diff --git a/README.md b/README.md index a0d45835..8aa15acf 100644 --- a/README.md +++ b/README.md @@ -74,27 +74,27 @@ This project is deployed in accordance to the [DargStack template](https://githu The database's password. - - ### `postgres_role_grafana_password` + - ### `postgres_role_service_grafana_password` The password of the observation dashboard's database role. - - ### `postgres_role_grafana_username` + - ### `postgres_role_service_grafana_username` The username of the observation dashboard's database role. - - ### `postgres_role_postgraphile_password` + - ### `postgres_role_service_postgraphile_password` The password of the GraphQL API database wrapper's database role. - - ### `postgres_role_postgraphile_username` + - ### `postgres_role_service_postgraphile_username` The username of the GraphQL API database wrapper's database role. - - ### `postgres_role_vibetype_password` + - ### `postgres_role_service_vibetype_password` The `tusd` database role's password. - - ### `postgres_role_vibetype_username` + - ### `postgres_role_service_vibetype_username` The `tusd` database role's password. diff --git a/src/development/configurations/grafana/grafana.ini b/src/development/configurations/grafana/grafana.ini index cb3be3f6..2234a8d0 100644 --- a/src/development/configurations/grafana/grafana.ini +++ b/src/development/configurations/grafana/grafana.ini @@ -1,8 +1,8 @@ [database] host = postgres:5432 -password = $__file{/run/secrets/postgres_role_grafana_password} +password = $__file{/run/secrets/postgres_role_service_grafana_password} type = postgres -user = $__file{/run/secrets/postgres_role_grafana_username} +user = $__file{/run/secrets/postgres_role_service_grafana_username} [security] admin_email = admin@localhost diff --git a/src/development/secrets/postgres/role_grafana_password.secret b/src/development/secrets/postgres/role_service_grafana_password.secret similarity index 100% rename from src/development/secrets/postgres/role_grafana_password.secret rename to src/development/secrets/postgres/role_service_grafana_password.secret diff --git a/src/development/secrets/postgres/role_grafana_password.secret.template b/src/development/secrets/postgres/role_service_grafana_password.secret.template similarity index 100% rename from src/development/secrets/postgres/role_grafana_password.secret.template rename to src/development/secrets/postgres/role_service_grafana_password.secret.template diff --git a/src/development/secrets/postgres/role_grafana_username.secret b/src/development/secrets/postgres/role_service_grafana_username.secret similarity index 100% rename from src/development/secrets/postgres/role_grafana_username.secret rename to src/development/secrets/postgres/role_service_grafana_username.secret diff --git a/src/development/secrets/postgres/role_grafana_username.secret.template b/src/development/secrets/postgres/role_service_grafana_username.secret.template similarity index 100% rename from src/development/secrets/postgres/role_grafana_username.secret.template rename to src/development/secrets/postgres/role_service_grafana_username.secret.template diff --git a/src/development/secrets/postgres/role_postgraphile_password.secret b/src/development/secrets/postgres/role_service_postgraphile_password.secret similarity index 100% rename from src/development/secrets/postgres/role_postgraphile_password.secret rename to src/development/secrets/postgres/role_service_postgraphile_password.secret diff --git a/src/development/secrets/postgres/role_postgraphile_password.secret.template b/src/development/secrets/postgres/role_service_postgraphile_password.secret.template similarity index 100% rename from src/development/secrets/postgres/role_postgraphile_password.secret.template rename to src/development/secrets/postgres/role_service_postgraphile_password.secret.template diff --git a/src/development/secrets/postgres/role_postgraphile_username.secret b/src/development/secrets/postgres/role_service_postgraphile_username.secret similarity index 100% rename from src/development/secrets/postgres/role_postgraphile_username.secret rename to src/development/secrets/postgres/role_service_postgraphile_username.secret diff --git a/src/development/secrets/postgres/role_postgraphile_username.secret.template b/src/development/secrets/postgres/role_service_postgraphile_username.secret.template similarity index 100% rename from src/development/secrets/postgres/role_postgraphile_username.secret.template rename to src/development/secrets/postgres/role_service_postgraphile_username.secret.template diff --git a/src/development/secrets/postgres/role_vibetype_password.secret b/src/development/secrets/postgres/role_service_vibetype_password.secret similarity index 100% rename from src/development/secrets/postgres/role_vibetype_password.secret rename to src/development/secrets/postgres/role_service_vibetype_password.secret diff --git a/src/development/secrets/postgres/role_vibetype_password.secret.template b/src/development/secrets/postgres/role_service_vibetype_password.secret.template similarity index 100% rename from src/development/secrets/postgres/role_vibetype_password.secret.template rename to src/development/secrets/postgres/role_service_vibetype_password.secret.template diff --git a/src/development/secrets/postgres/role_vibetype_username.secret b/src/development/secrets/postgres/role_service_vibetype_username.secret similarity index 100% rename from src/development/secrets/postgres/role_vibetype_username.secret rename to src/development/secrets/postgres/role_service_vibetype_username.secret diff --git a/src/development/secrets/postgres/role_vibetype_username.secret.template b/src/development/secrets/postgres/role_service_vibetype_username.secret.template similarity index 100% rename from src/development/secrets/postgres/role_vibetype_username.secret.template rename to src/development/secrets/postgres/role_service_vibetype_username.secret.template diff --git a/src/development/stack.yml b/src/development/stack.yml index a62f67a2..2d172cb2 100644 --- a/src/development/stack.yml +++ b/src/development/stack.yml @@ -34,24 +34,24 @@ secrets: postgres_password: # The database's password. file: ./secrets/postgres/password.secret - postgres_role_grafana_password: + postgres_role_service_grafana_password: # The password of the observation dashboard's database role. - file: ./secrets/postgres/role_grafana_password.secret - postgres_role_grafana_username: + file: ./secrets/postgres/role_service_grafana_password.secret + postgres_role_service_grafana_username: # The username of the observation dashboard's database role. - file: ./secrets/postgres/role_grafana_username.secret - postgres_role_postgraphile_password: + file: ./secrets/postgres/role_service_grafana_username.secret + postgres_role_service_postgraphile_password: # The password of the GraphQL API database wrapper's database role. - file: ./secrets/postgres/role_postgraphile_password.secret - postgres_role_postgraphile_username: + file: ./secrets/postgres/role_service_postgraphile_password.secret + postgres_role_service_postgraphile_username: # The username of the GraphQL API database wrapper's database role. - file: ./secrets/postgres/role_postgraphile_username.secret - postgres_role_vibetype_password: + file: ./secrets/postgres/role_service_postgraphile_username.secret + postgres_role_service_vibetype_password: # The `tusd` database role's password. - file: ./secrets/postgres/role_vibetype_password.secret - postgres_role_vibetype_username: + file: ./secrets/postgres/role_service_vibetype_password.secret + postgres_role_service_vibetype_username: # The `tusd` database role's password. - file: ./secrets/postgres/role_vibetype_username.secret + file: ./secrets/postgres/role_service_vibetype_username.secret postgres_user: # The database's default user. file: ./secrets/postgres/user.secret @@ -146,8 +146,8 @@ services: image: grafana/grafana:11.6.0 secrets: - postgres_db - - postgres_role_grafana_password - - postgres_role_grafana_username + - postgres_role_service_grafana_password + - postgres_role_service_grafana_username volumes: - ./configurations/grafana/grafana.ini:/etc/grafana/grafana.ini:ro - ../production/configurations/grafana/dashboards:/var/lib/grafana/dashboards:ro @@ -273,14 +273,13 @@ services: POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password POSTGRES_USER_FILE: /run/secrets/postgres_user image: postgis/postgis:17-3.5-alpine - # # Expose ports (only) e.g. to generate a database graph image or similar. - # ports: - # - 5432:5432 + ports: #DARGSTACK-REMOVE + - 5432:5432 #DARGSTACK-REMOVE secrets: - postgres_db - postgres_password - - postgres_role_grafana_password - - postgres_role_grafana_username + - postgres_role_service_grafana_password + - postgres_role_service_grafana_username - postgres_user # sysctls: # # Prevent Docker Swarm from killing connections (https://github.com/moby/moby/issues/31208) @@ -288,7 +287,6 @@ services: # - net.ipv4.tcp_keepalive_intvl=30 # - net.ipv4.tcp_keepalive_probes=10 volumes: - - /run/:/run/ # make PGSQL socket available # #DARGSTACK-REMOVE - postgres_data:/var/lib/postgresql/data/ - ../production/configurations/postgres/docker-entrypoint-initdb.d/additional-databases.sh:/docker-entrypoint-initdb.d/additional-databases.sh:ro prometheus: @@ -360,14 +358,13 @@ services: # You cannot access the database migrations directly. image: maevsi/sqitch:dev secrets: - - postgres_role_postgraphile_password - - postgres_role_postgraphile_username - - postgres_role_vibetype_password - - postgres_role_vibetype_username + - postgres_role_service_postgraphile_password + - postgres_role_service_postgraphile_username + - postgres_role_service_vibetype_password + - postgres_role_service_vibetype_username - sqitch_target volumes: - ../../../sqitch/:/srv/app/ - - /run/postgresql/:/run/postgresql/ traefik: # You can access the reverse proxy's dashboard at [traefik.localhost](https://traefik.localhost/). command: @@ -469,9 +466,9 @@ services: target: /run/environment-variables/NUXT_TURNSTILE_SECRET_KEY - source: postgres_db target: /run/environment-variables/PGDATABASE - - source: postgres_role_vibetype_password + - source: postgres_role_service_vibetype_password target: /run/environment-variables/PGPASSWORD - - source: postgres_role_vibetype_username + - source: postgres_role_service_vibetype_username target: /run/environment-variables/PGUSER user: node:node # files created inside a docker container, like node_modules by pnpm, gain correct permissions by setting the user to `node` volumes: diff --git a/src/production/configurations/grafana/grafana.ini b/src/production/configurations/grafana/grafana.ini index 55e70dcf..b2032294 100644 --- a/src/production/configurations/grafana/grafana.ini +++ b/src/production/configurations/grafana/grafana.ini @@ -1,8 +1,8 @@ [database] host = postgres:5432 -password = $__file{/run/secrets/postgres_role_grafana_password} +password = $__file{/run/secrets/postgres_role_service_grafana_password} type = postgres -user = $__file{/run/secrets/postgres_role_grafana_username} +user = $__file{/run/secrets/postgres_role_service_grafana_username} [paths] provisioning = /etc/configurations/provisioning diff --git a/src/production/configurations/grafana/provisioning/datasources/postgres.yaml b/src/production/configurations/grafana/provisioning/datasources/postgres.yaml index 9eef8aee..f39d522b 100644 --- a/src/production/configurations/grafana/provisioning/datasources/postgres.yaml +++ b/src/production/configurations/grafana/provisioning/datasources/postgres.yaml @@ -8,7 +8,7 @@ datasources: sslmode: 'disable' name: PostgreSQL secureJsonData: - password: $__file{/run/secrets/postgres_role_grafana_password} + password: $__file{/run/secrets/postgres_role_service_grafana_password} type: grafana-postgresql-datasource url: postgres:5432 - user: $__file{/run/secrets/postgres_role_grafana_username} + user: $__file{/run/secrets/postgres_role_service_grafana_username} diff --git a/src/production/production.yml b/src/production/production.yml index 6386547e..e6c4c4c1 100644 --- a/src/production/production.yml +++ b/src/production/production.yml @@ -81,7 +81,7 @@ services: image: ghcr.io/maevsi/reccoom:0.1.0 volumes: (( prune )) sqitch: - image: ghcr.io/maevsi/sqitch:6.2.0 + image: ghcr.io/maevsi/sqitch:7.0.0 volumes: (( prune )) traefik: command: @@ -127,7 +127,7 @@ services: - (( append )) - traefik.http.routers.vibetype.middlewares=vibetype_cors,vibetype_redirectregex - traefik.http.routers.vibetype_secure.tls.certresolver=default - image: ghcr.io/maevsi/vibetype:9.11.1 + image: ghcr.io/maevsi/vibetype:10.0.0 user: (( prune )) vibetype_beta: # You can access the main project frontend's beta version at [beta.localhost](https://beta.localhost/). @@ -151,7 +151,7 @@ services: NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H: ${VIBETYPE_NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H} NUXT_PUBLIC_VIO_ENVIRONMENT: beta PGHOST: ${VIBETYPE_PGHOST} - image: ghcr.io/maevsi/vibetype:9.11.1 + image: ghcr.io/maevsi/vibetype:10.0.0 secrets: - source: vibetype_api-notification-secret target: /run/environment-variables/NUXT_PRIVATE_API_NOTIFICATION_SECRET @@ -165,9 +165,9 @@ services: target: /run/environment-variables/NUXT_TURNSTILE_SECRET_KEY - source: postgres_db target: /run/environment-variables/PGDATABASE - - source: postgres_role_vibetype_password + - source: postgres_role_service_vibetype_password target: /run/environment-variables/PGPASSWORD - - source: postgres_role_vibetype_username + - source: postgres_role_service_vibetype_username target: /run/environment-variables/PGUSER volumes: - ./configurations/postgraphile/jwtRS256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro