il
f697715065
deployment notes: - let's try three of budget apps, actual budget, ezbookkeeping, and sure
68 lines
2.4 KiB
Django/Jinja
68 lines
2.4 KiB
Django/Jinja
[Quadlet]
|
|
DefaultDependencies=false
|
|
|
|
[Unit]
|
|
Description=Sure Web
|
|
|
|
After=network-online.target redis_sure.service
|
|
Wants=network-online.target redis_sure.service
|
|
|
|
[Container]
|
|
Image=ghcr.io/we-promise/sure:{{ version['containers']['sure'] }}
|
|
ContainerName=sure-web
|
|
HostName=sure-web
|
|
|
|
PublishPort={{ services['sure']['ports']['http'] }}:3000/tcp
|
|
|
|
Volume=%h/data/containers/sure/storage:/rails/storage:rw
|
|
Volume=%h/containers/sure/ssl:/etc/ssl/sure:ro
|
|
|
|
# General
|
|
Environment="TZ=Asia/Seoul"
|
|
Environment="SELF_HOSTED=true"
|
|
Environment="ONBOARDING_STATE=closed"
|
|
Environment="RAILS_FORCE_SSL=false"
|
|
Environment="RAILS_ASSUME_SSL=true"
|
|
Environment="APP_DOMAIN={{ services['sure']['domain']['public'] }}.{{ domain['public'] }}"
|
|
Secret=SURE_SECRET_KEY_BASE,type=env,target=SECRET_KEY_BASE
|
|
|
|
# PostgreSQL
|
|
Environment="POSTGRES_USER=sure"
|
|
Environment="POSTGRES_DB=sure_db"
|
|
Environment="DB_HOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}"
|
|
Environment="DB_PORT={{ services['postgresql']['ports']['tcp'] }}"
|
|
Environment="PGSSLMODE=verify-full"
|
|
Environment="PGSSLROOTCERT=/etc/ssl/sure/{{ root_cert_filename }}"
|
|
Secret=SURE_POSTGRES_PASSWORD,type=env,target=POSTGRES_PASSWORD
|
|
|
|
# Redis
|
|
Environment="REDIS_URL=redis://host.containers.internal:{{ services['sure']['ports']['redis'] }}/1"
|
|
|
|
# OIDC - Authelia
|
|
Environment="OIDC_CLIENT_ID=sure"
|
|
Environment="OIDC_ISSUER=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
|
|
Environment="OIDC_REDIRECT_URI=https://{{ services['sure']['domain']['public'] }}.{{ domain['public'] }}/auth/openid_connect/callback"
|
|
Secret=SURE_OIDC_CLIENT_SECRET,type=env,target=OIDC_CLIENT_SECRET
|
|
Environment="OIDC_BUTTON_LABEL=Sign in with Authelia"
|
|
Environment="AUTH_JIT_MODE=create_and_link"
|
|
# email's domain, e.g. ilnmors.internal then only user@ilnmors.internal is allowed to sign-up
|
|
Environment="ALLOWED_OIDC_DOMAINS="
|
|
|
|
# WebAuthn / Passkey
|
|
Environment="WEBAUTHN_RP_ID={{ domain['public'] }}"
|
|
Environment="WEBAUTHN_ALLOWED_ORIGINS=https://{{ services['sure']['domain']['public'] }}.{{ domain['public'] }}"
|
|
|
|
# Provider
|
|
## Currency
|
|
Environment="EXCHANGE_RATE_PROVIDER=yahoo_finance"
|
|
Environment="SECURITIES_PROVIDER=yahoo_finance"
|
|
|
|
[Service]
|
|
ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
|
|
Restart=always
|
|
RestartSec=10s
|
|
TimeoutStopSec=120
|
|
|
|
[Install]
|
|
WantedBy=default.target
|