From 5d55ca833aa8b3b67f862a87b780b755f85dd862 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Sun, 3 May 2020 23:03:23 +0100 Subject: [PATCH] .. --- docker-compose.yml | 26 +++++++++++++++-- drone-starlark/repos/echo.star | 2 +- drone-starlark/repos/print-secrets.star | 2 +- drone-starlark/repos/stack/drone.star | 28 +++++++++---------- .../repos/stack/public-secrets.star | 8 +++++- .../repos/stack/secret-secrets.star | 2 ++ init-scale.sh | 2 +- letsencrypt-nginx/conf/git.conf | 5 ++++ 8 files changed, 55 insertions(+), 20 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 92ea64b..cbabe21 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,7 @@ services: - PROXY_PASS=http://gitea:3000/ - BLOG_PROXY_PASS=http://ghost:2368/ - CHAT_PROXY_PASS=http://chat:3000/ + - COMMENTO_PROXY_PASS=http://commento:8080/ - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/ - DRONE_PROXY_PASS=http://drone-server:8080/ - REGISTRY_PROXY_PASS=http://registry-1:5000 @@ -24,6 +25,7 @@ services: - GIT_LOCATION=/git/ - BLOG_LOCATION=/ - CHAT_LOCATION=/chat/ + - COMMENTO_LOCATION=/comment/ - REMOTE_LOCATION=/remote/ - DRONE_SERVER_HOST=$DRONE_SERVER_HOST - TITLE=$TITLE @@ -250,6 +252,27 @@ services: - GHOST-MAIL-PASSWORD=$GHOST-MAIL-PASSWORD + networks: + - appnet + commento: + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 1 + restart_policy: + condition: any + image: registry.gitlab.com/commento/commento:latest + environment: + COMMENTO_ORIGIN: $COMMENTO_ORIGIN + COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD + COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY + COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST + COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT + COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME + COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS + COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS + COMMENTO_PORT: 8080 + COMMENTO_POSTGRES: postgres://commento:your_password_here@guacamole-postgresql:5432/commento?sslmode=disable networks: - appnet commento-postgres: @@ -260,7 +283,6 @@ services: restart_policy: condition: any image: postgres:11-alpine - restart: always environment: POSTGRES_DB: commento POSTGRES_USER: commento @@ -268,7 +290,7 @@ services: networks: - appnet volumes: - - copmmento-postgresql-data:/var/lib/postgresql/data + - commento-postgresql-data:/var/lib/postgresql/data guacamole-postgresql: # database for guacamole deploy: diff --git a/drone-starlark/repos/echo.star b/drone-starlark/repos/echo.star index a8b8e68..9eb517a 100644 --- a/drone-starlark/repos/echo.star +++ b/drone-starlark/repos/echo.star @@ -1,7 +1,7 @@ load("@this//:secret-to-environment.star", "secretToEnvironment") def echo(secret): - return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format( + return 'echo "export {environment}=\'${environment}\'" >> ***filename*** # {secret}'.format( secret = secret, environment = secretToEnvironment(secret), ) diff --git a/drone-starlark/repos/print-secrets.star b/drone-starlark/repos/print-secrets.star index d216cc3..7deb491 100644 --- a/drone-starlark/repos/print-secrets.star +++ b/drone-starlark/repos/print-secrets.star @@ -19,6 +19,6 @@ def printSecrets(filename, env, secretEnv): "script": [x.replace("***filename***", filename) for x in [ "rm -f env-stack", ] + map(echo, env) - + map(echoSecret, secretEnv)] + + map(echo, secretEnv)] } } diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index d9d0c9e..42bea99 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -76,20 +76,20 @@ def drone( "guacamole-postgresql", ], ), - pull( - "pull registry", - [ - "letsencrypt-registry", - ], - ), - deploy( - "docker-compose-registry.yml", - 'registry', - base, - publicSecrets + secretSecrets, - commands, - ctx - ), + #pull( + # "pull registry", + # [ + # "letsencrypt-registry", + # ], + #), + #deploy( + # "docker-compose-registry.yml", + # 'registry', + # base, + # publicSecrets + secretSecrets, + # commands, + # ctx + #), deploy( "docker-compose.yml", name, diff --git a/drone-starlark/repos/stack/public-secrets.star b/drone-starlark/repos/stack/public-secrets.star index b717843..f3786c9 100644 --- a/drone-starlark/repos/stack/public-secrets.star +++ b/drone-starlark/repos/stack/public-secrets.star @@ -20,5 +20,11 @@ publicSecrets = [ "gitea-mailer-host", "gitea-mailer-from", "gitea-mailer-user", - "gitea-app-name" + "gitea-app-name", + "commento-origin", + "commento-smtp-host", + "commento-smtp-port", + "commento-smtp-username", + "commento-smtp-from-address", + "commento-forbid-new-owners", ] \ No newline at end of file diff --git a/drone-starlark/repos/stack/secret-secrets.star b/drone-starlark/repos/stack/secret-secrets.star index d0ad12c..4760a9d 100644 --- a/drone-starlark/repos/stack/secret-secrets.star +++ b/drone-starlark/repos/stack/secret-secrets.star @@ -11,4 +11,6 @@ secretSecrets = [ "gitea-security-internal-token", "gitea-oauth2-jwt-secret", "gitea-mailer-passwd", + "commento-smtp-password", + "commento-askimet-key", ] \ No newline at end of file diff --git a/init-scale.sh b/init-scale.sh index d8b5fa0..1458ad2 100644 --- a/init-scale.sh +++ b/init-scale.sh @@ -1,4 +1,4 @@ docker service scale $1_chat=1 docker service scale $1_ngrok=$2 -docker service scale $1_letsencrypt-drone=1 +docker service scale $1_letsencrypt-drone=$2 docker service scale $1_letsencrypt-git=1 diff --git a/letsencrypt-nginx/conf/git.conf b/letsencrypt-nginx/conf/git.conf index 4fadcb9..4d41321 100644 --- a/letsencrypt-nginx/conf/git.conf +++ b/letsencrypt-nginx/conf/git.conf @@ -145,6 +145,11 @@ server { set ${DOLLAR}upstream ${REMOTE_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args; proxy_pass ${DOLLAR}upstream; } + location ~ ${COMMENTO_LOCATION}(.*) { + resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns + set ${DOLLAR}upstream ${COMMENTO_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args; + proxy_pass ${DOLLAR}upstream; + } location ~ ${BLOG_LOCATION}(.*) { resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns proxy_set_header Host ${DOLLAR}http_host;