931313836313133390a316562333130366435633335613066373232363439623932656532373032
62646432343334346165653466633634356635323038306435343932386233323164633134373964
6232656562626566663964643634366532393136383261333931
cojedzie_maptiler: 8GX5FRUNgk4lB83GZT8Q
cojedzie_image_base: docker.io/cojedzie
cojedzie_version: latest
cojedzie_front_version: "{{ cojedize_version }}"
cojedzie_api_version: "{{ cojedize_version }}"
cojedzie_worker_version: "{{ cojedize_version }}"
sentry_dsn_api: https://fd114053dd724e0eb16011ac0da16ba1@o4505224124891136.ingest.sentry.io/4505224126332928
sentry_dsn_front: https://2815d4e0251240fcb9cd8c81c31e86fe@o4505224124891136.ingest.sentry.io/4505224128233472
sentry_sample_rate_api: 0.05
sentry_sample_rate_front: 0.01
sentry_session_replay_rate: 0.01
sentry_error_replay_rate: 0.25
sentry_environment: production
traefik_routing_rule: "Host(`{{ cojedzie_domain }}`) || Host(`{{ service }}.{{ main_domain }}`)"

9
services/keylighter/stack.yml
View File

@ -8,6 +8,15 @@ services:
limits: limits:
memory: 256M memory: 256M
worker:
image: registry.kadet.net/keylighter.kadet.net/php-fpm:{{ keylighter_version }}
command: ['./bin/console', 'messenger:consume', '-vvv']
volumes:
- storage-data:/var/www/var
configs:
- source: dotenv_{{ dotenv_file.checksum }}
target: /var/www/.env.local
site: site:
image: registry.kadet.net/podlike image: registry.kadet.net/podlike
command: -logs -ipc=false -pull command: -logs -ipc=false -pull

2
services/registry/config/config.yml
View File

@ -1,7 +1,7 @@
version: 0.1 version: 0.1
log: log:
level: debug level: warn
fields: fields:
service: registry service: registry

2
services/registry/stack.yml
View File

@ -25,7 +25,7 @@ services:
networks: ['default'] networks: ['default']
ui: ui:
image: joxit/docker-registry-ui:2.2.1 image: joxit/docker-registry-ui:2.5.6
environment: environment:
- DELETE_IMAGES=true - DELETE_IMAGES=true
- REGISTRY_TITLE=Kadet's private registry - REGISTRY_TITLE=Kadet's private registry

68
services/system-praktyk/stack.yml Normal file
View File

@ -0,0 +1,68 @@
version: "{{ compose_version }}"
services:
frontend:
image: {{ system_praktyk_image_group }}/front:{{ system_praktyk_version }}
networks:
- "{{ ingress_network }}"
- default
environment:
APP_API_BASE: https://system-praktyk.stg.kadet.net
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}-front.rule=({{ traefik_routing_rule }})
- traefik.http.routers.{{ service }}-front.priority=200
- traefik.http.routers.{{ service }}-front.tls=true
- traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}-front.loadbalancer.server.port=80
api:
image: {{ system_praktyk_image_group }}/api:{{ system_praktyk_version }}
networks:
- "{{ ingress_network }}"
- default
environment:
TRUSTED_PROXIES: 10.0.0.0/8
CONNECTIONSTRINGS__INTERNSHIPDATABASE: "Host=postgres;Port=5432;Database=praktyki;Username=praktyki;Password=praktyki"
ASPNETCORE_ENVIRONMENT: Development
ASPNETCORE_URLS: http://0.0.0.0:80
SECURITYOPTIONS__SECRET: iewaiwie3aig9wi3chieBai9eephai
SECURITYOPTIONS__EXPIRATION: 1440 # 24h in minutes
SECURITYOPTIONS__BASEURL: https://logowanie.pg.edu.pl
SECURITYOPTIONS__TOKENPATH: /oauth2.0/accessToken
SECURITYOPTIONS__PROFILEPATH: /oauth2.0/profile
SECURITYOPTIONS__CLIENTID: PraktykiClientId
SECURITYOPTIONS__REDIRECTURL: https://system-praktyk.stg.kadet.net/user/login/check/pg
FILLER__USE_DEFAULT_DATA: "true"
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}-api.rule=({{ traefik_routing_rule }}) && (PathPrefix(`/api/`))
- traefik.http.routers.{{ service }}-api.priority=300
- traefik.http.routers.{{ service }}-api.tls=true
- traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
- traefik.http.routers.{{ service }}-api.middlewares={{ service }}-api-strip
- traefik.http.services.{{ service }}-api.loadbalancer.server.port=80
- traefik.http.middlewares.{{ service }}-api-strip.stripprefix.prefixes=/api
postgres:
image: postgres:12.
environment:
- POSTGRES_DB=praktyki
- POSTGRES_USER=praktyki
- POSTGRES_PASSWORD=praktyki
volumes:
pg_data: ~

5
services/system-praktyk/vars/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
system_praktyk_image_group: registry.kadet.net/system-praktyk
system_praktyk_version: latest
traefik_routing_rule: "Host(`{{ service }}.stg.{{ main_domain }}`)"

27
vars/services.yml
View File

@ -109,7 +109,7 @@ service_config:
623838613832393239343036396439383561 623838613832393239343036396439383561
wipe_mail: wipe_mail:
host: email-smtp.eu-north-1.amazonaws.com host: email-smtp.eu-north-1.amazonaws.com
from: "WIPE <no-reply@wipozaekranem.pl>" from: "WIPE#stg <no-reply@wipozaekranem.pl>"
encryption: "ssl" encryption: "ssl"
port: 465 port: 465
user: !vault | user: !vault |
@ -186,8 +186,9 @@ service_config:
name: cojedzie name: cojedzie
user: cojedzie user: cojedzie
password: "{{ mysql_user_passwords['cojedzie'] }}" password: "{{ mysql_user_passwords['cojedzie'] }}"
cojedzie-next: cojedzie-next:
template: cojedzie template: cojedzie@next
cojedzie_version: next cojedzie_version: next
cojedzie_domain: next.cojedzie.pl cojedzie_domain: next.cojedzie.pl
@ -211,6 +212,7 @@ service_config:
sentry_environment: next sentry_environment: next
sentry_sample_rate_front: 0.01 sentry_sample_rate_front: 0.01
sentry_sample_rate_api: 0.01 sentry_sample_rate_api: 0.01
registry: registry:
registry_users: registry_users:
- "{{ swarm_registry_user }}" - "{{ swarm_registry_user }}"
@ -304,6 +306,27 @@ service_config:
65616339303364343737383065626665323766613035313563613131376661333336313437653037 65616339303364343737383065626665323766613035313563613131376661333336313437653037
65366633306635343662 65366633306635343662
allowed_services: ["echo"] allowed_services: ["echo"]
- token: !vault |
$ANSIBLE_VAULT;1.1;AES256
31613736666563373031616530643138343036333339663837653732343635303334396534666661
3963656435393335623438343065666636653633343164350a393237333034383932346463656337
61346666383035373230646233373636663635383563663466393438643339346363383139353765
3535316366623639350a663737666366396439343932636262313939633234363065336331643833
32333863313763363535343236613563306236383431313663616438303033366636666238396535
3134623165653432316664623939376631333861626332653165
allowed_services: ["cojedzie-next"]
- token: !vault |
$ANSIBLE_VAULT;1.1;AES256
64613263316636313262356435316666356539396430313030653462303961366632653732383538
3430386132356537303134353065636334346433613561640a303937306165613364633931626330
37373864656366386636626637636136333538646465646365393539393461626633343334313964
3734386437643239360a656236613063636632633439633664666637343232646362346438363238
38373734636562383737373962616536636366396331313835613637333563636264313064353534
32616135306433393631383764326566336531623333616338326637363930336535353265623865
30663666626663366436326662393036633232383832356634313665663661373130323037386531
64666630383063306533336634373234313862383066396238336136666165643862346436663539
3665
allowed_services: ["cojedzie"]
keylighter: keylighter:
keylighter_version: latest keylighter_version: latest