cojedzie: Bump version to 2023.1.5

api/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Kacper Donat
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

services/cojedzie-next/stack.yml

@@ -1,97 +0,0 @@
-version: '{{ compose_version }}'
-
-services:
-  api:
-    image: registry.kadet.net/cojedzie/api:next
-    networks: 
-      - "{{ ingress_network }}"
-      - default
-    volumes: 
-      - db_data:/var/db
-    environment:
-      - TRUSTED_PROXIES=10.0.0.0/8
-    env_file:
-      - ./environment
-    deploy:
-      mode: replicated
-      replicas: 1
-      update_config:
-        parallelism: 1
-        order: start-first
-      labels:
-        - traefik.enable=true
-        - traefik.http.routers.{{ service }}-api.rule=Host(`{{ cojedzie_domain }}`) && PathPrefix(`/api/`)
-        - traefik.http.routers.{{ service }}-api.priority=100
-        - traefik.http.routers.{{ service }}-api.tls=true
-        - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
-        - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
-  
-  cron:
-    image: registry.kadet.net/cojedzie/cron:next
-    env_file:
-      - ./environment
-    volumes: 
-      - db_data:/var/db
-    depends_on:
-      - api
-  
-  worker:
-    image: registry.kadet.net/cojedzie/worker:next
-    env_file:
-      - ./environment
-    volumes: 
-      - db_data:/var/db
-    depends_on:
-      - api
-
-  mercure:
-    image: dunglas/mercure
-    networks: 
-      - "{{ ingress_network }}"
-      - default
-    environment:
-      SERVER_NAME: ':80'
-      USE_FORWARDED_HEADERS: 1
-      MERCURE_PUBLISHER_JWT_KEY: '{{ cojedzie_mercure_jwt_key }}'
-      MERCURE_SUBSCRIBER_JWT_KEY: '{{ cojedzie_mercure_jwt_key }}'
-    volumes:
-      - mercure_data:/data
-      - mercure_config:/config
-    deploy:
-      mode: replicated
-      replicas: 1
-      labels:
-        - traefik.enable=true
-        - traefik.http.routers.{{ service }}-mercure.rule=Host(`{{ cojedzie_domain }}`) && PathPrefix(`/.well-known/mercure`)
-        - traefik.http.routers.{{ service }}-mercure.tls=true
-        - traefik.http.routers.{{ service }}-mercure.tls.certresolver=lets-encrypt
-        - traefik.http.services.{{ service }}-mercure.loadbalancer.server.port=80
-
-  front:
-    image: registry.kadet.net/cojedzie/front:next
-    networks: 
-      - "{{ ingress_network }}"
-      - default
-    depends_on:
-      - api
-    environment:
-      - COJEDZIE_GTM={{ cojedzie_gtm }}
-      - COJEDZIE_MAPTILER_KEY={{ cojedzie_maptiler }}
-    deploy:
-      mode: replicated
-      replicas: 1
-      update_config:
-        parallelism: 1
-        order: start-first
-      labels:
-        - traefik.enable=true
-        - traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)
-        - traefik.http.routers.{{ service }}-front.tls=true
-        - traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
-        - traefik.http.routers.{{ service }}-front.middlewares=gzip@file
-        - traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000
-
-volumes:
-  db_data: ~
-  mercure_data: ~
-  mercure_config: ~

services/cojedzie-next/tasks/config.yaml

@@ -1,7 +0,0 @@
----
-- name: 'Generate env_file for "{{ service }}"'
-  template:
-    src: "{{ service_path }}/environment"
-    dest: "{{ remote_service_path }}/environment"
-  tags:
-    - config

services/cojedzie-next/tasks/pre-deploy.yaml

@@ -1,15 +0,0 @@
----
-- name: 'Pull all images for "{{ service }}"'
-  community.docker.docker_image:
-    name: "{{ image }}"
-    source: pull
-    force_source: yes
-  with_items:
-   - registry.kadet.net/cojedzie/front:next
-   - registry.kadet.net/cojedzie/api:next
-   - registry.kadet.net/cojedzie/worker:next
-   - registry.kadet.net/cojedzie/cron:next
-  loop_control:
-    loop_var: image
-  notify:
-    - Restart services

