diff --git a/.env b/.env index 61ecbf8c16176597deffa1ae9126627ae16f731d..e124cf1583c671a0be30a74dc0c735edd0e74f44 100644 --- a/.env +++ b/.env @@ -2,10 +2,12 @@ SPOT_HOSTNAME=spot.ecloud.global SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global SPOT_DOCKER_TAG=latest SPOT_NGINX_DOCKER_TAG=latest -SEARX_MORTY_URL=http://localhost:8089 +SEARX_MORTY_URL=https://localhost:8089 SEARX_SECRET=":@)%NN0+OqNdy:{prWQlZ{p9|oO9p-UyJq@%V!~G:arrSx6fXz.{jd%=XF44ncj" SEARX_MORTY_KEY="taKB1WGTa63LEI6RdjWWKshS4oYSHQWGu9Eyjr1OlpQ=" SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo -SEARX_PROXY_HTTP=socks5://tor:9050 -SEARX_PROXY_HTTPS=socks5://tor:9050 +SEARX_PROXY_HTTP=socks5h://tor-socks-proxy:9150 +SEARX_PROXY_HTTPS=socks5h://tor-socks-proxy:9150 +WIREGUARD_IP=127.0.0.1 +REPO_BASE=/mnt/repo-base/staging-spot \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a1d861dc2af9ec912297abb5ba759c3ef3c49a2..e9c9a02077bca155338c24043331034ec4d0b2b2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,6 +6,10 @@ stages: - test - deploy +services: + - docker:18-dind + + python: stage: check before_script: @@ -64,54 +68,129 @@ test:unit: .deploy:template: stage: deploy before_script: - - eval $(ssh-agent -s) - - echo "$PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null +# - eval $(ssh-agent -s) +# - echo "$PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh - - echo "$KNOWN_HOSTS" > ~/.ssh/known_hosts - - chmod 644 ~/.ssh/known_hosts - - ssh $DOCKER_HOST "mkdir -p $(dirname $FILTRON_RULES) && echo '$(cat ./etc/filtron/rules.json)' > $FILTRON_RULES" + - echo "$SSH_PRIVATE_KEY_ED" > $HOME/.ssh/id_ed25519 + - echo "$SSH_PUBKEY_ED" > $HOME/.ssh/id_ed25519.pub + - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts + - chmod 600 ~/.ssh/id_ed25519 + - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub +# - ssh $SSH_USER@$BACKEND1_HOST + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY +# - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env + +.deploy:template2: + stage: deploy + before_script: +# - eval $(ssh-agent -s) +# - echo "$PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null + - mkdir -p ~/.ssh + - chmod 700 ~/.ssh + - echo "$SSH_PRIVATE_KEY_ED" > $HOME/.ssh/id_ed25519 + - echo "$SSH_PUBKEY_ED" > $HOME/.ssh/id_ed25519.pub + - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts + - chmod 600 ~/.ssh/id_ed25519 + - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub + - ssh $DOCKER_HOST "cd $PATH_STAGING" - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env -deploy:spot.test.cloud.global: +#deploy:spot.test.cloud.global: +# extends: .deploy:template +# when: manual +# only: +# - branches +# environment: +# name: test +# url: https://spot.test.ecloud.global +# variables: +# DOCKER_HOST: ssh://root@spot.test.ecloud.global +# FILTRON_RULES: /etc/filtron/rules.json +# SPOT_HOSTNAME: spot.test.ecloud.global +# SPOT_MORTY_HOSTNAME: proxy.spot.test.ecloud.global +# SEARX_MORTY_URL: https://proxy.spot.test.ecloud.global +# COMPOSE_PROJECT_NAME: my-spot +# PRIVATE_KEY: ${PRIVATE_KEY_TEST} +# script: +# - docker-compose up -d --build --scale tor=5 +# - docker-compose restart filtron + +deploy:spot.eeo.one.backend1: extends: .deploy:template when: manual only: - branches environment: - name: test - url: https://spot.test.ecloud.global + name: eeo1 + url: https://spot.eeo.one variables: - DOCKER_HOST: ssh://root@spot.test.ecloud.global - FILTRON_RULES: /etc/filtron/rules.json - SPOT_HOSTNAME: spot.test.ecloud.global - SPOT_MORTY_HOSTNAME: proxy.spot.test.ecloud.global - SEARX_MORTY_URL: https://proxy.spot.test.ecloud.global - COMPOSE_PROJECT_NAME: my-spot - PRIVATE_KEY: ${PRIVATE_KEY_TEST} +# DOCKER_HOST: ssh://root@web1.ecloud.global +# FILTRON_RULES: /etc/filtron/rules.json + SPOT_HOSTNAME: spot.eeo.one + SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one + COMPOSE_PROJECT_NAME: staging-spot + SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} + SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} + WIREGUARD_IP: ${BACKEND1_WG_IP} script: - - docker-compose up -d --build --scale tor=5 - - docker-compose restart filtron + - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env + && sed -i 's/WIREGUARD_IP=127.0.0.1/WIREGUARD_IP=$WIREGUARD_IP/g' .env + && sed -i 's/SPOT_HOSTNAME=spot.ecloud.global/SPOT_HOSTNAME=$SPOT_HOSTNAME/g' .env + && sed -i 's/SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global/SPOT_MORTY_HOSTNAME=$SPOT_MORTY_HOSTNAME/g' .env + && sed -i 's/localhost:8089/$SPOT_MORTY_HOSTNAME/g' .env + && sed -i 's/SPOT_DOCKER_TAG=latest/SPOT_DOCKER_TAG=$SPOT_DOCKER_TAG/g' .env + && sed -i 's/SPOT_NGINX_DOCKER_TAG=latest/SPOT_NGINX_DOCKER_TAG=$SPOT_NGINX_DOCKER_TAG/g' .env + && docker-compose up -d --build --scale tor-socks-proxy=2 && docker-compose restart filtron" + -deploy:spot.cloud.global: - extends: .deploy:template +deploy:spot.eeo.one.backend2: + extends: .deploy:template2 + when: manual only: - - tags + - branches environment: - name: prod - url: https://spot.ecloud.global + name: eeo2 + url: https://spot.eeo.one variables: - DOCKER_HOST: ssh://spot@spot.ecloud.global - FILTRON_RULES: /home/spot/filtron/rules.json - SPOT_HOSTNAME: spot.ecloud.global - SPOT_MORTY_HOSTNAME: proxy.spot.ecloud.global - SEARX_MORTY_URL: https://proxy.spot.ecloud.global - COMPOSE_PROJECT_NAME: my-spot + DOCKER_HOST: ssh://${SSH_USER}@${BACKEND2_HOST} +# FILTRON_RULES: /etc/filtron/rules.json + SPOT_HOSTNAME: spot.eeo.one + SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one + SEARX_MORTY_URL: https://proxy.spot.eeo.one + COMPOSE_PROJECT_NAME: staging-spot SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} - PRIVATE_KEY: ${PRIVATE_KEY_PROD} + WIREGUARD_IP: ${BACKEND2_WG_IP} script: - - docker-compose pull - - docker-compose up -d --scale tor=5 - - docker-compose restart filtron + - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" + - docker-compose up -d --build --scale tor-socks-proxy=2 + #- docker-compose restart filtron + # - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" + # - docker-compose up -d --build --scale tor=5 + #- docker-compose restart filtron + + +#deploy:spot.cloud.global: +# extends: .deploy:template +# only: +# - tags +# environment: +# name: prod +# url: https://spot.ecloud.global +# variables: +# DOCKER_HOST: ssh://spot@spot.ecloud.global +# FILTRON_RULES: /home/spot/filtron/rules.json +# SPOT_HOSTNAME: spot.ecloud.global +# SPOT_MORTY_HOSTNAME: proxy.spot.ecloud.global +# SEARX_MORTY_URL: https://proxy.spot.ecloud.global +# COMPOSE_PROJECT_NAME: my-spot +# SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} +# SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} +# PRIVATE_KEY: ${PRIVATE_KEY_PROD} +# script: +# - docker-compose pull +# - docker-compose up -d --scale tor=5 +# - docker-compose restart filtron diff --git a/docker-compose.yml b/docker-compose.yml index 5630cabfc96ca825671fd3935edf6f4024801a46..1b645aae0e945afe8edbbd14a5041d0cf5d47a59 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,17 +10,23 @@ x-logging: services: redis: image: redis:5.0.7-alpine + container_name: spot-redis logging: *default-logging restart: unless-stopped + networks: + - spot-default command: redis-server --maxmemory 8G --maxmemory-policy allkeys-lru spot: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot:${SPOT_DOCKER_TAG} + container_name: spot build: context: . dockerfile: Dockerfile logging: *default-logging restart: unless-stopped + networks: + - spot-default environment: SEARX_SECRET: "${SEARX_SECRET}" SEARX_MORTY_URL: "${SEARX_MORTY_URL}" @@ -32,35 +38,46 @@ services: GUNICORN_LOGGER: 1 GUNICORN_LEVEL: INFO - nginx: + spot-nginx: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot/nginx:${SPOT_NGINX_DOCKER_TAG} + container_name: spot-nginx build: context: . dockerfile: nginx.Dockerfile logging: *default-logging restart: unless-stopped + networks: + - spot-default environment: SEARX_MORTY_URL: "${SEARX_MORTY_URL}" filtron: image: dalf/filtron:latest + container_name: spot-filtron logging: *default-logging restart: unless-stopped - command: -listen :3000 -rules /etc/filtron/rules.json -target nginx + command: -listen :3000 -rules /etc/filtron/rules.json -target spot-nginx + networks: + - spot-default + - spot-wireguarded ports: - - "8088:3000" + - ${WIREGUARD_IP}:8088:3000 volumes: - - ${FILTRON_RULES:-./etc/filtron/rules.json}:/etc/filtron/rules.json + - ${REPO_BASE}/etc/filtron/rules.json:/etc/filtron/rules.json labels: - "traefik.enable=true" - "traefik.http.routers.filtron.rule=Host(`${SPOT_HOSTNAME}`)" morty: image: dalf/morty:latest + container_name: spot-morty logging: *default-logging restart: unless-stopped + networks: + - spot-default + - spot-wireguarded ports: - - "8089:3000" + - ${WIREGUARD_IP}:8089:3000 environment: DEBUG: "false" MORTY_ADDRESS: ":3000" @@ -69,7 +86,27 @@ services: - "traefik.enable=true" - "traefik.http.routers.morty.rule=Host(`${SPOT_MORTY_HOSTNAME}`)" - tor: - image: osminogin/tor-simple - logging: *default-logging + tor-socks-proxy: + image: peterdavehello/tor-socks-proxy:latest +# ports: +# - "${WIREGUARD_IP}:8853:53/udp" +# - "${WIREGUARD_IP}:9150:9150/tcp" restart: unless-stopped + networks: + - spot-default +# - spot-wireguarded + +# tor: +# image: osminogin/tor-simple +# #container_name: spot-tor +# logging: *default-logging +# restart: unless-stopped +# networks: +# - spot-default + + +networks: + spot-default: + external: true + spot-wireguarded: + external: true \ No newline at end of file