registry: Add redis as cache

services/cojedzie-next/environment

@@ -0,0 +1,3 @@
+MERCURE_URL=http://mercure/.well-known/mercure
+MERCURE_PUBLIC_URL=https://{{ cojedzie_domain }}/.well-known/mercure
+MERCURE_JWT_SECRET="{{ cojedzie_mercure_publisher_jwt_key }}"

services/cojedzie-next/stack.yml

@@ -0,0 +1,108 @@
+version: '{{ compose_version }}'
+
+services:
+  api:
+    image: registry.kadet.net/cojedzie/api:next
+    networks: 
+      - "{{ ingress_network }}"
+      - default
+    volumes: 
+      - db_data:/var/db
+    environment:
+      - TRUSTED_PROXIES=10.0.0.0/8
+    env_file:
+      - ./environment
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-api.rule=Host(`{{ cojedzie_domain }}`) && PathPrefix(`/api/`)
+        - traefik.http.routers.{{ service }}-api.priority=100
+        - traefik.http.routers.{{ service }}-api.tls=true
+        - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
+
+  update-job:
+    image: registry.kadet.net/cojedzie/api:next
+    command: ["console", "app:update", "--async"]
+    networks: 
+      - default
+    volumes: 
+      - db_data:/var/db
+    env_file:
+      - ./environment
+    deploy:
+      mode: replicated
+      replicas: 0
+      labels:
+        - "swarm.cronjob.enable=true"
+        - "swarm.cronjob.schedule={{ cojedzie_update_cron }}"
+      restart_policy:
+        condition: none
+  
+  cron:
+    image: registry.kadet.net/cojedzie/cron:next
+    env_file:
+      - ./environment
+    volumes: 
+      - db_data:/var/db
+    depends_on:
+      - api
+  
+  worker:
+    image: registry.kadet.net/cojedzie/worker:next
+    env_file:
+      - ./environment
+    volumes: 
+      - db_data:/var/db
+    depends_on:
+      - api
+
+  mercure:
+    image: dunglas/mercure
+    networks: 
+      - "{{ ingress_network }}"
+      - default
+    environment:
+      SERVER_NAME: ':80'
+      USE_FORWARDED_HEADERS: 1
+      MERCURE_PUBLISHER_JWT_KEY: '{{ cojedzie_mercure_publisher_jwt_key }}'
+      MERCURE_SUBSCRIBER_JWT_KEY: '{{ cojedzie_mercure_subscriber_jwt_key }}'
+    volumes:
+      - mercure_data:/data
+      - mercure_config:/config
+    command: /usr/bin/caddy run -config /etc/caddy/Caddyfile.dev
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-mercure.rule=Host(`{{ cojedzie_domain }}`) && PathPrefix(`/.well-known/mercure`)
+        - traefik.http.routers.{{ service }}-mercure.tls=true
+        - traefik.http.routers.{{ service }}-mercure.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-mercure.loadbalancer.server.port=80
+
+  front:
+    image: registry.kadet.net/cojedzie/front:next
+    networks: 
+      - "{{ ingress_network }}"
+      - default
+    depends_on:
+      - api
+    environment:
+      - APP_GTM={{ cojedzie_gtm }}
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)
+        - traefik.http.routers.{{ service }}-front.tls=true
+        - traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000
+
+volumes:
+  db_data: ~
+  mercure_data: ~
+  mercure_config: ~

services/cojedzie-next/tasks/config.yaml

@@ -0,0 +1,7 @@
+---
+- name: 'Generate env_file for "{{ service }}"'
+  template:
+    src: "{{ service_path }}/environment"
+    dest: "{{ remote_service_path }}/environment"
+  tags:
+    - config

services/cojedzie-next/vars/main.yml

@@ -0,0 +1,20 @@
+---
+cojedzie_domain: next.cojedzie.pl
+cojedzie_update_cron: 0 0 4 * * * 
+cojedzie_gtm: ""
+cojedzie_mercure_subscriber_jwt_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30383839613764393562623137373934333530636564313633303062323661376333653136383066
+          6635653934313233346662653632356365343731396139330a663035636537646465353537646162
+          30356136613430316564346665653263383164333833383531353532316239316433306636303165
+          3931313836313133390a316562333130366435633335613066373232363439623932656532373032
+          62646432343334346165653466633634356635323038306435343932386233323164633134373964
+          6232656562626566663964643634366532393136383261333931
+cojedzie_mercure_publisher_jwt_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63343966303066626336623630636330363437646133393865303933613337336362343638363862
+          6438346633663334626136353033663536633937623239660a303032306564323462626638616534
+          39373765623739623134336332326537613338353936376434353263616630393062613365613638
+          3739383365353837310a613931333264386365663730646163383639383563313066643438326465
+          30633666343736323539326133626664356462356466323366633738613436636535353963663536
+          3837383838613130646365633232613530303863393866613830

services/gitea/stack.yml

@@ -5,7 +5,7 @@ volumes:
 
 services:
   server:
-    image: gitea/gitea:1.13.4
+    image: gitea/gitea:1.14.2
     environment:
       - USER_UID={{ git_user.uid }}
       - USER_GID={{ git_user.group }}

services/portainer/stack.yml

@@ -2,7 +2,7 @@ version: '{{ compose_version }}'
 
 services:
   agent:
-    image: portainer/agent
+    image: portainer/agent:2.5.1
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /var/lib/docker/volumes:/var/lib/docker/volumes
@@ -14,7 +14,7 @@ services:
         constraints: [node.platform.os == linux]
 
   portainer:
-    image: portainer/portainer-ce
+    image: portainer/portainer-ce:2.5.1
     command: -H tcp://tasks.agent:9001 --tlsskipverify
     volumes:
       - portainer_data:/data

services/registry/config/config.yml

@@ -1,21 +1,24 @@
 version: 0.1
+
 log:
+  level: debug
   fields:
     service: registry
+
 storage:
   cache:
-    blobdescriptor: inmemory
+    blobdescriptor: redis
   {{ registry_storage|to_nice_yaml(indent=2, width=140)|indent(2) }}
+
+redis:
+  addr: redis:6379
+
 http:
   addr: :5000
   headers:
     X-Content-Type-Options: [nosniff]
+
 auth:
   htpasswd:
-    realm: basic-realm
+    realm: Kadet's private registry
     path: /etc/docker/registry/htpasswd
-health:
-  storagedriver:
-    enabled: true
-    interval: 10s
-    threshold: 3

services/registry/stack.yml

@@ -1,6 +1,13 @@
 version: "{{ compose_version }}"
 
 services:
+  redis:
+    image: redis:latest
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+
   registry:
     image: registry:2
     secrets:

vars/services.yml

@@ -49,6 +49,15 @@ service_config:
           6330386139356263390a663366633232346637346233653261373330343864613262313465336432
           31366633323433653632366633376533343764343565653737633837383330323630313433323836
           6530363533656439663631636532363864373666343163376632
+      - name: docker-swarm
+        password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62333030343330666634643234323865303633343330333030303066363264323434656637356233
+          6165386664316536366235366336393561306139346235610a393566633363383734353933366331
+          36343364643366626230303463633164393336363736633662643536646539616235393232643930
+          3266326630393535660a393764376130343264643064613131393663333836356337613566343130
+          65353438613864373962636463613836313034633963613834393233376136313861303538346265
+          6139666332373137303962646530353364333732353339313262
     registry_storage:
       s3:
         accesskey: !vault |