services/cojedzie-next/vars/main.yml

@@ -1,13 +0,0 @@
----
-cojedzie_domain: next.cojedzie.pl
-cojedzie_update_cron: 0 0 4 * * * 
-cojedzie_gtm: ""
-cojedzie_mercure_jwt_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          63343966303066626336623630636330363437646133393865303933613337336362343638363862
-          6438346633663334626136353033663536633937623239660a303032306564323462626638616534
-          39373765623739623134336332326537613338353936376434353263616630393062613365613638
-          3739383365353837310a613931333264386365663730646163383639383563313066643438326465
-          30633666343736323539326133626664356462356466323366633738613436636535353963663536
-          3837383838613130646365633232613530303863393866613830
-cojedzie_maptiler: 1gwEkcI3lbNcEb0MOoOu

services/cojedzie/environment

@@ -1,5 +0,0 @@
-MERCURE_URL=http://mercure/.well-known/mercure
-MERCURE_PUBLIC_URL=https://{{ cojedzie_domain }}/.well-known/mercure
-MERCURE_JWT_SECRET={{ cojedzie_mercure_jwt_key }}
-
-DATABASE_URL=mysql://{{ cojedzie_database.user }}:{{ cojedzie_database.password }}@{{ database_mysql_host }}/{{ cojedzie_database.name }}?serverVersion=mariadb-10.7.1

services/cojedzie/stack.yml

@@ -1,17 +1,18 @@
-version: '{{ compose_version }}'
+version: "{{ compose_version }}"
 
 services:
   api:
-    image: cojedzie/api:{{ cojedzie_version }}
-    networks: 
+    image: {{ cojedzie_image_base }}/api:{{ cojedzie_version }}
+    networks:
       - "{{ ingress_network }}"
       - default
-    volumes: 
+    volumes:
       - db_data:/var/db
     environment:
       - TRUSTED_PROXIES=10.0.0.0/8
     env_file:
-      - ./environment
+      - ./api.env
+      - ./sentry.env
     deploy:
       mode: replicated
       replicas: 1
@@ -20,40 +21,42 @@ services:
         order: start-first
       labels:
         - traefik.enable=true
-        - traefik.http.routers.{{ service }}-api.rule=(Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)) && (PathPrefix(`/api/`) || PathPrefix(`/bundles/`))
+        - traefik.http.routers.{{ service }}-api.rule=({{ traefik_routing_rule }}) && (PathPrefix(`/api/`) || PathPrefix(`/bundles/`))
         - traefik.http.routers.{{ service }}-api.priority=100
         - traefik.http.routers.{{ service }}-api.tls=true
         - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
         - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
-  
+
   cron:
-    image: cojedzie/cron:{{ cojedzie_version }}
+    image: {{ cojedzie_image_base }}/cron:{{ cojedzie_version }}
     env_file:
-      - ./environment
-    volumes: 
+      - ./api.env
+      - ./sentry.env
+    volumes:
       - db_data:/var/db
     depends_on:
       - api
-  
+
   worker:
-    image: cojedzie/worker:{{ cojedzie_version }}
+    image: {{ cojedzie_image_base }}/worker:{{ cojedzie_version }}
     env_file:
-      - ./environment
-    volumes: 
+      - ./api.env
+      - ./sentry.env
+    volumes:
       - db_data:/var/db
     depends_on:
       - api
 
   mercure:
-    image: dunglas/mercure
-    networks: 
+    image: dunglas/mercure:{{ cojedzie_mercure_version|default('latest') }}
+    networks:
       - "{{ ingress_network }}"
       - default
     environment:
-      SERVER_NAME: ':80'
+      SERVER_NAME: ":80"
       USE_FORWARDED_HEADERS: 1
-      MERCURE_PUBLISHER_JWT_KEY: '{{ cojedzie_mercure_jwt_key }}'
-      MERCURE_SUBSCRIBER_JWT_KEY: '{{ cojedzie_mercure_jwt_key }}'
+      MERCURE_PUBLISHER_JWT_KEY: "{{ cojedzie_mercure_jwt_key }}"
+      MERCURE_SUBSCRIBER_JWT_KEY: "{{ cojedzie_mercure_jwt_key }}"
     volumes:
       - mercure_data:/data
       - mercure_config:/config
@@ -62,21 +65,21 @@ services:
       replicas: 1
       labels:
         - traefik.enable=true
-        - traefik.http.routers.{{ service }}-mercure.rule=(Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)) && PathPrefix(`/.well-known/mercure`)
+        - traefik.http.routers.{{ service }}-mercure.rule=({{ traefik_routing_rule }}) && PathPrefix(`/.well-known/mercure`)
         - traefik.http.routers.{{ service }}-mercure.tls=true
         - traefik.http.routers.{{ service }}-mercure.tls.certresolver=lets-encrypt
         - traefik.http.services.{{ service }}-mercure.loadbalancer.server.port=80
 
   front:
-    image: cojedzie/front:{{ cojedzie_version }}
-    networks: 
+    image: {{ cojedzie_image_base }}/front:{{ cojedzie_version }}
+    networks:
       - "{{ ingress_network }}"
       - default
     depends_on:
       - api
-    environment:
-      - COJEDZIE_GTM={{ cojedzie_gtm }}
-      - COJEDZIE_MAPTILER_KEY={{ cojedzie_maptiler }}
+    env_file:
+      - ./front.env
+      - ./sentry.env
     deploy:
       mode: replicated
       replicas: 1
@@ -85,10 +88,10 @@ services:
         order: start-first
       labels:
         - traefik.enable=true
-        - traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)
+        - traefik.http.routers.{{ service }}-front.rule={{ traefik_routing_rule }}
         - traefik.http.routers.{{ service }}-front.tls=true
-        - traefik.http.routers.{{ service }}-front.middlewares=gzip@file
         - traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
+        - traefik.http.routers.{{ service }}-front.middlewares=gzip@file
         - traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000
 
 volumes:

services/cojedzie/tasks/config.yaml

@@ -1,7 +1,13 @@
 ---
-- name: 'Generate env_file for "{{ service }}"'
+- name: 'Generate env files for "{{ service }}"'
   template:
-    src: "{{ service_path }}/environment"
-    dest: "{{ remote_service_path }}/environment"
+    src: "{{ service_path }}/templates/{{ file }}"
+    dest: "{{ remote_service_path }}/{{ file }}"
   tags:
     - config
+  loop_control:
+    loop_var: file
+  with_items:
+    - api.env
+    - front.env
+    - sentry.env

services/cojedzie/tasks/pre-deploy.yaml

@@ -0,0 +1,16 @@
+---
+- name: 'Pull all images for "{{ service }}"'
+  when: cojedzie_force_pull_images|default(false)
+  community.docker.docker_image:
+    name: "{{ image }}"
+    source: pull
+    force_source: yes
+  with_items:
+    - "{{ cojedzie_image_base }}/front:{{ cojedzie_version }}"
+    - "{{ cojedzie_image_base }}/api:{{ cojedzie_version }}"
+    - "{{ cojedzie_image_base }}/worker:{{ cojedzie_version }}"
+    - "{{ cojedzie_image_base }}/cron:{{ cojedzie_version }}"
+  loop_control:
+    loop_var: image
+  notify:
+    - Restart services

services/cojedzie/templates/api.env

@@ -3,3 +3,6 @@ MERCURE_PUBLIC_URL=https://{{ cojedzie_domain }}/.well-known/mercure
 MERCURE_JWT_SECRET={{ cojedzie_mercure_jwt_key }}
 
 DATABASE_URL=mysql://{{ cojedzie_database.user }}:{{ cojedzie_database.password }}@{{ database_mysql_host }}/{{ cojedzie_database.name }}?serverVersion=mariadb-10.7.1
+
+SENTRY_DSN={{ sentry_dsn_api }}
+SENTRY_SAMPLE_RATE={{ sentry_sample_rate_api }}

services/cojedzie/templates/front.env

@@ -0,0 +1,9 @@
+COJEDZIE_GTM={{ cojedzie_gtm }}
+COJEDZIE_MAPTILER_KEY={{ cojedzie_maptiler }}
+COJEDZIE_API=http://api:8080
+COJEDZIE_API_HUB=https://{{ cojedzie_domain }}
+
+SENTRY_DSN={{ sentry_dsn_front }}
+SENTRY_SAMPLE_RATE={{ sentry_sample_rate_front }}
+SENTRY_TRACE_RATE={{ sentry_trace_rate|default(0.1) }}
+SENTRY_SESSION_RATE={{ sentry_session_rate|default(0.1) }}

services/cojedzie/templates/sentry.env

@@ -0,0 +1 @@
+SENTRY_ENVIRONMENT={{ sentry_environment }}

services/cojedzie/vars/main.yml

@@ -1,13 +1,23 @@
 ---
 cojedzie_domain: cojedzie.pl
-cojedzie_update_cron: 0 0 4 * * * 
+cojedzie_update_cron: 0 0 4 * * *
 cojedzie_gtm: ""
 cojedzie_mercure_jwt_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          30383839613764393562623137373934333530636564313633303062323661376333653136383066
-          6635653934313233346662653632356365343731396139330a663035636537646465353537646162
-          30356136613430316564346665653263383164333833383531353532316239316433306636303165
-          3931313836313133390a316562333130366435633335613066373232363439623932656532373032
-          62646432343334346165653466633634356635323038306435343932386233323164633134373964
-          6232656562626566663964643634366532393136383261333931
-cojedzie_maptiler: 8GX5FRUNgk4lB83GZT8Q 
+  $ANSIBLE_VAULT;1.1;AES256
+  30383839613764393562623137373934333530636564313633303062323661376333653136383066
+  6635653934313233346662653632356365343731396139330a663035636537646465353537646162
+  30356136613430316564346665653263383164333833383531353532316239316433306636303165
+  3931313836313133390a316562333130366435633335613066373232363439623932656532373032
+  62646432343334346165653466633634356635323038306435343932386233323164633134373964
+  6232656562626566663964643634366532393136383261333931
+cojedzie_maptiler: 8GX5FRUNgk4lB83GZT8Q
+cojedzie_image_base: docker.io/cojedzie
+cojedzie_version: latest
+sentry_dsn_api: https://fd114053dd724e0eb16011ac0da16ba1@o4505224124891136.ingest.sentry.io/4505224126332928
+sentry_dsn_front: https://2815d4e0251240fcb9cd8c81c31e86fe@o4505224124891136.ingest.sentry.io/4505224128233472
+sentry_sample_rate_api: 0.05
+sentry_sample_rate_front: 0.01
+sentry_session_replay_rate: 0.01
+sentry_error_replay_rate: 0.25
+sentry_environment: production
+traefik_routing_rule: "Host(`{{ cojedzie_domain }}`) || Host(`{{ service }}.{{ main_domain }}`)"

services/portainer/vars/main.yml

@@ -1,2 +1,2 @@
 ---
-portainer_version: 2.15.1
+portainer_version: 2.18.2

services/traefik/config/traefik.yaml

@@ -77,8 +77,7 @@ certificatesResolvers:
       caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
       email: "kacper@kadet.net"
       storage: "/etc/traefik/acme/lets-encrypt.json"
-      dnsChallenge: 
-        provider: ovh
+      tlsChallenge: {}
   lets-encrypt-tls:
     acme:
       caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"

services/traefik/stack.yml

@@ -2,12 +2,18 @@ version: "{{ compose_version }}"
 
 services:
   ingress:
-    image: traefik:v2.8
+    image: traefik:v2.10
     env_file:
       - ./ovh.env
     ports:
-      - 80:80
-      - 443:443
+      - target: 80
+        published: 80
+        protocol: tcp
+        mode: host
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
     volumes:
       - ./config/acme:/etc/traefik/acme
       - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro
@@ -17,4 +23,4 @@ services:
       placement:
         constraints:
           - node.role == manager
-    networks: ['{{ ingress_network }}']
+    networks: ["{{ ingress_network }}"]

services/wipe/stack.yml

@@ -13,7 +13,7 @@ services:
         order: start-first
       labels:
         - traefik.enable=true
-        - traefik.http.routers.{{ service }}.rule={{ wipe_rule }}
+        - traefik.http.routers.{{ service }}.rule={{ traefik_routing_rule }}
         - traefik.http.routers.{{ service }}.priority=100
         - traefik.http.routers.{{ service }}.tls=true
         - traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt-tls

services/wipe/vars/main.yml

@@ -1,7 +1,8 @@
 ---
+traefik_routing_rule: "Host(`{{ wipe_host }}`)"
+
 wipe_host: https://wipe.kadet.net
 wipe_version: latest
-wipe_rule: "Host(`{{ wipe_host }}`)"
 wipe_database:
   name: wipe
   user: wipe

vars/services.yml

@@ -20,27 +20,27 @@ service_config:
     ovh_endpoint: ovh-eu
     ovh_application_key: !vault |
       $ANSIBLE_VAULT;1.1;AES256
-      36316437333734643766303734613564306539363531323832623032343233303739303135633563
-      3263613130636262386463323836353238656164306462660a616533366165313437636331303766
-      33383963393464313032303336343761306436316163346630306262363762613831373838663837
-      6363373339316534640a333766373162343864613730376563303361656138323262306339613530
-      34653466333161353433326632323731306565643930383962653233346162343362
+      30373131373061356637613064356462383064343336633335663830666330363763666631303962
+      3739306161336635326133623864623737303836656166380a633332376335623234353739373939
+      36646538333139323365386434666664333161396461636130336338373337393163653439316364
+      3362396431373838380a636334306362333139623731343061633636393335346563303330656230
+      37613366613338643065356234306333393134323866363132616532643136313734
     ovh_application_secret: !vault |
       $ANSIBLE_VAULT;1.1;AES256
-      37363635656333343863393435343031306630373038663561303038383136616138363538333636
-      6438353634323266356233633034613263653435386262300a393962656564366432643932373264
-      36656161353730376636646233363662376636383461656434306339646339643865626162646435
-      3835623031326137320a653962383531663532663436316264313035356237623466663262643735
-      66646465646531643638653165316531336430356266393631353439633236323733656463643935
-      6436623435613135313862643962663362656539363165303037
+      63613637353337636239326538623466623133353137323261656434393734616430656236313563
+      6635343434303037623233373930646531373038636437610a623763393363336163353834626334
+      65313064626162623138303436383639363261323235356531366562336132353831323133623232
+      3564386138353734340a656166616566623833383530363831346433623032383266306436316637
+      36613436626463613635373437333836646163626663653134326632356430646230663732323962
+      6537636439303866636636303961376138343536333466303736
     ovh_consumer_key: !vault |
       $ANSIBLE_VAULT;1.1;AES256
-      64356531386663353164303762396664393031323864363362346336346166353933336334303563
-      6135386139616638396136336534656562643061653630650a366365653234643439323537663766
-      31643864353032303237633933326334626161646336346532386566333465333230383639313664
-      3531383466316437390a393130303136356262363231643063373763303265393563326565633965
-      39303464363636366638373065363535353161613334373530623062376333373234666161323731
-      3764613331316433653335376337356464313137336563643834
+      39323462633866363837323161313133383438316338303937316335333736366337316636353562
+      3162653032646365363863363835393964326262356531350a616264663663383164613162396237
+      31663662363064623566313530396533633931303635396335633533346662373663353230343038
+      6136356234336235370a646666363933616233643737626264656438333030653433303336326230
+      34303333393266646430663239623962306261343062643935616139366132666133656265643434
+      3932356533663161616332626135613461373432373766333730
 
     traefik_token: !vault |
       $ANSIBLE_VAULT;1.1;AES256
@@ -108,7 +108,8 @@ service_config:
       62643132313336356365313465353263626565616434633963343764653330316566613633633638
       623838613832393239343036396439383561
   wipe:
-    wipe_rule: Host(`wipe.kadet.net`, `wipozaekranem.pl`)
+    traefik_routing_rule: Host(`wipe.kadet.net`, `wipozaekranem.pl`)
+
     wipe_version: "2023.1.6"
     wipe_mail:
       host: email-smtp.eu-north-1.amazonaws.com
@@ -158,17 +159,38 @@ service_config:
       62643132313336356365313465353263626565616434633963343764653330316566613633633638
       623838613832393239343036396439383561
   cojedzie:
-    cojedzie_version: "2022.3.1"
+    cojedzie_version: "2023.1.5"
     cojedzie_gtm: GTM-TQNX386
+
     cojedzie_database:
       name: cojedzie
       user: cojedzie
       password: "{{ mysql_user_passwords['cojedzie'] }}"
   cojedzie-next:
+    template: cojedzie
+
+    cojedzie_version: next
+    cojedzie_domain: next.cojedzie.pl
+    cojedzie_image_base: registry.kadet.net/cojedzie
+
+    cojedzie_maptiler: 1gwEkcI3lbNcEb0MOoOu
+    cojedzie_mercure_jwt_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      63343966303066626336623630636330363437646133393865303933613337336362343638363862
+      6438346633663334626136353033663536633937623239660a303032306564323462626638616534
+      39373765623739623134336332326537613338353936376434353263616630393062613365613638
+      3739383365353837310a613931333264386365663730646163383639383563313066643438326465
+      30633666343736323539326133626664356462356466323366633738613436636535353963663536
+      3837383838613130646365633232613530303863393866613830
+
     cojedzie_database:
       name: cojedzie-next
       user: cojedzie-next
       password: "{{ mysql_user_passwords['cojedzie-next'] }}"
+
+    sentry_environment: next
+    sentry_sample_rate_front: 0.01
+    sentry_sample_rate_api: 0.01
   registry:
     registry_users:
       - "{{ swarm_registry_user }}"