From dd339eb3d66125db22334f237d32f59e749f23a5 Mon Sep 17 00:00:00 2001 From: Dan Anglin Date: Mon, 28 Aug 2023 03:51:29 +0100 Subject: [PATCH] fix: template updates and code fixes This commit comes after provisioning the development environment. Changes: - templates: template the container name. - mage: update the deploy target to deploy to specific environments. - compose: fix network ref. - traefik: merge all dynamic templates into one file. - woodpecker(dockerfile): remove commands to copy entrypoint to the docker container since the entrypoint has been removed. - traefik: add support for using existing TLS certificates. --- config | 2 +- magefiles/config.go | 46 +++++----- magefiles/deploy.go | 2 +- templates/compose/docker-compose.yaml.gotmpl | 20 ++--- templates/traefik/dynamic_config.yaml.gotmpl | 86 +++++++++++++++++++ templates/traefik/dynamic_forgejo.yaml.gotmpl | 28 ------ .../traefik/dynamic_gotosocial.yaml.gotmpl | 15 ---- .../traefik/dynamic_landing_page.yaml.gotmpl | 15 ---- .../traefik/dynamic_woodpecker.yaml.gotmpl | 26 ------ templates/traefik/traefik.yaml.gotmpl | 2 + templates/woodpecker/Dockerfile.gotmpl | 2 - 11 files changed, 126 insertions(+), 118 deletions(-) create mode 100644 templates/traefik/dynamic_config.yaml.gotmpl delete mode 100644 templates/traefik/dynamic_forgejo.yaml.gotmpl delete mode 100644 templates/traefik/dynamic_gotosocial.yaml.gotmpl delete mode 100644 templates/traefik/dynamic_landing_page.yaml.gotmpl delete mode 100644 templates/traefik/dynamic_woodpecker.yaml.gotmpl diff --git a/config b/config index 4d9d8e2..1282396 160000 --- a/config +++ b/config @@ -1 +1 @@ -Subproject commit 4d9d8e21385c3c9fe481930ab157724f8d5d0dcc +Subproject commit 1282396d8afa236111beb8bc76c36efda33fe8d8 diff --git a/magefiles/config.go b/magefiles/config.go index ccbc31a..f7f441a 100644 --- a/magefiles/config.go +++ b/magefiles/config.go @@ -10,14 +10,14 @@ import ( ) type config struct { - RootDomain string `json:"rootDomain"` - FlowGID int32 `json:"flowGID"` - Docker dockerConfig `json:"docker"` - Traefik traefikConfig `json:"traefik"` - Forgejo forgejoConfig `json:"forgejo"` - GoToSocial gotosocialConfig `json:"gotosocial"` - Woodpecker woodpeckerConfig `json:"woodpecker"` - Landing landingConfig `json:"landing"` + RootDomain string `json:"rootDomain"` + FlowGID int32 `json:"flowGID"` + Docker dockerConfig `json:"docker"` + Traefik traefikConfig `json:"traefik"` + Forgejo forgejoConfig `json:"forgejo"` + GoToSocial gotosocialConfig `json:"gotosocial"` + Woodpecker woodpeckerConfig `json:"woodpecker"` + Landing landingConfig `json:"landing"` } type dockerConfig struct { @@ -31,24 +31,27 @@ type dockerNetworkConfig struct { } type traefikConfig struct { - Version string `json:"version"` - CheckNewVersion bool `json:"checkNewVersion"` - ExternalSSHPort int32 `json:"externalSSHPort"` - LogLevel string `json:"logLevel"` - SendAnonymousUsage bool `json:"sendAnonymousUsage"` - ContainerIpv4Address string `json:"containerIpv4Address"` - AcmeEmail string `json:"acmeEmail"` - SharedMountPoint string `json:"sharedMountPoint"` - TlsHostDirectory string `json:"tlsHostDirectory"` - TlsContainerDirectory string `json:"tlsContainerDirectory"` - StaticConfigDirectory string `json:"staticConfigDirectory"` - DynamicConfigDirectory string `json:"dynamicConfigDirectory"` + Version string `json:"version"` + CheckNewVersion bool `json:"checkNewVersion"` + ExternalSSHPort int32 `json:"externalSSHPort"` + LogLevel string `json:"logLevel"` + SendAnonymousUsage bool `json:"sendAnonymousUsage"` + ContainerName string `json:"containerName"` + ContainerIpv4Address string `json:"containerIpv4Address"` + GenerateAcmeCertificates bool `json:"generateAcmeCertificates"` + AcmeEmail string `json:"acmeEmail"` + SharedMountPoint string `json:"sharedMountPoint"` + TlsHostDirectory string `json:"tlsHostDirectory"` + TlsContainerDirectory string `json:"tlsContainerDirectory"` + StaticConfigDirectory string `json:"staticConfigDirectory"` + DynamicConfigDirectory string `json:"dynamicConfigDirectory"` } type forgejoConfig struct { Version string `json:"version"` Name string `json:"name"` Subdomain string `json:"subdomain"` + ContainerName string `json:"containerName"` ContainerIpv4Address string `json:"containerIpv4Address"` SshPort int32 `json:"sshPort"` HttpPort int32 `json:"httpPort"` @@ -79,6 +82,7 @@ type gotosocialConfig struct { LogLevel string `json:"logLevel"` LinuxUID int32 `json:"linuxUID"` Subdomain string `json:"subdomain"` + ContainerName string `json:"containerName"` ContainerIpv4Address string `json:"containerIpv4Address"` Port int32 `json:"port"` DataHostDirectory string `json:"dataHostDirectory"` @@ -96,6 +100,7 @@ type woodpeckerConfig struct { LinuxUID int32 `json:"linuxUID"` Subdomain string `json:"subdomain"` GrpcSubdomain string `json:"grpcSubdomain"` + ContainerName string `json:"containerName"` ContainerIpv4Address string `json:"containerIpv4Address"` HttpPort int32 `json:"httpPort"` GrpcPort int32 `json:"grpcPort"` @@ -110,6 +115,7 @@ type woodpeckerConfig struct { type landingConfig struct { Version string `json:"version"` + ContainerName string `json:"containerName"` ContainerIpv4Address string `json:"containerIpv4Address"` Services []landingConfigLinks `json:"services"` Profiles []landingConfigLinks `json:"profiles"` diff --git a/magefiles/deploy.go b/magefiles/deploy.go index c63a539..1c3dd63 100644 --- a/magefiles/deploy.go +++ b/magefiles/deploy.go @@ -15,7 +15,7 @@ func Deploy(environment, name string) error { os.Setenv("MAGEFILE_VERBOSE", "true") mg.Deps( - mg.F(Prepare, name), + mg.F(Prepare, environment, name), ) cfg, err := newConfig(environment) diff --git a/templates/compose/docker-compose.yaml.gotmpl b/templates/compose/docker-compose.yaml.gotmpl index 137646e..01e2874 100644 --- a/templates/compose/docker-compose.yaml.gotmpl +++ b/templates/compose/docker-compose.yaml.gotmpl @@ -22,12 +22,12 @@ networks: services: # -- Traffic flow -- traefik: - container_name: "traffic-flow" + container_name: "{{ .Traefik.ContainerName }}" image: "localhost/flow/traefik:{{ .Traefik.Version }}" build: context: "../traefik" networks: - {{ .Docker.Network.Name }}: + flow: ipv4_address: "{{ .Traefik.ContainerIpv4Address }}" ports: - target: 80 @@ -51,7 +51,7 @@ services: target: "{{ .Traefik.TlsContainerDirectory }}" # -- Code flow -- forgejo: - container_name: "code-flow" + container_name: "{{ .Forgejo.ContainerName }}" image: "localhost/flow/forgejo:{{ .Forgejo.Version }}" build: context: "../forgejo" @@ -59,7 +59,7 @@ services: - "{{ .Forgejo.SshPort }}" - "{{ .Forgejo.HttpPort }}" networks: - {{ .Docker.Network.Name }}: + flow: ipv4_address: "{{ .Forgejo.ContainerIpv4Address }}" restart: "always" volumes: @@ -70,7 +70,7 @@ services: target: "{{ .Forgejo.DataContainerDirectory }}" # -- Free Flow -- gotosocial: - container_name: "free-flow" + container_name: "{{ .GoToSocial.ContainerName }}" image: "localhost/flow/gotosocial:{{ .GoToSocial.Version }}" build: context: "../gotosocial" @@ -79,7 +79,7 @@ services: expose: - "{{ .GoToSocial.Port }}" networks: - {{ .Docker.Network.Name }}: + flow: ipv4_address: "{{ .GoToSocial.ContainerIpv4Address }}" restart: "always" volumes: @@ -90,7 +90,7 @@ services: target: "{{ .GoToSocial.DataContainerDirectory }}" # -- Work Flow -- woodpecker: - container_name: "work-flow" + container_name: "{{ .Woodpecker.ContainerName }}" image: "localhost/flow/woodpecker:{{ .Woodpecker.Version }}" build: context: "../woodpecker" @@ -114,7 +114,7 @@ services: - "{{ .Woodpecker.HttpPort }}" - "{{ .Woodpecker.GrpcPort }}" networks: - {{ .Docker.Network.Name }}: + flow: ipv4_address: "{{ .Woodpecker.ContainerIpv4Address }}" restart: "always" volumes: @@ -125,7 +125,7 @@ services: target: "{{ .Woodpecker.DataContainerDirectory }}" # -- Landing Page -- landing: - container_name: "landing-page" + container_name: "{{ .Landing.ContainerName }}" command: - --address={{ .Landing.ContainerIpv4Address }}:{{ .Landing.Port }} {{ range .Landing.Services -}} @@ -138,7 +138,7 @@ services: expose: - "{{ .Landing.Port }}" networks: - {{ .Docker.Network.Name }}: + flow: ipv4_address: "{{ .Landing.ContainerIpv4Address }}" restart: "always" volumes: diff --git a/templates/traefik/dynamic_config.yaml.gotmpl b/templates/traefik/dynamic_config.yaml.gotmpl new file mode 100644 index 0000000..80b6df4 --- /dev/null +++ b/templates/traefik/dynamic_config.yaml.gotmpl @@ -0,0 +1,86 @@ +{{- define "tlsSetup" -}} +{{- if .Traefik.GenerateAcmeCertificates }} + tls: + certResolver: resolver +{{- else }} + tls: {} +{{- end }} +{{- end -}} +--- +http: + routers: + forgejo: + entryPoints: + - "https" + rule: "Host(`{{ .Forgejo.Subdomain }}.{{ .RootDomain }}`)" + service: "forgejo" + {{- template "tlsSetup" }} + gotosocial: + entryPoints: + - "https" + rule: "Host(`{{ .GoToSocial.Subdomain }}.{{ .RootDomain }}`)" + service: "gotosocial" + {{- template "tlsSetup" }} + landing: + entryPoints: + - "https" + rule: "Host(`{{ .RootDomain }}`)" + service: "landing" + {{- template "tlsSetup" }} + woodpecker: + entryPoints: + - "https" + rule: "Host(`{{ .Woodpecker.Subdomain }}.{{ .RootDomain }}`)" + service: "woodpecker" + {{- template "tlsSetup" }} + woodpecker-grpc: + entryPoints: + - "https" + rule: "Host(`{{ .Woodpecker.GrpcSubdomain }}.{{ .RootDomain }}`)" + service: "woodpecker-grpc" + {{- template "tlsSetup" }} + + services: + forgejo: + loadBalancer: + servers: + - url: "http://{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.HttpPort }}/" + gotosocial: + loadBalancer: + servers: + - url: "http://{{ .GoToSocial.ContainerIpv4Address }}:{{ .GoToSocial.Port }}/" + landing: + loadBalancer: + servers: + - url: "http://{{ .Landing.ContainerIpv4Address }}:{{ .Landing.Port }}/" + woodpecker: + loadBalancer: + servers: + - url: "http://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.HttpPort }}/" + woodpecker-grpc: + loadBalancer: + servers: + - url: "h2c://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.GrpcPort }}/" + +tcp: + routers: + gitSSH: + entryPoints: + - "gitSSH" + rule: "HostSNI(`*`)" + service: "gitSSH" + services: + gitSSH: + loadBalancer: + servers: + - address: "{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.SshPort }}" + +{{- if not .Traefik.GenerateAcmeCertificates }} + +tls: + stores: + default: + defaultCertificate: + certFile: {{ .Traefik.TlsContainerDirectory }}/traefik.crt + keyFile: {{ .Traefik.TlsContainerDirectory }}/traefik.key +{{- end }} diff --git a/templates/traefik/dynamic_forgejo.yaml.gotmpl b/templates/traefik/dynamic_forgejo.yaml.gotmpl deleted file mode 100644 index 16e17e1..0000000 --- a/templates/traefik/dynamic_forgejo.yaml.gotmpl +++ /dev/null @@ -1,28 +0,0 @@ ---- -http: - routers: - gitea: - entryPoints: - - "https" - rule: "Host(`{{ .Forgejo.Subdomain }}.