Update stack.production.yml

stack.production.yml

@@ -1,68 +1,114 @@
-version: '3.8'
+version: "3.8"
+x-environment:
+  &default-environment
+  REDIS_HOST: glitch_redis
+  DATABASE_URL: postgres://postgres:postgres@glitch_postgres:5432/postgres
+  SECRET_KEY: 4f99181d528f201c16806b34b980791f9a99570d645910dacfe31198b503ea2f # best to run openssl rand -hex 32
+  PORT: 8000
+  EMAIL_URL: smtp://glitch@nixc.us:G2BeHLDezu2Eg8x5aDy8MZ3RTLJoP6xJyvwDnFDMCrFxe7AWW5mAst96zvkcDq3R@box.p.nixc.us:465 # https://glitchtip.com/documentation/install#configuration
+  GLITCHTIP_DOMAIN: https://glitch.nixc.us # Change this to your domain
+  DEFAULT_FROM_EMAIL: glitch@nixc.us # Change this to your email
+  CELERY_WORKER_CONCURRENCY: 2 # Set to 2 to prevent excessive memory usage. Change it or remove to set it to the number of cpu cores.
+  ## custom config
+  GLITCHTIP_MAX_EVENT_LIFE_DAYS: 30
+  GLITCHTIP_MAX_TRANSACTION_EVENT_LIFE_DAYS: 5
+  GLITCHTIP_MAX_FILE_LIFE_DAYS: 5
+  ENABLE_USER_REGISTRATION: "true"
+  ENABLE_ORGANIZATION_CREATION: "true"
+  ## gitea api b994dd8dd3162aa79db17bdb893a7c9271c63369
+  # SOCIALACCOUNT_PROVIDERS_gitea_GITEA_URL: "https://git.nixc.us/"
+x-depends_on:
+  &default-depends_on
+  - postgres
+  - redis
 
 services:
-  headscale:
+  postgres:
-    image: git.nixc.us/colin/headscale:production
+    image: postgres:15
+    environment:
+      POSTGRES_HOST_AUTH_METHOD: "trust"
     volumes:
-      - /mnt/tank/persist/nixc.us/headscale/production/config:/etc/headscale/:rw
+      - /mnt/tank/persist/nixc.us/glitch/production/db:/var/lib/postgresql/data
-      - /mnt/tank/persist/nixc.us/headscale/production/data:/var/lib/headscale/:rw
+    deploy:
-    command: ["headscale", "serve"]
+      replicas: 1
+      placement:
+        constraints:
+          - node.hostname == macmini1
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=false"
+    networks:
+      - default
+  redis:
+    image: redis
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          # - node.hostname == macmini1
+          - node.labels.mac-rack == true
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=false"
+    networks:
+      - default
+  web:
+    image: glitchtip/glitchtip
+    depends_on: *default-depends_on
+    environment: *default-environment
+    volumes: 
+      - /mnt/tank/persist/nixc.us/glitch/production/uploads:/code/uploads
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - node.hostname == macmini1
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=true"
+        - "traefik.http.routers.glitch_glitch.tls=true"
+        - "traefik.http.services.glitch_glitch.loadbalancer.server.port=8000"
+        - "traefik.http.routers.glitch_glitch.rule=Host(`staging.glitch.nixc.us`)"
+        - "traefik.http.routers.glitch_glitch.entrypoints=websecure"
+        - "traefik.http.routers.glitch_glitch.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.glitch_glitch.service=glitch_glitch"
+        - "traefik.docker.network=traefik"
+        # - 'traefik.http.routers.glitch_glitch.middlewares=authelia@docker'
     networks:
       - default
       - traefik
-    deploy:
+  worker:
-      placement:
+    image: glitchtip/glitchtip
-        constraints:
+    command: ./bin/run-celery-with-beat.sh
-          - node.hostname == macmini3
+    depends_on: *default-depends_on
-      labels:
+    environment: *default-environment
-        us.nixc.autodeploy: "true"
+    volumes: 
-        traefik.enable: "true"
+      - /mnt/tank/persist/nixc.us/glitch/production/uploads:/code/uploads
-        traefik.http.routers.production-headscale_headscale.rule: "Host(`headscale.nixc.us`)"
-        traefik.http.routers.production-headscale_headscale.entrypoints: "websecure"
-        traefik.http.routers.production-headscale_headscale.tls: "true"
-        traefik.http.routers.production-headscale_headscale.tls.certresolver: "letsencryptresolver"
-        traefik.http.routers.production-headscale_headscale.service: "production-headscale_headscale"
-        traefik.http.services.production-headscale_headscale.loadbalancer.server.port: "8080"
-        traefik.docker.network: "traefik"
-      replicas: 1
-      restart_policy:
-        condition: on-failure
-  headscale-webui:
-    image: ghcr.io/ifargle/headscale-webui:latest
-    environment:
-      - TZ=America/Toronto
-      - COLOR=red                              # Use the base colors (ie, no darken-3, etc) - 
-      - HS_SERVER=http://headscale_headscale:8080    # Reachable endpoint for your Headscale server
-      - DOMAIN_NAME=https://headadmin.nixc.us  # The base domain name for this container.
-      - KEY="lzaAI5nenkxAeR1OZdKSYCqHsBnRtFCg2+anEeEkIhw="             # Generate with "openssl rand -base64 32" - used to encrypt your key on disk.
-      - AUTH_TYPE=""                         # AUTH_TYPE is either Basic or OIDC.  Empty for no authentication
-      - LOG_LEVEL=info                         # Log level.  "DEBUG", "ERROR", "WARNING", or "INFO".  Default "INFO"
-    dns:
-      - 1.1.1.1
-    volumes:
-      - /mnt/tank/persist/nixc.us/headscale/production/data:/data                         # Headscale-WebUI's storage.  Make sure ./volume is readable by UID 1000 (chown 1000:1000 ./volume)
-      - /mnt/tank/persist/nixc.us/headscale/production/config:/etc/headscale/:ro # Headscale's config storage location.  Used to read your Headscale config.
     deploy:
       replicas: 1
       placement:
         constraints:
-          - node.hostname == macmini3
+          - node.hostname == ingress.nixc.us
       labels:
-        us.nixc.autodeploy: "true"
+        - "traefik.enable=false"
-        traefik.enable: "true"
+    networks:
-        traefik.http.routers.production-headscale_webui.tls: "true"
+      - default
-        traefik.http.services.production-headscale_webui.loadbalancer.server.port: "5000"
+  migrate:
-        traefik.http.routers.production-headscale_webui.rule: "Host(`headadmin.nixc.us`)"
+    image: glitchtip/glitchtip
-        traefik.http.routers.production-headscale_webui.entrypoints: "websecure"
+    depends_on: *default-depends_on
-        traefik.http.routers.production-headscale_webui.tls.certresolver: "letsencryptresolver"
+    command: "./manage.py migrate"
-        traefik.http.routers.production-headscale_webui.service: "production-headscale_webui"
+    environment: *default-environment
-        traefik.http.routers.production-headscale_webui.middlewares: "authelia_authelia@docker"
+    deploy:
-        traefik.docker.network: "traefik"
+      replicas: 1
+      placement:
+        constraints:
+          - node.hostname == macmini1
+      labels:
+        - "traefik.enable=false"
     networks:
-      - traefik
       - default
 networks:
   traefik:
     external: true
   default:
-    driver: overlay
+    external: false