diff --git a/scripts/govtool/Makefile b/scripts/govtool/Makefile index e20289a86..e88073db7 100644 --- a/scripts/govtool/Makefile +++ b/scripts/govtool/Makefile @@ -6,9 +6,6 @@ include config.mk .DEFAULT_GOAL := info -# stack configuration -docker_compose_file := docker-compose.$(env).yml - # image tags cardano_node_image_tag := 8.8.0-pre cardano_db_sync_image_tag := sancho-4-0-0-fix-config @@ -33,7 +30,7 @@ deploy-stack: upload-config push-backend push-frontend $(docker) compose -f $(docker_compose_file) -p $(compose_stack_name) up -d .PHONY: destroy-cardano-node-and-dbsync -destroy-cardano-node-and-dbsync: check-env-defined +destroy-cardano-node-and-dbsync: prepare-config @:$(call check_defined, cardano_network) @:$(call check_defined, env) export CARDANO_NETWORK=$(cardano_network); \ @@ -51,7 +48,7 @@ destroy-cardano-node-and-dbsync: check-env-defined $(docker) volume rm $${volumes} .PHONY: toggle-maintenance -toggle-maintenance: check-env-defined +toggle-maintenance: prepare-config @:$(call check_defined, cardano_network) @:$(call check_defined, env) @:$(call check_defined, maintenance) diff --git a/scripts/govtool/README.md b/scripts/govtool/README.md index 56d2059b4..227a8955d 100644 --- a/scripts/govtool/README.md +++ b/scripts/govtool/README.md @@ -34,8 +34,8 @@ effectively. This includes configurations for: - Monitoring solutions with Prometheus and Grafana to ensure optimal performance and availability. -Each environment has its own Docker Compose file, enabling tailored setups that -meet specific requirements. +Each environment has its own Docker Compose file, generated from the template, +enabling tailored setups that meet specific requirements. ## Nix shell diff --git a/scripts/govtool/config.mk b/scripts/govtool/config.mk index 45fb00880..c808ec32f 100644 --- a/scripts/govtool/config.mk +++ b/scripts/govtool/config.mk @@ -12,16 +12,28 @@ cardano_node_config_dir := $(target_config_dir)/cardano-node dbsync_secrets_dir := $(target_config_dir)/dbsync-secrets grafana_provisioning_dir := $(target_config_dir)/grafana-provisioning nginx_config_dir := $(target_config_dir)/nginx +docker_compose_file := $(target_config_dir)/docker-compose.yml # metadata cardano_config_provider := https://book.world.dev.cardano.org .PHONY: prepare-config -prepare-config: clear enable-prometheus prepare-dbsync-secrets prepare-backend-config prepare-prometheus-config prepare-grafana-provisioning prepare-nginx-config +prepare-config: clear generate-docker-compose-file enable-prometheus prepare-dbsync-secrets prepare-backend-config prepare-prometheus-config prepare-grafana-provisioning prepare-nginx-config .PHONY: clear clear: rm -rf $(target_config_dir) + mkdir -p $(target_config_dir) + +.PHONY: generate-docker-compose-file +generate-docker-compose-file: check-env-defined + if [[ "$(env)" == "dev" ]]; then CSP_ALLOWED_HOSTS=",http://localhost"; else CSP_ALLOWED_HOSTS=; fi; \ + sed -e "s||$(domain)|g" \ + -e "s||$(docker_user)|g" \ + -e "s||$(repo_url)|g" \ + -e "s||$${CSP_ALLOWED_HOSTS}|g" \ + "$(template_config_dir)/docker-compose.yml.tpl" \ + > "$(target_config_dir)/docker-compose.yml" .PHONY: fetch-cardano-node-config fetch-cardano-node-config: @@ -56,7 +68,7 @@ prepare-backend-config: prepare-prometheus-config: cp -a "$(template_config_dir)/prometheus.yml" "$(target_config_dir)/prometheus.yml" - PHONY: prepare-grafana-provisioning +.PHONY: prepare-grafana-provisioning prepare-grafana-provisioning: mkdir -p $(grafana_provisioning_dir) cp -a $(template_config_dir)/grafana-provisioning/* $(grafana_provisioning_dir) diff --git a/scripts/govtool/docker-compose.beta.yml b/scripts/govtool/config/templates/docker-compose.yml.tpl similarity index 83% rename from scripts/govtool/docker-compose.beta.yml rename to scripts/govtool/config/templates/docker-compose.yml.tpl index aa036970d..83124a106 100644 --- a/scripts/govtool/docker-compose.beta.yml +++ b/scripts/govtool/config/templates/docker-compose.yml.tpl @@ -40,7 +40,7 @@ services: image: prom/prometheus:v2.47.1 volumes: - prometheus-data:/prometheus - - /home/ubuntu/config/prometheus.yml:/etc/prometheus/prometheus.yml + - /home//config/prometheus.yml:/etc/prometheus/prometheus.yml extra_hosts: - "host.docker.internal:host-gateway" restart: always @@ -50,18 +50,18 @@ services: image: grafana/grafana:10.0.8 volumes: - grafana-data:/var/lib/grafana - - /home/ubuntu/config/grafana-provisioning:/etc/grafana/provisioning + - /home//config/grafana-provisioning:/etc/grafana/provisioning environment: - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - GF_USERS_ALLOW_SIGN_UP=false - GF_INSTALL_PLUGINS=grafana-piechart-panel - - GF_SERVER_ROOT_URL=https://sanchogov.tools/grafana/login + - GF_SERVER_ROOT_URL=https:///grafana - GF_SERVER_SERVE_FROM_SUB_PATH=true restart: always logging: *logging labels: - "traefik.enable=true" - - "traefik.http.routers.grafana.rule=Host(`sanchogov.tools`) && PathPrefix(`/grafana`)" + - "traefik.http.routers.grafana.rule=Host(``) && PathPrefix(`/grafana`)" - "traefik.http.routers.grafana.entrypoints=websecure" - "traefik.http.routers.grafana.tls.certresolver=myresolver" - "traefik.http.services.grafana.loadbalancer.server.port=3000" @@ -76,7 +76,7 @@ services: logging: *logging labels: - "traefik.enable=true" - - "traefik.http.routers.status-service.rule=Host(`sanchogov.tools`) && PathPrefix(`/status`)" + - "traefik.http.routers.status-service.rule=Host(``) && PathPrefix(`/status`)" - "traefik.http.routers.status-service.entrypoints=websecure" - "traefik.http.routers.status-service.tls.certresolver=myresolver" - "traefik.http.services.status-service.loadbalancer.server.port=8000" @@ -129,11 +129,11 @@ services: - "--disable-delayed-os-memory-return" - "-RTS" environment: - - NETWORK=${CARDANO_NETWORK:-sanchonet} + - NETWORK=${CARDANO_NETWORK} volumes: - node-db:/data/db - node-ipc:/ipc - - /home/ubuntu/config/cardano-node:/configuration + - /home//config/cardano-node:/configuration restart: always healthcheck: test: ["CMD-SHELL", "curl -f 127.0.0.1:12788 || exit 1"] @@ -145,12 +145,10 @@ services: cardano-db-sync: image: ghcr.io/intersectmbo/cardano-db-sync:${CARDANO_DB_SYNC_TAG} environment: - - NETWORK=${CARDANO_NETWORK:-sanchonet} + - NETWORK=${CARDANO_NETWORK} - POSTGRES_HOST=postgres - POSTGRES_PORT=5432 - - RESTORE_SNAPSHOT=${RESTORE_SNAPSHOT:-} - RESTORE_RECREATE_DB=N - - EXTRA_DB_SYNC_ARGS=${EXTRA_DB_SYNC_ARGS:-} depends_on: cardano-node: condition: service_healthy @@ -167,7 +165,7 @@ services: logging: *logging backend: - image: ${VVA_BE_REPO:-733019650473.dkr.ecr.eu-west-1.amazonaws.com/backend}:${BACKEND_TAG} + image: /backend:${BACKEND_TAG} command: /usr/local/bin/vva-be -c /run/secrets/backend-config.json start-app depends_on: cardano-node: @@ -180,11 +178,11 @@ services: logging: *logging labels: - "traefik.enable=true" - - "traefik.http.routers.backend.rule=Host(`sanchogov.tools`) && PathPrefix(`/api`)" + - "traefik.http.routers.backend.rule=Host(``) && PathPrefix(`/api`)" - "traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes=/api" - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=GET,HEAD,OPTIONS" - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://sanchogov.tools" + - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://" - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" - "traefik.http.middlewares.backend-cors.headers.addvaryheader=true" - "traefik.http.routers.backend.middlewares=backend-stripprefix@docker,backend-cors@docker" @@ -193,10 +191,10 @@ services: - "traefik.http.services.backend.loadbalancer.server.port=9876" frontend: - image: ${VVA_FE_REPO:-733019650473.dkr.ecr.eu-west-1.amazonaws.com/frontend}:${FRONTEND_TAG} + image: /frontend:${FRONTEND_TAG} volumes: - - /home/ubuntu/config/nginx/auth.conf:/etc/nginx/conf.d/auth.conf - - /home/ubuntu/config/nginx/govtool.htpasswd:/etc/nginx/conf.d/govtool.htpasswd + - /home//config/nginx/auth.conf:/etc/nginx/conf.d/auth.conf + - /home//config/nginx/govtool.htpasswd:/etc/nginx/conf.d/govtool.htpasswd depends_on: cardano-node: condition: service_healthy @@ -206,7 +204,7 @@ services: logging: *logging labels: - "traefik.enable=true" - - "traefik.http.routers.frontend.rule=Host(`sanchogov.tools`)" + - "traefik.http.routers.frontend.rule=Host(``)" - "traefik.http.routers.frontend.entrypoints=websecure" - "traefik.http.routers.frontend.tls.certresolver=myresolver" - "traefik.http.middlewares.frontend-csp.headers.contentSecurityPolicy=default-src 'self'; img-src *.usersnap.com 'self' data:; script-src *.usersnap.com 'self' 'unsafe-inline' https://www.googletagmanager.com https://browser.sentry-cdn.com; style-src *.usersnap.com *.googleapis.com 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com/upload.usersnap.com 'self' o4506155985141760.ingest.sentry.io *.google-analytics.com; font-src *.usersnap.com *.gstatic.com 'self' 'unsafe-inline' https://fonts.gstatic.com; worker-src blob:" @@ -215,13 +213,13 @@ services: secrets: postgres_db: - file: /home/ubuntu/config/dbsync-secrets/postgres_db + file: /home//config/dbsync-secrets/postgres_db postgres_password: - file: /home/ubuntu/config/dbsync-secrets/postgres_password + file: /home//config/dbsync-secrets/postgres_password postgres_user: - file: /home/ubuntu/config/dbsync-secrets/postgres_user + file: /home//config/dbsync-secrets/postgres_user backend-config.json: - file: /home/ubuntu/config/backend-config.json + file: /home//config/backend-config.json volumes: letsencrypt: diff --git a/scripts/govtool/docker-compose.dev.yml b/scripts/govtool/docker-compose.dev.yml deleted file mode 100644 index e938195ac..000000000 --- a/scripts/govtool/docker-compose.dev.yml +++ /dev/null @@ -1,233 +0,0 @@ -version: "3.9" - -services: - traefik: - image: traefik:v2.10 - command: - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - "--entrypoints.websecure.address=:443" - - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - - "--certificatesresolvers.myresolver.acme.email=${TRAEFIK_LE_EMAIL}" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - - "--log.level=DEBUG" - - "--entryPoints.metrics.address=:8082" - - "--metrics.prometheus=true" - - "--metrics.prometheus.entryPoint=metrics" - - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - ports: - - 80:80 - - 443:443 - volumes: - - letsencrypt:/letsencrypt - - "/var/run/docker.sock:/var/run/docker.sock:ro" - restart: always - logging: &logging - driver: "json-file" - options: - max-size: "200k" - max-file: "10" - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - - "traefik.http.routers.http-catchall.entrypoints=web" - - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - - prometheus: - image: prom/prometheus:v2.47.1 - volumes: - - prometheus-data:/prometheus - - /home/ubuntu/config/prometheus.yml:/etc/prometheus/prometheus.yml - extra_hosts: - - "host.docker.internal:host-gateway" - restart: always - logging: *logging - - grafana: - image: grafana/grafana:10.0.8 - volumes: - - grafana-data:/var/lib/grafana - - /home/ubuntu/config/grafana-provisioning:/etc/grafana/provisioning - environment: - - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - - GF_USERS_ALLOW_SIGN_UP=false - - GF_INSTALL_PLUGINS=grafana-piechart-panel - - GF_SERVER_ROOT_URL=https://dev-sanchonet.govtool.byron.network/grafana - - GF_SERVER_SERVE_FROM_SUB_PATH=true - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.grafana.rule=Host(`dev-sanchonet.govtool.byron.network`) && PathPrefix(`/grafana`)" - - "traefik.http.routers.grafana.entrypoints=websecure" - - "traefik.http.routers.grafana.tls.certresolver=myresolver" - - "traefik.http.services.grafana.loadbalancer.server.port=3000" - - status-service: - build: - context: ../../govtool/status-service - environment: - - GRAFANA_USERNAME=admin - - GRAFANA_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.status-service.rule=Host(`dev-sanchonet.govtool.byron.network`) && PathPrefix(`/status`)" - - "traefik.http.routers.status-service.entrypoints=websecure" - - "traefik.http.routers.status-service.tls.certresolver=myresolver" - - "traefik.http.services.status-service.loadbalancer.server.port=8000" - - postgres: - image: postgres:15-alpine - environment: - - POSTGRES_LOGGING=true - - POSTGRES_DB_FILE=/run/secrets/postgres_db - - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password - - POSTGRES_USER_FILE=/run/secrets/postgres_user - secrets: - - postgres_password - - postgres_user - - postgres_db - volumes: - - postgres:/var/lib/postgresql/data - restart: always - healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] - interval: 10s - timeout: 5s - retries: 5 - command: ${POSTGRES_ARGS:--c maintenance_work_mem=1GB -c max_parallel_maintenance_workers=4} - logging: *logging - - cardano-node: - image: ghcr.io/intersectmbo/cardano-node:${CARDANO_NODE_TAG} - entrypoint: - - "cardano-node" - - "run" - - "--topology" - - "/configuration/topology.json" - - "--database-path" - - "/data/db" - - "--socket-path" - - "/ipc/node.socket" - - "--host-addr" - - "0.0.0.0" - - "--port" - - "3001" - - "--config" - - "/configuration/config.json" - - "+RTS" - - "-N2" - - "-I0" - - "-A16m" - - "-qg" - - "-qb" - - "--disable-delayed-os-memory-return" - - "-RTS" - environment: - - NETWORK=${CARDANO_NETWORK:-sanchonet} - volumes: - - node-db:/data/db - - node-ipc:/ipc - - /home/ubuntu/config/cardano-node:/configuration - restart: always - healthcheck: - test: ["CMD-SHELL", "curl -f 127.0.0.1:12788 || exit 1"] - interval: 60s - timeout: 10s - retries: 5 - logging: *logging - - cardano-db-sync: - image: ghcr.io/intersectmbo/cardano-db-sync:${CARDANO_DB_SYNC_TAG} - environment: - - NETWORK=${CARDANO_NETWORK:-sanchonet} - - POSTGRES_HOST=postgres - - POSTGRES_PORT=5432 - - RESTORE_SNAPSHOT=${RESTORE_SNAPSHOT:-} - - RESTORE_RECREATE_DB=N - - EXTRA_DB_SYNC_ARGS=${EXTRA_DB_SYNC_ARGS:-} - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - secrets: - - postgres_password - - postgres_user - - postgres_db - volumes: - - db-sync-data:/var/lib/cexplorer - - node-ipc:/node-ipc - restart: always - logging: *logging - - backend: - image: ${VVA_BE_REPO:-733019650473.dkr.ecr.eu-west-1.amazonaws.com/backend}:${BACKEND_TAG} - command: /usr/local/bin/vva-be -c /run/secrets/backend-config.json start-app - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - secrets: - - backend-config.json - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.backend.rule=Host(`dev-sanchonet.govtool.byron.network`) && PathPrefix(`/api`)" - - "traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes=/api" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=GET,HEAD,OPTIONS" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://dev-sanchonet.govtool.byron.network,http://localhost" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" - - "traefik.http.middlewares.backend-cors.headers.addvaryheader=true" - - "traefik.http.routers.backend.middlewares=backend-stripprefix@docker,backend-cors@docker" - - "traefik.http.routers.backend.entrypoints=websecure" - - "traefik.http.routers.backend.tls.certresolver=myresolver" - - "traefik.http.services.backend.loadbalancer.server.port=9876" - - frontend: - image: ${VVA_FE_REPO:-733019650473.dkr.ecr.eu-west-1.amazonaws.com/frontend}:${FRONTEND_TAG} - volumes: - - /home/ubuntu/config/nginx/auth.conf:/etc/nginx/conf.d/auth.conf - - /home/ubuntu/config/nginx/govtool.htpasswd:/etc/nginx/conf.d/govtool.htpasswd - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.frontend.rule=Host(`dev-sanchonet.govtool.byron.network`)" - - "traefik.http.routers.frontend.entrypoints=websecure" - - "traefik.http.routers.frontend.tls.certresolver=myresolver" - - "traefik.http.middlewares.frontend-csp.headers.contentSecurityPolicy=default-src 'self'; img-src *.usersnap.com 'self' data:; script-src *.usersnap.com 'self' 'unsafe-inline' https://www.googletagmanager.com https://browser.sentry-cdn.com; style-src *.usersnap.com *.googleapis.com 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com/upload.usersnap.com 'self' o4506155985141760.ingest.sentry.io *.google-analytics.com; font-src *.usersnap.com *.gstatic.com 'self' 'unsafe-inline' https://fonts.gstatic.com; worker-src blob:" - - "traefik.http.routers.frontend.middlewares=frontend-csp@docker" - - "traefik.http.services.frontend.loadbalancer.server.port=80" - -secrets: - postgres_db: - file: /home/ubuntu/config/dbsync-secrets/postgres_db - postgres_password: - file: /home/ubuntu/config/dbsync-secrets/postgres_password - postgres_user: - file: /home/ubuntu/config/dbsync-secrets/postgres_user - backend-config.json: - file: /home/ubuntu/config/backend-config.json - -volumes: - letsencrypt: - db-sync-data: - grafana-data: - postgres: - prometheus-data: - node-db: - node-ipc: diff --git a/scripts/govtool/docker-compose.staging.yml b/scripts/govtool/docker-compose.staging.yml deleted file mode 100644 index 1aada972e..000000000 --- a/scripts/govtool/docker-compose.staging.yml +++ /dev/null @@ -1,233 +0,0 @@ -version: "3.9" - -services: - traefik: - image: traefik:v2.10 - command: - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - "--entrypoints.websecure.address=:443" - - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - - "--certificatesresolvers.myresolver.acme.email=${TRAEFIK_LE_EMAIL}" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - - "--log.level=DEBUG" - - "--entryPoints.metrics.address=:8082" - - "--metrics.prometheus=true" - - "--metrics.prometheus.entryPoint=metrics" - - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - ports: - - 80:80 - - 443:443 - volumes: - - letsencrypt:/letsencrypt - - "/var/run/docker.sock:/var/run/docker.sock:ro" - restart: always - logging: &logging - driver: "json-file" - options: - max-size: "200k" - max-file: "10" - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - - "traefik.http.routers.http-catchall.entrypoints=web" - - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - - prometheus: - image: prom/prometheus:v2.47.1 - volumes: - - prometheus-data:/prometheus - - /home/ubuntu/config/prometheus.yml:/etc/prometheus/prometheus.yml - extra_hosts: - - "host.docker.internal:host-gateway" - restart: always - logging: *logging - - grafana: - image: grafana/grafana:10.0.8 - volumes: - - grafana-data:/var/lib/grafana - - /home/ubuntu/config/grafana-provisioning:/etc/grafana/provisioning - environment: - - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - - GF_USERS_ALLOW_SIGN_UP=false - - GF_INSTALL_PLUGINS=grafana-piechart-panel - - GF_SERVER_ROOT_URL=https://staging.govtool.byron.network/grafana - - GF_SERVER_SERVE_FROM_SUB_PATH=true - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.grafana.rule=Host(`staging.govtool.byron.network`) && PathPrefix(`/grafana`)" - - "traefik.http.routers.grafana.entrypoints=websecure" - - "traefik.http.routers.grafana.tls.certresolver=myresolver" - - "traefik.http.services.grafana.loadbalancer.server.port=3000" - - status-service: - build: - context: ../../govtool/status-service - environment: - - GRAFANA_USERNAME=admin - - GRAFANA_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.status-service.rule=Host(`staging.govtool.byron.network`) && PathPrefix(`/status`)" - - "traefik.http.routers.status-service.entrypoints=websecure" - - "traefik.http.routers.status-service.tls.certresolver=myresolver" - - "traefik.http.services.status-service.loadbalancer.server.port=8000" - - postgres: - image: postgres:15-alpine - environment: - - POSTGRES_LOGGING=true - - POSTGRES_DB_FILE=/run/secrets/postgres_db - - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password - - POSTGRES_USER_FILE=/run/secrets/postgres_user - secrets: - - postgres_password - - postgres_user - - postgres_db - volumes: - - postgres:/var/lib/postgresql/data - restart: always - healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] - interval: 10s - timeout: 5s - retries: 5 - command: ${POSTGRES_ARGS:--c maintenance_work_mem=1GB -c max_parallel_maintenance_workers=4} - logging: *logging - - cardano-node: - image: ghcr.io/intersectmbo/cardano-node:${CARDANO_NODE_TAG} - entrypoint: - - "cardano-node" - - "run" - - "--topology" - - "/configuration/topology.json" - - "--database-path" - - "/data/db" - - "--socket-path" - - "/ipc/node.socket" - - "--host-addr" - - "0.0.0.0" - - "--port" - - "3001" - - "--config" - - "/configuration/config.json" - - "+RTS" - - "-N2" - - "-I0" - - "-A16m" - - "-qg" - - "-qb" - - "--disable-delayed-os-memory-return" - - "-RTS" - environment: - - NETWORK=${CARDANO_NETWORK:-sanchonet} - volumes: - - node-db:/data/db - - node-ipc:/ipc - - /home/ubuntu/config/cardano-node:/configuration - restart: always - healthcheck: - test: ["CMD-SHELL", "curl -f 127.0.0.1:12788 || exit 1"] - interval: 60s - timeout: 10s - retries: 5 - logging: *logging - - cardano-db-sync: - image: ghcr.io/intersectmbo/cardano-db-sync:${CARDANO_DB_SYNC_TAG} - environment: - - NETWORK=${CARDANO_NETWORK:-sanchonet} - - POSTGRES_HOST=postgres - - POSTGRES_PORT=5432 - - RESTORE_SNAPSHOT=${RESTORE_SNAPSHOT:-} - - RESTORE_RECREATE_DB=N - - EXTRA_DB_SYNC_ARGS=${EXTRA_DB_SYNC_ARGS:-} - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - secrets: - - postgres_password - - postgres_user - - postgres_db - volumes: - - db-sync-data:/var/lib/cexplorer - - node-ipc:/node-ipc - restart: always - logging: *logging - - backend: - image: ${VVA_BE_REPO:-733019650473.dkr.ecr.eu-west-1.amazonaws.com/backend}:${BACKEND_TAG} - command: /usr/local/bin/vva-be -c /run/secrets/backend-config.json start-app - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - secrets: - - backend-config.json - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.backend.rule=Host(`staging.govtool.byron.network`) && PathPrefix(`/api`)" - - "traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes=/api" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=GET,HEAD,OPTIONS" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://staging.govtool.byron.network" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" - - "traefik.http.middlewares.backend-cors.headers.addvaryheader=true" - - "traefik.http.routers.backend.middlewares=backend-stripprefix@docker,backend-cors@docker" - - "traefik.http.routers.backend.entrypoints=websecure" - - "traefik.http.routers.backend.tls.certresolver=myresolver" - - "traefik.http.services.backend.loadbalancer.server.port=9876" - - frontend: - image: ${VVA_FE_REPO:-733019650473.dkr.ecr.eu-west-1.amazonaws.com/frontend}:${FRONTEND_TAG} - volumes: - - /home/ubuntu/config/nginx/auth.conf:/etc/nginx/conf.d/auth.conf - - /home/ubuntu/config/nginx/govtool.htpasswd:/etc/nginx/conf.d/govtool.htpasswd - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.frontend.rule=Host(`staging.govtool.byron.network`)" - - "traefik.http.routers.frontend.entrypoints=websecure" - - "traefik.http.routers.frontend.tls.certresolver=myresolver" - - "traefik.http.middlewares.frontend-csp.headers.contentSecurityPolicy=default-src 'self'; img-src *.usersnap.com 'self' data:; script-src *.usersnap.com 'self' 'unsafe-inline' https://www.googletagmanager.com https://browser.sentry-cdn.com; style-src *.usersnap.com *.googleapis.com 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com/upload.usersnap.com 'self' o4506155985141760.ingest.sentry.io *.google-analytics.com; font-src *.usersnap.com *.gstatic.com 'self' 'unsafe-inline' https://fonts.gstatic.com; worker-src blob:" - - "traefik.http.routers.frontend.middlewares=frontend-csp@docker" - - "traefik.http.services.frontend.loadbalancer.server.port=80" - -secrets: - postgres_db: - file: /home/ubuntu/config/dbsync-secrets/postgres_db - postgres_password: - file: /home/ubuntu/config/dbsync-secrets/postgres_password - postgres_user: - file: /home/ubuntu/config/dbsync-secrets/postgres_user - backend-config.json: - file: /home/ubuntu/config/backend-config.json - -volumes: - letsencrypt: - db-sync-data: - grafana-data: - postgres: - prometheus-data: - node-db: - node-ipc: diff --git a/scripts/govtool/docker-compose.test.yml b/scripts/govtool/docker-compose.test.yml deleted file mode 100644 index bac614c18..000000000 --- a/scripts/govtool/docker-compose.test.yml +++ /dev/null @@ -1,233 +0,0 @@ -version: "3.9" - -services: - traefik: - image: traefik:v2.10 - command: - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - "--entrypoints.websecure.address=:443" - - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - - "--certificatesresolvers.myresolver.acme.email=${TRAEFIK_LE_EMAIL}" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - - "--log.level=DEBUG" - - "--entryPoints.metrics.address=:8082" - - "--metrics.prometheus=true" - - "--metrics.prometheus.entryPoint=metrics" - - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - ports: - - 80:80 - - 443:443 - volumes: - - letsencrypt:/letsencrypt - - "/var/run/docker.sock:/var/run/docker.sock:ro" - restart: always - logging: &logging - driver: "json-file" - options: - max-size: "200k" - max-file: "10" - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - - "traefik.http.routers.http-catchall.entrypoints=web" - - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - - prometheus: - image: prom/prometheus:v2.47.1 - volumes: - - prometheus-data:/prometheus - - /home/ubuntu/config/prometheus.yml:/etc/prometheus/prometheus.yml - extra_hosts: - - "host.docker.internal:host-gateway" - restart: always - logging: *logging - - grafana: - image: grafana/grafana:10.0.8 - volumes: - - grafana-data:/var/lib/grafana - - /home/ubuntu/config/grafana-provisioning:/etc/grafana/provisioning - environment: - - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - - GF_USERS_ALLOW_SIGN_UP=false - - GF_INSTALL_PLUGINS=grafana-piechart-panel - - GF_SERVER_ROOT_URL=https://test-sanchonet.govtool.byron.network/grafana - - GF_SERVER_SERVE_FROM_SUB_PATH=true - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.grafana.rule=Host(`test-sanchonet.govtool.byron.network`) && PathPrefix(`/grafana`)" - - "traefik.http.routers.grafana.entrypoints=websecure" - - "traefik.http.routers.grafana.tls.certresolver=myresolver" - - "traefik.http.services.grafana.loadbalancer.server.port=3000" - - status-service: - build: - context: ../../govtool/status-service - environment: - - GRAFANA_USERNAME=admin - - GRAFANA_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.status-service.rule=Host(`test-sanchonet.govtool.byron.network`) && PathPrefix(`/status`)" - - "traefik.http.routers.status-service.entrypoints=websecure" - - "traefik.http.routers.status-service.tls.certresolver=myresolver" - - "traefik.http.services.status-service.loadbalancer.server.port=8000" - - postgres: - image: postgres:15-alpine - environment: - - POSTGRES_LOGGING=true - - POSTGRES_DB_FILE=/run/secrets/postgres_db - - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password - - POSTGRES_USER_FILE=/run/secrets/postgres_user - secrets: - - postgres_password - - postgres_user - - postgres_db - volumes: - - postgres:/var/lib/postgresql/data - restart: always - healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] - interval: 10s - timeout: 5s - retries: 5 - command: ${POSTGRES_ARGS:--c maintenance_work_mem=1GB -c max_parallel_maintenance_workers=4} - logging: *logging - - cardano-node: - image: ghcr.io/intersectmbo/cardano-node:${CARDANO_NODE_TAG} - entrypoint: - - "cardano-node" - - "run" - - "--topology" - - "/configuration/topology.json" - - "--database-path" - - "/data/db" - - "--socket-path" - - "/ipc/node.socket" - - "--host-addr" - - "0.0.0.0" - - "--port" - - "3001" - - "--config" - - "/configuration/config.json" - - "+RTS" - - "-N2" - - "-I0" - - "-A16m" - - "-qg" - - "-qb" - - "--disable-delayed-os-memory-return" - - "-RTS" - environment: - - NETWORK=${CARDANO_NETWORK:-sanchonet} - volumes: - - node-db:/data/db - - node-ipc:/ipc - - /home/ubuntu/config/cardano-node:/configuration - restart: always - healthcheck: - test: ["CMD-SHELL", "curl -f 127.0.0.1:12788 || exit 1"] - interval: 60s - timeout: 10s - retries: 5 - logging: *logging - - cardano-db-sync: - image: ghcr.io/intersectmbo/cardano-db-sync:${CARDANO_DB_SYNC_TAG} - environment: - - NETWORK=${CARDANO_NETWORK:-sanchonet} - - POSTGRES_HOST=postgres - - POSTGRES_PORT=5432 - - RESTORE_SNAPSHOT=${RESTORE_SNAPSHOT:-} - - RESTORE_RECREATE_DB=N - - EXTRA_DB_SYNC_ARGS=${EXTRA_DB_SYNC_ARGS:-} - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - secrets: - - postgres_password - - postgres_user - - postgres_db - volumes: - - db-sync-data:/var/lib/cexplorer - - node-ipc:/node-ipc - restart: always - logging: *logging - - backend: - image: ${VVA_BE_REPO:-733019650473.dkr.ecr.eu-west-1.amazonaws.com/backend}:${BACKEND_TAG} - command: /usr/local/bin/vva-be -c /run/secrets/backend-config.json start-app - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - secrets: - - backend-config.json - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.backend.rule=Host(`test-sanchonet.govtool.byron.network`) && PathPrefix(`/api`)" - - "traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes=/api" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=GET,HEAD,OPTIONS" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://test-sanchonet.govtool.byron.network" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" - - "traefik.http.middlewares.backend-cors.headers.addvaryheader=true" - - "traefik.http.routers.backend.middlewares=backend-stripprefix@docker,backend-cors@docker" - - "traefik.http.routers.backend.entrypoints=websecure" - - "traefik.http.routers.backend.tls.certresolver=myresolver" - - "traefik.http.services.backend.loadbalancer.server.port=9876" - - frontend: - image: ${VVA_FE_REPO:-733019650473.dkr.ecr.eu-west-1.amazonaws.com/frontend}:${FRONTEND_TAG} - volumes: - - /home/ubuntu/config/nginx/auth.conf:/etc/nginx/conf.d/auth.conf - - /home/ubuntu/config/nginx/govtool.htpasswd:/etc/nginx/conf.d/govtool.htpasswd - depends_on: - cardano-node: - condition: service_healthy - postgres: - condition: service_healthy - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.frontend.rule=Host(`test-sanchonet.govtool.byron.network`)" - - "traefik.http.routers.frontend.entrypoints=websecure" - - "traefik.http.routers.frontend.tls.certresolver=myresolver" - - "traefik.http.middlewares.frontend-csp.headers.contentSecurityPolicy=default-src 'self'; img-src *.usersnap.com 'self' data:; script-src *.usersnap.com 'self' 'unsafe-inline' https://www.googletagmanager.com https://browser.sentry-cdn.com; style-src *.usersnap.com *.googleapis.com 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com/upload.usersnap.com 'self' o4506155985141760.ingest.sentry.io *.google-analytics.com; font-src *.usersnap.com *.gstatic.com 'self' 'unsafe-inline' https://fonts.gstatic.com; worker-src blob:" - - "traefik.http.routers.frontend.middlewares=frontend-csp@docker" - - "traefik.http.services.frontend.loadbalancer.server.port=80" - -secrets: - postgres_db: - file: /home/ubuntu/config/dbsync-secrets/postgres_db - postgres_password: - file: /home/ubuntu/config/dbsync-secrets/postgres_password - postgres_user: - file: /home/ubuntu/config/dbsync-secrets/postgres_user - backend-config.json: - file: /home/ubuntu/config/backend-config.json - -volumes: - letsencrypt: - db-sync-data: - grafana-data: - postgres: - prometheus-data: - node-db: - node-ipc: