From 6d95d2b1a7133cf2b5e29eb8c1766bc450851fa2 Mon Sep 17 00:00:00 2001
From: Cameron Clough <cameronjclough@gmail.com>
Date: Wed, 13 Apr 2022 16:29:55 +0100
Subject: [PATCH] create uat environment config

---
 README.md                               |  2 +-
 docker-compose.uat.yml                  | 20 ------
 environment/uat/.gitignore              |  2 +
 environment/uat/README.md               |  3 +
 environment/uat/docker-compose.yml      | 89 +++++++++++++++++++++++++
 environment/uat/traefik/acme/.gitignore |  1 +
 environment/uat/traefik/traefik.toml    | 32 +++++++++
 7 files changed, 128 insertions(+), 21 deletions(-)
 delete mode 100644 docker-compose.uat.yml
 create mode 100644 environment/uat/.gitignore
 create mode 100644 environment/uat/README.md
 create mode 100644 environment/uat/docker-compose.yml
 create mode 100644 environment/uat/traefik/acme/.gitignore
 create mode 100644 environment/uat/traefik/traefik.toml

diff --git a/README.md b/README.md
index fc94477..d3f0057 100644
--- a/README.md
+++ b/README.md
@@ -99,5 +99,5 @@ The athena websockets interface is not implemented yet, so the comma app and ath
 
 Launch with:
 ```
-docker-compose -f docker-compose.yml -f docker-compose.uat.yml up -d
+(cd environment/uat && docker-compose up -d)
 ```
diff --git a/docker-compose.uat.yml b/docker-compose.uat.yml
deleted file mode 100644
index 7952c06..0000000
--- a/docker-compose.uat.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-version: "3.0"
-services:
-  nginx:
-    image: nginx:1.15-alpine
-    depends_on:
-      - server
-    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./data/nginx:/etc/nginx/conf.d
-      - ./data/certbot/conf:/etc/letsencrypt
-      - ./data/certbot/www:/var/www/certbot
-  certbot:
-    image: certbot/certbot
-    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
-    volumes:
-      - ./data/certbot/conf:/etc/letsencrypt
-      - ./data/certbot/www:/var/www/certbot
diff --git a/environment/uat/.gitignore b/environment/uat/.gitignore
new file mode 100644
index 0000000..76075ce
--- /dev/null
+++ b/environment/uat/.gitignore
@@ -0,0 +1,2 @@
+database
+realdata
diff --git a/environment/uat/README.md b/environment/uat/README.md
new file mode 100644
index 0000000..84ef801
--- /dev/null
+++ b/environment/uat/README.md
@@ -0,0 +1,3 @@
+# User Acceptance Testing (UAT) environnment
+
+Hostname: `uat.api.retropilot.org`
diff --git a/environment/uat/docker-compose.yml b/environment/uat/docker-compose.yml
new file mode 100644
index 0000000..eae817d
--- /dev/null
+++ b/environment/uat/docker-compose.yml
@@ -0,0 +1,89 @@
+version: "3.0"
+
+services:
+  # Traefik reverse proxy
+  # https://doc.traefik.io/traefik/
+  reverse-proxy:
+    image: traefik:v2.6
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      # See traefik/traefik.toml for static config
+      - ./traefik:/etc/traefik
+#    labels:
+#      - "traefik.enable=true"
+#      # Expose traefik dashboard at https://uat.traefik.retropilot.org
+#      - "traefik.http.routers.dashboard.rule=Host(`uat.traefik.retropilot.org`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+#      - "traefik.http.routers.dashboard.entrypoints=websecure"
+#      - "traefik.http.routers.dashboard.service=api@internal"
+#      - "traefik.http.routers.dashboard.tls=true"
+#      - "traefik.http.routers.dashboard.tls.certresolver=myresolver"
+#      # Secure the dashboard with BasicAuth middleware
+#      - "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker"
+#      # BasicAuth: username=admin, password=password
+#      # Generate new password: sudo apt install -y apache2-utils; echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
+#      - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$2y$$05$$iT4z7pjcdNRYU9Y89VlUUe.13TdQ9H7rBtIO6PJruuK.RAW8lvmxW"
+
+  # PostgreSQL database
+  db:
+    image: postgres:14-bullseye
+    restart: unless-stopped
+    ports:
+      - "5432:5432"
+    volumes:
+      - ./database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: ${DB_USER}
+      POSTGRES_PASSWORD: ${DB_PASS}
+      POSTGRES_DB: ${DB_NAME}
+
+  # API server
+  api:
+    # Use the retropilot-server image from the GitHub Container Registry
+    image: ghcr.io/retropilot/retropilot-server:uat
+    restart: unless-stopped
+    volumes:
+      # Mount realdata dir to /realdata in the container
+      - ./realdata:/realdata
+    env_file:
+      - .env
+    labels:
+      - "traefik.enable=true"
+      # API service forwards requests to container port 8080
+      - "traefik.http.services.api.loadbalancer.server.port=8080"
+      # Expose api at https://uat.api.retropilot.org
+      - "traefik.http.routers.api.rule=Host(`uat.api.retropilot.org`)"
+      - "traefik.http.routers.api.entrypoints=websecure"
+      - "traefik.http.routers.api.service=api@docker"
+      - "traefik.http.routers.api.tls=true"
+      - "traefik.http.routers.api.tls.certresolver=myresolver"
+#      # Athena service forwards requests to container port 4040
+#      - "traefik.http.services.athena.loadbalancer.server.port=4040"
+#      # Expose athena at https://uat.athena.retropilot.org
+#      - "traefik.http.routers.athena.rule=Host(`uat.athena.retropilot.org`)"
+#      - "traefik.http.routers.athena.entrypoints=websecure"
+#      - "traefik.http.routers.athena.service=athena@docker"
+#      - "traefik.http.routers.athena.tls=true"
+#      - "traefik.http.routers.athena.tls.certresolver=myresolver"
+
+  # API worker
+  worker:
+    # Use the same image as the server
+    image: ghcr.io/retropilot/retropilot-server:uat
+    # But run the worker script instead
+    command: npm run worker
+    restart: unless-stopped
+    volumes:
+      - ./realdata:/realdata
+    env_file:
+      - .env
+
+#  watchtower:
+#    # automatically update containers when new images are released
+#    image: containrrr/watchtower
+#    volumes:
+#      - /var/run/docker.sock:/var/run/docker.sock
+#    command: --interval 30
diff --git a/environment/uat/traefik/acme/.gitignore b/environment/uat/traefik/acme/.gitignore
new file mode 100644
index 0000000..08a7346
--- /dev/null
+++ b/environment/uat/traefik/acme/.gitignore
@@ -0,0 +1 @@
+acme.json
diff --git a/environment/uat/traefik/traefik.toml b/environment/uat/traefik/traefik.toml
new file mode 100644
index 0000000..d2e0be5
--- /dev/null
+++ b/environment/uat/traefik/traefik.toml
@@ -0,0 +1,32 @@
+# traefik reverse proxy config
+# docs: https://doc.traefik.io/traefik/
+
+[api]
+  dashboard = true
+
+[log]
+  level = "INFO"
+
+[providers]
+  [providers.docker]
+    endpoint = "unix:///var/run/docker.sock"
+    exposedByDefault = false
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+    [entryPoints.web.http]
+      [entryPoints.web.http.redirections]
+        [entryPoints.web.http.redirections.entryPoint]
+          to = "websecure"
+  [entryPoints.websecure]
+    address = ":443"
+
+[certificatesResolvers]
+  [certificatesResolvers.myresolver]
+    [certificatesResolvers.myresolver.acme]
+      caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
+      email = "admin@retropilot.org"
+      storage = "acme.json"
+      [certificatesResolvers.myresolver.acme.httpChallenge]
+        entryPoint = "web"