From 149478f0bf114482ab69a933cca487f8f1ef1383 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Sun, 15 Nov 2020 21:18:28 +0200
Subject: [PATCH] Initial working stack

---
 .envrc.sample | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++
 compose.yml   | 70 +++++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 131 insertions(+), 8 deletions(-)

diff --git a/.envrc.sample b/.envrc.sample
index d8ea9ab..94ff6c5 100644
--- a/.envrc.sample
+++ b/.envrc.sample
@@ -4,3 +4,72 @@ export DOMAIN=kutt.example.com
 ## Domain aliases
 #export EXTRA_DOMAINS=', `www.kutt.example.com`'
 export LETS_ENCRYPT_ENV=production
+
+# Kutt settings
+export SITE_NAME=Kutt
+
+# Generated link length
+export LINK_LENGTH=6
+
+# Postgres database credential details
+export DB_PASSWORD=metro8focal5yolk
+
+# Disable registration
+export DISALLOW_REGISTRATION=true
+
+# Disable anonymous link creation
+export DISALLOW_ANONYMOUS_LINKS=false
+
+# The daily limit for each user
+export USER_LIMIT_PER_DAY=50
+
+# Create a cooldown for non-logged in users in minutes
+# Set 0 to disable
+export NON_USER_COOLDOWN=0
+
+# Max number of visits for each link to have detailed stats
+export DEFAULT_MAX_STATS_PER_LINK=5000
+
+# Use HTTPS for links with custom domain
+export CUSTOM_DOMAIN_USE_HTTPS=false
+
+# A passphrase to encrypt JWT. Use a long and secure key.
+export JWT_SECRET=securekey
+
+# Admin emails so they can access admin actions on settings page
+# Comma seperated
+export ADMIN_EMAILS=
+
+# Invisible reCaptcha secret key
+# Create one in https://www.google.com/recaptcha/intro/
+export RECAPTCHA_SITE_KEY=
+export RECAPTCHA_SECRET_KEY=
+
+# Google Cloud API to prevent from users from submitting malware URLs.
+# Get it from https://developers.google.com/safe-browsing/v4/get-started
+export GOOGLE_SAFE_BROWSING_KEY=
+
+# Google Analytics tracking ID for universal analytics.
+# Example: UA-XXXX-XX
+export GOOGLE_ANALYTICS=
+export GOOGLE_ANALYTICS_UNIVERSAL=
+
+# Google Analytics tracking ID for universal analytics
+# This one is used for links
+export GOOGLE_ANALYTICS_UNIVERSAL=
+
+# Your email host details to use to send verification emails.
+# More info on http://nodemailer.com/
+# Mail from example "Kutt <support@kutt.it>". Leave empty to use MAIL_USER
+export MAIL_HOST=
+export MAIL_PORT=
+export MAIL_SECURE=true
+export MAIL_USER=
+export MAIL_FROM=
+export MAIL_PASSWORD=
+
+# The email address that will receive submitted reports.
+export REPORT_EMAIL=
+
+# Support email to show on the app
+export CONTACT_EMAIL=
diff --git a/compose.yml b/compose.yml
index 662a96c..2cf17b2 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,15 +3,52 @@ version: "3.8"
 
 services:
   app:
-    image: nginx:1.19.2
+    image: kutt/kutt
+    depends_on:
+      - db
+      - redis
+    command: ["./wait-for-it.sh", "db:5432", "--", "npm", "start"]
+    environment:
+      REDIS_HOST: redis
+      DEFAULT_DOMAIN: ${DOMAIN}
+      DB_HOST: db
+      DB_PORT: 5432
+      DB_NAME: kutt
+      DB_USER: kutt
+      # FIXME 3wc: replace with secret
+      DB_PASSWORD:
+      DB_SSL: "false"
+      SITE_NAME:
+      LINK_LENGTH:
+      DISALLOW_REGISTRATION:
+      DISALLOW_ANONYMOUS_LINKS:
+      USER_LIMIT_PER_DAY:
+      NON_USER_COOLDOWN:
+      DEFAULT_MAX_STATS_PER_LINK:
+      CUSTOM_DOMAIN_USE_HTTPS:
+      JWT_SECRET:
+      ADMIN_EMAILS:
+      RECAPTCHA_SITE_KEY:
+      RECAPTCHA_SECRET_KEY:
+      GOOGLE_SAFE_BROWSING_KEY:
+      GOOGLE_ANALYTICS:
+      GOOGLE_ANALYTICS_UNIVERSAL:
+      GOOGLE_ANALYTICS_UNIVERSAL:
+      MAIL_HOST:
+      MAIL_PORT:
+      MAIL_SECURE:
+      MAIL_USER:
+      MAIL_FROM:
+      MAIL_PASSWORD:
     networks:
       - proxy
+      - internal
     deploy:
       restart_policy:
         condition: on-failure
       labels:
         - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
@@ -19,13 +56,30 @@ services:
         #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+
+  redis:
+    image: redis:6.0-alpine
+    volumes:
+      - redis_data:/data
+    networks:
+      - internal
+
+  db:
+    image: postgres:12-alpine
+    environment:
+      POSTGRES_USER: kutt
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_DB: kutt
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    networks:
+      - internal
+
+volumes:
+  redis_data:
+  postgres_data:
 
 networks:
   proxy:
     external: true
+  internal: