fix: template updates and code fixes

This commit comes after provisioning the development environment.

Changes:

- templates: template the container name.
- mage: update the deploy target to deploy to specific environments.
- compose: fix network ref.
- traefik: merge all dynamic templates into one file.
- woodpecker(dockerfile): remove commands to copy entrypoint to the
  docker container since the entrypoint has been removed.
- traefik: add support for using existing TLS certificates.
This commit is contained in:
Dan Anglin 2023-08-28 03:51:29 +01:00
parent a51db2d523
commit dd339eb3d6
Signed by: dananglin
GPG key ID: 0C1D44CFBEE68638
11 changed files with 126 additions and 118 deletions

2
config

@ -1 +1 @@
Subproject commit 4d9d8e21385c3c9fe481930ab157724f8d5d0dcc
Subproject commit 1282396d8afa236111beb8bc76c36efda33fe8d8

View file

@ -10,14 +10,14 @@ import (
)
type config struct {
RootDomain string `json:"rootDomain"`
FlowGID int32 `json:"flowGID"`
Docker dockerConfig `json:"docker"`
Traefik traefikConfig `json:"traefik"`
Forgejo forgejoConfig `json:"forgejo"`
GoToSocial gotosocialConfig `json:"gotosocial"`
Woodpecker woodpeckerConfig `json:"woodpecker"`
Landing landingConfig `json:"landing"`
RootDomain string `json:"rootDomain"`
FlowGID int32 `json:"flowGID"`
Docker dockerConfig `json:"docker"`
Traefik traefikConfig `json:"traefik"`
Forgejo forgejoConfig `json:"forgejo"`
GoToSocial gotosocialConfig `json:"gotosocial"`
Woodpecker woodpeckerConfig `json:"woodpecker"`
Landing landingConfig `json:"landing"`
}
type dockerConfig struct {
@ -31,24 +31,27 @@ type dockerNetworkConfig struct {
}
type traefikConfig struct {
Version string `json:"version"`
CheckNewVersion bool `json:"checkNewVersion"`
ExternalSSHPort int32 `json:"externalSSHPort"`
LogLevel string `json:"logLevel"`
SendAnonymousUsage bool `json:"sendAnonymousUsage"`
ContainerIpv4Address string `json:"containerIpv4Address"`
AcmeEmail string `json:"acmeEmail"`
SharedMountPoint string `json:"sharedMountPoint"`
TlsHostDirectory string `json:"tlsHostDirectory"`
TlsContainerDirectory string `json:"tlsContainerDirectory"`
StaticConfigDirectory string `json:"staticConfigDirectory"`
DynamicConfigDirectory string `json:"dynamicConfigDirectory"`
Version string `json:"version"`
CheckNewVersion bool `json:"checkNewVersion"`
ExternalSSHPort int32 `json:"externalSSHPort"`
LogLevel string `json:"logLevel"`
SendAnonymousUsage bool `json:"sendAnonymousUsage"`
ContainerName string `json:"containerName"`
ContainerIpv4Address string `json:"containerIpv4Address"`
GenerateAcmeCertificates bool `json:"generateAcmeCertificates"`
AcmeEmail string `json:"acmeEmail"`
SharedMountPoint string `json:"sharedMountPoint"`
TlsHostDirectory string `json:"tlsHostDirectory"`
TlsContainerDirectory string `json:"tlsContainerDirectory"`
StaticConfigDirectory string `json:"staticConfigDirectory"`
DynamicConfigDirectory string `json:"dynamicConfigDirectory"`
}
type forgejoConfig struct {
Version string `json:"version"`
Name string `json:"name"`
Subdomain string `json:"subdomain"`
ContainerName string `json:"containerName"`
ContainerIpv4Address string `json:"containerIpv4Address"`
SshPort int32 `json:"sshPort"`
HttpPort int32 `json:"httpPort"`
@ -79,6 +82,7 @@ type gotosocialConfig struct {
LogLevel string `json:"logLevel"`
LinuxUID int32 `json:"linuxUID"`
Subdomain string `json:"subdomain"`
ContainerName string `json:"containerName"`
ContainerIpv4Address string `json:"containerIpv4Address"`
Port int32 `json:"port"`
DataHostDirectory string `json:"dataHostDirectory"`
@ -96,6 +100,7 @@ type woodpeckerConfig struct {
LinuxUID int32 `json:"linuxUID"`
Subdomain string `json:"subdomain"`
GrpcSubdomain string `json:"grpcSubdomain"`
ContainerName string `json:"containerName"`
ContainerIpv4Address string `json:"containerIpv4Address"`
HttpPort int32 `json:"httpPort"`
GrpcPort int32 `json:"grpcPort"`
@ -110,6 +115,7 @@ type woodpeckerConfig struct {
type landingConfig struct {
Version string `json:"version"`
ContainerName string `json:"containerName"`
ContainerIpv4Address string `json:"containerIpv4Address"`
Services []landingConfigLinks `json:"services"`
Profiles []landingConfigLinks `json:"profiles"`

