valitovgaziz/tp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: CI/CD, per-domain HTTPS, backup, config generator

Browse Source 
- sites.yml — единый источник истины для всех сайтов
- generate-configs.sh — генератор nginx конфигов, certbot domains.txt, .env
- nginx: per-domain HTTPS (вместо all-or-nothing switch-config)
- certbot: единый renew-all.sh, динамический init (без 5 дублирующих скриптов)
- backup: контейнер с pg_dump + rclone (Яндекс.Диск), ежедневно в 3AM
- Gitea + Gitea Runner в docker-compose (self-hosted Git + CI/CD)
- .gitea/workflows/deploy.yml — CI/CD pipeline: push → авто-деплой
- Makefile: generate-configs, reconfig, deploy, backup, restore, gitea, help
This commit is contained in:
valitovgaziz
2026-06-12 12:22:19 +05:00
parent abcb327278
commit 8e766b540e
31 changed files with 1535 additions and 343 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main_dc/docker-compose.yml
+80 -8
View File
@@ -10,19 +10,15 @@ services:
- ./certbot/config:/etc/letsencrypt/config
- certbot_data:/etc/letsencrypt
- certbot_www:/var/www/certbot
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- .env
environment:
- EMAIL=${EMAIL}
- DOMAINS=${ALL_DOMAINS}
- STAGING=0
restart: unless-stopped
healthcheck:
test:
[
"CMD-SHELL",
"test -f /etc/letsencrypt/live/$$(echo $${DOMAINS} | cut -d',' -f1)/fullchain.pem || exit 1",
]
test: ["CMD-SHELL", "ls /etc/letsencrypt/live/*/fullchain.pem 2>/dev/null | head -1 | xargs test -f || exit 1"]
interval: 30s
timeout: 10s
retries: 3
@@ -45,6 +41,7 @@ services:
- ./stubSite:/usr/share/nginx/stub/html
- ./BB/bbvue/dist:/usr/share/nginx/begushiybashkir/html
- analytics_logs:/var/log/analytics:ro
- ./nginx/conf.available:/etc/nginx/conf.available:ro
networks:
- web-network
- internal
@@ -52,8 +49,6 @@ services:
depends_on:
easysite:
condition: service_healthy
certbot:
condition: service_healthy
api_bb:
condition: service_healthy
analytics:
@@ -254,6 +249,81 @@ services:
timeout: 10s
retries: 3
# ──────────────────────────────────────────────
# Gitea — self-hosted Git сервер + CI/CD
# ──────────────────────────────────────────────
gitea:
image: gitea/gitea:latest
container_name: gitea
restart: unless-stopped
ports:
- "3001:3000"
- "2222:22"
volumes:
- gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__server__DOMAIN=git.yalarba.ru
- GITEA__server__SSH_DOMAIN=94.41.23.97
- GITEA__server__ROOT_URL=https://git.yalarba.ru
networks:
- web-network
- internal
healthcheck:
test: ["CMD", "wget", "--spider", "http://localhost:3000"]
interval: 30s
timeout: 10s
retries: 3
gitea-runner:
image: gitea/act_runner:latest
container_name: gitea-runner
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/gaziz/artefacts/tp:/home/gaziz/artefacts/tp
- gitea_runner:/data
environment:
- GITEA_INSTANCE_URL=http://gitea:3000
- GITEA_RUNNER_REGISTRATION_TOKEN=
depends_on:
gitea:
condition: service_healthy
networks:
- internal
# ──────────────────────────────────────────────
# Backup — ежедневные бэкапы БД + файлов → локально + Яндекс.Диск
# ──────────────────────────────────────────────
backup:
build:
context: ./backup
dockerfile: Dockerfile
container_name: backup
restart: unless-stopped
volumes:
- /var/backups/tp:/backups
- certbot_data:/data/certbot:ro
- api_bb_uploads:/data/uploads:ro
- analytics_data:/data/analytics:ro
environment:
DB_HOST: db
DB_PORT: 5432
DB_USER: postgres
DB_PASSWORD: postgres
DB_NAMES: mydb,bb_db
RCLONE_REMOTE: "yadisk:tp-backups"
BACKUP_RETENTION_DAYS: 7
BACKUP_TIME: "0 3 * * *"
depends_on:
db:
condition: service_healthy
networks:
- internal
volumes:
certbot_data: # volume для данных Certbot
certbot_www: # volume для данных Certbot
@@ -261,6 +331,8 @@ volumes:
api_bb_uploads: # Volume для загружаемых файлов бегущий башкир
analytics_logs: # Volume для логов аналитики
analytics_data: # Volume для данных аналитики
gitea_data: # Volume для Gitea
gitea_runner: # Volume для Gitea Runner
networks:
web-network: