From dcdc7560f72a98919afe0cad3f707bcc53c8d72d Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Fri, 2 Oct 2020 14:15:51 +0200
Subject: [PATCH] =?UTF-8?q?Working!=20=F0=9F=A5=B3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .drone.yml    | 10 +++++---
 .envrc.sample | 13 ++++++++---
 README.md     | 11 ++++++---
 compose.yml   | 63 +++++++++++++++++++++++++++++++++++++++++++--------
 4 files changed, 79 insertions(+), 18 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 9b8c453..3e7c7c7 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -6,14 +6,18 @@ steps:
     image: decentral1se/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
-      stack: adapt_authoring
+      stack: adaptauthoring
       purge: true
       deploy_key:
         from_secret: drone_ssh_swarm_test
     environment:
-      DOMAIN: adapt-authoring.swarm-test.autonomic.zone
-      STACK_NAME: adapt_authoring
+      DOMAIN: adaptauthoring.swarm-test.autonomic.zone
+      STACK_NAME: adaptauthoring
       LETS_ENCRYPT_ENV: production
+      ADMIN_EMAIL: adapt@example.com
+      FROM_EMAIL: adapt@example.com
+      SESSION_KEY_VERSION: v1
+      ADMIN_PASSWORD_VERSION: v1
 trigger:
   branch:
     - main
diff --git a/.envrc.sample b/.envrc.sample
index 1c276c1..147781e 100644
--- a/.envrc.sample
+++ b/.envrc.sample
@@ -1,4 +1,11 @@
-export SERVICE=adapt-authoring
-export DOMAIN=adapt-authoring.example.com
-export STACK_NAME=adapt_authoring
+export SERVICE=adaptauthoring
+export STACK_NAME=adaptauthoring
+
+export DOMAIN=adapt.example.com
 export LETS_ENCRYPT_ENV=production
+
+export ADMIN_EMAIL=adapt@example.com
+export FROM_EMAIL=adapt@${DOMAIN}
+
+export SESSION_KEY_VERSION=v1
+export ADMIN_PASSWORD_VERSION=v1
diff --git a/README.md b/README.md
index a3a6ad1..8d951fa 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Adapt_authoring
+# Adapt Authoring Tool
 
 User interface for authoring eLearning courses using the Adapt framework • https://github.com/adaptlearning/adapt_authoring
 
@@ -10,8 +10,13 @@ User interface for authoring eLearning courses using the Adapt framework • htt
 3. `cp .envrc.sample .envrc`
 4. Edit `.envrc` - be sure to change `DOMAIN` to something that resolves to
    your Docker swarm box
-5. `direnv allow` (or `. .envrc`)
-6. `abra deploy`
+5. Generate secrets:
+   ```
+   abra secret_generate admin_password v1
+   abra secret_generate secret_key v1
+   ```
+6. `direnv allow` (or `. .envrc`)
+7. `abra deploy`
 
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
 [`compose-stacks/traefik`]: https://git.autonomic.zone/compose-stacks/traefik
diff --git a/compose.yml b/compose.yml
index 81fcc49..d033559 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,27 +3,72 @@ version: "3.8"
 
 services:
   app:
-    image: nginx:1.19.2
+    image: 3wordchant/adaptauthoring:0.10.4
+    #entrypoint: ['tail', '-f', '/dev/null']
     networks:
       - proxy
+      - internal
+    environment:
+      - PORT=5000
+      - DOMAIN
+      - DB_HOST=db
+      - DB_NAME=adapt
+      - DB_USER=adapt
+      #- DB_PASSWORD_FILE=/var/run/secrets/db_password
+      - SESSION_KEY_FILE=/var/run/secrets/session_key
+      - ADMIN_EMAIL
+      - ADMIN_PASSWORD_FILE=/var/run/secrets/admin_password
+      - FROM_EMAIL
+    depends_on:
+      - db
+    volumes:
+      - app:/adapt_authoring
+    secrets:
+      #- db_password
+      - session_key
+      - admin_password
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:5000"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 5m
     deploy:
       restart_policy:
         condition: on-failure
       labels:
         - "traefik.enable=true"
         - "traefik.docker.network=proxy"
-        - "traefik.http.routers.${STACK_NAME}.tls=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=5000"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+
+  db:
+    image: mongo:3.6
+    volumes:
+     - db:/data/db
+    networks:
+      - internal
+    labels:
+      - "traefik.enable=false"
 
 networks:
   proxy:
     external: true
+  internal:
+
+volumes:
+  app:
+  db:
+
+secrets:
+  session_key:    
+    external: true 
+    name: ${STACK_NAME}_session_key_${SESSION_KEY_VERSION}
+  admin_password:    
+    external: true 
+    name: ${STACK_NAME}_admin_password_${ADMIN_PASSWORD_VERSION}