self/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: self:1324c6f0a374f5dcfebf45096c0f0dfb37c28a86
Branches Tags
self:master
self:prod
self:dev
self:gitea-migration
..
compare: self:05523cd79789273656c390a9b73a3d57b2492c00
Branches Tags
self:prod
self:master
self:dev
self:gitea-migration

No commits in common. "1324c6f0a374f5dcfebf45096c0f0dfb37c28a86" and "05523cd79789273656c390a9b73a3d57b2492c00" have entirely different histories.
1324c6f0a3 ... 05523cd797

6 changed files with 4 additions and 37 deletions
Show Stats Expand all files Collapse all files

1
.deploy-infra/deploy-dev.yaml
View File

@ -31,7 +31,6 @@ services:
image: clickhouse image: clickhouse
networks: networks:
- clickhouse-development - clickhouse-development
- common-infra-nginx-development
volumes: volumes:
- /sprint-data/clickhouse:/var/lib/clickhouse - /sprint-data/clickhouse:/var/lib/clickhouse
environment: environment:

23
.deploy-infra/deploy-prod.yaml Executable file → Normal file
View File

@ -27,29 +27,6 @@ services:
parallelism: 1 parallelism: 1
# order: start-first # order: start-first
grafana:
image: grafana/grafana
networks:
- common-infra-nginx
- clickhouse
volumes:
- /sprint-data/grafana:/var/lib/grafana
environment:
GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com
GF_CORS_ENABLED: "false"
GF_AUTH_DISABLE_LOGIN_FORM: "false"
GF_CORS_ALLOW_ORIGINS: "*"
GF_SECURITY_CONTENT_SECURITY_POLICY: "false"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
placement:
constraints: [node.labels.stage == production]
update_config:
parallelism: 1
clickhouse: clickhouse:
image: clickhouse image: clickhouse
networks: networks:

4
.gitea/workflows/deploy-prod.yaml
View File

@ -16,7 +16,7 @@ jobs:
- name: checkout - name: checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
ref: prod ref: dev
- name: build nginx prod - name: build nginx prod
run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod
- name: build gitea runner - name: build gitea runner
@ -40,7 +40,7 @@ jobs:
- name: checkout - name: checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
ref: prod ref: dev
- name: prepare - name: prepare
run: chmod 777 ./prepare/run-production.sh && ./prepare/run-production.sh run: chmod 777 ./prepare/run-production.sh && ./prepare/run-production.sh
deploy-prod: deploy-prod:

5
nginx/nginx-dev/prepare.py
View File

@ -43,10 +43,7 @@ for host, params in hosts.items():
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always; add_header Referrer-Policy "no-refferer-when-downgrade" always;
proxy_set_header Host $host; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {{ location / {{
resolver 127.0.0.11; resolver 127.0.0.11;

5
nginx/nginx-prod/prepare.py
View File

@ -43,10 +43,7 @@ for host, params in hosts.items():
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always; add_header Referrer-Policy "no-refferer-when-downgrade" always;
proxy_set_header Host $host; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {{ location / {{
resolver 127.0.0.11; resolver 127.0.0.11;

3
prepare/run-production.sh
View File

@ -5,7 +5,6 @@ docker network create -d overlay --attachable common-infra-nginx-development ||
docker network create -d overlay --attachable queues || true docker network create -d overlay --attachable queues || true
docker network create -d overlay --attachable queues-development || true docker network create -d overlay --attachable queues-development || true
docker network create -d overlay --attachable configurator || true docker network create -d overlay --attachable configurator || true
docker network create -d overlay --attachable monitoring || true
docker network create -d overlay --attachable configurator-development || true docker network create -d overlay --attachable configurator-development || true
docker network create -d overlay --attachable clickhouse || true docker network create -d overlay --attachable clickhouse || true
docker network create -d overlay --attachable clickhouse-development || true docker network create -d overlay --attachable clickhouse-development || true
@ -15,9 +14,7 @@ mkdir /sprint-data/rabbitmq || true
mkdir /sprint-data/certs || true mkdir /sprint-data/certs || true
mkdir /sprint-data/gitea || true mkdir /sprint-data/gitea || true
mkdir /sprint-data/clickhouse || true mkdir /sprint-data/clickhouse || true
mkdir /sprint-data/grafana || true
chmod 777 /sprint-data/redis chmod 777 /sprint-data/redis
chmod 777 /sprint-data/rabbitmq chmod 777 /sprint-data/rabbitmq
chmod 777 /sprint-data/gitea chmod 777 /sprint-data/gitea
chmod 777 /sprint-data/clickhouse chmod 777 /sprint-data/clickhouse
chmod 777 /sprint-data/grafana