TDvorak/Productier
1
0
Fork 0
mirror of https://github.com/Dvorinka/Productier.git synced 2026-06-04 12:33:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Tomas Dvorak
2026-04-10 12:04:09 +02:00
commit 3cb40adb23
203 changed files with 40226 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infra/Caddyfile
+33
View File
@@ -0,0 +1,33 @@
{
admin off
email {$TLS_EMAIL}
}
{$PUBLIC_DOMAIN} {
encode gzip zstd
@insecure protocol http
redir @insecure https://{host}{uri} 308
header {
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "camera=(), microphone=(), geolocation=()"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
@auth path /api/auth*
handle @auth {
reverse_proxy auth:3001
}
@api path /v1*
handle @api {
reverse_proxy api:8080
}
handle {
reverse_proxy frontend:3000
}
}
infra/docker-compose.prod.yml
+242
View File
@@ -0,0 +1,242 @@
services:
gateway:
image: caddy:2.10-alpine
restart: unless-stopped
init: true
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /tmp
environment:
PUBLIC_DOMAIN: ${PUBLIC_DOMAIN:?set PUBLIC_DOMAIN}
TLS_EMAIL: ${TLS_EMAIL:?set TLS_EMAIL}
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy-data:/data
- caddy-config:/config
depends_on:
frontend:
condition: service_healthy
auth:
condition: service_healthy
api:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "wget -q -O - --header=\"Host: $$PUBLIC_DOMAIN\" http://127.0.0.1/ >/dev/null"]
interval: 15s
timeout: 5s
retries: 20
logging:
driver: json-file
options:
max-size: "10m"
max-file: "5"
frontend:
build:
context: ..
dockerfile: apps/frontend/Dockerfile
args:
VITE_FRONTEND_URL: ${PUBLIC_URL:?set PUBLIC_URL}
VITE_AUTH_URL: ${PUBLIC_URL:?set PUBLIC_URL}
VITE_API_URL: ${PUBLIC_URL:?set PUBLIC_URL}
VITE_DEV_MAILBOX_ENABLED: "false"
image: productier/frontend:latest
restart: unless-stopped
init: true
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /tmp
environment:
NODE_ENV: production
PORT: 3000
depends_on:
auth:
condition: service_healthy
api:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-q", "-O", "-", "http://127.0.0.1:3000"]
interval: 15s
timeout: 5s
retries: 20
logging:
driver: json-file
options:
max-size: "10m"
max-file: "5"
auth:
build:
context: ../apps/backend/auth-service
dockerfile: Dockerfile
image: productier/auth-service:latest
restart: unless-stopped
init: true
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /tmp
environment:
APP_ENV: production
NODE_ENV: production
AUTH_PORT: 3001
FRONTEND_URL: ${PUBLIC_URL:?set PUBLIC_URL}
AUTH_URL: ${PUBLIC_URL:?set PUBLIC_URL}
DATABASE_URL: postgres://productier:${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD}@postgres:5432/productier?sslmode=disable
BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:?set BETTER_AUTH_SECRET}
CORS_ALLOW_ORIGINS: ${CORS_ALLOW_ORIGINS:?set CORS_ALLOW_ORIGINS}
AUTH_MAGIC_LINK_PROVIDER: ${AUTH_MAGIC_LINK_PROVIDER:-smtp}
AUTH_MAIL_FROM: ${AUTH_MAIL_FROM:?set AUTH_MAIL_FROM}
AUTH_SMTP_HOST: ${AUTH_SMTP_HOST:?set AUTH_SMTP_HOST}
AUTH_SMTP_PORT: ${AUTH_SMTP_PORT:-587}
AUTH_SMTP_SECURE: ${AUTH_SMTP_SECURE:-false}
AUTH_SMTP_USER: ${AUTH_SMTP_USER:?set AUTH_SMTP_USER}
AUTH_SMTP_PASSWORD: ${AUTH_SMTP_PASSWORD:?set AUTH_SMTP_PASSWORD}
AUTH_DEV_MAILBOX_ENABLED: "false"
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-q", "-O", "-", "http://127.0.0.1:3001/health"]
interval: 15s
timeout: 5s
retries: 20
logging:
driver: json-file
options:
max-size: "10m"
max-file: "5"
api:
build:
context: ../apps/backend
dockerfile: Dockerfile
image: productier/api:latest
restart: unless-stopped
init: true
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /tmp
environment:
APP_ENV: production
API_PORT: 8080
API_SHUTDOWN_TIMEOUT: 15s
DATABASE_URL: postgres://productier:${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD}@postgres:5432/productier?sslmode=disable
AUTH_SERVICE_URL: http://auth:3001
CORS_ALLOW_ORIGINS: ${CORS_ALLOW_ORIGINS:?set CORS_ALLOW_ORIGINS}
BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:?set BETTER_AUTH_SECRET}
MAIL_ENCRYPTION_KEY: ${MAIL_ENCRYPTION_KEY:?set MAIL_ENCRYPTION_KEY}
FILE_STORAGE_PROVIDER: s3
S3_ENDPOINT: http://rustfs:9000
S3_REGION: ${S3_REGION:-us-east-1}
S3_BUCKET: ${S3_BUCKET:-productier}
S3_ACCESS_KEY: ${S3_ACCESS_KEY:?set S3_ACCESS_KEY}
S3_SECRET_KEY: ${S3_SECRET_KEY:?set S3_SECRET_KEY}
S3_USE_PATH_STYLE: "true"
DB_MIGRATIONS_DIR: /app/migrations
depends_on:
postgres:
condition: service_healthy
auth:
condition: service_healthy
rustfs:
condition: service_healthy
rustfs-init:
condition: service_completed_successfully
healthcheck:
test: ["CMD", "wget", "-q", "-O", "-", "http://127.0.0.1:8080/v1/health"]
interval: 15s
timeout: 5s
retries: 20
logging:
driver: json-file
options:
max-size: "10m"
max-file: "5"
postgres:
image: postgres:17-alpine
restart: unless-stopped
init: true
security_opt:
- no-new-privileges:true
environment:
POSTGRES_DB: productier
POSTGRES_USER: productier
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD}
volumes:
- postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U productier -d productier"]
interval: 10s
timeout: 5s
retries: 20
logging:
driver: json-file
options:
max-size: "10m"
max-file: "5"
rustfs:
image: rustfs/rustfs@sha256:0725587f6fcca83c1898f321424327d6e6da5e01ea20382905dd258ed5af3be4
restart: unless-stopped
init: true
security_opt:
- no-new-privileges:true
environment:
RUSTFS_VOLUMES: /data/rustfs
RUSTFS_ADDRESS: 0.0.0.0:9000
RUSTFS_CONSOLE_ADDRESS: 0.0.0.0:9001
RUSTFS_CONSOLE_ENABLE: "true"
RUSTFS_ACCESS_KEY: ${S3_ACCESS_KEY:?set S3_ACCESS_KEY}
RUSTFS_SECRET_KEY: ${S3_SECRET_KEY:?set S3_SECRET_KEY}
volumes:
- rustfs-data:/data
healthcheck:
test: ["CMD", "sh", "-c", "wget -q -O - http://127.0.0.1:9000/health >/dev/null"]
interval: 15s
timeout: 5s
retries: 20
logging:
driver: json-file
options:
max-size: "10m"
max-file: "5"
rustfs-init:
image: amazon/aws-cli:2.27.42
restart: "no"
depends_on:
rustfs:
condition: service_healthy
environment:
AWS_ACCESS_KEY_ID: ${S3_ACCESS_KEY:?set S3_ACCESS_KEY}
AWS_SECRET_ACCESS_KEY: ${S3_SECRET_KEY:?set S3_SECRET_KEY}
AWS_DEFAULT_REGION: ${S3_REGION:-us-east-1}
entrypoint:
- /bin/sh
- -lc
- |
set -eu
endpoint="http://rustfs:9000"
until aws --endpoint-url "$${endpoint}" s3api list-buckets >/dev/null 2>&1; do
sleep 1
done
aws --endpoint-url "$${endpoint}" s3api head-bucket --bucket ${S3_BUCKET:-productier} >/dev/null 2>&1 || \
aws --endpoint-url "$${endpoint}" s3api create-bucket --bucket ${S3_BUCKET:-productier}
volumes:
caddy-data:
caddy-config:
postgres-data:
rustfs-data:
infra/docker-compose.yml
+137
View File
@@ -0,0 +1,137 @@
services:
frontend:
image: node:22-alpine
working_dir: /workspace
command: sh -lc "npm install && npm run dev -w apps/frontend -- --host 0.0.0.0"
environment:
VITE_FRONTEND_URL: http://localhost:3000
VITE_AUTH_URL: http://localhost:3001
VITE_API_URL: http://localhost:8080
ports:
- "3000:3000"
volumes:
- ..:/workspace
depends_on:
- auth
- api
auth:
image: node:22-alpine
working_dir: /workspace
command: sh -lc "npm install && npm run dev -w apps/backend/auth-service"
environment:
FRONTEND_URL: http://localhost:3000
AUTH_URL: http://localhost:3001
DATABASE_URL: postgres://productier:productier@postgres:5432/productier?sslmode=disable
BETTER_AUTH_SECRET: replace-me-with-a-long-random-secret
ports:
- "3001:3001"
volumes:
- ..:/workspace
depends_on:
- postgres
api:
image: golang:1.26-alpine
working_dir: /workspace/apps/backend
command: sh -lc "go run ./cmd/api"
environment:
API_PORT: 8080
DATABASE_URL: postgres://productier:productier@postgres:5432/productier?sslmode=disable
AUTH_SERVICE_URL: http://auth:3001
MAIL_ENCRYPTION_KEY: replace-me-with-a-dedicated-mail-secret
FILE_STORAGE_PROVIDER: s3
S3_ENDPOINT: http://rustfs:9000
S3_REGION: us-east-1
S3_BUCKET: productier
S3_ACCESS_KEY: rustfsadmin
S3_SECRET_KEY: rustfsadmin
S3_USE_PATH_STYLE: "true"
ports:
- "8080:8080"
volumes:
- ..:/workspace
depends_on:
postgres:
condition: service_started
auth:
condition: service_started
rustfs:
condition: service_healthy
rustfs-init:
condition: service_completed_successfully
postgres:
image: postgres:17-alpine
restart: unless-stopped
environment:
POSTGRES_DB: productier
POSTGRES_USER: productier
POSTGRES_PASSWORD: productier
ports:
- "5432:5432"
volumes:
- postgres-data:/var/lib/postgresql/data
rustfs:
image: rustfs/rustfs@sha256:0725587f6fcca83c1898f321424327d6e6da5e01ea20382905dd258ed5af3be4
restart: unless-stopped
environment:
RUSTFS_VOLUMES: /data/rustfs
RUSTFS_ADDRESS: 0.0.0.0:9000
RUSTFS_CONSOLE_ADDRESS: 0.0.0.0:9001
RUSTFS_CONSOLE_ENABLE: "true"
RUSTFS_ACCESS_KEY: rustfsadmin
RUSTFS_SECRET_KEY: rustfsadmin
ports:
- "9000:9000"
- "9001:9001"
volumes:
- rustfs-data:/data
healthcheck:
test: ["CMD", "sh", "-c", "wget -q -O - http://127.0.0.1:9000/health >/dev/null"]
interval: 15s
timeout: 5s
retries: 20
rustfs-init:
image: amazon/aws-cli:2.27.42
restart: "no"
depends_on:
rustfs:
condition: service_healthy
environment:
AWS_ACCESS_KEY_ID: rustfsadmin
AWS_SECRET_ACCESS_KEY: rustfsadmin
AWS_DEFAULT_REGION: us-east-1
entrypoint:
- /bin/sh
- -lc
- |
set -eu
endpoint="http://rustfs:9000"
until aws --endpoint-url "$$endpoint" s3api list-buckets >/dev/null 2>&1; do
sleep 1
done
aws --endpoint-url "$$endpoint" s3api head-bucket --bucket productier >/dev/null 2>&1 || \
aws --endpoint-url "$$endpoint" s3api create-bucket --bucket productier
greenmail:
image: greenmail/standalone:2.1.8
restart: unless-stopped
environment:
GREENMAIL_OPTS: >-
-Dgreenmail.setup.test.all
-Dgreenmail.users=test1:pwd1@localhost
-Dgreenmail.users.login=email
-Dgreenmail.hostname=0.0.0.0
ports:
- "3025:3025"
- "3143:3143"
- "3465:3465"
- "3993:3993"
- "8081:8080"
volumes:
postgres-data:
rustfs-data:
infra/systemd/productier-backup.service
+16
View File
@@ -0,0 +1,16 @@
[Unit]
Description=Productier production backup job
After=docker.service
Requires=docker.service
[Service]
Type=oneshot
WorkingDirectory=/opt/productier
EnvironmentFile=-/opt/productier/.env.production
Environment=BACKUP_KEEP_COUNT=14
ExecStart=/usr/bin/env bash -lc '/opt/productier/scripts/ops/backup-job.sh /opt/productier/.env.production /opt/productier/backups ${BACKUP_KEEP_COUNT}'
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
infra/systemd/productier-backup.timer
+10
View File
@@ -0,0 +1,10 @@
[Unit]
Description=Run Productier backup job daily
[Timer]
OnCalendar=*-*-* 02:30:00
Persistent=true
Unit=productier-backup.service
[Install]
WantedBy=timers.target
infra/systemd/productier-restore-drill.service
+17
View File
@@ -0,0 +1,17 @@
[Unit]
Description=Productier restore drill job
After=docker.service
Requires=docker.service
[Service]
Type=oneshot
WorkingDirectory=/opt/productier
EnvironmentFile=-/opt/productier/.env.production
Environment=DRILL_CLEANUP_ON_EXIT=1
Environment=DRILL_NOTIFY_ON_SUCCESS=1
ExecStart=/usr/bin/env bash -lc '/opt/productier/scripts/ops/staging-drill.sh /opt/productier/.env.production latest /opt/productier/backups'
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
infra/systemd/productier-restore-drill.timer
+10
View File
@@ -0,0 +1,10 @@
[Unit]
Description=Run Productier restore drill weekly
[Timer]
OnCalendar=Sun *-*-* 03:30:00
Persistent=true
Unit=productier-restore-drill.service
[Install]
WantedBy=timers.target