From 5f89d118d75dba31eb45990e80ff72bfb5bc841a Mon Sep 17 00:00:00 2001 From: Christian Merten Date: Mon, 28 Jul 2025 23:37:59 +0200 Subject: [PATCH] add barebones all-inclusive setup --- deploy/auto/config/settings.toml | 26 ++++ deploy/auto/database/Dockerfile | 11 ++ deploy/auto/database/create_users.sql | 28 ++++ deploy/auto/database/replace_placeholders.sh | 17 +++ deploy/auto/docker-compose.yaml | 135 +++++++++++++++++++ 5 files changed, 217 insertions(+) create mode 100644 deploy/auto/config/settings.toml create mode 100644 deploy/auto/database/Dockerfile create mode 100644 deploy/auto/database/create_users.sql create mode 100755 deploy/auto/database/replace_placeholders.sh create mode 100644 deploy/auto/docker-compose.yaml diff --git a/deploy/auto/config/settings.toml b/deploy/auto/config/settings.toml new file mode 100644 index 0000000..51bea96 --- /dev/null +++ b/deploy/auto/config/settings.toml @@ -0,0 +1,26 @@ +[django] +deployed = true +debug = true +secret_key = 'secret' +allowed_hosts = ['*'] +protocol = 'http' +base_url = 'localhost:8000' +media_root = '/var/www/jdav_web/media' +static_root = '/var/www/jdav_web/static' +broker_url = 'redis://redis:6379/0' +memcached_url = 'cache:11211' +default_static_path = '/var/www/jdav_web/static' + +[database] +host = 'db' +port = 3306 +database = 'kompass' +user = 'kompass' +password = 'secret' + +[mail] +host = 'mailserver' +user = 'info@jdav-town.de' +password = 'secret' +default_sending_address = 'info@jdav-town.de' +default_sending_name = 'JDAV Tuetown' diff --git a/deploy/auto/database/Dockerfile b/deploy/auto/database/Dockerfile new file mode 100644 index 0000000..b71aa67 --- /dev/null +++ b/deploy/auto/database/Dockerfile @@ -0,0 +1,11 @@ +FROM mariadb + +COPY create_users.sql /docker-entrypoint-initdb.d/create_users.sql +COPY replace_placeholders.sh /replace_placeholders.sh + +ARG KOMPASS_DB_HOST +ARG KOMPASS_DB_PASSWORD +ARG KOMPASS_DB_PAM_PASSWORD +ARG KOMPASS_DB_QUERYMAIL_PASSWORD + +RUN chmod +x /replace_placeholders.sh && /replace_placeholders.sh diff --git a/deploy/auto/database/create_users.sql b/deploy/auto/database/create_users.sql new file mode 100644 index 0000000..de79098 --- /dev/null +++ b/deploy/auto/database/create_users.sql @@ -0,0 +1,28 @@ +CREATE DATABASE kompass; + +-- main kompass user +CREATE USER 'kompass'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_PASSWORD'; +GRANT ALL PRIVILEGES ON kompass.* TO 'kompass'@'KOMPASS_DB_HOST'; + +-- pam user +CREATE USER 'pam'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_PAM_PASSWORD'; +GRANT SELECT ON kompass.* TO 'pam'@'KOMPASS_DB_HOST'; + +-- TODO: allow for this more granular permission configuration +-- GRANT SELECT ON kompass.auth_user TO 'pam'@'KOMPASS_DB_HOST'; +-- GRANT SELECT ON kompass.mailer_emailaddress TO 'pam'@'KOMPASS_DB_HOST'; + +-- querymail user +CREATE USER 'querymail'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_QUERYMAIL_PASSWORD'; +GRANT SELECT on kompass.* TO 'querymail'@'KOMPASS_DB_HOST'; + +-- TODO: allow for this more granular permission configuration +-- GRANT SELECT (username, id) on kompass.auth_user TO 'querymail'@'KOMPASS_DB_HOST'; +-- GRANT SELECT ON kompass.members_member_group TO 'querymail'@'KOMPASS_DB_HOST'; +-- GRANT SELECT ON kompass.mailer_emailaddress_to_groups TO 'querymail'@'KOMPASS_DB_HOST'; +-- GRANT SELECT ON kompass.members_member TO 'querymail'@'KOMPASS_DB_HOST'; +-- GRANT SELECT ON kompass.mailer_emailaddress_to_groups TO 'querymail'@'KOMPASS_DB_HOST'; +-- GRANT SELECT ON kompass.mailer_emailaddress_to_members TO 'querymail'@'KOMPASS_DB_HOST'; +-- GRANT SELECT ON kompass.mailer_emailaddress TO 'querymail'@'KOMPASS_DB_HOST'; + +FLUSH PRIVILEGES; diff --git a/deploy/auto/database/replace_placeholders.sh b/deploy/auto/database/replace_placeholders.sh new file mode 100755 index 0000000..581e1e9 --- /dev/null +++ b/deploy/auto/database/replace_placeholders.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# Check if the required variables are set +if [ -z "${KOMPASS_DB_HOST}" ]; then + echo "Error: KOMPASS_DB_HOST is not set. Exiting." + exit 1 +fi + +# Replace placeholders with environment variables in the SQL file +if [ -f /docker-entrypoint-initdb.d/create_users.sql ]; then + sed -i "s/KOMPASS_DB_PASSWORD/${KOMPASS_DB_PASSWORD}/g" /docker-entrypoint-initdb.d/create_users.sql + sed -i "s/KOMPASS_DB_PAM_PASSWORD/${KOMPASS_DB_PAM_PASSWORD}/g" /docker-entrypoint-initdb.d/create_users.sql + sed -i "s/KOMPASS_DB_QUERYMAIL_PASSWORD/${KOMPASS_DB_QUERYMAIL_PASSWORD}/g" /docker-entrypoint-initdb.d/create_users.sql + sed -i "s/KOMPASS_DB_HOST/${KOMPASS_DB_HOST}/g" /docker-entrypoint-initdb.d/create_users.sql +fi + +echo "Update create_users.sql." diff --git a/deploy/auto/docker-compose.yaml b/deploy/auto/docker-compose.yaml new file mode 100644 index 0000000..0b132c3 --- /dev/null +++ b/deploy/auto/docker-compose.yaml @@ -0,0 +1,135 @@ +x-kompass: + &kompass + image: kompass:production + environment: + - DJANGO_SETTINGS_MODULE=jdav_web.settings + - KOMPASS_CONFIG_DIR_PATH=/app/config/ + restart: always + depends_on: + - redis + - cache + - db + +services: + mailserver: + env_file: docker.env + build: + context: git@git.jdav-hd.merten.dev:digitales/kompass-mailserver#master + dockerfile: master/Dockerfile + args: + DOMAIN: + INTERNAL_DOMAINS: + DOMAINS: + MAIL_SERVER_ADMIN: + KOMPASS_DB_NAME: + KOMPASS_DB_HOST: + KOMPASS_DB_PAM_USER: + KOMPASS_DB_PAM_PASSWORD: + KOMPASS_DB_QUERYMAIL_USER: + KOMPASS_DB_QUERYMAIL_PASSWORD: + ports: + - "25:25" + - "993:993" + - "587:587" + - "465:465" + volumes: + - ./mail/:/var/vmail/ + - ./cert.pem:/etc/ssl/cert.pem + - ./key.pem:/etc/ssl/key.pem + extra_hosts: + - "host:10.26.43.1" + restart: always + + milter: + build: + context: git@git.jdav-hd.merten.dev:digitales/kompass-mailserver#master + dockerfile: opendkim/Dockerfile + volumes: + - ./keys/:/etc/opendkim/keys/ + env_file: docker.env + restart: always + + master: + <<: *kompass + build: + context: git@git.jdav-hd.merten.dev:digitales/kompass#main + dockerfile: docker/production/Dockerfile + args: + DJANGO_SUPERUSER_PASSWORD: + DJANGO_SUPERUSER_USERNAME: + env_file: docker.env + entrypoint: /app/docker/production/entrypoint-master.sh + volumes: + - uwsgi_data:/tmp/uwsgi/ + - web_static:/app/static/ + - web_static:/var/www/jdav_web/static/ + - ./media:/var/www/jdav_web/media/ + - ./config:/app/config:ro + extra_hosts: + - "host:10.26.42.1" + + nginx: + build: git@git.jdav-hd.merten.dev:digitales/kompass#main:docker/production/nginx + restart: always + volumes: + - uwsgi_data:/tmp/uwsgi/ + - web_static:/var/www/jdav_web/static/:ro + - ./media:/var/www/jdav_web/media/:ro + ports: + - "3000:80" + depends_on: + - master + + cache: + restart: always + image: memcached:alpine + + redis: + restart: always + image: redis:6-alpine + + celery_worker: + <<: *kompass + entrypoint: /app/docker/production/entrypoint-celery-worker.sh + volumes: + - ./config:/app/config:ro + extra_hosts: + - "host:10.26.42.1" + + celery_beat: + <<: *kompass + entrypoint: /app/docker/production/entrypoint-celery-beat.sh + volumes: + - ./config:/app/config:ro + extra_hosts: + - "host:10.26.42.1" + + db: + restart: always + build: + context: ./database/ + dockerfile: Dockerfile + args: + KOMPASS_DB_HOST: + KOMPASS_DB_PASSWORD: + KOMPASS_DB_PAM_PASSWORD: + KOMPASS_DB_QUERYMAIL_PASSWORD: + volumes: + - ./db:/var/lib/mysql + env_file: docker.env + # networks: + # main: + # # assign static ip address + # ipv4_address: 10.26.42.2 + +volumes: + uwsgi_data: + web_static: + +#networks: +# main: +# driver: bridge +# ipam: +# config: +# - subnet: 10.26.42.0/24 +# gateway: 10.26.42.1