wip
This commit is contained in:
parent
2536b67d4a
commit
66193db1b6
|
@ -24,3 +24,8 @@ EMAIL_BACKEND=console
|
|||
|
||||
SITE_URL=https://${DOMAIN}
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_KEY_VERSION=v1
|
||||
SECRET_MAXMIND_LICENSE_KEY_VERSION=v1
|
||||
SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
|
|
2
abra.sh
2
abra.sh
|
@ -1,2 +1,2 @@
|
|||
export NGINX_CONFIG_VERSION=v1
|
||||
export POSTGRES_ENTRYPOINT_VERSION=v1
|
||||
export GEOIP_CONFIG_VERSION=v1
|
||||
|
|
93
compose.yml
93
compose.yml
|
@ -2,16 +2,17 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
web:
|
||||
image: "vlafvlaf/karrot_frontend:0.1.0"
|
||||
image: "ghcr.io/karrot-dev/karrot-docker-images:0.1.1-frontend"
|
||||
configs:
|
||||
- source: nginx_config
|
||||
target: /etc/nginx/conf.d/default.conf
|
||||
depends_on:
|
||||
- app
|
||||
app:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
- DOMAIN
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost/api/bootstrap"]
|
||||
test: ["CMD", "curl", "-f", "http://localhost/api/config/"]
|
||||
interval: 15s
|
||||
timeout: 3s
|
||||
retries: 2
|
||||
|
@ -33,23 +34,32 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
|
||||
app:
|
||||
image: "vlafvlaf/karrot_backend:0.1.0"
|
||||
image: "ghcr.io/karrot-dev/karrot-docker-images:0.1.1-backend"
|
||||
networks:
|
||||
- internal
|
||||
depends_on:
|
||||
- db
|
||||
db:
|
||||
condition: service_started
|
||||
- redis
|
||||
configs:
|
||||
- source: geoip_conf
|
||||
target: /etc/GeoIP.conf
|
||||
mode: 0555
|
||||
secrets:
|
||||
- db_password
|
||||
- secret_key
|
||||
- maxmind_license_key
|
||||
- smtp_password
|
||||
volumes:
|
||||
- "shiv_data:/root/.shiv"
|
||||
- "geoip_data:/var/lib/GeoIP"
|
||||
- "app_data:/app/uploads"
|
||||
environment:
|
||||
- MAXMIND_ACCOUNT_ID
|
||||
- MAXMIND_LICENSE_KEY
|
||||
- EMAIL_BACKEND
|
||||
- EMAIL_FROM
|
||||
- SMTP_USER
|
||||
- SMTP_PASSWORD
|
||||
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
|
||||
- SMTP_HOST
|
||||
- SMTP_USE_SLL
|
||||
- SMTP_USE_TLS
|
||||
|
@ -59,62 +69,68 @@ services:
|
|||
- SITE_LOGO
|
||||
- LISTEN_HOST=0.0.0.0
|
||||
- LISTEN_SERVER=uvicorn
|
||||
- SECRET_KEY=foobar
|
||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- DATABASE_HOST=db
|
||||
- DATABASE_PORT=5432
|
||||
- DATABASE_NAME=karrot
|
||||
- DATABASE_USER=karrot
|
||||
- DATABASE_PASSWORD=karrot
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- REDIS_HOST=redis
|
||||
- REDIS_PORT=6379
|
||||
- REDIS_DB=0
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8000/api/"]
|
||||
interval: 15s
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8000/api/config/"]
|
||||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 2
|
||||
retries: 3
|
||||
start_period: 45s
|
||||
deploy:
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=0.1.0+0.1.0"
|
||||
command: >
|
||||
sh -c "
|
||||
echo 'EditionIDs GeoLite2-City GeoLite2-Country' > /etc/GeoIP.conf &&
|
||||
echo AccountID $${MAXMIND_ACCOUNT_ID} >> /etc/GeoIP.conf &&
|
||||
echo LicenseKey $${MAXMIND_LICENSE_KEY} >> /etc/GeoIP.conf &&
|
||||
echo 'Updating geoip data, first time could be slow...' &&
|
||||
geoipupdate &&
|
||||
pip install tzdata &&
|
||||
python karrot-backend.pyz migrate &&
|
||||
python karrot-backend.pyz server
|
||||
"
|
||||
worker:
|
||||
image: "vlafvlaf/karrot_backend:0.1.0"
|
||||
image: "ghcr.io/karrot-dev/karrot-docker-images:0.1.1-backend"
|
||||
depends_on:
|
||||
# shiv + geoip data gets loaded on the first run of the app
|
||||
# so to ensure it's available in the worker too, we need to wait
|
||||
- app
|
||||
app:
|
||||
condition: service_healthy
|
||||
volumes:
|
||||
- "shiv_data:/root/.shiv"
|
||||
- "geoip_data:/var/lib/GeoIP"
|
||||
networks:
|
||||
- internal
|
||||
secrets:
|
||||
- db_password
|
||||
- secret_key
|
||||
- smtp_password
|
||||
environment:
|
||||
- SITE_URL
|
||||
- SMTP_USER
|
||||
- SMTP_HOST
|
||||
- SMTP_USE_SLL
|
||||
- SMTP_USE_TLS
|
||||
- SMTP_PORT
|
||||
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
|
||||
- LISTEN_HOST=0.0.0.0
|
||||
- LISTEN_SERVER=uvicorn
|
||||
- SECRET_KEY=foobar
|
||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- DATABASE_HOST=db
|
||||
- DATABASE_PORT=5432
|
||||
- DATABASE_NAME=karrot
|
||||
- DATABASE_USER=karrot
|
||||
- DATABASE_PASSWORD=karrot
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- REDIS_HOST=redis
|
||||
- REDIS_PORT=6379
|
||||
- REDIS_DB=0
|
||||
command:
|
||||
sh -c "
|
||||
pip install tzdata &&
|
||||
python karrot-backend.pyz worker"
|
||||
|
||||
redis:
|
||||
|
@ -137,33 +153,41 @@ services:
|
|||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 30
|
||||
configs:
|
||||
- source: postgres_extensions
|
||||
target: /docker-entrypoint-initdb.d/extensions.sql
|
||||
mode: 0555
|
||||
secrets:
|
||||
- db_password
|
||||
volumes:
|
||||
- "postgres_data:/var/lib/postgresql/data"
|
||||
networks:
|
||||
- internal
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=karrot
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_USER=karrot
|
||||
- POSTGRES_DB=karrot
|
||||
|
||||
|
||||
#secrets:
|
||||
# db_password:
|
||||
# external: true
|
||||
# name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
|
||||
configs:
|
||||
nginx_config:
|
||||
name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
|
||||
file: nginx.conf.tmpl
|
||||
template_driver: golang
|
||||
postgres_extensions:
|
||||
name: ${STACK_NAME}_postgres_extensions_${POSTGRES_ENTRYPOINT_VERSION}
|
||||
file: pg_extensions.sql
|
||||
geoip_conf:
|
||||
name: ${STACK_NAME}_geoip_conf_${GEOIP_CONFIG_VERSION}
|
||||
file: geoip.conf.tmpl
|
||||
template_driver: golang
|
||||
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
secret_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_secret_key_${SECRET_KEY_VERSION}
|
||||
maxmind_license_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_maxmind_license_key_${SECRET_MAXMIND_LICENSE_KEY_VERSION}
|
||||
smtp_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||
|
||||
volumes:
|
||||
shiv_data:
|
||||
|
@ -171,6 +195,7 @@ volumes:
|
|||
app_data:
|
||||
postgres_data:
|
||||
redis_data:
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_env DATABASE_PASSWORD
|
||||
file_env SECRET_KEY
|
||||
file_env SMTP_PASSWORD
|
||||
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
EditionIDs GeoLite2-City GeoLite2-Country
|
||||
AccountID {{ env "MAXMIND_ACCOUNT_ID" }}
|
||||
LicenseKey {{ secret "maxmind_license_key" }}
|
Loading…
Reference in New Issue