diff --git a/files/stacks/docker-compose.ops.yml b/files/stacks/docker-compose.ops.yml index 069e473..7beb4be 100644 --- a/files/stacks/docker-compose.ops.yml +++ b/files/stacks/docker-compose.ops.yml @@ -16,10 +16,10 @@ services: - --entrypoints.web.http.redirections.entrypoint.scheme=https - --certificatesresolvers.cloudflare.acme.dnschallenge=true - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare - - --certificatesresolvers.cloudflare.acme.email=$${ACME_EMAIL} + - --certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL} - --certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json environment: - - CF_DNS_API_TOKEN=$${CF_DNS_API_TOKEN} + - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - traefik-certs:/letsencrypt @@ -44,9 +44,9 @@ services: environment: - USER_UID=1000 - USER_GID=1000 - - FORGEJO__server__DOMAIN=source.$${DOMAIN} - - FORGEJO__server__ROOT_URL=https://source.$${DOMAIN} - - FORGEJO__server__SSH_DOMAIN=source.$${DOMAIN} + - FORGEJO__server__DOMAIN=source.${DOMAIN} + - FORGEJO__server__ROOT_URL=https://source.${DOMAIN} + - FORGEJO__server__SSH_DOMAIN=source.${DOMAIN} - FORGEJO__server__SSH_PORT=22 - FORGEJO__server__SSH_LISTEN_PORT=2222 - FORGEJO__database__DB_TYPE=sqlite3 @@ -61,7 +61,7 @@ services: - "2222:2222" labels: - traefik.enable=true - - traefik.http.routers.forgejo.rule=Host(`source.$${DOMAIN}`) + - traefik.http.routers.forgejo.rule=Host(`source.${DOMAIN}`) - traefik.http.routers.forgejo.tls=true - traefik.http.routers.forgejo.tls.certresolver=cloudflare - traefik.http.services.forgejo.loadbalancer.server.port=3000 @@ -72,21 +72,21 @@ services: image: woodpeckerci/woodpecker-server:v3 restart: unless-stopped environment: - - WOODPECKER_HOST=https://ci.$${DOMAIN} + - WOODPECKER_HOST=https://ci.${DOMAIN} - WOODPECKER_FORGEJO=true - - WOODPECKER_FORGEJO_URL=https://source.$${DOMAIN} + - WOODPECKER_FORGEJO_URL=https://source.${DOMAIN} - WOODPECKER_OPEN=true - - WOODPECKER_FORGEJO_CLIENT=$${WOODPECKER_FORGEJO_CLIENT} - - WOODPECKER_FORGEJO_SECRET=$${WOODPECKER_FORGEJO_SECRET} - - WOODPECKER_AGENT_SECRET=$${WOODPECKER_AGENT_SECRET} - - WOODPECKER_ADMIN=$${WOODPECKER_ADMIN} + - WOODPECKER_FORGEJO_CLIENT=${WOODPECKER_FORGEJO_CLIENT} + - WOODPECKER_FORGEJO_SECRET=${WOODPECKER_FORGEJO_SECRET} + - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} + - WOODPECKER_ADMIN=${WOODPECKER_ADMIN} volumes: - woodpecker-data:/var/lib/woodpecker depends_on: - forgejo labels: - traefik.enable=true - - traefik.http.routers.woodpecker.rule=Host(`ci.$${DOMAIN}`) + - traefik.http.routers.woodpecker.rule=Host(`ci.${DOMAIN}`) - traefik.http.routers.woodpecker.tls=true - traefik.http.routers.woodpecker.tls.certresolver=cloudflare - traefik.http.services.woodpecker.loadbalancer.server.port=8000 @@ -98,7 +98,7 @@ services: restart: unless-stopped environment: - WOODPECKER_SERVER=woodpecker:9000 - - WOODPECKER_AGENT_SECRET=$${WOODPECKER_AGENT_SECRET} + - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} - WOODPECKER_BACKEND_DOCKER_NETWORK=writekit_ops - WOODPECKER_BACKEND_DOCKER_VOLUMES=/opt/writekit/.ssh:/mnt/ssh:ro - DOCKER_HOST=unix:///var/run/docker.sock diff --git a/files/stacks/docker-compose.prod.yml b/files/stacks/docker-compose.prod.yml index 1808540..49dd2d9 100644 --- a/files/stacks/docker-compose.prod.yml +++ b/files/stacks/docker-compose.prod.yml @@ -16,10 +16,10 @@ services: - --entrypoints.web.http.redirections.entrypoint.scheme=https - --certificatesresolvers.cloudflare.acme.dnschallenge=true - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare - - --certificatesresolvers.cloudflare.acme.email=$${ACME_EMAIL} + - --certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL} - --certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json environment: - - CF_DNS_API_TOKEN=$${CF_DNS_API_TOKEN} + - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - traefik-certs:/letsencrypt @@ -41,7 +41,7 @@ services: environment: - POSTGRES_DB=writekit - POSTGRES_USER=writekit - - POSTGRES_PASSWORD=$${PG_PASSWORD} + - POSTGRES_PASSWORD=${PG_PASSWORD} healthcheck: test: ["CMD-SHELL", "pg_isready -U writekit"] interval: 5s @@ -55,19 +55,19 @@ services: restart: unless-stopped environment: - OAUTH2_PROXY_PROVIDER=github - - OAUTH2_PROXY_CLIENT_ID=$${GITHUB_CLIENT_ID_STAGING} - - OAUTH2_PROXY_CLIENT_SECRET=$${GITHUB_CLIENT_SECRET_STAGING} - - OAUTH2_PROXY_COOKIE_SECRET=$${OAUTH2_PROXY_COOKIE_SECRET} - - OAUTH2_PROXY_COOKIE_DOMAINS=.$${DOMAIN} + - OAUTH2_PROXY_CLIENT_ID=${GITHUB_CLIENT_ID_STAGING} + - OAUTH2_PROXY_CLIENT_SECRET=${GITHUB_CLIENT_SECRET_STAGING} + - OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_COOKIE_SECRET} + - OAUTH2_PROXY_COOKIE_DOMAINS=.${DOMAIN} - OAUTH2_PROXY_EMAIL_DOMAINS=* - - OAUTH2_PROXY_GITHUB_USERS=$${OAUTH2_PROXY_ALLOWED_USERS} + - OAUTH2_PROXY_GITHUB_USERS=${OAUTH2_PROXY_ALLOWED_USERS} - OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 - OAUTH2_PROXY_REVERSE_PROXY=true - OAUTH2_PROXY_SET_XAUTHREQUEST=true - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true labels: - traefik.enable=true - - traefik.http.routers.oauth2-proxy.rule=Host(`auth.staging.$${DOMAIN}`) + - traefik.http.routers.oauth2-proxy.rule=Host(`auth.staging.${DOMAIN}`) - traefik.http.routers.oauth2-proxy.tls=true - traefik.http.routers.oauth2-proxy.tls.certresolver=cloudflare - traefik.http.services.oauth2-proxy.loadbalancer.server.port=4180 @@ -78,46 +78,46 @@ services: - prod writekit-prod: - image: $${REGISTRY_URL}/writekit:main + image: ${REGISTRY_URL}/writekit:main restart: unless-stopped environment: - ENV=prod - - DOMAIN=$${DOMAIN} - - BASE_URL=https://$${DOMAIN} - - DATABASE_URL=postgres://writekit:$${PG_PASSWORD}@postgres:5432/writekit?sslmode=disable + - DOMAIN=${DOMAIN} + - BASE_URL=https://${DOMAIN} + - DATABASE_URL=postgres://writekit:${PG_PASSWORD}@postgres:5432/writekit?sslmode=disable - DATA_DIR=/data - - R2_ACCOUNT_ID=$${R2_ACCOUNT_ID} - - R2_ACCESS_KEY_ID=$${R2_ACCESS_KEY_ID} - - R2_SECRET_ACCESS_KEY=$${R2_SECRET_ACCESS_KEY} - - R2_BUCKET=$${R2_BUCKET} - - R2_PUBLIC_URL=$${R2_PUBLIC_URL} - - GITHUB_CLIENT_ID=$${GITHUB_CLIENT_ID} - - GITHUB_CLIENT_SECRET=$${GITHUB_CLIENT_SECRET} - - GOOGLE_CLIENT_ID=$${GOOGLE_CLIENT_ID} - - GOOGLE_CLIENT_SECRET=$${GOOGLE_CLIENT_SECRET} - - DISCORD_CLIENT_ID=$${DISCORD_CLIENT_ID} - - DISCORD_CLIENT_SECRET=$${DISCORD_CLIENT_SECRET} - - SESSION_SECRET=$${SESSION_SECRET} - - LEMON_API_KEY=$${LEMON_API_KEY} - - LEMON_STORE_ID=$${LEMON_STORE_ID} - - LEMON_WEBHOOK_SECRET=$${LEMON_WEBHOOK_SECRET} - - WISE_API_KEY=$${WISE_API_KEY} - - WISE_PROFILE_ID=$${WISE_PROFILE_ID} + - R2_ACCOUNT_ID=${R2_ACCOUNT_ID} + - R2_ACCESS_KEY_ID=${R2_ACCESS_KEY_ID} + - R2_SECRET_ACCESS_KEY=${R2_SECRET_ACCESS_KEY} + - R2_BUCKET=${R2_BUCKET} + - R2_PUBLIC_URL=${R2_PUBLIC_URL} + - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID} + - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET} + - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID} + - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET} + - DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID} + - DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET} + - SESSION_SECRET=${SESSION_SECRET} + - LEMON_API_KEY=${LEMON_API_KEY} + - LEMON_STORE_ID=${LEMON_STORE_ID} + - LEMON_WEBHOOK_SECRET=${LEMON_WEBHOOK_SECRET} + - WISE_API_KEY=${WISE_API_KEY} + - WISE_PROFILE_ID=${WISE_PROFILE_ID} - IMAGINARY_URL=http://imaginary:9000 volumes: - tenants-prod:/data labels: - traefik.enable=true - - traefik.http.routers.writekit-prod-platform.rule=Host(`$${DOMAIN}`) + - traefik.http.routers.writekit-prod-platform.rule=Host(`${DOMAIN}`) - traefik.http.routers.writekit-prod-platform.tls=true - traefik.http.routers.writekit-prod-platform.tls.certresolver=cloudflare - traefik.http.routers.writekit-prod-platform.service=writekit-prod - - traefik.http.routers.writekit-prod-blogs.rule=HostRegexp(`^(?!staging\.).+\.$${DOMAIN}$$`) + - traefik.http.routers.writekit-prod-blogs.rule=HostRegexp(`^(?!staging\.).+\.${DOMAIN}$$`) - traefik.http.routers.writekit-prod-blogs.priority=10 - traefik.http.routers.writekit-prod-blogs.tls=true - traefik.http.routers.writekit-prod-blogs.tls.certresolver=cloudflare - - traefik.http.routers.writekit-prod-blogs.tls.domains[0].main=$${DOMAIN} - - traefik.http.routers.writekit-prod-blogs.tls.domains[0].sans=*.$${DOMAIN} + - traefik.http.routers.writekit-prod-blogs.tls.domains[0].main=${DOMAIN} + - traefik.http.routers.writekit-prod-blogs.tls.domains[0].sans=*.${DOMAIN} - traefik.http.routers.writekit-prod-blogs.service=writekit-prod - traefik.http.services.writekit-prod.loadbalancer.server.port=8080 depends_on: @@ -127,47 +127,47 @@ services: - prod writekit-staging: - image: $${REGISTRY_URL}/writekit:dev + image: ${REGISTRY_URL}/writekit:dev restart: unless-stopped environment: - ENV=staging - - DOMAIN=staging.$${DOMAIN} - - BASE_URL=https://staging.$${DOMAIN} - - DATABASE_URL=postgres://writekit:$${PG_PASSWORD}@postgres:5432/writekit_staging?sslmode=disable + - DOMAIN=staging.${DOMAIN} + - BASE_URL=https://staging.${DOMAIN} + - DATABASE_URL=postgres://writekit:${PG_PASSWORD}@postgres:5432/writekit_staging?sslmode=disable - DATA_DIR=/data - - R2_ACCOUNT_ID=$${R2_ACCOUNT_ID} - - R2_ACCESS_KEY_ID=$${R2_ACCESS_KEY_ID} - - R2_SECRET_ACCESS_KEY=$${R2_SECRET_ACCESS_KEY} - - R2_BUCKET=$${R2_BUCKET} - - R2_PUBLIC_URL=$${R2_PUBLIC_URL} - - GITHUB_CLIENT_ID=$${GITHUB_CLIENT_ID_STAGING} - - GITHUB_CLIENT_SECRET=$${GITHUB_CLIENT_SECRET_STAGING} - - GOOGLE_CLIENT_ID=$${GOOGLE_CLIENT_ID} - - GOOGLE_CLIENT_SECRET=$${GOOGLE_CLIENT_SECRET} - - DISCORD_CLIENT_ID=$${DISCORD_CLIENT_ID} - - DISCORD_CLIENT_SECRET=$${DISCORD_CLIENT_SECRET} - - SESSION_SECRET=$${SESSION_SECRET_STAGING} - - LEMON_API_KEY=$${LEMON_API_KEY_STAGING} - - LEMON_STORE_ID=$${LEMON_STORE_ID} - - LEMON_WEBHOOK_SECRET=$${LEMON_WEBHOOK_SECRET_STAGING} - - WISE_API_KEY=$${WISE_API_KEY_STAGING} - - WISE_PROFILE_ID=$${WISE_PROFILE_ID_STAGING} + - R2_ACCOUNT_ID=${R2_ACCOUNT_ID} + - R2_ACCESS_KEY_ID=${R2_ACCESS_KEY_ID} + - R2_SECRET_ACCESS_KEY=${R2_SECRET_ACCESS_KEY} + - R2_BUCKET=${R2_BUCKET} + - R2_PUBLIC_URL=${R2_PUBLIC_URL} + - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID_STAGING} + - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET_STAGING} + - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID} + - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET} + - DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID} + - DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET} + - SESSION_SECRET=${SESSION_SECRET_STAGING} + - LEMON_API_KEY=${LEMON_API_KEY_STAGING} + - LEMON_STORE_ID=${LEMON_STORE_ID} + - LEMON_WEBHOOK_SECRET=${LEMON_WEBHOOK_SECRET_STAGING} + - WISE_API_KEY=${WISE_API_KEY_STAGING} + - WISE_PROFILE_ID=${WISE_PROFILE_ID_STAGING} - IMAGINARY_URL=http://imaginary:9000 volumes: - tenants-staging:/data labels: - traefik.enable=true - - traefik.http.routers.writekit-staging-platform.rule=Host(`staging.$${DOMAIN}`) + - traefik.http.routers.writekit-staging-platform.rule=Host(`staging.${DOMAIN}`) - traefik.http.routers.writekit-staging-platform.tls=true - traefik.http.routers.writekit-staging-platform.tls.certresolver=cloudflare - traefik.http.routers.writekit-staging-platform.middlewares=staging-auth - traefik.http.routers.writekit-staging-platform.service=writekit-staging - - traefik.http.routers.writekit-staging-blogs.rule=HostRegexp(`^.+\.staging\.$${DOMAIN}$$`) + - traefik.http.routers.writekit-staging-blogs.rule=HostRegexp(`^.+\.staging\.${DOMAIN}$$`) - traefik.http.routers.writekit-staging-blogs.priority=20 - traefik.http.routers.writekit-staging-blogs.tls=true - traefik.http.routers.writekit-staging-blogs.tls.certresolver=cloudflare - - traefik.http.routers.writekit-staging-blogs.tls.domains[0].main=staging.$${DOMAIN} - - traefik.http.routers.writekit-staging-blogs.tls.domains[0].sans=*.staging.$${DOMAIN} + - traefik.http.routers.writekit-staging-blogs.tls.domains[0].main=staging.${DOMAIN} + - traefik.http.routers.writekit-staging-blogs.tls.domains[0].sans=*.staging.${DOMAIN} - traefik.http.routers.writekit-staging-blogs.middlewares=staging-auth - traefik.http.routers.writekit-staging-blogs.service=writekit-staging - traefik.http.services.writekit-staging.loadbalancer.server.port=8080