-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* refactor: code base dev * fix: stupid output... * feat: add cloudflare for domain name configs * feat: Refactor structure and add ansible playbook for deploying
- Loading branch information
Showing
15 changed files
with
259 additions
and
99 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
name: 'Terraform' | ||
|
||
on: | ||
push: | ||
branches: [ "main" ] | ||
paths: [ "terraform/**"] | ||
pull_request: | ||
paths: [ "terraform/**"] | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
terraform: | ||
name: 'Terraform' | ||
runs-on: ubuntu-latest | ||
|
||
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | ||
defaults: | ||
run: | ||
shell: bash | ||
|
||
steps: | ||
# Checkout the repository to the GitHub Actions runner | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token | ||
- name: Setup Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | ||
|
||
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. | ||
- name: Terraform Init | ||
run: terraform -chdir=terraform init | ||
|
||
# Checks that all Terraform configuration files adhere to a canonical format | ||
- name: Terraform Format | ||
run: terraform -chdir=terraform fmt -check | ||
|
||
# Generates an execution plan for Terraform | ||
- name: Terraform Plan | ||
run: terraform -chdir=terraform plan -no-color | ||
|
||
# On push to "main", build or change infrastructure according to Terraform configuration files | ||
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks | ||
- name: Terraform Apply | ||
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | ||
run: terraform -chdir=terraform apply -auto-approve -no-color |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
output: setup ping deploy | ||
|
||
setup: | ||
terraform -chdir=terraform output -raw ssh_private_keys > .local/ansible.pem | ||
echo -e "[all]\n`terraform -chdir=terraform output -raw public_ip`" > .local/inventory | ||
ssh-keyscan -t rsa,dsa,ecdsa,ed25519 `terraform -chdir=terraform output -raw public_ip` >> ~/.ssh/known_hosts | ||
sudo chmod 600 .local/ansible.pem | ||
ping: | ||
ansible -i .local/inventory all -u root --private-key .local/ansible.pem -m ping | ||
|
||
deploy: | ||
ansible-playbook -i .local/inventory -u root --private-key .local/ansible.pem ansible/playbooks/Profile-set-up.yaml | ||
|
||
connect: | ||
ssh -i .local/ansible.pem root@`terraform -chdir=terraform output -raw public_ip` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,8 @@ | ||
# Profile-deployment | ||
|
||
|
||
### Get ssh key: | ||
`terraform output -raw ssh_private_keys` | ||
### Deploy | ||
`make` | ||
|
||
### Connect through SSH: | ||
`make connect` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
--- | ||
|
||
- hosts: all | ||
name: Setup server | ||
become: true | ||
tasks: | ||
- name: Check If Docker Is Installed | ||
ansible.builtin.command: docker --version | ||
register: docker_valid | ||
ignore_errors: true | ||
changed_when: false | ||
|
||
- name: Install aptitude | ||
ansible.builtin.apt: | ||
name: aptitude | ||
state: present | ||
update_cache: true | ||
|
||
- name: Install packages to allow apt to use a repository over HTTPS | ||
ansible.builtin.apt: | ||
name: | ||
- ca-certificates | ||
- gnupg | ||
- apt-transport-https | ||
state: present | ||
update_cache: true | ||
|
||
- name: Add Docker's official GPG key | ||
ansible.builtin.apt_key: | ||
url: https://download.docker.com/linux/ubuntu/gpg | ||
state: present | ||
when: docker_valid.failed | ||
|
||
- name: Get Ubuntu release version | ||
ansible.builtin.command: lsb_release -cs | ||
register: ubuntu_version | ||
changed_when: false | ||
|
||
- name: Get architecture | ||
ansible.builtin.command: dpkg --print-architecture | ||
register: architecture | ||
changed_when: false | ||
|
||
- name: Add Docker repository | ||
ansible.builtin.apt_repository: | ||
repo: "deb [arch={{ architecture.stdout }}] https://download.docker.com/linux/ubuntu {{ ubuntu_version.stdout }} stable" | ||
state: present | ||
filename: docker | ||
when: docker_valid.failed | ||
|
||
- name: Update apt packages | ||
ansible.builtin.apt: | ||
update_cache: "yes" | ||
force_apt_get: "yes" | ||
|
||
- name: Install Docker engine | ||
ansible.builtin.apt: | ||
name: | ||
- docker-ce | ||
- docker-ce-cli | ||
- containerd.io | ||
state: present | ||
update_cache: true | ||
|
||
- name: Copy .env file | ||
ansible.builtin.copy: | ||
src: ../../profile/.env | ||
dest: .env | ||
remote_src: false | ||
mode: '0755' | ||
|
||
|
||
- name: Copy docker compose file | ||
ansible.builtin.copy: | ||
src: ../../profile/docker-compose-dev.yml | ||
dest: docker-compose-dev.yml | ||
remote_src: false | ||
mode: '0644' | ||
|
||
- name: Run docker compose | ||
ansible.builtin.command: docker compose --env-file .env -f docker-compose-dev.yml up -d | ||
changed_when: true |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
version: "3.8" | ||
|
||
services: | ||
frontend: | ||
image: profileorg/profile-fe-dev | ||
expose: | ||
- 80 | ||
restart: unless-stopped | ||
networks: | ||
- internet | ||
labels: | ||
- "traefik.http.routers.frontend.rule=Host(`${DOMAIN_FRONTEND}`)" | ||
- "traefik.http.routers.frontend.entrypoints=https" | ||
- "traefik.http.routers.frontend.tls=true" | ||
- "traefik.http.routers.frontend.tls.certresolver=letsencrypt" | ||
|
||
reverse-proxy: | ||
image: traefik:v2.10 | ||
# Enables the web UI and tells Traefik to listen to docker | ||
restart: unless-stopped | ||
command: | ||
- "--entrypoints.http.address=:80" | ||
- "--entrypoints.https.address=:443" | ||
- "--api.insecure=true" | ||
- "--providers.docker" | ||
- "--api=true" | ||
- "--certificatesresolvers.letsencrypt.acme.email=${CF_API_EMAIL}" | ||
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" | ||
- "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" | ||
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" | ||
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0" | ||
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53" | ||
environment: | ||
- CF_API_EMAIL=${CF_API_EMAIL} | ||
- CF_API_KEY=${CF_API_KEY} | ||
ports: | ||
# The HTTP port | ||
- "80:80" | ||
- "443:443" | ||
# The Web UI (enabled by --api.insecure=true) | ||
- "8080:8080" | ||
volumes: | ||
# So that Traefik can listen to the Docker events | ||
- /var/run/docker.sock:/var/run/docker.sock:ro | ||
- ./letsencrypt:/letsencrypt | ||
networks: | ||
- internet | ||
|
||
backend: | ||
image: profileorg/profile-be-dev | ||
expose: | ||
- 80 | ||
labels: | ||
- "traefik.http.routers.backend.rule=Host(`${DOMAIN_BACKEND}`)" | ||
- "traefik.http.routers.backend.entrypoints=https" | ||
- "traefik.http.routers.backend.tls=true" | ||
- "traefik.http.routers.backend.tls.certresolver=letsencrypt" | ||
restart: unless-stopped | ||
environment: | ||
- ASPNETCORE_ENVIRONMENT=Development | ||
- PROFILE_DatabaseSettings__ConnectionString=Server=postgres;Port=5432;Database=${PG_DATABASE};User ID=${PG_USERNAME};Password=${PG_PASSWORD}; | ||
- BASE_FRONTEND_URL=https://${DOMAIN_FRONTEND} | ||
networks: | ||
- internet | ||
- no-internet | ||
|
||
postgres: | ||
image: postgres:alpine | ||
restart: unless-stopped | ||
expose: | ||
- 5432 | ||
environment: | ||
- POSTGRES_USER=${PG_USERNAME} | ||
- POSTGRES_PASSWORD=${PG_PASSWORD} | ||
- POSTGRES_DB=${PG_DATABASE} | ||
volumes: | ||
- pg_data:/var/lib/postgresql/data | ||
networks: | ||
- no-internet | ||
|
||
volumes: | ||
pg_data: | ||
|
||
networks: | ||
internet: {} | ||
no-internet: | ||
internal: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
locals { | ||
instance = { | ||
image = "ubuntu-22-04-x64" | ||
name = "ProFileOrg-dev" | ||
region = "sgp1" | ||
size = "s-4vcpu-8gb" | ||
dns_record = { | ||
base = "dev-profileorg" | ||
api = "api-dev-profileorg" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
Oops, something went wrong.