{{ .RootDomain }}`)" - service: "git" - tls: - certResolver: resolver - services: - git: - loadBalancer: - servers: - - url: "http://{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.HttpPort }}/" - -tcp: - routers: - gitSSH: - entryPoints: - - "gitSSH" - rule: "HostSNI(`*`)" - service: "gitSSH" - services: - gitSSH: - loadBalancer: - servers: - - address: "{{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.SshPort }}" diff --git a/templates/traefik/dynamic_gotosocial.yaml.gotmpl b/templates/traefik/dynamic_gotosocial.yaml.gotmpl deleted file mode 100644 index f7d5924..0000000 --- a/templates/traefik/dynamic_gotosocial.yaml.gotmpl +++ /dev/null @@ -1,15 +0,0 @@ ---- -http: - routers: - gotosocial: - entryPoints: - - "https" - rule: "Host(`{{ .GoToSocial.Subdomain }}.{{ .RootDomain }}`)" - service: "gotosocial" - tls: - certResolver: resolver - services: - gotosocial: - loadBalancer: - servers: - - url: "http://{{ .GoToSocial.ContainerIpv4Address }}:{{ .GoToSocial.Port }}/" diff --git a/templates/traefik/dynamic_landing_page.yaml.gotmpl b/templates/traefik/dynamic_landing_page.yaml.gotmpl deleted file mode 100644 index 64b09b6..0000000 --- a/templates/traefik/dynamic_landing_page.yaml.gotmpl +++ /dev/null @@ -1,15 +0,0 @@ ---- -http: - routers: - landing-page: - entryPoints: - - "https" - rule: "Host(`{{ .RootDomain }}`)" - service: landing-page - tls: - certResolver: resolver - services: - landing-page: - loadBalancer: - servers: - - url: "http://{{ .Landing.ContainerIpv4Address }}:{{ .Landing.Port }}" diff --git a/templates/traefik/dynamic_woodpecker.yaml.gotmpl b/templates/traefik/dynamic_woodpecker.yaml.gotmpl deleted file mode 100644 index d8c1451..0000000 --- a/templates/traefik/dynamic_woodpecker.yaml.gotmpl +++ /dev/null @@ -1,26 +0,0 @@ ---- -http: - routers: - woodpecker: - entryPoints: - - "https" - rule: "Host(`{{ .Woodpecker.Subdomain }}.{{ .RootDomain }}`)" - service: "woodpecker" - tls: - certResolver: resolver - woodpecker-grpc: - entryPoints: - - "https" - rule: "Host(`{{ .Woodpecker.GrpcSubdomain }}.{{ .RootDomain }}`)" - service: "woodpecker-grpc" - tls: - certResolver: resolver - services: - woodpecker: - loadBalancer: - servers: - - url: "http://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.HttpPort }}/" - woodpecker-grpc: - loadBalancer: - servers: - - url: "h2c://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.GrpcPort }}" diff --git a/templates/traefik/traefik.yaml.gotmpl b/templates/traefik/traefik.yaml.gotmpl index f83b5c8..292344f 100644 --- a/templates/traefik/traefik.yaml.gotmpl +++ b/templates/traefik/traefik.yaml.gotmpl @@ -23,6 +23,7 @@ providers: file: watch: true directory: "{{ .Traefik.DynamicConfigDirectory }}" +{{- if .Traefik.GenerateAcmeCertificates }} certificatesResolvers: resolver: acme: @@ -30,5 +31,6 @@ certificatesResolvers: storage: "{{ .Traefik.TlsContainerDirectory }}/acme.json" keyType: "RSA4096" tlsChallenge: {} +{{- end }} log: level: "{{ .Traefik.LogLevel }}" diff --git a/templates/woodpecker/Dockerfile.gotmpl b/templates/woodpecker/Dockerfile.gotmpl index 05b98e0..60a5108 100644 --- a/templates/woodpecker/Dockerfile.gotmpl +++ b/templates/woodpecker/Dockerfile.gotmpl @@ -14,8 +14,6 @@ RUN --mount=type=bind,source=.,target=/packages \ && chmod 0700 {{ .Woodpecker.DataContainerDirectory }} /flow/woodpecker/tmp \ && tar xzvf /packages/woodpecker-server-{{ .Woodpecker.Version }}_linux_amd64.tar.gz \ && mv /tmp/woodpecker-server /usr/local/bin/woodpecker-server \ - && cp /packages/entrypoint.sh /usr/local/bin/entrypoint \ - && chmod a+x /usr/local/bin/entrypoint \ && rm -rf /tmp/* ENV GODEBUG=netdns=go