diff --git a/.drone.yml b/.drone.yml index 0933044..a46f154 100644 --- a/.drone.yml +++ b/.drone.yml @@ -26,6 +26,21 @@ steps: context: payload dockerfile: payload/Dockerfile target: prod + - name: deploy stack + image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest + settings: + stack: kios_lumbung_space + host: lumbung.space + deploy_key: + from_secret: drone_ssh_lumbung.space + environment: + DOMAIN: kios.lumbung.space + STACK_NAME: kios_lumbung_space + SECRET_PAYLOAD_SECRET_VERSION: v1 + SECRET_TOKEN_VERSION: v1 + SECRET_MONGO_PASSWORD_VERSION: v1 + depends_on: + - publish container trigger: branch: - main diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..93d0f7f --- /dev/null +++ b/compose.yml @@ -0,0 +1,88 @@ +--- +version: "3.8" + +services: + app: + image: git.autonomic.zone/ruangrupa/lumbung-kios-astro:latest + environment: + - PAYLOAD_URL=kios_lumbung_space_app + secrets: + - mongo_password + - payload_secret + networks: + - proxy + - internal + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}-astro.loadbalancer.server.port=80" + - "traefik.http.routers.${STACK_NAME}-astro.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}-astro.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}-astro.tls.certresolver=production" + + payload: + image: git.autonomic.zone/ruangrupa/lumbung-kios-payload:latest + environment: + - "NAME=kios" + - "PAYLOAD_URL=${STACK_NAME}-payload" + - "PAYLOAD_PORT=3001" + - "PAYLOAD_SECRET_FILE=/run/secrets/payload_secret" + - "MONGODB_USER=mongo" + - "MONGODB_HOST=${STACK_NAME}_mongo" + - "MONGODB_PORT=27017" + - "MONGODB_PASSWORD_FILE=/run/secrets/mongo_password" + - "TOKEN=${TOKEN}" + secrets: + - mongo_password + - payload_secret + networks: + - proxy + - internal + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}-payload.loadbalancer.server.port=3001" + # FIXME switch to /admin probably using PathPrefix + - "traefik.http.routers.${STACK_NAME}-payload.rule=Host(`admin.${DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}-payload.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}-payload.tls.certresolver=production" + + mongo: + image: mongo:6.0.5 + restart: unless-stopped + volumes: + - mongo:/data/db + command: + - --storageEngine=wiredTiger + environment: + - "MONGO_INITDB_ROOT_USERNAME=mongo" + - "MONGO_INITDB_ROOT_PASSWORD_FILE=/run/secrets/mongo_password" + secrets: + - mongo_password + networks: + - internal + +networks: + proxy: + external: true + internal: + +secrets: + payload_secret: + external: true + name: ${STACK_NAME}_payload_secret_${SECRET_PAYLOAD_SECRET_VERSION} + token: + external: true + name: ${STACK_NAME}_token_${SECRET_TOKEN_VERSION} + mongo_password: + external: true + name: ${STACK_NAME}_mongo_password_${SECRET_MONGO_PASSWORD_VERSION} + +volumes: + mongo: