From 5351090532a3ddb75e49d2341da00573db4b5bd5 Mon Sep 17 00:00:00 2001
From: Administrator <admin@example.com>
Date: Thu, 22 Sep 2022 23:42:08 +0300
Subject: [PATCH] portainer

---
 .deploy-portainer/deploy-dev.yaml  | 39 ++++++++++++++++++++++++++++++
 .deploy-portainer/deploy-prod.yaml | 39 ++++++++++++++++++++++++++++++
 .gitlab-ci.yml                     |  2 ++
 nginx/nginx-dev/nginx-dev.conf     | 19 +++++++++++++++
 nginx/nginx-prod/nginx-prod.conf   | 19 +++++++++++++++
 5 files changed, 118 insertions(+)
 create mode 100644 .deploy-portainer/deploy-dev.yaml
 create mode 100644 .deploy-portainer/deploy-prod.yaml

diff --git a/.deploy-portainer/deploy-dev.yaml b/.deploy-portainer/deploy-dev.yaml
new file mode 100644
index 0000000..64109ae
--- /dev/null
+++ b/.deploy-portainer/deploy-dev.yaml
@@ -0,0 +1,39 @@
+version: '3.2'
+
+services:
+  agent:
+    image: portainer/agent:2.11.1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/var/lib/docker/volumes
+    networks:
+      - agent_network
+    deploy:
+      mode: global
+      placement:
+        constraints: [node.platform.os == linux]
+
+  portainer:
+    image: portainer/portainer-ce:2.11.1
+    command: -H tcp://tasks.agent:9001 --tlsskipverify
+    ports:
+      - "9443:9443"
+      - "8888:9000"
+      - "8000:8000"
+    volumes:
+      - portainer_data:/data
+    networks:
+      - agent_network
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints: [node.role == manager]
+
+networks:
+  agent_network:
+    driver: overlay
+    attachable: true
+
+volumes:
+  portainer_data:
diff --git a/.deploy-portainer/deploy-prod.yaml b/.deploy-portainer/deploy-prod.yaml
new file mode 100644
index 0000000..64109ae
--- /dev/null
+++ b/.deploy-portainer/deploy-prod.yaml
@@ -0,0 +1,39 @@
+version: '3.2'
+
+services:
+  agent:
+    image: portainer/agent:2.11.1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/var/lib/docker/volumes
+    networks:
+      - agent_network
+    deploy:
+      mode: global
+      placement:
+        constraints: [node.platform.os == linux]
+
+  portainer:
+    image: portainer/portainer-ce:2.11.1
+    command: -H tcp://tasks.agent:9001 --tlsskipverify
+    ports:
+      - "9443:9443"
+      - "8888:9000"
+      - "8000:8000"
+    volumes:
+      - portainer_data:/data
+    networks:
+      - agent_network
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints: [node.role == manager]
+
+networks:
+  agent_network:
+    driver: overlay
+    attachable: true
+
+volumes:
+  portainer_data:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1c4cad4..8b08fa6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -32,6 +32,7 @@ deploy-dev:
     - when: manual
   script:
     - docker stack deploy -c ./.deploy-swarmpit/deploy-dev.yaml swarmpit
+    - docker stack deploy -c ./.deploy-portainer/depoy-dev.yaml portainer
     - docker stack deploy -c ./.deploy-infra/deploy-dev.yaml infra
 
 deploy-prod:
@@ -45,4 +46,5 @@ deploy-prod:
   when: manual
   script:
     - docker stack deploy -c ./.deploy-swarmpit/deploy-prod.yaml swarmpit
+    - docker stack deploy -c ./.deploy-portainer/depoy-prod.yaml portainer
     - docker stack deploy -c ./.deploy-infra/deploy-prod.yaml infra
diff --git a/nginx/nginx-dev/nginx-dev.conf b/nginx/nginx-dev/nginx-dev.conf
index fb90609..ad34b18 100644
--- a/nginx/nginx-dev/nginx-dev.conf
+++ b/nginx/nginx-dev/nginx-dev.conf
@@ -28,6 +28,25 @@ http {
         }
     }
 
+    server {
+        listen      443 ssl http2;
+        listen      [::]:443 ssl http2;
+        server_name portainer.develop.sprinthub.ru;
+
+        ssl_certificate     /etc/nginx/fullchain.pem;
+        ssl_certificate_key /etc/nginx/privkey.pem;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-refferer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+        location / {
+            proxy_pass http://develop.sprinthub.ru:8888/;
+        }
+    }
+
     server {
         listen      443 ssl http2;
         listen      [::]:443 ssl http2;
diff --git a/nginx/nginx-prod/nginx-prod.conf b/nginx/nginx-prod/nginx-prod.conf
index c473e5b..ad4bd33 100644
--- a/nginx/nginx-prod/nginx-prod.conf
+++ b/nginx/nginx-prod/nginx-prod.conf
@@ -56,6 +56,25 @@ http {
         }
     }
 
+    server {
+        listen      443 ssl http2;
+        listen      [::]:443 ssl http2;
+        server_name portainer.sprinthub.ru;
+
+        ssl_certificate     /etc/nginx/fullchain.pem;
+        ssl_certificate_key /etc/nginx/privkey.pem;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-refferer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+        location / {
+            proxy_pass http://dev.sprinthub.ru:8888/;
+        }
+    }
+
     server {
         listen      443 ssl http2;
         listen      [::]:443 ssl http2;