From 141abebe131c1a3b55776fd96e634b27ec06e558 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 10:24:26 +0200 Subject: [PATCH 01/33] first batch of changes in docker-compose and gitlab-ci --- .gitlab-ci.yml | 102 ++++++++++++++++++++++++++++++++------------- docker-compose.yml | 23 +++++++++- 2 files changed, 95 insertions(+), 30 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a1d861dc..e1ee9b2e3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -64,54 +64,100 @@ test:unit: .deploy:template: stage: deploy before_script: - - eval $(ssh-agent -s) - - echo "$PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null +# - eval $(ssh-agent -s) +# - echo "$PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh - - echo "$KNOWN_HOSTS" > ~/.ssh/known_hosts - - chmod 644 ~/.ssh/known_hosts - - ssh $DOCKER_HOST "mkdir -p $(dirname $FILTRON_RULES) && echo '$(cat ./etc/filtron/rules.json)' > $FILTRON_RULES" + - echo "$SSH_PRIVATE_KEY_ED" > $HOME/.ssh/id_ed25519 + - echo "$SSH_PUBKEY_ED" > $HOME/.ssh/id_ed25519.pub + - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts + - chmod 600 ~/.ssh/id_ed25519 + - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub +# - ssh $DOCKER_HOST "mkdir -p $(dirname $FILTRON_RULES) && echo '$(cat ./etc/filtron/rules.json)' > $FILTRON_RULES" - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env -deploy:spot.test.cloud.global: +#deploy:spot.test.cloud.global: +# extends: .deploy:template +# when: manual +# only: +# - branches +# environment: +# name: test +# url: https://spot.test.ecloud.global +# variables: +# DOCKER_HOST: ssh://root@spot.test.ecloud.global +# FILTRON_RULES: /etc/filtron/rules.json +# SPOT_HOSTNAME: spot.test.ecloud.global +# SPOT_MORTY_HOSTNAME: proxy.spot.test.ecloud.global +# SEARX_MORTY_URL: https://proxy.spot.test.ecloud.global +# COMPOSE_PROJECT_NAME: my-spot +# PRIVATE_KEY: ${PRIVATE_KEY_TEST} +# script: +# - docker-compose up -d --build --scale tor=5 +# - docker-compose restart filtron + +deploy:spot.eeo.one.backend1: extends: .deploy:template when: manual only: - branches environment: - name: test - url: https://spot.test.ecloud.global + name: eeo1 + url: https://spot.eeo.one variables: - DOCKER_HOST: ssh://root@spot.test.ecloud.global - FILTRON_RULES: /etc/filtron/rules.json - SPOT_HOSTNAME: spot.test.ecloud.global - SPOT_MORTY_HOSTNAME: proxy.spot.test.ecloud.global - SEARX_MORTY_URL: https://proxy.spot.test.ecloud.global +# DOCKER_HOST: ssh://root@web1.ecloud.global +# FILTRON_RULES: /etc/filtron/rules.json + SPOT_HOSTNAME: spot.eeo.one + SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one + SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: my-spot - PRIVATE_KEY: ${PRIVATE_KEY_TEST} +# PRIVATE_KEY: ${PRIVATE_KEY_WEB1} + WIREGUARD_IP: ${BACKEND1_WG_IP} script: - docker-compose up -d --build --scale tor=5 - docker-compose restart filtron -deploy:spot.cloud.global: +deploy:spot.eeo.one.backend2: extends: .deploy:template + when: manual only: - - tags + - branches environment: - name: prod - url: https://spot.ecloud.global + name: eeo2 + url: https://spot.eeo.one variables: - DOCKER_HOST: ssh://spot@spot.ecloud.global - FILTRON_RULES: /home/spot/filtron/rules.json - SPOT_HOSTNAME: spot.ecloud.global - SPOT_MORTY_HOSTNAME: proxy.spot.ecloud.global - SEARX_MORTY_URL: https://proxy.spot.ecloud.global +# DOCKER_HOST: ssh://root@web2.ecloud.global +# FILTRON_RULES: /etc/filtron/rules.json + SPOT_HOSTNAME: spot.eeo.one + SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one + SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: my-spot - SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} - SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} - PRIVATE_KEY: ${PRIVATE_KEY_PROD} +# PRIVATE_KEY: ${PRIVATE_KEY_WEB2} + WIREGUARD_IP: ${BACKEND1_WG_IP} script: - - docker-compose pull - - docker-compose up -d --scale tor=5 + - docker-compose up -d --build --scale tor=5 - docker-compose restart filtron + + +#deploy:spot.cloud.global: +# extends: .deploy:template +# only: +# - tags +# environment: +# name: prod +# url: https://spot.ecloud.global +# variables: +# DOCKER_HOST: ssh://spot@spot.ecloud.global +# FILTRON_RULES: /home/spot/filtron/rules.json +# SPOT_HOSTNAME: spot.ecloud.global +# SPOT_MORTY_HOSTNAME: proxy.spot.ecloud.global +# SEARX_MORTY_URL: https://proxy.spot.ecloud.global +# COMPOSE_PROJECT_NAME: my-spot +# SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} +# SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} +# PRIVATE_KEY: ${PRIVATE_KEY_PROD} +# script: +# - docker-compose pull +# - docker-compose up -d --scale tor=5 +# - docker-compose restart filtron diff --git a/docker-compose.yml b/docker-compose.yml index 5630cabfc..1b9747ab2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,6 +12,8 @@ services: image: redis:5.0.7-alpine logging: *default-logging restart: unless-stopped + networks: + - my-spot_default command: redis-server --maxmemory 8G --maxmemory-policy allkeys-lru spot: @@ -21,6 +23,8 @@ services: dockerfile: Dockerfile logging: *default-logging restart: unless-stopped + networks: + - my-spot_default environment: SEARX_SECRET: "${SEARX_SECRET}" SEARX_MORTY_URL: "${SEARX_MORTY_URL}" @@ -39,6 +43,8 @@ services: dockerfile: nginx.Dockerfile logging: *default-logging restart: unless-stopped + networks: + - my-spot_default environment: SEARX_MORTY_URL: "${SEARX_MORTY_URL}" @@ -47,8 +53,11 @@ services: logging: *default-logging restart: unless-stopped command: -listen :3000 -rules /etc/filtron/rules.json -target nginx + networks: + - my-spot_default + - wireguarded ports: - - "8088:3000" + - "${WIREGUARD_IP}:8088:3000" volumes: - ${FILTRON_RULES:-./etc/filtron/rules.json}:/etc/filtron/rules.json labels: @@ -59,8 +68,11 @@ services: image: dalf/morty:latest logging: *default-logging restart: unless-stopped + networks: + - my-spot_default + - wireguarded ports: - - "8089:3000" + - "${WIREGUARD_IP}:8089:3000" environment: DEBUG: "false" MORTY_ADDRESS: ":3000" @@ -73,3 +85,10 @@ services: image: osminogin/tor-simple logging: *default-logging restart: unless-stopped + networks: + - my-spot_default + + +networks: + wireguarded: + external: true \ No newline at end of file -- GitLab From 873a2846e1472ffe709225ab3755d3170ef40f9b Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 10:51:50 +0200 Subject: [PATCH 02/33] gitlab-ci update --- .gitlab-ci.yml | 12 +++++++----- docker-compose.yml | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e1ee9b2e3..cc3933033 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -75,7 +75,7 @@ test:unit: - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub # - ssh $DOCKER_HOST "mkdir -p $(dirname $FILTRON_RULES) && echo '$(cat ./etc/filtron/rules.json)' > $FILTRON_RULES" - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env +# - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env #deploy:spot.test.cloud.global: # extends: .deploy:template @@ -115,8 +115,9 @@ deploy:spot.eeo.one.backend1: # PRIVATE_KEY: ${PRIVATE_KEY_WEB1} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - - docker-compose up -d --build --scale tor=5 - - docker-compose restart filtron + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5 + # - docker-compose up -d --build --scale tor=5 + #- docker-compose restart filtron deploy:spot.eeo.one.backend2: extends: .deploy:template @@ -136,8 +137,9 @@ deploy:spot.eeo.one.backend2: # PRIVATE_KEY: ${PRIVATE_KEY_WEB2} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - - docker-compose up -d --build --scale tor=5 - - docker-compose restart filtron + - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5 + # - docker-compose up -d --build --scale tor=5 + #- docker-compose restart filtron #deploy:spot.cloud.global: diff --git a/docker-compose.yml b/docker-compose.yml index 1b9747ab2..9ce0ffcfd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -59,7 +59,7 @@ services: ports: - "${WIREGUARD_IP}:8088:3000" volumes: - - ${FILTRON_RULES:-./etc/filtron/rules.json}:/etc/filtron/rules.json + - ./etc/filtron/rules.json:/etc/filtron/rules.json labels: - "traefik.enable=true" - "traefik.http.routers.filtron.rule=Host(`${SPOT_HOSTNAME}`)" -- GitLab From d74a4cbdda367e854753d99a73884e662dd82ba1 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 11:04:58 +0200 Subject: [PATCH 03/33] missed a ",....grrr --- .env | 1 + .gitlab-ci.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.env b/.env index 61ecbf8c1..162ff879e 100644 --- a/.env +++ b/.env @@ -9,3 +9,4 @@ SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo SEARX_PROXY_HTTP=socks5://tor:9050 SEARX_PROXY_HTTPS=socks5://tor:9050 +WIREGUARD_IP=localhost diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cc3933033..258995f11 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -115,7 +115,7 @@ deploy:spot.eeo.one.backend1: # PRIVATE_KEY: ${PRIVATE_KEY_WEB1} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5 + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron @@ -137,7 +137,7 @@ deploy:spot.eeo.one.backend2: # PRIVATE_KEY: ${PRIVATE_KEY_WEB2} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5 + - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From b2b3b433433e40373890dd60c3b85573876289c5 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 11:30:40 +0200 Subject: [PATCH 04/33] adding an echo in deploy job to confirm var are populated --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 258995f11..4c907d69e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -115,6 +115,7 @@ deploy:spot.eeo.one.backend1: # PRIVATE_KEY: ${PRIVATE_KEY_WEB1} WIREGUARD_IP: ${BACKEND1_WG_IP} script: + - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST)" - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron @@ -137,6 +138,7 @@ deploy:spot.eeo.one.backend2: # PRIVATE_KEY: ${PRIVATE_KEY_WEB2} WIREGUARD_IP: ${BACKEND1_WG_IP} script: + - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST)" - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 2a0c9875d4ae1228c8a512295c103a6889499a7b Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 11:49:21 +0200 Subject: [PATCH 05/33] branch is not protected, so cicd e group var SSH_USER is not passed to deployment --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4c907d69e..7d14be1fe 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -116,7 +116,7 @@ deploy:spot.eeo.one.backend1: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST)" - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" + - ssh ansible@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron @@ -139,7 +139,7 @@ deploy:spot.eeo.one.backend2: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST)" - - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" + - ssh ansible@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 2ee922a57b998f1d3875fc3b983b2b03aa38bab1 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 11:56:04 +0200 Subject: [PATCH 06/33] revert last commit as branch is now protected --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7d14be1fe..4c907d69e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -116,7 +116,7 @@ deploy:spot.eeo.one.backend1: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST)" - - ssh ansible@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron @@ -139,7 +139,7 @@ deploy:spot.eeo.one.backend2: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST)" - - ssh ansible@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" + - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 6a0628cb468c75ad6bb016a069f64ba2d939bc85 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 12:11:46 +0200 Subject: [PATCH 07/33] changes / checks about vars --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4c907d69e..9238d71fc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -115,7 +115,7 @@ deploy:spot.eeo.one.backend1: # PRIVATE_KEY: ${PRIVATE_KEY_WEB1} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST)" + - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron @@ -136,9 +136,9 @@ deploy:spot.eeo.one.backend2: SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: my-spot # PRIVATE_KEY: ${PRIVATE_KEY_WEB2} - WIREGUARD_IP: ${BACKEND1_WG_IP} + WIREGUARD_IP: $BACKEND2_WG_IP script: - - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST)" + - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 22f3ea024db5839e2bbb5bc958bbf8d63e03e022 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 12:39:32 +0200 Subject: [PATCH 08/33] updating network setup in docker-compose --- docker-compose.yml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 9ce0ffcfd..16b1bf5f3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,8 +12,6 @@ services: image: redis:5.0.7-alpine logging: *default-logging restart: unless-stopped - networks: - - my-spot_default command: redis-server --maxmemory 8G --maxmemory-policy allkeys-lru spot: @@ -23,8 +21,6 @@ services: dockerfile: Dockerfile logging: *default-logging restart: unless-stopped - networks: - - my-spot_default environment: SEARX_SECRET: "${SEARX_SECRET}" SEARX_MORTY_URL: "${SEARX_MORTY_URL}" @@ -43,8 +39,6 @@ services: dockerfile: nginx.Dockerfile logging: *default-logging restart: unless-stopped - networks: - - my-spot_default environment: SEARX_MORTY_URL: "${SEARX_MORTY_URL}" @@ -54,10 +48,9 @@ services: restart: unless-stopped command: -listen :3000 -rules /etc/filtron/rules.json -target nginx networks: - - my-spot_default - wireguarded ports: - - "${WIREGUARD_IP}:8088:3000" + - ${WIREGUARD_IP}:8088:3000 volumes: - ./etc/filtron/rules.json:/etc/filtron/rules.json labels: @@ -69,10 +62,9 @@ services: logging: *default-logging restart: unless-stopped networks: - - my-spot_default - wireguarded ports: - - "${WIREGUARD_IP}:8089:3000" + - ${WIREGUARD_IP}:8089:3000 environment: DEBUG: "false" MORTY_ADDRESS: ":3000" @@ -85,8 +77,6 @@ services: image: osminogin/tor-simple logging: *default-logging restart: unless-stopped - networks: - - my-spot_default networks: -- GitLab From 92160f1a94c81a6d26686a2cd5f43053c2fb6523 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 27 May 2021 12:54:04 +0200 Subject: [PATCH 09/33] setting .env wg ip to localhost, supercharged by cicd during deploy, & add the filtron restart --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 162ff879e..da604db69 100644 --- a/.env +++ b/.env @@ -9,4 +9,4 @@ SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo SEARX_PROXY_HTTP=socks5://tor:9050 SEARX_PROXY_HTTPS=socks5://tor:9050 -WIREGUARD_IP=localhost +WIREGUARD_IP=127.0.0.1 -- GitLab From 915b250d00098c1e55d4bf280b896557ab2c3a5c Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 13:25:35 +0200 Subject: [PATCH 10/33] remove docker pull env to test env vars superseeding by cicd --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9238d71fc..406b56c09 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -116,7 +116,7 @@ deploy:spot.eeo.one.backend1: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron @@ -136,10 +136,10 @@ deploy:spot.eeo.one.backend2: SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: my-spot # PRIVATE_KEY: ${PRIVATE_KEY_WEB2} - WIREGUARD_IP: $BACKEND2_WG_IP + WIREGUARD_IP: ${BACKEND2_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env && docker-compose up -d --build --scale tor=5" + - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 3c949c2452c5b174be6524ffcfe04fb4414469d1 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 13:42:44 +0200 Subject: [PATCH 11/33] remove WG_IP from .env file to only get the one from gitlabCI --- .env | 2 +- .gitlab-ci.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.env b/.env index da604db69..a7c703003 100644 --- a/.env +++ b/.env @@ -9,4 +9,4 @@ SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo SEARX_PROXY_HTTP=socks5://tor:9050 SEARX_PROXY_HTTPS=socks5://tor:9050 -WIREGUARD_IP=127.0.0.1 + diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 406b56c09..e333ee5b6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -116,7 +116,7 @@ deploy:spot.eeo.one.backend1: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron @@ -139,7 +139,7 @@ deploy:spot.eeo.one.backend2: WIREGUARD_IP: ${BACKEND2_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" + - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 9316c3d6be2e608e5b78895d32a011f7ed932b86 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 13:43:35 +0200 Subject: [PATCH 12/33] no build-arg in up command --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e333ee5b6..912abb7f7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -116,7 +116,7 @@ deploy:spot.eeo.one.backend1: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 50d4a03a9b982a4499d72480909f54c3d291c7ec Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 14:05:47 +0200 Subject: [PATCH 13/33] try another order of steps in ci.yml --- .gitlab-ci.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 912abb7f7..d76c973f8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,9 +73,9 @@ test:unit: - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts - chmod 600 ~/.ssh/id_ed25519 - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub -# - ssh $DOCKER_HOST "mkdir -p $(dirname $FILTRON_RULES) && echo '$(cat ./etc/filtron/rules.json)' > $FILTRON_RULES" + - ssh $SSH_USER@$BACKEND1_HOST - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY -# - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env + - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env #deploy:spot.test.cloud.global: # extends: .deploy:template @@ -116,9 +116,11 @@ deploy:spot.eeo.one.backend1: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" - # - docker-compose up -d --build --scale tor=5 - #- docker-compose restart filtron + #- ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" + - cd $PATH_STAGING + - pwd + - docker-compose up -d --build --scale tor=5 + - docker-compose restart filtron deploy:spot.eeo.one.backend2: extends: .deploy:template -- GitLab From f8a77cc7a7305938b9c53b574646134d64845517 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 14:36:59 +0200 Subject: [PATCH 14/33] add global services --- .gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d76c973f8..4438063a0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,6 +6,10 @@ stages: - test - deploy +services: + - docker:20.10-dind + + python: stage: check before_script: -- GitLab From 57d81cdfaebb74d096c85d0b7ebeb79420d853dc Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 15:14:12 +0200 Subject: [PATCH 15/33] 2 different deploy templates to test --- .gitlab-ci.yml | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4438063a0..5318850ed 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ stages: - deploy services: - - docker:20.10-dind + - docker:18-dind python: @@ -79,7 +79,23 @@ test:unit: - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub - ssh $SSH_USER@$BACKEND1_HOST - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env +# - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env + +.deploy:template2: + stage: deploy + before_script: +# - eval $(ssh-agent -s) +# - echo "$PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null + - mkdir -p ~/.ssh + - chmod 700 ~/.ssh + - echo "$SSH_PRIVATE_KEY_ED" > $HOME/.ssh/id_ed25519 + - echo "$SSH_PUBKEY_ED" > $HOME/.ssh/id_ed25519.pub + - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts + - chmod 600 ~/.ssh/id_ed25519 + - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub + - ssh $DOCKER_HOST + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY +# - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env #deploy:spot.test.cloud.global: # extends: .deploy:template @@ -127,7 +143,7 @@ deploy:spot.eeo.one.backend1: - docker-compose restart filtron deploy:spot.eeo.one.backend2: - extends: .deploy:template + extends: .deploy:template2 when: manual only: - branches @@ -135,7 +151,7 @@ deploy:spot.eeo.one.backend2: name: eeo2 url: https://spot.eeo.one variables: -# DOCKER_HOST: ssh://root@web2.ecloud.global + DOCKER_HOST: ssh://${SSH_USER}@${BACKEND2_HOST} # FILTRON_RULES: /etc/filtron/rules.json SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one @@ -145,7 +161,11 @@ deploy:spot.eeo.one.backend2: WIREGUARD_IP: ${BACKEND2_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" + - cd $PATH_STAGING + - pwd + - docker-compose up -d --build --scale tor=5 + - docker-compose restart filtron + # - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 93a179f1c35ebed9721e5a3daf22f80d6643fc63 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 15:50:10 +0200 Subject: [PATCH 16/33] finally sed env file during deploy :'( --- .env | 2 +- .gitlab-ci.yml | 15 +++++---------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/.env b/.env index a7c703003..bd90f4550 100644 --- a/.env +++ b/.env @@ -9,4 +9,4 @@ SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo SEARX_PROXY_HTTP=socks5://tor:9050 SEARX_PROXY_HTTPS=socks5://tor:9050 - +WIREGUARD_IP_ENV=127.0.0.1 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5318850ed..0cd324729 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -77,7 +77,7 @@ test:unit: - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts - chmod 600 ~/.ssh/id_ed25519 - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub - - ssh $SSH_USER@$BACKEND1_HOST +# - ssh $SSH_USER@$BACKEND1_HOST - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY # - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env @@ -93,7 +93,7 @@ test:unit: - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts - chmod 600 ~/.ssh/id_ed25519 - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub - - ssh $DOCKER_HOST + - ssh $DOCKER_HOST "cd $PATH_STAGING" - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY # - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env @@ -136,11 +136,8 @@ deploy:spot.eeo.one.backend1: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - #- ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" - - cd $PATH_STAGING - - pwd - - docker-compose up -d --build --scale tor=5 - - docker-compose restart filtron + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && sed -i 's/WIREGUARD_IP_ENV=127.0.0.1/WIREGUARD_IP_ENV=$WIREGUARD_IP/g' .env && sed -i 's/SPOT_HOSTNAME=spot.ecloud.global/SPOT_HOSTNAME=$SPOT_HOSTNAME/g' .env && sed -i 's/SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global/SPOT_MORTY_HOSTNAME=$SPOT_MORTY_HOSTNAME/g' .env && sed -i 's/SEARX_MORTY_URL=http://localhost:8089/SEARX_MORTY_URL=$SEARX_MORTY_URL/g' .env && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" + deploy:spot.eeo.one.backend2: extends: .deploy:template2 @@ -160,9 +157,7 @@ deploy:spot.eeo.one.backend2: # PRIVATE_KEY: ${PRIVATE_KEY_WEB2} WIREGUARD_IP: ${BACKEND2_WG_IP} script: - - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - - cd $PATH_STAGING - - pwd + - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - docker-compose up -d --build --scale tor=5 - docker-compose restart filtron # - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" -- GitLab From c9ad68a42f98da7478929744dc35098b042896f7 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 16:07:29 +0200 Subject: [PATCH 17/33] sed updates to deploy --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0cd324729..5b3715be9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -130,13 +130,12 @@ deploy:spot.eeo.one.backend1: # FILTRON_RULES: /etc/filtron/rules.json SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one - SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: my-spot # PRIVATE_KEY: ${PRIVATE_KEY_WEB1} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && sed -i 's/WIREGUARD_IP_ENV=127.0.0.1/WIREGUARD_IP_ENV=$WIREGUARD_IP/g' .env && sed -i 's/SPOT_HOSTNAME=spot.ecloud.global/SPOT_HOSTNAME=$SPOT_HOSTNAME/g' .env && sed -i 's/SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global/SPOT_MORTY_HOSTNAME=$SPOT_MORTY_HOSTNAME/g' .env && sed -i 's/SEARX_MORTY_URL=http://localhost:8089/SEARX_MORTY_URL=$SEARX_MORTY_URL/g' .env && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && sed -i 's/WIREGUARD_IP=127.0.0.1/WIREGUARD_IP=$WIREGUARD_IP/g' .env && sed -i 's/SPOT_HOSTNAME=spot.ecloud.global/SPOT_HOSTNAME=$SPOT_HOSTNAME/g' .env && sed -i 's/SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global/SPOT_MORTY_HOSTNAME=$SPOT_MORTY_HOSTNAME/g' .env && sed -i 's/localhost:8089/$SPOT_MORTY_HOSTNAME/g' .env && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" deploy:spot.eeo.one.backend2: -- GitLab From 7f084c30d6da49fc590cc9d96e85d724ec6c7d77 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 28 May 2021 16:27:08 +0200 Subject: [PATCH 18/33] test another deploy method on web02 --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5b3715be9..25fc08a0a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -152,13 +152,13 @@ deploy:spot.eeo.one.backend2: SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one SEARX_MORTY_URL: https://proxy.spot.eeo.one - COMPOSE_PROJECT_NAME: my-spot + COMPOSE_PROJECT_NAME: staging-spot # PRIVATE_KEY: ${PRIVATE_KEY_WEB2} WIREGUARD_IP: ${BACKEND2_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - docker-compose up -d --build --scale tor=5 - - docker-compose restart filtron + #- docker-compose restart filtron # - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" # - docker-compose up -d --build --scale tor=5 #- docker-compose restart filtron -- GitLab From 087be7232be2e5182089c0d3f702b34b678c7c57 Mon Sep 17 00:00:00 2001 From: diroots Date: Mon, 31 May 2021 14:35:48 +0200 Subject: [PATCH 19/33] give names to container for easier docker-compose management --- .gitlab-ci.yml | 2 +- docker-compose.yml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 25fc08a0a..5cd07c3d9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -130,7 +130,7 @@ deploy:spot.eeo.one.backend1: # FILTRON_RULES: /etc/filtron/rules.json SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one - COMPOSE_PROJECT_NAME: my-spot + COMPOSE_PROJECT_NAME: staging-spot # PRIVATE_KEY: ${PRIVATE_KEY_WEB1} WIREGUARD_IP: ${BACKEND1_WG_IP} script: diff --git a/docker-compose.yml b/docker-compose.yml index 16b1bf5f3..17c8d6ae8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,12 +10,14 @@ x-logging: services: redis: image: redis:5.0.7-alpine + container_name: spot-redis logging: *default-logging restart: unless-stopped command: redis-server --maxmemory 8G --maxmemory-policy allkeys-lru spot: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot:${SPOT_DOCKER_TAG} + container_name: spot-spot build: context: . dockerfile: Dockerfile @@ -34,6 +36,7 @@ services: nginx: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot/nginx:${SPOT_NGINX_DOCKER_TAG} + container_name: spot-nginx build: context: . dockerfile: nginx.Dockerfile @@ -44,6 +47,7 @@ services: filtron: image: dalf/filtron:latest + container_name: spot-filtron logging: *default-logging restart: unless-stopped command: -listen :3000 -rules /etc/filtron/rules.json -target nginx @@ -59,6 +63,7 @@ services: morty: image: dalf/morty:latest + container_name: spot-morty logging: *default-logging restart: unless-stopped networks: @@ -75,6 +80,7 @@ services: tor: image: osminogin/tor-simple + container_name: spot-redis logging: *default-logging restart: unless-stopped -- GitLab From 36022882331b40bcb1802c16da39e167f7b154a9 Mon Sep 17 00:00:00 2001 From: diroots Date: Mon, 31 May 2021 14:53:43 +0200 Subject: [PATCH 20/33] test multiline script && update docker_tags && add docker pull --- .env | 2 +- .gitlab-ci.yml | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/.env b/.env index bd90f4550..da604db69 100644 --- a/.env +++ b/.env @@ -9,4 +9,4 @@ SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo SEARX_PROXY_HTTP=socks5://tor:9050 SEARX_PROXY_HTTPS=socks5://tor:9050 -WIREGUARD_IP_ENV=127.0.0.1 +WIREGUARD_IP=127.0.0.1 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5cd07c3d9..efd089cde 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -95,7 +95,7 @@ test:unit: - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub - ssh $DOCKER_HOST "cd $PATH_STAGING" - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY -# - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env + - docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env #deploy:spot.test.cloud.global: # extends: .deploy:template @@ -131,11 +131,19 @@ deploy:spot.eeo.one.backend1: SPOT_HOSTNAME: spot.eeo.one SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one COMPOSE_PROJECT_NAME: staging-spot -# PRIVATE_KEY: ${PRIVATE_KEY_WEB1} + SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} + SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && sed -i 's/WIREGUARD_IP=127.0.0.1/WIREGUARD_IP=$WIREGUARD_IP/g' .env && sed -i 's/SPOT_HOSTNAME=spot.ecloud.global/SPOT_HOSTNAME=$SPOT_HOSTNAME/g' .env && sed -i 's/SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global/SPOT_MORTY_HOSTNAME=$SPOT_MORTY_HOSTNAME/g' .env && sed -i 's/localhost:8089/$SPOT_MORTY_HOSTNAME/g' .env && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env \ + && sed -i 's/WIREGUARD_IP=127.0.0.1/WIREGUARD_IP=$WIREGUARD_IP/g' .env \ + && sed -i 's/SPOT_HOSTNAME=spot.ecloud.global/SPOT_HOSTNAME=$SPOT_HOSTNAME/g' .env \ + && sed -i 's/SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global/SPOT_MORTY_HOSTNAME=$SPOT_MORTY_HOSTNAME/g' .env \ + && sed -i 's/localhost:8089/$SPOT_MORTY_HOSTNAME/g' .env \ + && sed -i 's/SPOT_DOCKER_TAG=latest/SPOT_DOCKER_TAG=$SPOT_DOCKER_TAG/g' .env \ + && sed -i 's/SPOT_NGINX_DOCKER_TAG=latest/SPOT_NGINX_DOCKER_TAG=$SPOT_NGINX_DOCKER_TAG/g' .env \ + && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" deploy:spot.eeo.one.backend2: @@ -153,7 +161,8 @@ deploy:spot.eeo.one.backend2: SPOT_MORTY_HOSTNAME: proxy.spot.eeo.one SEARX_MORTY_URL: https://proxy.spot.eeo.one COMPOSE_PROJECT_NAME: staging-spot -# PRIVATE_KEY: ${PRIVATE_KEY_WEB2} + SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} + SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG} WIREGUARD_IP: ${BACKEND2_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" -- GitLab From 7c54bc84aaf5ae8c7d2c30aaa505a57fee7799f2 Mon Sep 17 00:00:00 2001 From: diroots Date: Mon, 31 May 2021 14:55:30 +0200 Subject: [PATCH 21/33] container_name copy/paste error for tor container --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 17c8d6ae8..90c146cfc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -80,7 +80,7 @@ services: tor: image: osminogin/tor-simple - container_name: spot-redis + container_name: spot-tor logging: *default-logging restart: unless-stopped -- GitLab From 8b6459a590e993a04edf05f1927f7438557fc6ef Mon Sep 17 00:00:00 2001 From: diroots Date: Mon, 31 May 2021 14:57:52 +0200 Subject: [PATCH 22/33] remove container name for tor container to allow it to be scaled --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 90c146cfc..91eab9a63 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -80,7 +80,7 @@ services: tor: image: osminogin/tor-simple - container_name: spot-tor + #container_name: spot-tor logging: *default-logging restart: unless-stopped -- GitLab From 1f9654aad034d6896d70e8c2eeace0626bee7073 Mon Sep 17 00:00:00 2001 From: diroots Date: Mon, 31 May 2021 15:10:44 +0200 Subject: [PATCH 23/33] remove \ in script line --- .gitlab-ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index efd089cde..abf7cdf54 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -136,13 +136,13 @@ deploy:spot.eeo.one.backend1: WIREGUARD_IP: ${BACKEND1_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND1_HOST - $BACKEND1_WG_IP - $WIREGUARD_IP)" - - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env \ - && sed -i 's/WIREGUARD_IP=127.0.0.1/WIREGUARD_IP=$WIREGUARD_IP/g' .env \ - && sed -i 's/SPOT_HOSTNAME=spot.ecloud.global/SPOT_HOSTNAME=$SPOT_HOSTNAME/g' .env \ - && sed -i 's/SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global/SPOT_MORTY_HOSTNAME=$SPOT_MORTY_HOSTNAME/g' .env \ - && sed -i 's/localhost:8089/$SPOT_MORTY_HOSTNAME/g' .env \ - && sed -i 's/SPOT_DOCKER_TAG=latest/SPOT_DOCKER_TAG=$SPOT_DOCKER_TAG/g' .env \ - && sed -i 's/SPOT_NGINX_DOCKER_TAG=latest/SPOT_NGINX_DOCKER_TAG=$SPOT_NGINX_DOCKER_TAG/g' .env \ + - ssh $SSH_USER@$BACKEND1_HOST "cd $PATH_STAGING && docker pull registry.gitlab.e.foundation:5000/e/cloud/my-spot/env + && sed -i 's/WIREGUARD_IP=127.0.0.1/WIREGUARD_IP=$WIREGUARD_IP/g' .env + && sed -i 's/SPOT_HOSTNAME=spot.ecloud.global/SPOT_HOSTNAME=$SPOT_HOSTNAME/g' .env + && sed -i 's/SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global/SPOT_MORTY_HOSTNAME=$SPOT_MORTY_HOSTNAME/g' .env + && sed -i 's/localhost:8089/$SPOT_MORTY_HOSTNAME/g' .env + && sed -i 's/SPOT_DOCKER_TAG=latest/SPOT_DOCKER_TAG=$SPOT_DOCKER_TAG/g' .env + && sed -i 's/SPOT_NGINX_DOCKER_TAG=latest/SPOT_NGINX_DOCKER_TAG=$SPOT_NGINX_DOCKER_TAG/g' .env && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" -- GitLab From fe9c339552d4a117f622ce89804d9c2e95392464 Mon Sep 17 00:00:00 2001 From: diroots Date: Mon, 31 May 2021 15:36:23 +0200 Subject: [PATCH 24/33] add repo_base env var --- .env | 1 + docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.env b/.env index da604db69..a410bd11c 100644 --- a/.env +++ b/.env @@ -10,3 +10,4 @@ SEARX_UI_DEFAULT_THEME=eelo SEARX_PROXY_HTTP=socks5://tor:9050 SEARX_PROXY_HTTPS=socks5://tor:9050 WIREGUARD_IP=127.0.0.1 +REPO_BASE=/mnt/repo-base/staging-spot \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 91eab9a63..a7a9b33d7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -56,7 +56,7 @@ services: ports: - ${WIREGUARD_IP}:8088:3000 volumes: - - ./etc/filtron/rules.json:/etc/filtron/rules.json + - ${REPO_BASE}/etc/filtron/rules.json:/etc/filtron/rules.json labels: - "traefik.enable=true" - "traefik.http.routers.filtron.rule=Host(`${SPOT_HOSTNAME}`)" -- GitLab From 32bfbc3816405d3855524a18db9bb95f9c811442 Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 1 Jun 2021 15:48:51 +0200 Subject: [PATCH 25/33] fine tune docker-compose.yml for networks / service names / container_names to avoid collisions with other stacks --- docker-compose.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a7a9b33d7..a077cb17c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,7 +34,7 @@ services: GUNICORN_LOGGER: 1 GUNICORN_LEVEL: INFO - nginx: + spot-nginx: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot/nginx:${SPOT_NGINX_DOCKER_TAG} container_name: spot-nginx build: @@ -50,9 +50,9 @@ services: container_name: spot-filtron logging: *default-logging restart: unless-stopped - command: -listen :3000 -rules /etc/filtron/rules.json -target nginx + command: -listen :3000 -rules /etc/filtron/rules.json -target spot-nginx networks: - - wireguarded + - spot-wireguarded ports: - ${WIREGUARD_IP}:8088:3000 volumes: @@ -67,7 +67,7 @@ services: logging: *default-logging restart: unless-stopped networks: - - wireguarded + - spot-wireguarded ports: - ${WIREGUARD_IP}:8089:3000 environment: @@ -86,5 +86,5 @@ services: networks: - wireguarded: + spot-wireguarded: external: true \ No newline at end of file -- GitLab From b95e73d981bf495fc34f4b3bd6400cdd05a9a8bc Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 1 Jun 2021 17:53:00 +0200 Subject: [PATCH 26/33] add spot-default internal network for all containers to talk toguether --- docker-compose.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index a077cb17c..2a9b34283 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,8 @@ services: container_name: spot-redis logging: *default-logging restart: unless-stopped + networks: + - spot-default command: redis-server --maxmemory 8G --maxmemory-policy allkeys-lru spot: @@ -23,7 +25,9 @@ services: dockerfile: Dockerfile logging: *default-logging restart: unless-stopped - environment: + networks: + - spot-default + environment: SEARX_SECRET: "${SEARX_SECRET}" SEARX_MORTY_URL: "${SEARX_MORTY_URL}" SEARX_MORTY_KEY: "${SEARX_MORTY_KEY}" @@ -52,6 +56,7 @@ services: restart: unless-stopped command: -listen :3000 -rules /etc/filtron/rules.json -target spot-nginx networks: + - spot-default - spot-wireguarded ports: - ${WIREGUARD_IP}:8088:3000 @@ -67,6 +72,7 @@ services: logging: *default-logging restart: unless-stopped networks: + - spot-default - spot-wireguarded ports: - ${WIREGUARD_IP}:8089:3000 @@ -83,8 +89,12 @@ services: #container_name: spot-tor logging: *default-logging restart: unless-stopped + networks: + - spot-default networks: + spot-default: + external: true spot-wireguarded: external: true \ No newline at end of file -- GitLab From 2cc5a4698337c870fb2b72677f585f1307090498 Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 1 Jun 2021 17:54:54 +0200 Subject: [PATCH 27/33] typo error --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2a9b34283..1afd1a7f3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,7 +27,7 @@ services: restart: unless-stopped networks: - spot-default - environment: + environment: SEARX_SECRET: "${SEARX_SECRET}" SEARX_MORTY_URL: "${SEARX_MORTY_URL}" SEARX_MORTY_KEY: "${SEARX_MORTY_KEY}" -- GitLab From 35e73d6c80ea1adf535fcd8bdd046f720092ee9c Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 1 Jun 2021 18:12:30 +0200 Subject: [PATCH 28/33] missing nginx network && update nginx proxy param --- docker-compose.yml | 4 +++- etc/nginx/proxy_spot_params | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1afd1a7f3..6f471b449 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,7 +19,7 @@ services: spot: image: registry.gitlab.e.foundation:5000/e/cloud/my-spot:${SPOT_DOCKER_TAG} - container_name: spot-spot + container_name: spot build: context: . dockerfile: Dockerfile @@ -46,6 +46,8 @@ services: dockerfile: nginx.Dockerfile logging: *default-logging restart: unless-stopped + networks: + - spot-default environment: SEARX_MORTY_URL: "${SEARX_MORTY_URL}" diff --git a/etc/nginx/proxy_spot_params b/etc/nginx/proxy_spot_params index 893323963..3c371af50 100644 --- a/etc/nginx/proxy_spot_params +++ b/etc/nginx/proxy_spot_params @@ -1,4 +1,4 @@ -proxy_pass http://spot:80; +proxy_pass http://spot-spot:80; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; -- GitLab From dee1d168c8c565d0231f7453f1b6d8139e23b7ce Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 1 Jun 2021 18:35:36 +0200 Subject: [PATCH 29/33] spot name error --- etc/nginx/proxy_spot_params | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/nginx/proxy_spot_params b/etc/nginx/proxy_spot_params index 3c371af50..893323963 100644 --- a/etc/nginx/proxy_spot_params +++ b/etc/nginx/proxy_spot_params @@ -1,4 +1,4 @@ -proxy_pass http://spot-spot:80; +proxy_pass http://spot:80; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; -- GitLab From 71d00239f4aa03abc0aa3548f74b9c8525cb184f Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 2 Jun 2021 14:03:49 +0200 Subject: [PATCH 30/33] force morty url to use https in env before gitlab sed substitution --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index a410bd11c..6cbb020bc 100644 --- a/.env +++ b/.env @@ -2,7 +2,7 @@ SPOT_HOSTNAME=spot.ecloud.global SPOT_MORTY_HOSTNAME=proxy.spot.ecloud.global SPOT_DOCKER_TAG=latest SPOT_NGINX_DOCKER_TAG=latest -SEARX_MORTY_URL=http://localhost:8089 +SEARX_MORTY_URL=https://localhost:8089 SEARX_SECRET=":@)%NN0+OqNdy:{prWQlZ{p9|oO9p-UyJq@%V!~G:arrSx6fXz.{jd%=XF44ncj" SEARX_MORTY_KEY="taKB1WGTa63LEI6RdjWWKshS4oYSHQWGu9Eyjr1OlpQ=" SEARX_REDIS_HOST=redis -- GitLab From 8f5f25957b3f80b93fadd29a4747b34e0a6017df Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 3 Jun 2021 16:55:40 +0200 Subject: [PATCH 31/33] test another tor image set up without relay&&exit --- .env | 4 ++-- .gitlab-ci.yml | 4 ++-- docker-compose.yml | 21 ++++++++++++++++----- 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/.env b/.env index 6cbb020bc..e124cf158 100644 --- a/.env +++ b/.env @@ -7,7 +7,7 @@ SEARX_SECRET=":@)%NN0+OqNdy:{prWQlZ{p9|oO9p-UyJq@%V!~G:arrSx6fXz.{jd%=XF44ncj" SEARX_MORTY_KEY="taKB1WGTa63LEI6RdjWWKshS4oYSHQWGu9Eyjr1OlpQ=" SEARX_REDIS_HOST=redis SEARX_UI_DEFAULT_THEME=eelo -SEARX_PROXY_HTTP=socks5://tor:9050 -SEARX_PROXY_HTTPS=socks5://tor:9050 +SEARX_PROXY_HTTP=socks5h://tor-socks-proxy:9150 +SEARX_PROXY_HTTPS=socks5h://tor-socks-proxy:9150 WIREGUARD_IP=127.0.0.1 REPO_BASE=/mnt/repo-base/staging-spot \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index abf7cdf54..e9c9a0207 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -143,7 +143,7 @@ deploy:spot.eeo.one.backend1: && sed -i 's/localhost:8089/$SPOT_MORTY_HOSTNAME/g' .env && sed -i 's/SPOT_DOCKER_TAG=latest/SPOT_DOCKER_TAG=$SPOT_DOCKER_TAG/g' .env && sed -i 's/SPOT_NGINX_DOCKER_TAG=latest/SPOT_NGINX_DOCKER_TAG=$SPOT_NGINX_DOCKER_TAG/g' .env - && docker-compose up -d --build --scale tor=5 && docker-compose restart filtron" + && docker-compose up -d --build --scale tor-socks-proxy=2 && docker-compose restart filtron" deploy:spot.eeo.one.backend2: @@ -166,7 +166,7 @@ deploy:spot.eeo.one.backend2: WIREGUARD_IP: ${BACKEND2_WG_IP} script: - echo "Deploying to $CI_ENVIRONMENT_NAME ($SSH_USER@$BACKEND2_HOST - $BACKEND2_WG_IP - $WIREGUARD_IP)" - - docker-compose up -d --build --scale tor=5 + - docker-compose up -d --build --scale tor-socks-proxy=2 #- docker-compose restart filtron # - ssh $SSH_USER@$BACKEND2_HOST "cd $PATH_STAGING && docker-compose up -d --build --build-arg $WIREGUARD_IP --scale tor=5 && docker-compose restart filtron" # - docker-compose up -d --build --scale tor=5 diff --git a/docker-compose.yml b/docker-compose.yml index 6f471b449..5ea6ffdbf 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -86,13 +86,24 @@ services: - "traefik.enable=true" - "traefik.http.routers.morty.rule=Host(`${SPOT_MORTY_HOSTNAME}`)" - tor: - image: osminogin/tor-simple - #container_name: spot-tor - logging: *default-logging + tor-socks-proxy: + container_name: tor-socks-proxy + image: peterdavehello/tor-socks-proxy:latest + ports: + - "${WIREGUARD_IP}:8853:53/udp" + - "${WIREGUARD_IP}:9150:9150/tcp" restart: unless-stopped networks: - - spot-default + - spot-default + - spot-wireguarded + +# tor: +# image: osminogin/tor-simple +# #container_name: spot-tor +# logging: *default-logging +# restart: unless-stopped +# networks: +# - spot-default networks: -- GitLab From 67dd32fc1103f2c506f2016c56ca53976243b49f Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 3 Jun 2021 17:08:42 +0200 Subject: [PATCH 32/33] remove container name to be able to scale --- docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5ea6ffdbf..877e92c49 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -87,7 +87,6 @@ services: - "traefik.http.routers.morty.rule=Host(`${SPOT_MORTY_HOSTNAME}`)" tor-socks-proxy: - container_name: tor-socks-proxy image: peterdavehello/tor-socks-proxy:latest ports: - "${WIREGUARD_IP}:8853:53/udp" -- GitLab From b944883f0cc81e0e90bc4db444b8393c66dfa5e8 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 3 Jun 2021 17:15:30 +0200 Subject: [PATCH 33/33] remove port bindings on tor image --- docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 877e92c49..1b645aae0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -88,13 +88,13 @@ services: tor-socks-proxy: image: peterdavehello/tor-socks-proxy:latest - ports: - - "${WIREGUARD_IP}:8853:53/udp" - - "${WIREGUARD_IP}:9150:9150/tcp" +# ports: +# - "${WIREGUARD_IP}:8853:53/udp" +# - "${WIREGUARD_IP}:9150:9150/tcp" restart: unless-stopped networks: - spot-default - - spot-wireguarded +# - spot-wireguarded # tor: # image: osminogin/tor-simple -- GitLab