View file

@ -15,7 +15,7 @@ func Deploy(environment, name string) error {
os.Setenv("MAGEFILE_VERBOSE", "true")
mg.Deps(
mg.F(Prepare, name),
mg.F(Prepare, environment, name),
)
cfg, err := newConfig(environment)

View file

@ -22,12 +22,12 @@ networks:
services:
# -- Traffic flow --
traefik:
container_name: "traffic-flow"
container_name: "{{ .Traefik.ContainerName }}"
image: "localhost/flow/traefik:{{ .Traefik.Version }}"
build:
context: "../traefik"
networks:
{{ .Docker.Network.Name }}:
flow:
ipv4_address: "{{ .Traefik.ContainerIpv4Address }}"
ports:
- target: 80
@ -51,7 +51,7 @@ services:
target: "{{ .Traefik.TlsContainerDirectory }}"
# -- Code flow --
forgejo:
container_name: "code-flow"
container_name: "{{ .Forgejo.ContainerName }}"
image: "localhost/flow/forgejo:{{ .Forgejo.Version }}"
build:
context: "../forgejo"
@ -59,7 +59,7 @@ services:
- "{{ .Forgejo.SshPort }}"
- "{{ .Forgejo.HttpPort }}"
networks:
{{ .Docker.Network.Name }}:
flow:
ipv4_address: "{{ .Forgejo.ContainerIpv4Address }}"
restart: "always"
volumes:
@ -70,7 +70,7 @@ services:
target: "{{ .Forgejo.DataContainerDirectory }}"
# -- Free Flow --
gotosocial:
container_name: "free-flow"
container_name: "{{ .GoToSocial.ContainerName }}"
image: "localhost/flow/gotosocial:{{ .GoToSocial.Version }}"
build:
context: "../gotosocial"
@ -79,7 +79,7 @@ services:
expose:
- "{{ .GoToSocial.Port }}"
networks:
{{ .Docker.Network.Name }}:
flow:
ipv4_address: "{{ .GoToSocial.ContainerIpv4Address }}"
restart: "always"
volumes:
@ -90,7 +90,7 @@ services:
target: "{{ .GoToSocial.DataContainerDirectory }}"
# -- Work Flow --
woodpecker:
container_name: "work-flow"
container_name: "{{ .Woodpecker.ContainerName }}"
image: "localhost/flow/woodpecker:{{ .Woodpecker.Version }}"
build:
context: "../woodpecker"
@ -114,7 +114,7 @@ services:
- "{{ .Woodpecker.HttpPort }}"
- "{{ .Woodpecker.GrpcPort }}"
networks:
{{ .Docker.Network.Name }}:
flow:
ipv4_address: "{{ .Woodpecker.ContainerIpv4Address }}"
restart: "always"
volumes:
@ -125,7 +125,7 @@ services:
target: "{{ .Woodpecker.DataContainerDirectory }}"
# -- Landing Page --
landing:
container_name: "landing-page"
container_name: "{{ .Landing.ContainerName }}"
command:
- --address={{ .Landing.ContainerIpv4Address }}:{{ .Landing.Port }}
{{ range .Landing.Services -}}
@ -138,7 +138,7 @@ services:
expose:
- "{{ .Landing.Port }}"
networks:
{{ .Docker.Network.Name }}:
flow:
ipv4_address: "{{ .Landing.ContainerIpv4Address }}"
restart: "always"
volumes:

View file

@ -0,0 +1,86 @@
{{- define "tlsSetup" -}}
{{- if .Traefik.GenerateAcmeCertificates }}
tls:
certResolver: resolver
{{- else }}
tls: {}
{{- end }}
{{- end -}}
---
http:
routers:
forgejo:
entryPoints:
- "https"
rule: "Host(`{{ .Forgejo.Subdomain }}.{{ .RootDomain }}`)"
service: "forgejo"
{{- template "tlsSetup" }}
gotosocial:
entryPoints:
- "https"
rule: "Host(`{{ .GoToSocial.Subdomain }}.{{ .RootDomain }}`)"
service: "gotosocial"
{{- template "tlsSetup" }}
landing:
entryPoints:
- "https"
rule: "Host(`{{ .RootDomain }}`)"
service: "landing"
{{- template "tlsSetup" }}
woodpecker:
entryPoints:
- "https"
rule: "Host(`{{ .Woodpecker.Subdomain }}.{{ .RootDomain }}`)"
service: "woodpecker"
{{- template "tlsSetup" }}
woodpecker-grpc:
entryPoints:
- "https"
rule: "Host(`{{ .Woodpecker.GrpcSubdomain }}.{{ .RootDomain }}`)"
service: "woodpecker-grpc"
{{- template "tlsSetup" }}
services:
forgejo:
loadBalancer:
servers:
- url: "http://{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.HttpPort }}/"
gotosocial:
loadBalancer:
servers:
- url: "http://{{ .GoToSocial.ContainerIpv4Address }}:{{ .GoToSocial.Port }}/"
landing:
loadBalancer:
servers:
- url: "http://{{ .Landing.ContainerIpv4Address }}:{{ .Landing.Port }}/"
woodpecker:
loadBalancer:
servers:
- url: "http://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.HttpPort }}/"
woodpecker-grpc:
loadBalancer:
servers:
- url: "h2c://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.GrpcPort }}/"
tcp:
routers:
gitSSH:
entryPoints:
- "gitSSH"
rule: "HostSNI(`*`)"
service: "gitSSH"
services:
gitSSH:
loadBalancer:
servers:
- address: "{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.SshPort }}"
{{- if not .Traefik.GenerateAcmeCertificates }}
tls:
stores:
default:
defaultCertificate:
certFile: {{ .Traefik.TlsContainerDirectory }}/traefik.crt
keyFile: {{ .Traefik.TlsContainerDirectory }}/traefik.key
{{- end }}

View file

@ -1,28 +0,0 @@
---
http:
routers:
gitea:
entryPoints:
- "https"
rule: "Host(`{{ .Forgejo.Subdomain }}.{{ .RootDomain }}`)"
service: "git"
tls:
certResolver: resolver
services:
git:
loadBalancer:
servers:
- url: "http://{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.HttpPort }}/"
tcp:
routers:
gitSSH:
entryPoints:
- "gitSSH"
rule: "HostSNI(`*`)"
service: "gitSSH"
services:
gitSSH:
loadBalancer:
servers:
- address: "{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.SshPort }}"

View file

@ -1,15 +0,0 @@
---
http:
routers:
gotosocial:
entryPoints:
- "https"
rule: "Host(`{{ .GoToSocial.Subdomain }}.{{ .RootDomain }}`)"
service: "gotosocial"
tls:
certResolver: resolver
services:
gotosocial:
loadBalancer:
servers:
- url: "http://{{ .GoToSocial.ContainerIpv4Address }}:{{ .GoToSocial.Port }}/"

View file

@ -1,15 +0,0 @@
---
http:
routers:
landing-page:
entryPoints:
- "https"
rule: "Host(`{{ .RootDomain }}`)"
service: landing-page
tls:
certResolver: resolver
services:
landing-page:
loadBalancer:
servers:
- url: "http://{{ .Landing.ContainerIpv4Address }}:{{ .Landing.Port }}"

View file

@ -1,26 +0,0 @@
---
http:
routers:
woodpecker:
entryPoints:
- "https"
rule: "Host(`{{ .Woodpecker.Subdomain }}.{{ .RootDomain }}`)"
service: "woodpecker"
tls:
certResolver: resolver
woodpecker-grpc:
entryPoints:
- "https"
rule: "Host(`{{ .Woodpecker.GrpcSubdomain }}.{{ .RootDomain }}`)"
service: "woodpecker-grpc"
tls:
certResolver: resolver
services:
woodpecker:
loadBalancer:
servers:
- url: "http://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.HttpPort }}/"
woodpecker-grpc:
loadBalancer:
servers:
- url: "h2c://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.GrpcPort }}"

View file

@ -23,6 +23,7 @@ providers:
file:
watch: true
directory: "{{ .Traefik.DynamicConfigDirectory }}"
{{- if .Traefik.GenerateAcmeCertificates }}
certificatesResolvers:
resolver:
acme:
@ -30,5 +31,6 @@ certificatesResolvers:
storage: "{{ .Traefik.TlsContainerDirectory }}/acme.json"
keyType: "RSA4096"
tlsChallenge: {}
{{- end }}
log:
level: "{{ .Traefik.LogLevel }}"

View file

@ -14,8 +14,6 @@ RUN --mount=type=bind,source=.,target=/packages \
&& chmod 0700 {{ .Woodpecker.DataContainerDirectory }} /flow/woodpecker/tmp \
&& tar xzvf /packages/woodpecker-server-{{ .Woodpecker.Version }}_linux_amd64.tar.gz \
&& mv /tmp/woodpecker-server /usr/local/bin/woodpecker-server \
&& cp /packages/entrypoint.sh /usr/local/bin/entrypoint \
&& chmod a+x /usr/local/bin/entrypoint \
&& rm -rf /tmp/*
ENV GODEBUG=netdns=go