coop-cloud/karrot
coop-cloud
/
karrot
0
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

wip

This commit is contained in:
knoflook 2023-10-19 14:41:56 +02:00
parent 2536b67d4a
commit 66193db1b6
5 changed files with 99 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.env.sample
View File

@ -24,3 +24,8 @@ EMAIL_BACKEND=console
SITE_URL=https://${DOMAIN}
LETS_ENCRYPT_ENV=production
SECRET_DB_PASSWORD_VERSION=v1
SECRET_KEY_VERSION=v1
SECRET_MAXMIND_LICENSE_KEY_VERSION=v1
SECRET_SMTP_PASSWORD_VERSION=v1

2
abra.sh
View File

@ -1,2 +1,2 @@
export NGINX_CONFIG_VERSION=v1
export POSTGRES_ENTRYPOINT_VERSION=v1
export GEOIP_CONFIG_VERSION=v1

93
compose.yml
View File

@ -2,16 +2,17 @@ version: "3.8"
services:
web:
image: "vlafvlaf/karrot_frontend:0.1.0"
image: "ghcr.io/karrot-dev/karrot-docker-images:0.1.1-frontend"
configs:
- source: nginx_config
target: /etc/nginx/conf.d/default.conf
depends_on:
- app
app:
condition: service_healthy
environment:
- DOMAIN
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/api/bootstrap"]
test: ["CMD", "curl", "-f", "http://localhost/api/config/"]
interval: 15s
timeout: 3s
retries: 2
@ -33,23 +34,32 @@ services:
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
app:
image: "vlafvlaf/karrot_backend:0.1.0"
image: "ghcr.io/karrot-dev/karrot-docker-images:0.1.1-backend"
networks:
- internal
depends_on:
- db
db:
condition: service_started
- redis
configs:
- source: geoip_conf
target: /etc/GeoIP.conf
mode: 0555
secrets:
- db_password
- secret_key
- maxmind_license_key
- smtp_password
volumes:
- "shiv_data:/root/.shiv"
- "geoip_data:/var/lib/GeoIP"
- "app_data:/app/uploads"
environment:
- MAXMIND_ACCOUNT_ID
- MAXMIND_LICENSE_KEY
- EMAIL_BACKEND
- EMAIL_FROM
- SMTP_USER
- SMTP_PASSWORD
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
- SMTP_HOST
- SMTP_USE_SLL
- SMTP_USE_TLS
@ -59,62 +69,68 @@ services:
- SITE_LOGO
- LISTEN_HOST=0.0.0.0
- LISTEN_SERVER=uvicorn
- SECRET_KEY=foobar
- SECRET_KEY_FILE=/run/secrets/secret_key
- DATABASE_HOST=db
- DATABASE_PORT=5432
- DATABASE_NAME=karrot
- DATABASE_USER=karrot
- DATABASE_PASSWORD=karrot
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
- REDIS_HOST=redis
- REDIS_PORT=6379
- REDIS_DB=0
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/"]
interval: 15s
test: ["CMD", "curl", "-f", "http://localhost:8000/api/config/"]
interval: 10s
timeout: 3s
retries: 2
retries: 3
start_period: 45s
deploy:
labels:
- "coop-cloud.${STACK_NAME}.version=0.1.0+0.1.0"
command: >
sh -c "
echo 'EditionIDs GeoLite2-City GeoLite2-Country' > /etc/GeoIP.conf &&
echo AccountID $${MAXMIND_ACCOUNT_ID} >> /etc/GeoIP.conf &&
echo LicenseKey $${MAXMIND_LICENSE_KEY} >> /etc/GeoIP.conf &&
echo 'Updating geoip data, first time could be slow...' &&
geoipupdate &&
pip install tzdata &&
python karrot-backend.pyz migrate &&
python karrot-backend.pyz server
"
worker:
image: "vlafvlaf/karrot_backend:0.1.0"
image: "ghcr.io/karrot-dev/karrot-docker-images:0.1.1-backend"
depends_on:
# shiv + geoip data gets loaded on the first run of the app
# so to ensure it's available in the worker too, we need to wait
- app
app:
condition: service_healthy
volumes:
- "shiv_data:/root/.shiv"
- "geoip_data:/var/lib/GeoIP"
networks:
- internal
secrets:
- db_password
- secret_key
- smtp_password
environment:
- SITE_URL
- SMTP_USER
- SMTP_HOST
- SMTP_USE_SLL
- SMTP_USE_TLS
- SMTP_PORT
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
- LISTEN_HOST=0.0.0.0
- LISTEN_SERVER=uvicorn
- SECRET_KEY=foobar
- SECRET_KEY_FILE=/run/secrets/secret_key
- DATABASE_HOST=db
- DATABASE_PORT=5432
- DATABASE_NAME=karrot
- DATABASE_USER=karrot
- DATABASE_PASSWORD=karrot
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
- REDIS_HOST=redis
- REDIS_PORT=6379
- REDIS_DB=0
command:
sh -c "
pip install tzdata &&
python karrot-backend.pyz worker"
redis:
@ -137,33 +153,41 @@ services:
interval: 10s
timeout: 3s
retries: 30
configs:
- source: postgres_extensions
target: /docker-entrypoint-initdb.d/extensions.sql
mode: 0555
secrets:
- db_password
volumes:
- "postgres_data:/var/lib/postgresql/data"
networks:
- internal
environment:
- POSTGRES_PASSWORD=karrot
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
- POSTGRES_USER=karrot
- POSTGRES_DB=karrot
#secrets:
# db_password:
# external: true
# name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
configs:
nginx_config:
name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
file: nginx.conf.tmpl
template_driver: golang
postgres_extensions:
name: ${STACK_NAME}_postgres_extensions_${POSTGRES_ENTRYPOINT_VERSION}
file: pg_extensions.sql
geoip_conf:
name: ${STACK_NAME}_geoip_conf_${GEOIP_CONFIG_VERSION}
file: geoip.conf.tmpl
template_driver: golang
secrets:
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
secret_key:
external: true
name: ${STACK_NAME}_secret_key_${SECRET_KEY_VERSION}
maxmind_license_key:
external: true
name: ${STACK_NAME}_maxmind_license_key_${SECRET_MAXMIND_LICENSE_KEY_VERSION}
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
volumes:
shiv_data:
@ -171,6 +195,7 @@ volumes:
app_data:
postgres_data:
redis_data:
networks:
proxy:
external: true

31
entrypoint.sh Normal file
View File

@ -0,0 +1,31 @@
#!/bin/bash
set -e
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env DATABASE_PASSWORD
file_env SECRET_KEY
file_env SMTP_PASSWORD

3
geoip.conf.tmpl Normal file
View File

@ -0,0 +1,3 @@
EditionIDs GeoLite2-City GeoLite2-Country
AccountID {{ env "MAXMIND_ACCOUNT_ID" }}
LicenseKey {{ secret "maxmind_license_key" }}