michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: update deployment configuration and encrypted env loader

Browse Source 
- Update Ansible playbooks and roles for application deployment
- Add new Gitea/Traefik troubleshooting playbooks
- Update Docker Compose configurations (base, local, staging, production)
- Enhance EncryptedEnvLoader with improved error handling
- Add deployment scripts (autossh setup, migration, secret testing)
- Update CI/CD workflows and documentation
- Add Semaphore stack configuration
This commit is contained in:
Michael Schiemer
2025-11-02 20:38:06 +01:00
parent 7b7f0b41d2
commit 24cbbccf4c
44 changed files with 5280 additions and 276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
deployment/ansible/templates/application.env.j2
View File

@@ -11,7 +11,9 @@ APP_DOMAIN={{ app_domain }}
APP_ENV={{ app_env | default('production') }}
APP_DEBUG={{ app_debug | default('false') }}
APP_NAME={{ app_display_name | default(app_name | default('Framework') | replace('-', ' ') | title) }}
APP_KEY={{ app_key }}
# Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
# APP_KEY is loaded from /run/secrets/app_key via APP_KEY_FILE
APP_KEY_FILE=/run/secrets/app_key
APP_TIMEZONE={{ app_timezone | default(timezone | default('Europe/Berlin')) }}
APP_LOCALE={{ app_locale | default('de') }}
APP_URL=https://{{ app_domain }}
@@ -25,18 +27,22 @@ DB_HOST={{ db_host | default('postgres') }}
DB_PORT={{ db_port | default('5432') }}
DB_DATABASE={{ db_name | default(db_name_default) }}
DB_USERNAME={{ db_user | default(db_user_default) }}
DB_PASSWORD={{ db_password }}
# Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
# DB_PASSWORD is loaded from /run/secrets/db_user_password via DB_PASSWORD_FILE
DB_PASSWORD_FILE=/run/secrets/db_user_password
DB_CHARSET={{ db_charset | default('utf8') }}
# Legacy variables (kept for backward compatibility)
DB_NAME={{ db_name | default(db_name_default) }}
DB_USER={{ db_user | default(db_user_default) }}
DB_PASS={{ db_password }}
# DB_PASS is loaded from Docker Secret via DB_PASSWORD_FILE
# Redis Configuration
# Redis runs in this stack
REDIS_HOST={{ redis_host | default('redis') }}
REDIS_PORT={{ redis_port | default('6379') }}
REDIS_PASSWORD={{ redis_password }}
# Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
# REDIS_PASSWORD is loaded from /run/secrets/redis_password via REDIS_PASSWORD_FILE
REDIS_PASSWORD_FILE=/run/secrets/redis_password
# Security Configuration
SECURITY_ALLOWED_HOSTS={{ security_allowed_hosts | default('localhost,' ~ app_domain ~ ',www.' ~ app_domain) }}
@@ -59,11 +65,17 @@ QUEUE_WORKER_TRIES={{ queue_worker_tries | default('3') }}
QUEUE_WORKER_TIMEOUT={{ queue_worker_timeout | default('60') }}
# Vault / Encryption
VAULT_ENCRYPTION_KEY={{ encryption_key }}
# Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
# VAULT_ENCRYPTION_KEY is loaded from /run/secrets/vault_encryption_key via VAULT_ENCRYPTION_KEY_FILE
VAULT_ENCRYPTION_KEY_FILE=/run/secrets/vault_encryption_key
# APP_KEY is loaded from /run/secrets/app_key via APP_KEY_FILE
APP_KEY_FILE=/run/secrets/app_key
# Git Repository Configuration (optional - if set, container will clone/pull code on start)
GIT_REPOSITORY_URL={{ git_repository_url | default('') }}
GIT_BRANCH={{ git_branch | default('main') }}
GIT_TOKEN={{ git_token | default('') }}
# Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
# GIT_TOKEN is loaded from /run/secrets/git_token via GIT_TOKEN_FILE
GIT_TOKEN_FILE=/run/secrets/git_token
GIT_USERNAME={{ git_username | default('') }}
GIT_PASSWORD={{ git_password | default('') }}