Loading .env +5 −3 Original line number Diff line number Diff line Loading @@ -2,10 +2,12 @@ SPOT_HOSTNAME=spot.ecloud.global SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global SPOT_DOCKER_TAG=latest SPOT_NGINX_DOCKER_TAG=latest SEARX_MORTY_URL=http://localhost:8089 SEARX_MORTY_URL=https://localhost:8089 SEARX_SECRET=":@)%NN0+OqNdy:{prWQlZ{p9|oO9p-UyJq@%V!~G:arrSx6fXz.{jd%=XF44ncj" SEARX_MORTY_KEY="taKB1WGTa63LEI6RdjWWKshS4oYSHQWGu9Eyjr1OlpQ=" SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo SEARX_PROXY_HTTP=socks5://tor:9050 SEARX_PROXY_HTTPS=socks5://tor:9050 SEARX_PROXY_HTTP=socks5h://tor-socks-proxy:9150 SEARX_PROXY_HTTPS=socks5h://tor-socks-proxy:9150 WIREGUARD_IP=127.0.0.1 REPO_BASE=/mnt/repo-base/staging-spot No newline at end of file .gitlab-ci.yml +45 −18 Original line number Diff line number Diff line Loading @@ -6,6 +6,9 @@ stages: - test - deploy services: - docker:20.10-dind python: stage: check before_script: Loading @@ -28,8 +31,6 @@ build:web: image: docker:git tags: - generic_privileged services: - docker:18-dind before_script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY script: Loading Loading @@ -64,36 +65,62 @@ test:unit: .deploy:template: stage: deploy before_script: - eval $(ssh-agent -s) - echo "$PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$KNOWN_HOSTS" > ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - ssh $DOCKER_HOST "mkdir -p $(dirname $FILTRON_RULES) && echo '$(cat ./etc/filtron/rules.json)' > $FILTRON_RULES" - echo "$SSH_PRIVATE_KEY_ED" > $HOME/.ssh/id_ed25519 - echo "$SSH_PUBKEY_ED" > $HOME/.ssh/id_ed25519.pub - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts - chmod 600 ~/.ssh/id_ed25519 - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub - ssh $DOCKER_HOST "cd $PATH_STAGING" - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env deploy:spot.test.cloud.global: deploy:spot.eeo.one.backend1: extends: .deploy:template when: manual only: - branches environment: name: test url: https://spot.test.ecloud.global name: eeo1 url: https://spot.eeo.one variables: DOCKER_HOST: ssh://root@spot.test.ecloud.global FILTRON_RULES: /etc/filtron/rules.json SPOT_HOSTNAME: spot.test.ecloud.global SPOT_MORTY_HOSTNAME: proxy.spot.test.ecloud.global SEARX_MORTY_URL: https://proxy.spot.test.ecloud.global COMPOSE_PROJECT_NAME: my-spot PRIVATE_KEY: ${PRIVATE_KEY_TEST} DOCKER_HOST: ssh://${SSH_USER}@${BACKEND1_HOST} SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: staging-spot SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - docker-compose up -d --build --scale tor-socks-proxy=5 - docker-compose restart filtron deploy:spot.eeo.one.backend2: extends: .deploy:template when: manual only: - branches environment: name: eeo2 url: https://spot.eeo.one variables: DOCKER_HOST: ssh://${SSH_USER}@${BACKEND2_HOST} SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: staging-spot SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} WIREGUARD_IP: ${BACKEND2_WG_IP} script: - docker-compose up -d --build --scale tor=5 - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - docker-compose up -d --build --scale tor-socks-proxy=5 - docker-compose restart filtron deploy:spot.cloud.global: extends: .deploy:template only: Loading docker-compose.yml +31 −6 Original line number Diff line number Diff line Loading @@ -10,17 +10,23 @@ x-logging: services: redis: image: redis:5.0.7-alpine # container_name: spot-redis logging: *default-logging restart: unless-stopped networks: - spot-default command: redis-server --maxmemory 8G --maxmemory-policy allkeys-lru spot: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot:${SPOT_DOCKER_TAG} # container_name: spot build: context: . dockerfile: Dockerfile logging: *default-logging restart: unless-stopped networks: - spot-default environment: SEARX_SECRET: "${SEARX_SECRET}" SEARX_MORTY_URL: "${SEARX_MORTY_URL}" Loading @@ -32,35 +38,46 @@ services: GUNICORN_LOGGER: 1 GUNICORN_LEVEL: INFO nginx: spot-nginx: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot/nginx:${SPOT_NGINX_DOCKER_TAG} # container_name: spot-nginx build: context: . dockerfile: nginx.Dockerfile logging: *default-logging restart: unless-stopped networks: - spot-default environment: SEARX_MORTY_URL: "${SEARX_MORTY_URL}" filtron: image: dalf/filtron:latest # container_name: spot-filtron logging: *default-logging restart: unless-stopped command: -listen :3000 -rules /etc/filtron/rules.json -target nginx command: -listen :3000 -rules /etc/filtron/rules.json -target spot-nginx networks: - spot-default - spot-wireguarded ports: - "8088:3000" - ${WIREGUARD_IP}:8088:3000 volumes: - ${FILTRON_RULES:-./etc/filtron/rules.json}:/etc/filtron/rules.json - ${REPO_BASE}/etc/filtron/rules.json:/etc/filtron/rules.json labels: - "traefik.enable=true" - "traefik.http.routers.filtron.rule=Host(`${SPOT_HOSTNAME}`)" morty: image: dalf/morty:latest # container_name: spot-morty logging: *default-logging restart: unless-stopped networks: - spot-default - spot-wireguarded ports: - "8089:3000" - ${WIREGUARD_IP}:8089:3000 environment: DEBUG: "false" MORTY_ADDRESS: ":3000" Loading @@ -70,6 +87,14 @@ services: - "traefik.http.routers.morty.rule=Host(`${SPOT_MORTY_HOSTNAME}`)" tor: image: osminogin/tor-simple image: peterdavehello/tor-socks-proxy:latest logging: *default-logging restart: unless-stopped networks: - spot-default networks: spot-default: external: true spot-wireguarded: external: true Loading
.env +5 −3 Original line number Diff line number Diff line Loading @@ -2,10 +2,12 @@ SPOT_HOSTNAME=spot.ecloud.global SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global SPOT_DOCKER_TAG=latest SPOT_NGINX_DOCKER_TAG=latest SEARX_MORTY_URL=http://localhost:8089 SEARX_MORTY_URL=https://localhost:8089 SEARX_SECRET=":@)%NN0+OqNdy:{prWQlZ{p9|oO9p-UyJq@%V!~G:arrSx6fXz.{jd%=XF44ncj" SEARX_MORTY_KEY="taKB1WGTa63LEI6RdjWWKshS4oYSHQWGu9Eyjr1OlpQ=" SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo SEARX_PROXY_HTTP=socks5://tor:9050 SEARX_PROXY_HTTPS=socks5://tor:9050 SEARX_PROXY_HTTP=socks5h://tor-socks-proxy:9150 SEARX_PROXY_HTTPS=socks5h://tor-socks-proxy:9150 WIREGUARD_IP=127.0.0.1 REPO_BASE=/mnt/repo-base/staging-spot No newline at end of file
.gitlab-ci.yml +45 −18 Original line number Diff line number Diff line Loading @@ -6,6 +6,9 @@ stages: - test - deploy services: - docker:20.10-dind python: stage: check before_script: Loading @@ -28,8 +31,6 @@ build:web: image: docker:git tags: - generic_privileged services: - docker:18-dind before_script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY script: Loading Loading @@ -64,36 +65,62 @@ test:unit: .deploy:template: stage: deploy before_script: - eval $(ssh-agent -s) - echo "$PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$KNOWN_HOSTS" > ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - ssh $DOCKER_HOST "mkdir -p $(dirname $FILTRON_RULES) && echo '$(cat ./etc/filtron/rules.json)' > $FILTRON_RULES" - echo "$SSH_PRIVATE_KEY_ED" > $HOME/.ssh/id_ed25519 - echo "$SSH_PUBKEY_ED" > $HOME/.ssh/id_ed25519.pub - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts - chmod 600 ~/.ssh/id_ed25519 - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub - ssh $DOCKER_HOST "cd $PATH_STAGING" - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env deploy:spot.test.cloud.global: deploy:spot.eeo.one.backend1: extends: .deploy:template when: manual only: - branches environment: name: test url: https://spot.test.ecloud.global name: eeo1 url: https://spot.eeo.one variables: DOCKER_HOST: ssh://root@spot.test.ecloud.global FILTRON_RULES: /etc/filtron/rules.json SPOT_HOSTNAME: spot.test.ecloud.global SPOT_MORTY_HOSTNAME: proxy.spot.test.ecloud.global SEARX_MORTY_URL: https://proxy.spot.test.ecloud.global COMPOSE_PROJECT_NAME: my-spot PRIVATE_KEY: ${PRIVATE_KEY_TEST} DOCKER_HOST: ssh://${SSH_USER}@${BACKEND1_HOST} SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: staging-spot SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - docker-compose up -d --build --scale tor-socks-proxy=5 - docker-compose restart filtron deploy:spot.eeo.one.backend2: extends: .deploy:template when: manual only: - branches environment: name: eeo2 url: https://spot.eeo.one variables: DOCKER_HOST: ssh://${SSH_USER}@${BACKEND2_HOST} SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: staging-spot SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} WIREGUARD_IP: ${BACKEND2_WG_IP} script: - docker-compose up -d --build --scale tor=5 - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - docker-compose up -d --build --scale tor-socks-proxy=5 - docker-compose restart filtron deploy:spot.cloud.global: extends: .deploy:template only: Loading
docker-compose.yml +31 −6 Original line number Diff line number Diff line Loading @@ -10,17 +10,23 @@ x-logging: services: redis: image: redis:5.0.7-alpine # container_name: spot-redis logging: *default-logging restart: unless-stopped networks: - spot-default command: redis-server --maxmemory 8G --maxmemory-policy allkeys-lru spot: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot:${SPOT_DOCKER_TAG} # container_name: spot build: context: . dockerfile: Dockerfile logging: *default-logging restart: unless-stopped networks: - spot-default environment: SEARX_SECRET: "${SEARX_SECRET}" SEARX_MORTY_URL: "${SEARX_MORTY_URL}" Loading @@ -32,35 +38,46 @@ services: GUNICORN_LOGGER: 1 GUNICORN_LEVEL: INFO nginx: spot-nginx: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot/nginx:${SPOT_NGINX_DOCKER_TAG} # container_name: spot-nginx build: context: . dockerfile: nginx.Dockerfile logging: *default-logging restart: unless-stopped networks: - spot-default environment: SEARX_MORTY_URL: "${SEARX_MORTY_URL}" filtron: image: dalf/filtron:latest # container_name: spot-filtron logging: *default-logging restart: unless-stopped command: -listen :3000 -rules /etc/filtron/rules.json -target nginx command: -listen :3000 -rules /etc/filtron/rules.json -target spot-nginx networks: - spot-default - spot-wireguarded ports: - "8088:3000" - ${WIREGUARD_IP}:8088:3000 volumes: - ${FILTRON_RULES:-./etc/filtron/rules.json}:/etc/filtron/rules.json - ${REPO_BASE}/etc/filtron/rules.json:/etc/filtron/rules.json labels: - "traefik.enable=true" - "traefik.http.routers.filtron.rule=Host(`${SPOT_HOSTNAME}`)" morty: image: dalf/morty:latest # container_name: spot-morty logging: *default-logging restart: unless-stopped networks: - spot-default - spot-wireguarded ports: - "8089:3000" - ${WIREGUARD_IP}:8089:3000 environment: DEBUG: "false" MORTY_ADDRESS: ":3000" Loading @@ -70,6 +87,14 @@ services: - "traefik.http.routers.morty.rule=Host(`${SPOT_MORTY_HOSTNAME}`)" tor: image: osminogin/tor-simple image: peterdavehello/tor-socks-proxy:latest logging: *default-logging restart: unless-stopped networks: - spot-default networks: spot-default: external: true spot-wireguarded: external: true
