diff --git a/README.md b/README.md index 5c572d94..44b991c1 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ The Docker stack configuration for [maev.si](https://maev.si/). -This project is deployed in accordance to the [DargStack template](https://github.com/dargstack/dargstack_template/) to make deployment a breeze. It is closely related to [maevsi's source code](https://github.com/maevsi/maevsi/). +This project is deployed in accordance to the [DargStack template](https://github.com/dargstack/dargstack_template/) to make deployment a breeze. It is closely related to [Vibetype's source code](https://github.com/maevsi/vibetype/). ## Table of Contents @@ -46,26 +46,6 @@ This project is deployed in accordance to the [DargStack template](https://githu The job scheduler's SMTP client configuration. - - ### `maevsi_api-notification-secret` - - The notification endpoint's secret. - - - ### `maevsi_aws-credentials` - - The cloud computing provider's user credentials. - - - ### `maevsi_firebase-service-account-credentials` - - The notification provider's service account credentials. - - - ### `maevsi_openai-api-key` - - The AI provider's API key. - - - ### `maevsi_turnstile-key` - - The captcha provider's application key. - - ### `portainer_admin-password` The container manager's admin password. @@ -96,25 +76,25 @@ This project is deployed in accordance to the [DargStack template](https://githu - ### `postgres_role_grafana_password` - The `maevsi_grafana` database role's password. + The password of the observation dashboard's database role. - ### `postgres_role_grafana_username` - The `maevsi_grafana` database role's username. + The username of the observation dashboard's database role. - - ### `postgres_role_maevsi-postgraphile_password` + - ### `postgres_role_postgraphile_password` - The `maevsi_postgraphile` database role's password. + The password of the GraphQL API database wrapper's database role. - - ### `postgres_role_maevsi-postgraphile_username` + - ### `postgres_role_postgraphile_username` - The `maevsi_postgraphile` database role's username. + The username of the GraphQL API database wrapper's database role. - - ### `postgres_role_maevsi_password` + - ### `postgres_role_vibetype_password` The `tusd` database role's password. - - ### `postgres_role_maevsi_username` + - ### `postgres_role_vibetype_username` The `tusd` database role's password. @@ -138,6 +118,26 @@ This project is deployed in accordance to the [DargStack template](https://githu The upload service's s3 credentials file. + - ### `vibetype_api-notification-secret` + + The notification endpoint's secret. + + - ### `vibetype_aws-credentials` + + The cloud computing provider's user credentials. + + - ### `vibetype_firebase-service-account-credentials` + + The notification provider's service account credentials. + + - ### `vibetype_openai-api-key` + + The AI provider's API key. + + - ### `vibetype_turnstile-key` + + The captcha provider's application key. + ## services @@ -181,14 +181,6 @@ This project is deployed in accordance to the [DargStack template](https://githu You cannot access the jobber via a web interface. - - ### `maevsi` - - You can access the main project's frontend at [localhost](https://localhost/). - - - ### `maevsi_beta` ![production](https://img.shields.io/badge/-production-informational.svg?style=flat-square) - - You can access the main project frontend's beta version at [beta.localhost](https://beta.localhost/). - - ### `minio` ![development](https://img.shields.io/badge/-development-informational.svg?style=flat-square) You can access the s3 console at [minio.localhost](https://minio.localhost/). @@ -246,6 +238,14 @@ This project is deployed in accordance to the [DargStack template](https://githu You can access the upload service at [tusd.localhost](https://tusd.localhost/). + - ### `vibetype` + + You can access the main project's frontend at [localhost](https://localhost/). + + - ### `vibetype_beta` ![production](https://img.shields.io/badge/-production-informational.svg?style=flat-square) + + You can access the main project frontend's beta version at [beta.localhost](https://beta.localhost/). + ## volumes diff --git a/package.json b/package.json index a1cb3158..a650e9af 100644 --- a/package.json +++ b/package.json @@ -1,9 +1,9 @@ { - "name": "maevsi_stack", + "name": "@maevsi/stack", "private": true, "version": "11.2.4", - "description": "DargStack configuration for maevsi.", - "repository": "https://github.com/maevsi/maevsi_stack.git", + "description": "Dargstack configuration for Vibetype.", + "repository": "https://github.com/maevsi/stack.git", "author": "Jonas Thelemann ", "license": "GPL-3.0-only", "type": "module", diff --git a/src/development/certificates/mkcert.sh b/src/development/certificates/mkcert.sh index 3d5f9d92..2b514453 100755 --- a/src/development/certificates/mkcert.sh +++ b/src/development/certificates/mkcert.sh @@ -31,11 +31,11 @@ create "root" create "traefik" \ `# adminer` "adminer.localhost" \ `# grafana` "grafana.localhost" \ - `# maevsi` "localhost" "www.localhost" "127.0.0.1" "0.0.0.0" \ `# minio` "minio.localhost" \ `# portainer` "portainer.localhost" \ `# postgraphile` "postgraphile.localhost" \ `# prometheus` "prometheus.localhost" \ `# redpanda` "redpanda.localhost" \ `# traefik` "traefik.localhost" \ - `# tusd` "tusd.localhost" \ No newline at end of file + `# tusd` "tusd.localhost" \ + `# vibetype` "localhost" "www.localhost" "127.0.0.1" "0.0.0.0" \ No newline at end of file diff --git a/src/development/configurations/minio/entrypoint.sh b/src/development/configurations/minio/entrypoint.sh index 7a4c14e2..204f8004 100755 --- a/src/development/configurations/minio/entrypoint.sh +++ b/src/development/configurations/minio/entrypoint.sh @@ -1,8 +1,8 @@ #!/bin/sh # create dirs for required buckets -mkdir -p /data/maevsi-backup -mkdir -p /data/maevsi-images +mkdir -p /data/vibetype-backup +mkdir -p /data/vibetype-images # delegate to real entrypoint # shellcheck disable=SC1091 diff --git a/src/development/secrets/jobber/aws-bucket.secret b/src/development/secrets/jobber/aws-bucket.secret index 348614ef..dc9cb35b 100644 --- a/src/development/secrets/jobber/aws-bucket.secret +++ b/src/development/secrets/jobber/aws-bucket.secret @@ -1 +1 @@ -maevsi-backup \ No newline at end of file +vibetype-backup \ No newline at end of file diff --git a/src/development/secrets/maevsi/api-notification.secret b/src/development/secrets/maevsi/api-notification.secret deleted file mode 100644 index 3383f65a..00000000 --- a/src/development/secrets/maevsi/api-notification.secret +++ /dev/null @@ -1 +0,0 @@ -maevsi \ No newline at end of file diff --git a/src/development/secrets/postgraphile/connection.secret b/src/development/secrets/postgraphile/connection.secret index 54b61777..f94cfa39 100644 --- a/src/development/secrets/postgraphile/connection.secret +++ b/src/development/secrets/postgraphile/connection.secret @@ -1 +1 @@ -postgresql://maevsi_postgraphile:postgraphile@postgres/maevsi \ No newline at end of file +postgresql://postgraphile:postgraphile@postgres/vibetype \ No newline at end of file diff --git a/src/development/secrets/postgraphile/owner-connection.secret b/src/development/secrets/postgraphile/owner-connection.secret index 207603eb..093bbed2 100644 --- a/src/development/secrets/postgraphile/owner-connection.secret +++ b/src/development/secrets/postgraphile/owner-connection.secret @@ -1 +1 @@ -postgresql://postgres:postgres@postgres/maevsi \ No newline at end of file +postgresql://postgres:postgres@postgres/vibetype \ No newline at end of file diff --git a/src/development/secrets/postgres/db.secret b/src/development/secrets/postgres/db.secret index 3383f65a..9294c3d9 100644 --- a/src/development/secrets/postgres/db.secret +++ b/src/development/secrets/postgres/db.secret @@ -1 +1 @@ -maevsi \ No newline at end of file +vibetype \ No newline at end of file diff --git a/src/development/secrets/postgres/role_maevsi-postgraphile_username.secret b/src/development/secrets/postgres/role_maevsi-postgraphile_username.secret deleted file mode 100644 index 2ac1c611..00000000 --- a/src/development/secrets/postgres/role_maevsi-postgraphile_username.secret +++ /dev/null @@ -1 +0,0 @@ -maevsi_postgraphile \ No newline at end of file diff --git a/src/development/secrets/postgres/role_maevsi_username.secret b/src/development/secrets/postgres/role_maevsi_username.secret deleted file mode 100644 index b36b79a5..00000000 --- a/src/development/secrets/postgres/role_maevsi_username.secret +++ /dev/null @@ -1 +0,0 @@ -maevsi_tusd \ No newline at end of file diff --git a/src/development/secrets/postgres/role_maevsi-postgraphile_password.secret b/src/development/secrets/postgres/role_postgraphile_password.secret similarity index 100% rename from src/development/secrets/postgres/role_maevsi-postgraphile_password.secret rename to src/development/secrets/postgres/role_postgraphile_password.secret diff --git a/src/development/secrets/maevsi/api-notification.secret.template b/src/development/secrets/postgres/role_postgraphile_password.secret.template similarity index 100% rename from src/development/secrets/maevsi/api-notification.secret.template rename to src/development/secrets/postgres/role_postgraphile_password.secret.template diff --git a/src/development/secrets/postgres/role_postgraphile_username.secret b/src/development/secrets/postgres/role_postgraphile_username.secret new file mode 100644 index 00000000..a4da12ec --- /dev/null +++ b/src/development/secrets/postgres/role_postgraphile_username.secret @@ -0,0 +1 @@ +postgraphile \ No newline at end of file diff --git a/src/development/secrets/postgres/role_maevsi-postgraphile_password.secret.template b/src/development/secrets/postgres/role_postgraphile_username.secret.template similarity index 100% rename from src/development/secrets/postgres/role_maevsi-postgraphile_password.secret.template rename to src/development/secrets/postgres/role_postgraphile_username.secret.template diff --git a/src/development/secrets/postgres/role_maevsi_password.secret b/src/development/secrets/postgres/role_vibetype_password.secret similarity index 100% rename from src/development/secrets/postgres/role_maevsi_password.secret rename to src/development/secrets/postgres/role_vibetype_password.secret diff --git a/src/development/secrets/postgres/role_maevsi-postgraphile_username.secret.template b/src/development/secrets/postgres/role_vibetype_password.secret.template similarity index 100% rename from src/development/secrets/postgres/role_maevsi-postgraphile_username.secret.template rename to src/development/secrets/postgres/role_vibetype_password.secret.template diff --git a/src/development/secrets/postgres/role_vibetype_username.secret b/src/development/secrets/postgres/role_vibetype_username.secret new file mode 100644 index 00000000..9294c3d9 --- /dev/null +++ b/src/development/secrets/postgres/role_vibetype_username.secret @@ -0,0 +1 @@ +vibetype \ No newline at end of file diff --git a/src/development/secrets/postgres/role_maevsi_password.secret.template b/src/development/secrets/postgres/role_vibetype_username.secret.template similarity index 100% rename from src/development/secrets/postgres/role_maevsi_password.secret.template rename to src/development/secrets/postgres/role_vibetype_username.secret.template diff --git a/src/development/secrets/sqitch/target.secret b/src/development/secrets/sqitch/target.secret index 6313850b..12789f3c 100644 --- a/src/development/secrets/sqitch/target.secret +++ b/src/development/secrets/sqitch/target.secret @@ -1 +1 @@ -db:pg://postgres:postgres@postgres/maevsi \ No newline at end of file +db:pg://postgres:postgres@postgres/vibetype \ No newline at end of file diff --git a/src/development/secrets/vibetype/api-notification.secret b/src/development/secrets/vibetype/api-notification.secret new file mode 100644 index 00000000..9294c3d9 --- /dev/null +++ b/src/development/secrets/vibetype/api-notification.secret @@ -0,0 +1 @@ +vibetype \ No newline at end of file diff --git a/src/development/secrets/postgres/role_maevsi_username.secret.template b/src/development/secrets/vibetype/api-notification.secret.template similarity index 100% rename from src/development/secrets/postgres/role_maevsi_username.secret.template rename to src/development/secrets/vibetype/api-notification.secret.template diff --git a/src/development/secrets/maevsi/aws-credentials.secret b/src/development/secrets/vibetype/aws-credentials.secret similarity index 100% rename from src/development/secrets/maevsi/aws-credentials.secret rename to src/development/secrets/vibetype/aws-credentials.secret diff --git a/src/development/secrets/maevsi/aws-credentials.secret.template b/src/development/secrets/vibetype/aws-credentials.secret.template similarity index 100% rename from src/development/secrets/maevsi/aws-credentials.secret.template rename to src/development/secrets/vibetype/aws-credentials.secret.template diff --git a/src/development/secrets/maevsi/turnstile-key.secret b/src/development/secrets/vibetype/turnstile-key.secret similarity index 100% rename from src/development/secrets/maevsi/turnstile-key.secret rename to src/development/secrets/vibetype/turnstile-key.secret diff --git a/src/development/secrets/maevsi/turnstile-key.secret.template b/src/development/secrets/vibetype/turnstile-key.secret.template similarity index 100% rename from src/development/secrets/maevsi/turnstile-key.secret.template rename to src/development/secrets/vibetype/turnstile-key.secret.template diff --git a/src/development/stack.env.template b/src/development/stack.env.template index 7a512e8a..27fc9ea9 100644 --- a/src/development/stack.env.template +++ b/src/development/stack.env.template @@ -1,10 +1,10 @@ -MAEVSI_AWS_REGION=eu-central-1 -MAEVSI_NUXT_PUBLIC_GTAG_ID=G-WMQ1JY99XH -MAEVSI_NUXT_PUBLIC_MAEVSI_EMAIL_LIMIT24H=100 -MAEVSI_NUXT_PUBLIC_TURNSTILE_SITE_KEY=1x00000000000000000000AA -MAEVSI_PGHOST=postgres +VIBETYPE_AWS_REGION=eu-central-1 +VIBETYPE_NUXT_PUBLIC_GTAG_ID=G-WMQ1JY99XH +VIBETYPE_NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H=100 +VIBETYPE_NUXT_PUBLIC_TURNSTILE_SITE_KEY=1x00000000000000000000AA +VIBETYPE_PGHOST=postgres PNPM_STORE_DIR= -TUSD_BUCKET=maevsi-images +TUSD_BUCKET=vibetype-images TUSD_ENDPOINT=http://minio:9000 TUSD_MAX_SIZE=1048576 TUSD_REGION=eu-central-1 \ No newline at end of file diff --git a/src/development/stack.yml b/src/development/stack.yml index b55fa982..383efdf3 100644 --- a/src/development/stack.yml +++ b/src/development/stack.yml @@ -1,7 +1,7 @@ # maev.si # https://maev.si/ -# maevsi -# https://github.com/maevsi/maevsi/ +# Vibetype +# https://github.com/maevsi/vibetype/ --- secrets: jobber_aliases: @@ -16,21 +16,6 @@ secrets: jobber_msmtprc: # The job scheduler's SMTP client configuration. file: ./secrets/jobber/msmtprc.secret - maevsi_api-notification-secret: - # The notification endpoint's secret. - file: ./secrets/maevsi/api-notification.secret - maevsi_aws-credentials: - # The cloud computing provider's user credentials. - file: ./secrets/maevsi/aws-credentials.secret - maevsi_firebase-service-account-credentials: - # The notification provider's service account credentials. - file: ../production/secrets/maevsi/firebase-service-account-credentials.secret - maevsi_openai-api-key: - # The AI provider's API key. - file: ../production/secrets/maevsi/openai-api-key.secret - maevsi_turnstile-key: - # The captcha provider's application key. - file: ./secrets/maevsi/turnstile-key.secret portainer_admin-password: # The container manager's admin password. file: ./secrets/portainer/admin-password.secret @@ -50,23 +35,23 @@ secrets: # The database's password. file: ./secrets/postgres/password.secret postgres_role_grafana_password: - # The `maevsi_grafana` database role's password. + # The password of the observation dashboard's database role. file: ./secrets/postgres/role_grafana_password.secret postgres_role_grafana_username: - # The `maevsi_grafana` database role's username. + # The username of the observation dashboard's database role. file: ./secrets/postgres/role_grafana_username.secret - postgres_role_maevsi-postgraphile_password: - # The `maevsi_postgraphile` database role's password. - file: ./secrets/postgres/role_maevsi-postgraphile_password.secret - postgres_role_maevsi-postgraphile_username: - # The `maevsi_postgraphile` database role's username. - file: ./secrets/postgres/role_maevsi-postgraphile_username.secret - postgres_role_maevsi_password: + postgres_role_postgraphile_password: + # The password of the GraphQL API database wrapper's database role. + file: ./secrets/postgres/role_postgraphile_password.secret + postgres_role_postgraphile_username: + # The username of the GraphQL API database wrapper's database role. + file: ./secrets/postgres/role_postgraphile_username.secret + postgres_role_vibetype_password: # The `tusd` database role's password. - file: ./secrets/postgres/role_maevsi_password.secret - postgres_role_maevsi_username: + file: ./secrets/postgres/role_vibetype_password.secret + postgres_role_vibetype_username: # The `tusd` database role's password. - file: ./secrets/postgres/role_maevsi_username.secret + file: ./secrets/postgres/role_vibetype_username.secret postgres_user: # The database's default user. file: ./secrets/postgres/user.secret @@ -76,6 +61,21 @@ secrets: tusd_aws: # The upload service's s3 credentials file. file: ./secrets/tusd/aws.secret + vibetype_api-notification-secret: + # The notification endpoint's secret. + file: ./secrets/vibetype/api-notification.secret + vibetype_aws-credentials: + # The cloud computing provider's user credentials. + file: ./secrets/vibetype/aws-credentials.secret + vibetype_firebase-service-account-credentials: + # The notification provider's service account credentials. + file: ../production/secrets/vibetype/firebase-service-account-credentials.secret + vibetype_openai-api-key: + # The AI provider's API key. + file: ../production/secrets/vibetype/openai-api-key.secret + vibetype_turnstile-key: + # The captcha provider's application key. + file: ./secrets/vibetype/turnstile-key.secret services: adminer: # You can access the database's frontend at [adminer.localhost](https://adminer.localhost/). @@ -168,59 +168,6 @@ services: - ../production/backups/postgres/:/backups/ - ./configurations/jobber/.jobber:/home/jobberuser/.jobber:ro - ./configurations/jobber/aws-config:/home/jobberuser/.aws/config:ro - maevsi: - # You can access the main project's frontend at [localhost](https://localhost/). - deploy: - labels: - - traefik.enable=true - - traefik.http.middlewares.maevsi_cors.headers.accessControlAllowHeaders=authorization,hook-name - - traefik.http.middlewares.maevsi_cors.headers.accessControlAllowMethods=GET,POST,PUT,DELETE - - traefik.http.middlewares.maevsi_cors.headers.accessControlAllowOriginList=https://localhost:3000 - - traefik.http.middlewares.maevsi_redirectregex.redirectregex.regex=^https?:\/\/www\.${STACK_DOMAIN}\/(.*) - - traefik.http.middlewares.maevsi_redirectregex.redirectregex.replacement=https://${STACK_DOMAIN}/$${2} - - traefik.http.routers.maevsi.entryPoints=web - - traefik.http.routers.maevsi.middlewares=redirectscheme #DARGSTACK-REMOVE - - traefik.http.routers.maevsi.rule=Host(`${STACK_DOMAIN}`) || Host(`www.${STACK_DOMAIN}`) - - traefik.http.routers.maevsi.service=maevsi #DARGSTACK-REMOVE - - traefik.http.routers.maevsi_secure.entryPoints=web-secure - - traefik.http.routers.maevsi_secure.middlewares=maevsi_cors,maevsi_redirectregex - - traefik.http.routers.maevsi_secure.rule=Host(`${STACK_DOMAIN}`) || Host(`www.${STACK_DOMAIN}`) - - traefik.http.routers.maevsi_secure.tls.options=mintls13@file #DARGSTACK-REMOVE - - traefik.http.routers.maevsi_secure.service=maevsi #DARGSTACK-REMOVE - - traefik.http.services.maevsi.loadbalancer.server.port=3000 - environment: - AWS_REGION: ${MAEVSI_AWS_REGION} - CONSOLA_LEVEL: 4 # debug #DARGSTACK-REMOVE - NUXT_PUBLIC_GTAG_ID: ${MAEVSI_NUXT_PUBLIC_GTAG_ID} - NUXT_PUBLIC_I18N_BASE_URL: https://${STACK_DOMAIN} - NUXT_PUBLIC_MAEVSI_EMAIL_LIMIT24H: ${MAEVSI_NUXT_PUBLIC_MAEVSI_EMAIL_LIMIT24H} - NUXT_PUBLIC_SITE_URL: https://${STACK_DOMAIN} - NUXT_PUBLIC_TURNSTILE_SITE_KEY: ${MAEVSI_NUXT_PUBLIC_TURNSTILE_SITE_KEY} - PGHOST: ${MAEVSI_PGHOST} - image: maevsi/maevsi:dev - secrets: - - source: maevsi_api-notification-secret - target: /run/environment-variables/NUXT_PRIVATE_API_NOTIFICATION_SECRET - - source: maevsi_aws-credentials - target: /home/node/.aws/credentials # TODO: switch to user `node` - - source: maevsi_firebase-service-account-credentials - target: /run/environment-variables/FIREBASE_SERVICE_ACCOUNT_CREDENTIALS - - source: maevsi_openai-api-key - target: /run/environment-variables/NUXT_PRIVATE_OPENAI_API_KEY - - source: maevsi_turnstile-key - target: /run/environment-variables/NUXT_TURNSTILE_SECRET_KEY - - source: postgres_db - target: /run/environment-variables/PGDATABASE - - source: postgres_role_maevsi_password - target: /run/environment-variables/PGPASSWORD - - source: postgres_role_maevsi_username - target: /run/environment-variables/PGUSER - user: node:node # files created inside a docker container, like node_modules by pnpm, gain correct permissions by setting the user to `node` - volumes: - - ${PNPM_STORE_DIR}:/srv/.pnpm-store/ #DARGSTACK-REMOVE - - ./certificates/:/srv/certificates/ #DARGSTACK-REMOVE - - ../../../maevsi/:/srv/app/ #DARGSTACK-REMOVE - - ./configurations/postgraphile/jwtRS256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro minio: #DARGSTACK-REMOVE # You can access the s3 console at [minio.localhost](https://minio.localhost/). # You can access the s3 api service at [s3.localhost](https://s3.localhost/) if you want to access via cli from outside the stack. @@ -293,7 +240,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.middlewares.postgraphile_auth.plugin.body-forward-auth.AuthUrl=http://maevsi:3000/api/auth-proxy + - traefik.http.middlewares.postgraphile_auth.plugin.body-forward-auth.AuthUrl=http://vibetype:3000/api/auth-proxy - traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowHeaders=authorization,baggage,content-type,sentry-trace,x-turnstile-key - traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowOriginList=* - traefik.http.routers.postgraphile.middlewares=redirectscheme #DARGSTACK-REMOVE @@ -319,7 +266,7 @@ services: - ../production/configurations/postgraphile/.postgraphilerc.js:/postgraphile/.postgraphilerc.js:ro postgres: # You can access the database via `adminer`. - command: -c maevsi.jwt_expiry_duration='1 month' -c wal_level=logical + command: -c vibetype.jwt_expiry_duration='1 month' -c wal_level=logical environment: POSTGRES_ADDITIONAL_DBS: grafana POSTGRES_DB_FILE: /run/secrets/postgres_db @@ -401,10 +348,10 @@ services: # You cannot access the database migrations directly. image: maevsi/sqitch:dev secrets: - - postgres_role_maevsi-postgraphile_password - - postgres_role_maevsi-postgraphile_username - - postgres_role_maevsi_password - - postgres_role_maevsi_username + - postgres_role_postgraphile_password + - postgres_role_postgraphile_username + - postgres_role_vibetype_password + - postgres_role_vibetype_username - sqitch_target volumes: - ../../../sqitch/:/srv/app/ @@ -453,7 +400,7 @@ services: - ./configurations/traefik/dynamic.yml:/dynamic.yml:ro #DARGSTACK-REMOVE tusd: # You can access the upload service at [tusd.localhost](https://tusd.localhost/). - command: -behind-proxy --hooks-enabled-events pre-create,pre-finish,post-terminate --hooks-http http://maevsi:3000/api/tusd -max-size ${TUSD_MAX_SIZE} -s3-bucket ${TUSD_BUCKET} -s3-endpoint ${TUSD_ENDPOINT} + command: -behind-proxy --hooks-enabled-events pre-create,pre-finish,post-terminate --hooks-http http://vibetype:3000/api/tusd -max-size ${TUSD_MAX_SIZE} -s3-bucket ${TUSD_BUCKET} -s3-endpoint ${TUSD_ENDPOINT} deploy: labels: - traefik.enable=true @@ -470,6 +417,59 @@ services: secrets: - source: tusd_aws target: /home/tusd/.aws/credentials + vibetype: + # You can access the main project's frontend at [localhost](https://localhost/). + deploy: + labels: + - traefik.enable=true + - traefik.http.middlewares.vibetype_cors.headers.accessControlAllowHeaders=authorization,hook-name + - traefik.http.middlewares.vibetype_cors.headers.accessControlAllowMethods=GET,POST,PUT,DELETE + - traefik.http.middlewares.vibetype_cors.headers.accessControlAllowOriginList=https://localhost:3000 + - traefik.http.middlewares.vibetype_redirectregex.redirectregex.regex=^https?:\/\/www\.${STACK_DOMAIN}\/(.*) + - traefik.http.middlewares.vibetype_redirectregex.redirectregex.replacement=https://${STACK_DOMAIN}/$${2} + - traefik.http.routers.vibetype.entryPoints=web + - traefik.http.routers.vibetype.middlewares=redirectscheme #DARGSTACK-REMOVE + - traefik.http.routers.vibetype.rule=Host(`${STACK_DOMAIN}`) || Host(`www.${STACK_DOMAIN}`) + - traefik.http.routers.vibetype.service=vibetype #DARGSTACK-REMOVE + - traefik.http.routers.vibetype_secure.entryPoints=web-secure + - traefik.http.routers.vibetype_secure.middlewares=vibetype_cors,vibetype_redirectregex + - traefik.http.routers.vibetype_secure.rule=Host(`${STACK_DOMAIN}`) || Host(`www.${STACK_DOMAIN}`) + - traefik.http.routers.vibetype_secure.tls.options=mintls13@file #DARGSTACK-REMOVE + - traefik.http.routers.vibetype_secure.service=vibetype #DARGSTACK-REMOVE + - traefik.http.services.vibetype.loadbalancer.server.port=3000 + environment: + AWS_REGION: ${VIBETYPE_AWS_REGION} + CONSOLA_LEVEL: 4 # debug #DARGSTACK-REMOVE + NUXT_PUBLIC_GTAG_ID: ${VIBETYPE_NUXT_PUBLIC_GTAG_ID} + NUXT_PUBLIC_I18N_BASE_URL: https://${STACK_DOMAIN} + NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H: ${VIBETYPE_NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H} + NUXT_PUBLIC_SITE_URL: https://${STACK_DOMAIN} + NUXT_PUBLIC_TURNSTILE_SITE_KEY: ${VIBETYPE_NUXT_PUBLIC_TURNSTILE_SITE_KEY} + PGHOST: ${VIBETYPE_PGHOST} + image: maevsi/vibetype:dev + secrets: + - source: vibetype_api-notification-secret + target: /run/environment-variables/NUXT_PRIVATE_API_NOTIFICATION_SECRET + - source: vibetype_aws-credentials + target: /home/node/.aws/credentials # TODO: switch to user `node` + - source: vibetype_firebase-service-account-credentials + target: /run/environment-variables/FIREBASE_SERVICE_ACCOUNT_CREDENTIALS + - source: vibetype_openai-api-key + target: /run/environment-variables/NUXT_PRIVATE_OPENAI_API_KEY + - source: vibetype_turnstile-key + target: /run/environment-variables/NUXT_TURNSTILE_SECRET_KEY + - source: postgres_db + target: /run/environment-variables/PGDATABASE + - source: postgres_role_vibetype_password + target: /run/environment-variables/PGPASSWORD + - source: postgres_role_vibetype_username + target: /run/environment-variables/PGUSER + user: node:node # files created inside a docker container, like node_modules by pnpm, gain correct permissions by setting the user to `node` + volumes: + - ${PNPM_STORE_DIR}:/srv/.pnpm-store/ #DARGSTACK-REMOVE + - ./certificates/:/srv/certificates/ #DARGSTACK-REMOVE + - ../../../vibetype/:/srv/app/ #DARGSTACK-REMOVE + - ./configurations/postgraphile/jwtRS256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro version: "3.7" volumes: grafana_data: diff --git a/src/production/configurations/debezium-postgres-connector/entrypoint.sh b/src/production/configurations/debezium-postgres-connector/entrypoint.sh index d48d40d8..f79af59c 100755 --- a/src/production/configurations/debezium-postgres-connector/entrypoint.sh +++ b/src/production/configurations/debezium-postgres-connector/entrypoint.sh @@ -37,7 +37,7 @@ elif [ "$HTTP_STATUS" -eq 404 ]; then "database.server.name": "postgres", "database.user": "'"$POSTGRES_USER"'", "plugin.name": "pgoutput", - "topic.prefix" : "maevsi" + "topic.prefix" : "vibetype" } }' diff --git a/src/production/configurations/grafana/dashboards/postgres.json b/src/production/configurations/grafana/dashboards/postgres.json index 1ac4b499..088d83e9 100644 --- a/src/production/configurations/grafana/dashboards/postgres.json +++ b/src/production/configurations/grafana/dashboards/postgres.json @@ -79,7 +79,7 @@ "editorMode": "code", "format": "table", "rawQuery": true, - "rawSql": "SELECT\n COUNT(DISTINCT id)\nFROM\n maevsi_private.account\nWHERE\n last_activity >= NOW() - INTERVAL '30 days';\n", + "rawSql": "SELECT\n COUNT(DISTINCT id)\nFROM\n vibetype_private.account\nWHERE\n last_activity >= NOW() - INTERVAL '30 days';\n", "refId": "A", "sql": { "columns": [ @@ -187,7 +187,7 @@ "editorMode": "code", "format": "table", "rawQuery": true, - "rawSql": "SELECT \r\n DATE_TRUNC('month', last_activity) AS month,\r\n COUNT(*) AS \"Active user count\"\r\nFROM \r\n maevsi_private.account\r\nGROUP BY \r\n DATE_TRUNC('month', last_activity)\r\nORDER BY \r\n month;\r\n", + "rawSql": "SELECT \r\n DATE_TRUNC('month', last_activity) AS month,\r\n COUNT(*) AS \"Active user count\"\r\nFROM \r\n vibetype_private.account\r\nGROUP BY \r\n DATE_TRUNC('month', last_activity)\r\nORDER BY \r\n month;\r\n", "refId": "A", "sql": { "columns": [ @@ -298,7 +298,7 @@ "editorMode": "code", "format": "table", "rawQuery": true, - "rawSql": "SELECT created_at as time, row_number() OVER (ORDER BY created_at) FROM maevsi_private.account", + "rawSql": "SELECT created_at as time, row_number() OVER (ORDER BY created_at) FROM vibetype_private.account", "refId": "A", "sql": { "columns": [ @@ -381,7 +381,7 @@ "editorMode": "code", "format": "table", "rawQuery": true, - "rawSql": "SELECT\n COUNT(*)\nFROM\n maevsi_private.account;\n", + "rawSql": "SELECT\n COUNT(*)\nFROM\n vibetype_private.account;\n", "refId": "A", "sql": { "columns": [ diff --git a/src/production/configurations/grafana/provisioning/datasources/postgres.yaml b/src/production/configurations/grafana/provisioning/datasources/postgres.yaml index e9aea103..20f44a18 100644 --- a/src/production/configurations/grafana/provisioning/datasources/postgres.yaml +++ b/src/production/configurations/grafana/provisioning/datasources/postgres.yaml @@ -3,7 +3,7 @@ apiVersion: 1 datasources: - access: proxy jsonData: - database: maevsi + database: vibetype postgresVersion: 1500 sslmode: 'disable' name: PostgreSQL diff --git a/src/production/configurations/postgraphile/.postgraphilerc.js b/src/production/configurations/postgraphile/.postgraphilerc.js index 0839b08f..b24a8b17 100644 --- a/src/production/configurations/postgraphile/.postgraphilerc.js +++ b/src/production/configurations/postgraphile/.postgraphilerc.js @@ -6,7 +6,7 @@ module.exports = { options: { appendPlugins: [postgisPlugin.default || postgisPlugin], connection: fs.readFileSync(process.env.POSTGRAPHILE_CONNECTION_FILE, 'utf8'), - defaultRole: 'maevsi_anonymous', + defaultRole: 'vibetype_anonymous', dynamicJson: true, enhanceGraphiql: true, extendedErrors: ['errcode'], @@ -15,10 +15,10 @@ module.exports = { jwtPublicKey: fs.readFileSync(process.env.POSTGRAPHILE_JWT_PUBLIC_KEY_FILE, 'utf8'), jwtSecret: fs.readFileSync(process.env.POSTGRAPHILE_JWT_SECRET_KEY_FILE, 'utf8'), jwtSignOptions: { algorithm: 'RS256' }, - jwtTokenIdentifier: 'maevsi.jwt', + jwtTokenIdentifier: 'vibetype.jwt', jwtVerifyAlgorithms: ['RS256'], ownerConnection: fs.readFileSync(process.env.POSTGRAPHILE_OWNER_CONNECTION_FILE, 'utf8'), - schema: ['maevsi'], + schema: ['vibetype'], setofFunctionsContainNulls: false, watch: true }, diff --git a/src/production/production.yml b/src/production/production.yml index 40ad0b48..8f8f3edd 100644 --- a/src/production/production.yml +++ b/src/production/production.yml @@ -45,56 +45,6 @@ services: volumes: - (( append )) - ./configurations/jobber/sinks:/srv/sinks:ro - maevsi: - deploy: - labels: - - (( append )) - - traefik.http.routers.maevsi.middlewares=maevsi_cors,maevsi_redirectregex - - traefik.http.routers.maevsi_secure.tls.certresolver=default - image: ghcr.io/maevsi/vibetype:8.5.0 - user: (( prune )) - maevsi_beta: - # You can access the main project frontend's beta version at [beta.localhost](https://beta.localhost/). - deploy: - labels: - - traefik.enable=true - - traefik.http.routers.maevsi_beta.entryPoints=web - - traefik.http.routers.maevsi_beta.middlewares=maevsi_cors,maevsi_redirectregex - - traefik.http.routers.maevsi_beta.rule=Host(`beta.${STACK_DOMAIN}`) - - traefik.http.routers.maevsi_beta_secure.entryPoints=web-secure - - traefik.http.routers.maevsi_beta_secure.middlewares=maevsi_cors,maevsi_redirectregex - - traefik.http.routers.maevsi_beta_secure.rule=Host(`beta.${STACK_DOMAIN}`) - - traefik.http.services.maevsi_beta.loadbalancer.server.port=3000 - - traefik.http.routers.maevsi_beta_secure.tls.certresolver=default - environment: - AWS_REGION: ${MAEVSI_AWS_REGION} - NUXT_PUBLIC_GTAG_ID: ${MAEVSI_NUXT_PUBLIC_GTAG_ID} - NUXT_PUBLIC_I18N_BASE_URL: https://${STACK_DOMAIN} - NUXT_PUBLIC_MAEVSI_EMAIL_LIMIT24H: ${MAEVSI_NUXT_PUBLIC_MAEVSI_EMAIL_LIMIT24H} - NUXT_PUBLIC_SITE_URL: https://${STACK_DOMAIN} - NUXT_PUBLIC_TURNSTILE_SITE_KEY: ${MAEVSI_NUXT_PUBLIC_TURNSTILE_SITE_KEY} - NUXT_PUBLIC_VIO_ENVIRONMENT: beta - PGHOST: ${MAEVSI_PGHOST} - image: ghcr.io/maevsi/vibetype:8.5.0 - secrets: - - source: maevsi_api-notification-secret - target: /run/environment-variables/NUXT_PRIVATE_API_NOTIFICATION_SECRET - - source: maevsi_aws-credentials - target: /home/node/.aws/credentials # TODO: switch to user `node` - - source: maevsi_firebase-service-account-credentials - target: /run/environment-variables/FIREBASE_SERVICE_ACCOUNT_CREDENTIALS - - source: maevsi_openai-api-key - target: /run/environment-variables/NUXT_PRIVATE_OPENAI_API_KEY - - source: maevsi_turnstile-key - target: /run/environment-variables/NUXT_TURNSTILE_SECRET_KEY - - source: postgres_db - target: /run/environment-variables/PGDATABASE - - source: postgres_role_maevsi_password - target: /run/environment-variables/PGPASSWORD - - source: postgres_role_maevsi_username - target: /run/environment-variables/PGUSER - volumes: - - ./configurations/postgraphile/jwtRS256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro # minio: (( prune )) # breaks renovate portainer: deploy: @@ -131,7 +81,7 @@ services: image: ghcr.io/maevsi/reccoom:0.1.0 volumes: (( prune )) sqitch: - image: ghcr.io/maevsi/sqitch:5.0.2 + image: ghcr.io/maevsi/sqitch:6.0.0 volumes: (( prune )) traefik: command: @@ -171,6 +121,56 @@ services: - (( append )) - traefik.http.routers.tusd.middlewares=tusd_cors - traefik.http.routers.tusd_secure.tls.certresolver=default + vibetype: + deploy: + labels: + - (( append )) + - traefik.http.routers.vibetype.middlewares=vibetype_cors,vibetype_redirectregex + - traefik.http.routers.vibetype_secure.tls.certresolver=default + image: ghcr.io/maevsi/vibetype:9.0.0 + user: (( prune )) + vibetype_beta: + # You can access the main project frontend's beta version at [beta.localhost](https://beta.localhost/). + deploy: + labels: + - traefik.enable=true + - traefik.http.routers.vibetype_beta.entryPoints=web + - traefik.http.routers.vibetype_beta.middlewares=vibetype_cors,vibetype_redirectregex + - traefik.http.routers.vibetype_beta.rule=Host(`beta.${STACK_DOMAIN}`) + - traefik.http.routers.vibetype_beta_secure.entryPoints=web-secure + - traefik.http.routers.vibetype_beta_secure.middlewares=vibetype_cors,vibetype_redirectregex + - traefik.http.routers.vibetype_beta_secure.rule=Host(`beta.${STACK_DOMAIN}`) + - traefik.http.services.vibetype_beta.loadbalancer.server.port=3000 + - traefik.http.routers.vibetype_beta_secure.tls.certresolver=default + environment: + AWS_REGION: ${VIBETYPE_AWS_REGION} + NUXT_PUBLIC_GTAG_ID: ${VIBETYPE_NUXT_PUBLIC_GTAG_ID} + NUXT_PUBLIC_I18N_BASE_URL: https://${STACK_DOMAIN} + NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H: ${VIBETYPE_NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H} + NUXT_PUBLIC_SITE_URL: https://${STACK_DOMAIN} + NUXT_PUBLIC_TURNSTILE_SITE_KEY: ${VIBETYPE_NUXT_PUBLIC_TURNSTILE_SITE_KEY} + NUXT_PUBLIC_VIO_ENVIRONMENT: beta + PGHOST: ${VIBETYPE_PGHOST} + image: ghcr.io/maevsi/vibetype:9.0.0 + secrets: + - source: vibetype_api-notification-secret + target: /run/environment-variables/NUXT_PRIVATE_API_NOTIFICATION_SECRET + - source: vibetype_aws-credentials + target: /home/node/.aws/credentials # TODO: switch to user `node` + - source: vibetype_firebase-service-account-credentials + target: /run/environment-variables/FIREBASE_SERVICE_ACCOUNT_CREDENTIALS + - source: vibetype_openai-api-key + target: /run/environment-variables/NUXT_PRIVATE_OPENAI_API_KEY + - source: vibetype_turnstile-key + target: /run/environment-variables/NUXT_TURNSTILE_SECRET_KEY + - source: postgres_db + target: /run/environment-variables/PGDATABASE + - source: postgres_role_vibetype_password + target: /run/environment-variables/PGPASSWORD + - source: postgres_role_vibetype_username + target: /run/environment-variables/PGUSER + volumes: + - ./configurations/postgraphile/jwtRS256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro version: "3.7" volumes: acme_data: diff --git a/src/production/secrets/maevsi/firebase-service-account-credentials.secret.template b/src/production/secrets/vibetype/firebase-service-account-credentials.secret.template similarity index 68% rename from src/production/secrets/maevsi/firebase-service-account-credentials.secret.template rename to src/production/secrets/vibetype/firebase-service-account-credentials.secret.template index 49cf7a7b..a1342c44 100644 --- a/src/production/secrets/maevsi/firebase-service-account-credentials.secret.template +++ b/src/production/secrets/vibetype/firebase-service-account-credentials.secret.template @@ -1,13 +1,13 @@ { "type": "service_account", - "project_id": "maevsi-3f373", + "project_id": "vibetype-3f373", "private_key_id": "", "private_key": "", - "client_email": "firebase-adminsdk-fbsvc@maevsi-3f373.iam.gserviceaccount.com", + "client_email": "firebase-adminsdk-fbsvc@vibetype-3f373.iam.gserviceaccount.com", "client_id": "", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-fbsvc%40maevsi-3f373.iam.gserviceaccount.com", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-fbsvc%40vibetype-3f373.iam.gserviceaccount.com", "universe_domain": "googleapis.com" } diff --git a/src/production/secrets/maevsi/openai-api-key.secret.template b/src/production/secrets/vibetype/openai-api-key.secret.template similarity index 100% rename from src/production/secrets/maevsi/openai-api-key.secret.template rename to src/production/secrets/vibetype/openai-api-key.secret.template