From 9002915a9bd8ca071cdfb54eb0ee3712046f23ea Mon Sep 17 00:00:00 2001
From: colin <colin@noreply@nixc.us>
Date: Sun, 3 Mar 2024 23:21:56 +0000
Subject: [PATCH] Update stack.production.yml

---
 stack.production.yml | 135 ++++++++++++++++++++++++++-----------------
 1 file changed, 82 insertions(+), 53 deletions(-)

diff --git a/stack.production.yml b/stack.production.yml
index 077a398..604c227 100644
--- a/stack.production.yml
+++ b/stack.production.yml
@@ -1,58 +1,87 @@
-version: '3.7'
+version: '3'
+services:
+  database:
+    image: git.nixc.us/colin/hedgedoc:production-database
+    environment:
+      - POSTGRES_USER=hedgedoc
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=hedgedoc
+    volumes:
+      - /mnt/tank/persist/nixc.us/hedgedoc/production/db:/var/lib/postgresql/data
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+##          - node.labels.role == db
+          - node.hostname == ingress.nixc.us
+#          - node.labels.mac-rack == true
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=false"
+    networks:
+      - default
+    logging:
+      driver: "gelf"
+      options:
+        gelf-address: "udp://log.nixc.us:15124"
+        tag: "hedgedoc_database"
+  hedgedoc:
+    # Make sure to use the latest release from https://hedgedoc.org/latest-release
+    image: git.nixc.us/colin/hedgedoc:production-hedgedoc
+    environment:
+      # CMD_ALLOW_ANONYMOUS: "true"
+      CMD_ALLOW_ANONYMOUS_EDITS: "true"
+      CMD_ALLOW_FREEURL: "true"
+      CMD_DB_URL: "postgres://hedgedoc:password@hedgedoc_database:5432/hedgedoc"
+      CMD_DOMAIN: "hedgedoc.nixc.us"
+      # CMD_URL_ADDPORT: "true"
+      CMD_PROTOCOL_USESSL: "true"
+      CMD_SESSION_SECRET: "kcxFbvEv4gQeeDuXTJJDQ4Vj878C4p2AQFe9Ur33tLeUdQNzGGiQz6NAmEoxjZXH"
+      CMD_DB_USERNAME: "hedgedoc"
+      CMD_DB_PASSWORD: "password"
+      CMD_DB_HOST: "database"
+      CMD_DB_PORT: "5432"
+#      CMD_LDAP_URL: ldap://lldap_lldap:3890
+#      CMD_LDAP_BINDDN: uid=admin,ou=people,dc=nixc,dc=us
+#      CMD_LDAP_BINDCREDENTIALS: ehgJHdnbMvz8vEGVSYqRAC2r3WUisLxTRLnuXuXb72DEvhi8Ayzu4CQj9h2sexpX
+#      CMD_LDAP_SEARCHBASE: ou=people,dc=nixc,dc=us
+#      CMD_LDAP_SEARCHFILTER: '(&(memberOf=cn=hedgedocUsers,ou=groups,dc=nixc,dc=us)(uid={{username}}))'
+#      CMD_LDAP_USERIDFIELD: uid
+    volumes:
+      - /mnt/tank/persist/nixc.us/hedgedoc/production/uploads:/hedgedoc/public/uploads
+    # ports:
+    #   - "3000:3000"
+    depends_on:
+      - database
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+##          - node.labels.role == db
+          - node.hostname == ingress.nixc.us
+#          - node.labels.mac-rack == true
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=true"
+        - "traefik.http.routers.hedgedoc_app.tls=true"
+        - "traefik.http.services.hedgedoc_app.loadbalancer.server.port=3000"
+        - "traefik.http.routers.hedgedoc_app.rule=Host(`hedgedoc.nixc.us`)"
+        - "traefik.http.routers.hedgedoc_app.entrypoints=websecure"
+        - "traefik.http.routers.hedgedoc_app.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.hedgedoc_app.service=hedgedoc_app"
+        - "traefik.docker.network=traefik"
+        # - 'traefik.http.routers.hedgedoc_app.middlewares=authelia@docker'
+    networks:
+      - default
+      - traefik
+    logging:
+      driver: "gelf"
+      options:
+        gelf-address: "udp://log.nixc.us:15124"
+        tag: "hedgedoc_app"
 
 networks:
   traefik:
     external: true
   default:
-    driver: overlay
-
-services:
-  redis:
-    # image: docker.io/library/redis:alpine
-    image: git.nixc.us/colin/searxng:production-redis
-    networks:
-      - default
-      - traefik
-    volumes:
-      - /mnt/tank/persist/nixc.us/searxng/redis:/data
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.hostname == ingress.nixc.us
-    # logging:
-    #   driver: "gelf"
-    #   options:
-    #     gelf-address: "udp://log.nixc.us:15124"
-    #     tag: "redis"
-
-  searxng:
-    # image: searxng/searxng:latest
-    image: git.nixc.us/colin/searxng:production-searxng
-    networks:
-      - default
-      - traefik
-    volumes:
-      - /mnt/tank/persist/nixc.us/searxng/config:/etc/searxng:rw
-    environment:
-      - SEARXNG_BASE_URL=https://searx.nixc.us
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.hostname == ingress.nixc.us
-      labels:
-        traefik.docker.network: traefik
-        traefik.enable: "true"
-        traefik.http.routers.production_searxng.entrypoints: websecure
-        traefik.http.routers.production_searxng.rule: Host(`searx.nixc.us`)
-        traefik.http.routers.production_searxng.tls: "true"
-        traefik.http.routers.production_searxng.tls.certresolver: letsencryptresolver
-        traefik.http.services.production_searxng.loadbalancer.server.port: '8080'
-        traefik.http.routers.production_searxng.service: production_searxng
-        traefik.tags: traefik
-    # logging:
-    #   driver: "gelf"
-    #   options:
-    #     gelf-address: "udp://log.nixc.us:15124"
-    #     tag: "searxng"
+    external: false
\ No newline at end of file