upload files

.github/renovate.json

@@ -0,0 +1,21 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+      "config:base"
+    ],
+    "schedule": ["before 4am"],
+    "packageRules": [
+      {
+        "matchPackagePatterns": [
+          "*"
+        ],
+        "matchUpdateTypes": [
+          "minor",
+          "patch"
+        ],
+        "groupName": "all non-major dependencies",
+        "groupSlug": "all-minor-patch"
+      }
+    ]
+  }
+

.github/workflows/test.yml

@@ -0,0 +1,18 @@
+name: Run Integration Tests
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Run Tests
+        working-directory: ./test
+        run: |
+          ./test.sh

.gitignore

@@ -1 +1,9 @@
-.env
+cicd/.env
+logging/.env
+test/run-backup-restore/backup
+test/run-backup-restore/cicd
+test/run-backup-restore/logging
+test/run-backup-restore/portainer
+test/run-backup-restore/docker-compose.yml
+cicd/docker-webhook/shared/envs
+

README.md

@@ -0,0 +1,23 @@
+# prodenv
+
+This is a production environment for docker applications. It contains logging, deploying, backingup, and some UI tools.
+
+### Tool list
+ - Continuous Delivery
+   - [generaltao725/docker-webhook](https://hub.docker.com/r/generaltao725/docker-webhook) - updates application on DockerHub update
+ - Logging
+   - [grafana/grafana](https://hub.docker.com/r/grafana/grafana) - the UI for showing logs
+   - [grafana/loki](https://hub.docker.com/r/grafana/loki) - like Prometheus, but for logs
+   - [grafana/promtail](https://hub.docker.com/r/grafana/promtail) - the agent, responsible for gathering logs and sending them to Loki
+   - [prom/prometheus](https://hub.docker.com/r/prom/prometheus) - server monitoring system
+   - [prom/node-exporter](https://hub.docker.com/r/prom/node-exporter) - prometheus exporter for metrics
+   - [minio/minio](https://hub.docker.com/r/minio/minio) - the db for logs
+   - [minio/mc](https://hub.docker.com/r/minio/mc) - the client for minio, required for backups
+ - Backup
+   - [offen/docker-volume-backup](https://hub.docker.com/r/offen/docker-volume-backup) - making backups
+   - [generaltao725/command-runner](https://hub.docker.com/r/generaltao725/command-runner) - restoring backups
+ - [portainer/portainer](https://hub.docker.com/r/portainer/portainer) - the UI for Docker
+ - [jc21/nginx-proxy-manager](https://hub.docker.com/r/jc21/nginx-proxy-manager) - nginx with UI for reverse proxy server management
+
+### Usage
+All sensitive information is removed for security purposes, this repo is more for review.

backup/make-backup/backup.env

@@ -0,0 +1,8 @@
+BACKUP_CRON_EXPRESSION="0 0 * * 0"
+BACKUP_FILENAME="backup-%Y-%m-%dT%H-%M-%S.tar.gz"
+BACKUP_LATEST_SYMLINK="backup.latest.tar.gz"
+BACKUP_SOURCES="/backup"
+BACKUP_RETENTION_DAYS="7"
+LOCK_TIMEOUT="10m"
+EXEC_FORWARD_OUTPUT="true"
+EXEC_LABEL="prodenv"

backup/make-backup/docker-compose.yml

@@ -0,0 +1,13 @@
+version: '2.4'
+
+services:
+
+  make-backup:
+    image: offen/docker-volume-backup:v2.25.1
+    env_file: 
+     - ./backup.env
+    volumes:
+      - mc-data:/backup/mc-data:ro
+
+      - //var/run/docker.sock:/var/run/docker.sock:ro
+      - backup-data:/archive

backup/make-backup/scripts/make.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker compose exec make-backup /bin/sh -c backup

backup/restore-backup/docker-compose.yml

@@ -0,0 +1,13 @@
+version: '2.4'
+
+services:
+  restore-backup:
+    image: generaltao725/command-runner:0.5.0
+    environment:
+      - COMMAND_RUNNER_GROUP=prodenv
+    volumes:
+      - //var/run/docker.sock:/var/run/docker.sock:ro
+      - ./shared:/etc/runner/scripts/shared:ro
+      - backup-data:/archive:ro
+
+      - mc-data:/backup/mc-data

backup/restore-backup/scripts/ls.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker compose exec restore-backup bash -c 'ls -1 /archive'

backup/restore-backup/scripts/restore.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker compose exec restore-backup runner "$1"

backup/restore-backup/shared/after-all.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+rm -r /tmp/backup

backup/restore-backup/shared/before-all.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+echo Hello
+
+tar -xf "/archive/$1" -C /tmp
+
+cp -r /tmp/backup/mc-data/current /backup/mc-data/archived

docker-webhook/docker-compose.yml → cicd/docker-webhook/docker-compose.yml

@@ -1,15 +1,16 @@
 version: '2.4'
 
 services:
-  webhook:
-    image: generaltao725/docker-webhook
-    container_name: prodenv-docker-webhook
+   docker-webhook:
+    image: generaltao725/docker-webhook:0.6.0
     ports: 
-     - "9000:9000"
+     - 127.0.0.1:9000:9000
     volumes: 
       - ./shared:/etc/webhook/shared
-      - ../assets:/etc/webhook/assets
+      - //etc/webhook/cache:/etc/webhook/cache
       - //var/run/docker.sock:/var/run/docker.sock
+    env_file:
+     - ../.env
     environment:
      - "DOCKER_USERNAME=generaltao725"
 

cicd/docker-webhook/shared/configs/project-whitelist.list

@@ -0,0 +1 @@
+java-discord-help-bot

docker-compose.yml

@@ -0,0 +1,99 @@
+version: '2.4'
+
+services:
+
+  webhook:
+    extends:
+      file: cicd/docker-webhook/docker-compose.yml
+      service: docker-webhook
+
+  loki:
+    extends:
+      file: logging/loki/docker-compose.yml
+      service: loki
+    depends_on:
+      minio:
+        condition: service_healthy
+
+  promtail:
+    extends:
+      file: logging/promtail/docker-compose.yml
+      service: promtail
+    depends_on:
+      loki:
+        condition: service_healthy
+
+  minio:
+    extends:
+      file: logging/minio/docker-compose.yml
+      service: minio
+
+  mc:
+    extends:
+      file: logging/mc/docker-compose.yml
+      service: mc
+    depends_on:
+      minio:
+        condition: service_healthy
+
+  node-exporter:
+    extends:
+      file: logging/node-exporter/docker-compose.yml
+      service: node-exporter
+
+  prometheus:
+    extends:
+      file: logging/prometheus/docker-compose.yml
+      service: prometheus
+    depends_on:
+      node-exporter:
+        condition: service_started
+
+  grafana:
+    extends:
+      file: logging/grafana/docker-compose.yml
+      service: grafana
+    depends_on:
+      loki:
+        condition: service_healthy
+      promtail:
+        condition: service_started
+      prometheus:
+        condition: service_started
+
+  make-backup:
+    extends:
+      file: backup/make-backup/docker-compose.yml
+      service: make-backup
+    depends_on:
+      minio:
+        condition: service_healthy
+      mc:
+        condition: service_started
+
+  restore-backup:
+    extends:
+      file: backup/restore-backup/docker-compose.yml
+      service: restore-backup
+    depends_on:
+      mc:
+        condition: service_started
+
+  portainer:
+    extends:
+      file: portainer/docker-compose.yml
+      service: portainer
+
+  nginx-proxy-manager:
+    extends:
+      file: nginx-proxy-manager/docker-compose.yml
+      service: nginx-proxy-manager
+
+volumes:
+  backup-data:
+  minio-data:
+  minio-mirror-data:
+  mc-data:
+  portainer-data:
+  nginx-proxy-manager-data:
+  prometheus_data:

logging/grafana/docker-compose.yml

@@ -0,0 +1,17 @@
+---
+version: '2.4'
+
+services:
+  grafana:
+    image: grafana/grafana:9.3.6
+    env_file:
+      - ../.env
+    ports:
+      - 127.0.0.1:3000:3000
+    volumes:
+      - ./provisioning:/etc/grafana/provisioning
+    healthcheck:
+      test: [ "CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:3000/api/health || exit 1" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5

logging/grafana/provisioning/datasources/loki.yml

@@ -0,0 +1,11 @@
+apiVersion: 1
+
+datasources:
+  - name: Loki
+    type: loki
+    access: proxy
+    url: http://loki:3100
+    jsonData:
+      httpHeaderName1: "X-Scope-OrgID"
+    secureJsonData:
+      httpHeaderValue1: "tenant1"

logging/grafana/provisioning/datasources/prometheus.yml

@@ -0,0 +1,8 @@
+apiVersion: 1
+# TODO how to add dashboards using grafana.com ids?
+# 1860
+datasources:
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: http://prometheus:9090

logging/loki/configs/config.yaml

@@ -0,0 +1,48 @@
+---
+server:
+  http_listen_port: 3100
+#  log_level: debug
+
+schema_config:
+  configs:
+    - from: 2021-08-01
+      store: boltdb-shipper
+      object_store: s3
+      schema: v11
+      index:
+        prefix: index_
+        period: 24h
+common:
+  path_prefix: /loki
+  replication_factor: 1
+  storage:
+    s3:
+      endpoint: minio:9000
+      insecure: true  
+      bucketnames: loki-data
+      access_key_id: ${MINIO_ACCESS_KEY}
+      secret_access_key: ${MINIO_ROOT_PASSWORD}
+      s3forcepathstyle: true
+  ring:
+    kvstore:
+      store: memberlist
+ruler:
+  storage:
+    s3:
+      bucketnames: loki-ruler
+
+ingester:
+  chunk_idle_period: 1m
+
+# table_manager:
+#   retention_deletes_enabled: true
+#   retention_period: 10m
+
+compactor:
+  retention_enabled: true
+  retention_delete_delay: 1m
+  delete_request_cancel_period: 1m
+
+limits_config:
+  retention_period: 48h
+