add barebones all-inclusive setup

5 months ago · 5f89d118d7
parent 99f6dfcdfb
commit 5f89d118d7
5 changed files with 217 additions and 0 deletions
--- a/deploy/auto/config/settings.toml
+++ b/deploy/auto/config/settings.toml
@ -0,0 +1,26 @@
+[django]
+deployed = true
+debug = true
+secret_key = 'secret'
+allowed_hosts = ['*']
+protocol = 'http'
+base_url = 'localhost:8000'
+media_root = '/var/www/jdav_web/media'
+static_root = '/var/www/jdav_web/static'
+broker_url = 'redis://redis:6379/0'
+memcached_url = 'cache:11211'
+default_static_path = '/var/www/jdav_web/static'
+
+[database]
+host = 'db'
+port = 3306
+database = 'kompass'
+user = 'kompass'
+password = 'secret'
+
+[mail]
+host = 'mailserver'
+user = 'info@jdav-town.de'
+password = 'secret'
+default_sending_address = 'info@jdav-town.de'
+default_sending_name = 'JDAV Tuetown'
--- a/deploy/auto/database/Dockerfile
+++ b/deploy/auto/database/Dockerfile
@ -0,0 +1,11 @@
+FROM mariadb
+
+COPY create_users.sql /docker-entrypoint-initdb.d/create_users.sql
+COPY replace_placeholders.sh /replace_placeholders.sh
+
+ARG KOMPASS_DB_HOST
+ARG KOMPASS_DB_PASSWORD
+ARG KOMPASS_DB_PAM_PASSWORD
+ARG KOMPASS_DB_QUERYMAIL_PASSWORD
+
+RUN chmod +x /replace_placeholders.sh && /replace_placeholders.sh
--- a/deploy/auto/database/create_users.sql
+++ b/deploy/auto/database/create_users.sql
@ -0,0 +1,28 @@
+CREATE DATABASE kompass;
+
+-- main kompass user
+CREATE USER 'kompass'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_PASSWORD';
+GRANT ALL PRIVILEGES ON kompass.* TO 'kompass'@'KOMPASS_DB_HOST';
+
+-- pam user
+CREATE USER 'pam'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_PAM_PASSWORD';
+GRANT SELECT ON kompass.* TO 'pam'@'KOMPASS_DB_HOST';
+
+-- TODO: allow for this more granular permission configuration
+-- GRANT SELECT ON kompass.auth_user TO 'pam'@'KOMPASS_DB_HOST';
+-- GRANT SELECT ON kompass.mailer_emailaddress TO 'pam'@'KOMPASS_DB_HOST';
+
+-- querymail user
+CREATE USER 'querymail'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_QUERYMAIL_PASSWORD';
+GRANT SELECT on kompass.* TO 'querymail'@'KOMPASS_DB_HOST';
+
+-- TODO: allow for this more granular permission configuration
+-- GRANT SELECT (username, id) on kompass.auth_user TO 'querymail'@'KOMPASS_DB_HOST';
+-- GRANT SELECT ON kompass.members_member_group TO 'querymail'@'KOMPASS_DB_HOST';
+-- GRANT SELECT ON kompass.mailer_emailaddress_to_groups TO 'querymail'@'KOMPASS_DB_HOST';
+-- GRANT SELECT ON kompass.members_member TO 'querymail'@'KOMPASS_DB_HOST';
+-- GRANT SELECT ON kompass.mailer_emailaddress_to_groups TO 'querymail'@'KOMPASS_DB_HOST';
+-- GRANT SELECT ON kompass.mailer_emailaddress_to_members TO 'querymail'@'KOMPASS_DB_HOST';
+-- GRANT SELECT ON kompass.mailer_emailaddress TO 'querymail'@'KOMPASS_DB_HOST';
+
+FLUSH PRIVILEGES;
--- a/deploy/auto/database/replace_placeholders.sh
+++ b/deploy/auto/database/replace_placeholders.sh
@ -0,0 +1,17 @@
+#!/bin/sh
+
+# Check if the required variables are set
+if [ -z "${KOMPASS_DB_HOST}" ]; then
+  echo "Error: KOMPASS_DB_HOST is not set. Exiting."
+  exit 1
+fi
+
+# Replace placeholders with environment variables in the SQL file
+if [ -f /docker-entrypoint-initdb.d/create_users.sql ]; then
+    sed -i "s/KOMPASS_DB_PASSWORD/${KOMPASS_DB_PASSWORD}/g" /docker-entrypoint-initdb.d/create_users.sql
+    sed -i "s/KOMPASS_DB_PAM_PASSWORD/${KOMPASS_DB_PAM_PASSWORD}/g" /docker-entrypoint-initdb.d/create_users.sql
+    sed -i "s/KOMPASS_DB_QUERYMAIL_PASSWORD/${KOMPASS_DB_QUERYMAIL_PASSWORD}/g" /docker-entrypoint-initdb.d/create_users.sql
+    sed -i "s/KOMPASS_DB_HOST/${KOMPASS_DB_HOST}/g" /docker-entrypoint-initdb.d/create_users.sql
+fi
+
+echo "Update create_users.sql."
--- a/deploy/auto/docker-compose.yaml
+++ b/deploy/auto/docker-compose.yaml
@ -0,0 +1,135 @@
+x-kompass:
+    &kompass
+    image: kompass:production
+    environment:
+      - DJANGO_SETTINGS_MODULE=jdav_web.settings
+      - KOMPASS_CONFIG_DIR_PATH=/app/config/
+    restart: always
+    depends_on:
+      - redis
+      - cache
+      - db
+
+services:
+  mailserver:
+    env_file: docker.env
+    build:
+      context: git@git.jdav-hd.merten.dev:digitales/kompass-mailserver#master
+      dockerfile: master/Dockerfile
+      args:
+        DOMAIN:
+        INTERNAL_DOMAINS:
+        DOMAINS:
+        MAIL_SERVER_ADMIN:
+        KOMPASS_DB_NAME:
+        KOMPASS_DB_HOST:
+        KOMPASS_DB_PAM_USER:
+        KOMPASS_DB_PAM_PASSWORD:
+        KOMPASS_DB_QUERYMAIL_USER:
+        KOMPASS_DB_QUERYMAIL_PASSWORD:
+    ports:
+      - "25:25"
+      - "993:993"
+      - "587:587"
+      - "465:465"
+    volumes:
+      - ./mail/:/var/vmail/
+      - ./cert.pem:/etc/ssl/cert.pem
+      - ./key.pem:/etc/ssl/key.pem
+    extra_hosts:
+      - "host:10.26.43.1"
+    restart: always
+
+  milter:
+    build:
+      context: git@git.jdav-hd.merten.dev:digitales/kompass-mailserver#master
+      dockerfile: opendkim/Dockerfile
+    volumes:
+      - ./keys/:/etc/opendkim/keys/
+    env_file: docker.env
+    restart: always
+
+  master:
+      <<: *kompass
+      build:
+        context: git@git.jdav-hd.merten.dev:digitales/kompass#main
+        dockerfile: docker/production/Dockerfile
+        args:
+          DJANGO_SUPERUSER_PASSWORD:
+          DJANGO_SUPERUSER_USERNAME:
+      env_file: docker.env
+      entrypoint: /app/docker/production/entrypoint-master.sh
+      volumes:
+        - uwsgi_data:/tmp/uwsgi/
+        - web_static:/app/static/
+        - web_static:/var/www/jdav_web/static/
+        - ./media:/var/www/jdav_web/media/
+        - ./config:/app/config:ro
+      extra_hosts:
+        - "host:10.26.42.1"
+
+  nginx:
+      build: git@git.jdav-hd.merten.dev:digitales/kompass#main:docker/production/nginx
+      restart: always
+      volumes:
+        - uwsgi_data:/tmp/uwsgi/
+        - web_static:/var/www/jdav_web/static/:ro
+        - ./media:/var/www/jdav_web/media/:ro
+      ports:
+        - "3000:80"
+      depends_on:
+        - master
+
+  cache:
+      restart: always
+      image: memcached:alpine
+
+  redis:
+      restart: always
+      image: redis:6-alpine
+
+  celery_worker:
+      <<: *kompass
+      entrypoint: /app/docker/production/entrypoint-celery-worker.sh
+      volumes:
+        - ./config:/app/config:ro
+      extra_hosts:
+        - "host:10.26.42.1"
+
+  celery_beat:
+      <<: *kompass
+      entrypoint: /app/docker/production/entrypoint-celery-beat.sh
+      volumes:
+        - ./config:/app/config:ro
+      extra_hosts:
+        - "host:10.26.42.1"
+
+  db:
+    restart: always
+    build:
+      context: ./database/
+      dockerfile: Dockerfile
+      args:
+        KOMPASS_DB_HOST:
+        KOMPASS_DB_PASSWORD:
+        KOMPASS_DB_PAM_PASSWORD:
+        KOMPASS_DB_QUERYMAIL_PASSWORD:
+    volumes:
+      - ./db:/var/lib/mysql
+    env_file: docker.env
+    #    networks:
+    #      main:
+    #        # assign static ip address
+    #        ipv4_address: 10.26.42.2
+
+volumes:
+  uwsgi_data:
+  web_static:
+
+#networks:
+#  main:
+#    driver: bridge
+#    ipam:
+#      config:
+#        - subnet: 10.26.42.0/24
+#          gateway: 10.26.42.1