Add method of mixing in secrets to docker-compose.yml

2017-05-19 02:45:31 +02:00 · 2017-05-19 02:45:31 +02:00 · c235779631
commit c235779631
parent 00f162099b
2 changed files with 94 additions and 0 deletions
--- a/bin/mixin-secrets
+++ b/bin/mixin-secrets
@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# Generates a fancy docker-compose.yml based on the template by
+# mixing in production secrets.
+#
+# Olivia Mackintosh <livvy@base.nu>
+
+THISDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+TEMPLATE=${THISDIR}/../docker-compose.yml.template
+
+if [ -z "$DATABASE_PASSWORD" ]; then
+    echo "Error: Please set \$DATABASE_PASSWORD"
+    exit 1
+fi
+
+if [ -z "$SMTP_PASSWORD" ]; then
+    echo "Error: Please set \$SMTP_PASSWORD"
+    exit 1
+fi
+
+envsubst < $TEMPLATE | cat -
--- a/docker-compose.yml.template
+++ b/docker-compose.yml.template
@ -0,0 +1,73 @@
+map:
+  build: .
+  links:
+    - db:db
+  volumes:
+    - /containers/map/static:/app/static
+    - /containers/map/gunicorn.sock:/app/gunicorn.sock
+  environment:
+   - "DEBUG=0"
+   - "ALLOWED_HOSTS=map.ojuso.org"
+   - "DATABASE_HOST=db"
+   - "DATABASE_NAME=postgres"
+   - "DATABASE_PASSWORD=${DATABASE_PASSWORD}"
+   - "EMAIL_HOST=mail.gandi.net"
+   - "EMAIL_HOST_USER=admin@ojuso.org"
+   - "EMAIL_HOST_PASSWORD=${SMTP_PASSWORD}"
+   - "EMAIL_PORT=587"
+   - "EMAIL_USE_TLS=1"
+   - "SERVER_EMAIL=Ojuso Platform Notification <admin@ojuso.org>" 
+  command: /bin/sh -c "python3 manage.py migrate && python3 manage.py collectstatic --noinput && gunicorn --bind 0.0.0.0:8000 ojusomap.wsgi"
+
+db:
+  image: mdillon/postgis:9.6-alpine
+  volumes:
+   - /containers/db:/var/lib/postgresql/data
+  environment:
+   - "POSTGRES_PASSWORD=${DATABASE_PASSWORD}"
+
+web:
+  image: nginx:alpine
+  volumes:
+   - ./support/nginx/nginx.template:/etc/nginx/conf.d/nginx.template
+   - ./support/nginx/directives:/etc/nginx/directives
+   - /containers/tls/acme:/web/acme
+   - /containers/tls/certs:/web/certs
+   - /var/discourse/shared/standalone/nginx.http.sock:/web/run/discourse.sock
+   - /containers/map/gunicorn.sock:/web/run/gunicorn.sock
+   - /containers/map/static:/web/static
+  ports:
+   - "80:80"
+   - "443:443"
+  links:
+   - forum:forum
+   - map:map
+  environment:
+   - "NGINX_ROOT=/web/static/"
+  command: /bin/sh -c "cat /etc/nginx/conf.d/nginx.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
+
+forum:
+  image: local_discourse/app
+  restart: always
+  hostname: discourse
+  environment:
+    - "DISCOURSE_DB_SOCKET=/var/run/postgresql"
+    - "DISCOURSE_DEVELOPER_EMAILS=admin@ojuso.org"
+    - "DISCOURSE_HOSTNAME=forum.ojuso.org"
+    - "DISCOURSE_SMTP_ADDRESS=mail.gandi.net"
+    - "DISCOURSE_SMTP_PASSWORD=${SMTP_PASSWORD}"
+    - "DISCOURSE_SMTP_PORT=587"
+    - "DISCOURSE_SMTP_USER_NAME=admin@ojuso.org"
+    - "DOCKER_HOST_IP=172.17.0.1"
+    - "LANG=en_US.UTF-8"
+    - "RAILS_ENV=production"
+    - "RUBY_GC_HEAP_GROWTH_MAX_SLOTS=40000"
+    - "RUBY_GC_HEAP_INIT_SLOTS=400000"
+    - "RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=1.5"
+    - "RUBY_GLOBAL_METHOD_CACHE_SIZE=131072"
+    - "UNICORN_SIDEKIQS=1"
+    - "UNICORN_WORKERS=4"
+  volumes:
+    - /var/discourse/shared/standalone:/shared
+    - /var/discourse/shared/standalone/log/var-log:/var/log
+  command: /sbin/boot