Скрипт чистой автоустановки
Можно использовать для быстрого старта проекта в docker.
#!/bin/bashset -e
if ! which docker; then echo "docker not found. Check if it is installed." exit 1fi
if ! which curl; then echo 'curl not installed. Install it please' exit 1fir=$(tput setaf 1)g=$(tput setaf 2)b=$(tput setaf 6)
if [[ ! -s .env ]]; then if [[ ! -s .env.example ]]; then echo 'APP_DEBUG=ySECRETS_DIR_PATH="$(pwd)"ALLOWED_HOSTS=*DEFAULT_LANG=enDEFAULT_EMAIL=admin@example.comADMINS='[["Admin", "admin@example.com"]]'POSTGRES_DB=djing2POSTGRES_USER=djing2_usrPOSTGRES_HOST=pgbouncerPG_DB_HOST=djing2dbPOSTGRES_PORT=6432DISABLE_SERVER_SIDE_CURSORS=yTELEPHONE_REGEXP=^(\+[7893]\d{10,11})?$API_AUTH_SUBNET="127.0.0.0/8|172.17.0.0/16"SORM_EXPORT_FTP_HOST=127.0.0.1SORM_EXPORT_FTP_USERNAME=cdrSORM_EXPORT_FTP_DISABLE=YTIME_ZONE=UTC# Bras host name for COARADIUS_APP_HOST=localhostCUSTOMERS_PASSPORT_DEFAULT_DISTRIBUTOR="FEDAral migr func"DJANGO_LOG_LEVEL=INFOCELERY_BROKER_URL=pyamqp://user:passw@djing2rabbitmq/REDIS_HOST=djing2redisDOMAINS=admin.localhost,pa.localhostEMAIL4LETSENCRYPT=admin@localhostDEBUG=1STAGING=1SORM_JAN_CREDENTIALS='ftp://user:passw@127.0.0.1:2451/pathonftp?region=1234'JAN_NAS_IPV4=172.16.0.1ADMIN_DOMAIN=admin.localhostPA_DOMAIN=pa.localhostNGINX_ENVSUBST_TEMPLATE_DIR=/etc/nginx/templates_sslLETSENCRYPT_ENABLE=yesINSTALLED_APPS_ADDITIONAL=' > .env.example echo "$r╔════════════════════════════════════════╗" echo "$r║ ║" echo "$r║ You must configure your .env file ║" echo "$r║ Example in .env.example ║" echo "$r║ ║" echo "$r╚════════════════════════════════════════╝" exit 2 fi cp -v .env.example .envfi
if [[ ! -s docker-compose.yml ]]; then echo 'services: djing2db: image: postgres:13.4-alpine user: postgres working_dir: /var/lib/postgresql secrets: - POSTGRES_PASSWORD volumes: - postgresql-data:/var/lib/postgresql/data - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro environment: - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD - POSTGRES_DB - POSTGRES_USER - POSTGRES_HOST command: ["postgres", "-c", "shared_buffers=4GB", "-c", "wal_buffers=64MB"] networks: - backnet pgbouncer: image: git.g-tell.uz/nerosketch/djing2-pgbouncer environment: - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD - POSTGRES_DB - POSTGRES_USER - POSTGRES_HOST secrets: - POSTGRES_PASSWORD depends_on: - djing2db networks: - backnet djing2redis: image: redis:alpine networks: - backnet djing2rabbitmq: image: rabbitmq:3.11-alpine environment: - RABBITMQ_DEFAULT_USER=user - RABBITMQ_DEFAULT_PASS=passw networks: - backnet security_opt: - no-new-privileges:true yvix_payment_gate: image: git.g-tell.uz/nerosketch/yvix_payment_gate depends_on: - djing2db networks: - backnet - frontnet secrets: - PAYMENT_SECRET - POSTGRES_PASSWORD - FIELD_ENCRYPTION_KEY environment: - DEBUG - ALLOWED_HOSTS - REDIS_HOST - REDIS_PORT - POSTGRES_DB - POSTGRES_USER - PG_DB_HOST - PG_DB_PORT env_file: - .env yvix_radius_gw: image: git.g-tell.uz/nerosketch/yvix_radius_gw depends_on: - djing2db networks: - backnet secrets: - POSTGRES_PASSWORD - RADIUS_SECRET env_file: - .env_rad yvix_radius_gw_task: image: git.g-tell.uz/nerosketch/yvix_radius_gw networks: - backnet secrets: - POSTGRES_PASSWORD - RADIUS_SECRET env_file: - .env_rad command: faststream run main_task:app --log-level info djing2_app_wsgi: image: git.g-tell.uz/nerosketch/djing2_app:latest depends_on: - pgbouncer - djing2rabbitmq deploy: restart_policy: condition: on-failure delay: 15s max_attempts: 30 window: 120s secrets: - POSTGRES_PASSWORD - DJANGO_SECRET_KEY - VAPID_PUBLIC_KEY - VAPID_PRIVATE_KEY - FIELD_ENCRYPTION_KEY - API_AUTH_SECRET - RADIUS_SECRET - SORM_EXPORT_FTP_PASSWORD - FTP_SORM_JAN_PASSWORD environment: - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD env_file: - .env volumes: - media-data:/var/www/djing2/media - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro networks: - backnet - frontnet yvix-front: image: git.g-tell.uz/nerosketch/yvix-front:latest depends_on: - djing2_app_wsgi - ws ports: - 80:80 - 443:443 environment: - DOMAINS - EMAIL4LETSENCRYPT - RSA_KEY_SIZE - DEBUG - STAGING - ADMIN_DOMAIN - PA_DOMAIN - NGINX_ENVSUBST_TEMPLATE_DIR - LETSENCRYPT_ENABLE deploy: restart_policy: condition: on-failure delay: 5s max_attempts: 80 window: 30s restart: on-failure volumes: - media-data:/var/www/media:ro - nginx_logs:/var/log/nginx - nginx-cert:/etc/letsencrypt - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./nginx/adm-additional-locations:/etc/nginx/adm-additional-locations - ./nginx/additional_conf:/etc/nginx/additional_conf - ./nginx/custom_data:/var/www/custom_data networks: - backnet - frontnet - external_bridge ws: image: git.g-tell.uz/nerosketch/yvix-ws:latest command: /yvix_ws --amqp 'amqp://user:passw@djing2rabbitmq' deploy: restart_policy: condition: on-failure delay: 15s max_attempts: 30 window: 120s networks: - backnet djing2celery: image: git.g-tell.uz/nerosketch/djing2_app:latest command: celery -A yvix.celery_app worker --loglevel=WARNING -E --concurrency 1 depends_on: - pgbouncer - djing2rabbitmq secrets: - POSTGRES_PASSWORD - DJANGO_SECRET_KEY - VAPID_PUBLIC_KEY - VAPID_PRIVATE_KEY - FIELD_ENCRYPTION_KEY - API_AUTH_SECRET - RADIUS_SECRET - SORM_EXPORT_FTP_PASSWORD - FTP_SORM_JAN_PASSWORD environment: - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD env_file: - .env volumes: - media-data:/var/www/djing2/media - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro networks: - backnet - frontnet djing2celerybeat: image: git.g-tell.uz/nerosketch/djing2_app:latest command: celery -A yvix.celery_app beat --loglevel=WARNING -s /tmp/celerybeat-schedule depends_on: - djing2celery secrets: - POSTGRES_PASSWORD - DJANGO_SECRET_KEY - VAPID_PUBLIC_KEY - VAPID_PRIVATE_KEY - FIELD_ENCRYPTION_KEY - API_AUTH_SECRET - RADIUS_SECRET - SORM_EXPORT_FTP_PASSWORD - FTP_SORM_JAN_PASSWORD environment: - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD env_file: - .env tmpfs: - /tmp volumes: - media-data:/var/www/djing2/media - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro networks: - backnet clickhouse: image: clickhouse/clickhouse-server:24.9.2.42 volumes: - ch-data:/var/lib/clickhouse networks: - backnet ipfix-reader: image: git.g-tell.uz/nerosketch/ipfix-reader:latest depends_on: - clickhouse deploy: restart_policy: condition: on-failure delay: 4s max_attempts: 100 window: 5s ports: - "2055:2055/udp" volumes: - ./ipfix_reader.conf:/etc/ipfixproc.yml networks: - frontnet - backnet
volumes: postgresql-data: media-data: nginx_logs: nginx-cert: ch-data:
networks: frontnet: driver: bridge backnet: driver: bridge internal: true external_bridge: external: true
secrets: POSTGRES_PASSWORD: file: ./secrets/POSTGRES_PASSWORD DJANGO_SECRET_KEY: file: ./secrets/DJANGO_SECRET_KEY API_AUTH_SECRET: file: ./secrets/API_AUTH_SECRET FIELD_ENCRYPTION_KEY: file: ./secrets/FIELD_ENCRYPTION_KEY VAPID_PUBLIC_KEY: file: ./secrets/VAPID_PUBLIC_KEY VAPID_PRIVATE_KEY: file: ./secrets/VAPID_PRIVATE_KEY RADIUS_SECRET: file: ./secrets/RADIUS_SECRET SORM_EXPORT_FTP_PASSWORD: file: ./secrets/SORM_EXPORT_FTP_PASSWORD FTP_SORM_JAN_PASSWORD: file: ./secrets/FTP_SORM_JAN_PASSWORD PAYMENT_SECRET: file: ./secrets/PAYMENT_SECRET' > docker-compose.ymlfiif [[ ! -s generate_secrets.sh ]]; then echo '#!/bin/bash
############################################## Generate secrets, if it not generated yet#############################################if [ ! -d ./secrets ]; then mkdir secretsfi
cd ./secrets
gen_random_passw(){ local fname="$1" if [ ! -f "$fname" ]; then local allowed_chars="${2:-'A-Za-z0-9\!\@#\$%\^\&*(-_=+)'}" local symbol_len="${3:-64}" if [[ ! -s "$fname" ]]; then tr -dc "$allowed_chars" < /dev/urandom | head -c "$symbol_len" > "$fname" echo "gen -> $fname" fi fi}
gen_random_passw API_AUTH_SECRETgen_random_passw DJANGO_SECRET_KEY
if [[ ! -s FIELD_ENCRYPTION_KEY ]]; then python3 -c "import os, base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())" > FIELD_ENCRYPTION_KEY echo 'gen -> FIELD_ENCRYPTION_KEY'fi
# FreeRadius default secretif [[ ! -s RADIUS_SECRET ]]; then echo 'testing123' > RADIUS_SECRET echo 'testing123 -> RADIUS_SECRET'fi
gen_random_passw POSTGRES_PASSWORD "a-z0-9" "12"
gen_random_passw VAPID_PUBLIC_KEYgen_random_passw VAPID_PRIVATE_KEY
gen_random_passw SORM_EXPORT_FTP_PASSWORD "a-z0-9" "8"
gen_random_passw FTP_SORM_JAN_PASSWORD
# exit from ./secretscd ../
if [ ! -f .env ]; then cp -v .env.example .envfi' > generate_secrets.shfichmod 500 generate_secrets.sh
mkdir -p nginx/adm-additional-locations nginx/additional_conf nginx/custom_data
./generate_secrets.shdocker compose --env-file .env up -d --pull=always
echo "$g╔═══════════════════════════════════════════════╗"echo "$g║ $g║"echo "$g║ $b CONGRATULATIONS! $g║"echo "$g║ $b Don't forget to edit your $g║"echo "$g║ $b .env file. You should $g║"echo "$g║ $b customize it for your own $g║"echo "$g║ $b requirements. $g║"echo "$g║ $g║"echo "$g╚═══════════════════════════════════════════════╝"