mapleopentech/monorepo
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactored.

Browse source
This commit is contained in:
Bartlomiej Mika 2025-12-02 22:48:40 -05:00
parent f4a49ad4b9
commit 9dad75464b
37 changed files with 667 additions and 247 deletions
Download patch file Download diff file Expand all files Collapse all files

27
cloud/infrastructure/production/setup/templates/backend-stack.yml
View file

@ -1,9 +1,9 @@
version: '3.8'
version: "3.8"
networks:
maple-private-prod:
mapleopentech-private-prod:
external: true
maple-public-prod:
mapleopentech-public-prod:
external: true
secrets:
@ -24,8 +24,8 @@ services:
image: registry.digitalocean.com/ssp/maplepress_backend:latest
hostname: backend
networks:
- maple-public-prod # Receive requests from NGINX
- maple-private-prod # Access databases
- mapleopentech-public-prod # Receive requests from NGINX
- mapleopentech-private-prod # Access databases
secrets:
- maplepress_jwt_secret
- redis_password
@ -93,18 +93,27 @@ services:
resources:
limits:
memory: 1G
cpus: '1.0'
cpus: "1.0"
reservations:
memory: 512M
cpus: '0.5'
cpus: "0.5"
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
order: start-first # Zero-downtime: start new before stopping old
order: start-first # Zero-downtime: start new before stopping old
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "--header=X-Tenant-ID: healthcheck", "http://localhost:8000/health"]
test:
[
"CMD",
"wget",
"--no-verbose",
"--tries=1",
"--spider",
"--header=X-Tenant-ID: healthcheck",
"http://localhost:8000/health",
]
interval: 30s
timeout: 5s
retries: 3

16
cloud/infrastructure/production/setup/templates/cassandra-stack.yml
View file

@ -1,7 +1,7 @@
version: '3.8'
version: "3.8"
networks:
maple-private-prod:
mapleopentech-private-prod:
external: true
volumes:
@ -14,9 +14,9 @@ services:
image: cassandra:5.0.4
hostname: cassandra-1
networks:
- maple-private-prod
- mapleopentech-private-prod
environment:
- CASSANDRA_CLUSTER_NAME=maple-prod-cluster
- CASSANDRA_CLUSTER_NAME=mapleopentech-prod-cluster
- CASSANDRA_DC=datacenter1
- CASSANDRA_ENDPOINT_SNITCH=GossipingPropertyFileSnitch
- CASSANDRA_SEEDS=cassandra-1,cassandra-2,cassandra-3
@ -44,9 +44,9 @@ services:
image: cassandra:5.0.4
hostname: cassandra-2
networks:
- maple-private-prod
- mapleopentech-private-prod
environment:
- CASSANDRA_CLUSTER_NAME=maple-prod-cluster
- CASSANDRA_CLUSTER_NAME=mapleopentech-prod-cluster
- CASSANDRA_DC=datacenter1
- CASSANDRA_ENDPOINT_SNITCH=GossipingPropertyFileSnitch
- CASSANDRA_SEEDS=cassandra-1,cassandra-2,cassandra-3
@ -74,9 +74,9 @@ services:
image: cassandra:5.0.4
hostname: cassandra-3
networks:
- maple-private-prod
- mapleopentech-private-prod
environment:
- CASSANDRA_CLUSTER_NAME=maple-prod-cluster
- CASSANDRA_CLUSTER_NAME=mapleopentech-prod-cluster
- CASSANDRA_DC=datacenter1
- CASSANDRA_ENDPOINT_SNITCH=GossipingPropertyFileSnitch
- CASSANDRA_SEEDS=cassandra-1,cassandra-2,cassandra-3

16
cloud/infrastructure/production/setup/templates/meilisearch-stack.yml
View file

@ -1,7 +1,7 @@
version: '3.8'
version: "3.8"
networks:
maple-private-prod:
mapleopentech-private-prod:
external: true
volumes:
@ -16,7 +16,7 @@ services:
image: getmeili/meilisearch:v1.5
hostname: meilisearch
networks:
- maple-private-prod
- mapleopentech-private-prod
volumes:
- meilisearch-data:/meili_data
secrets:
@ -49,7 +49,15 @@ services:
reservations:
memory: 768M
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:7700/health"]
test:
[
"CMD",
"wget",
"--no-verbose",
"--tries=1",
"--spider",
"http://localhost:7700/health",
]
interval: 30s
timeout: 10s
retries: 3

24
cloud/infrastructure/production/setup/templates/nginx-stack.yml
View file

@ -1,7 +1,7 @@
version: '3.8'
version: "3.8"
networks:
maple-public-prod:
mapleopentech-public-prod:
external: true
volumes:
@ -13,14 +13,14 @@ services:
image: nginx:alpine
hostname: nginx
networks:
- maple-public-prod
- mapleopentech-public-prod
ports:
- "80:80"
- "443:443"
volumes:
- nginx-ssl-certs:/etc/letsencrypt
- nginx-ssl-www:/var/www/certbot
- /var/run/docker.sock:/tmp/docker.sock:ro # For nginx-proxy
- /var/run/docker.sock:/tmp/docker.sock:ro # For nginx-proxy
configs:
- source: nginx_config
target: /etc/nginx/nginx.conf
@ -30,7 +30,7 @@ services:
replicas: 1
placement:
constraints:
- node.labels.backend == true # Same node as backend
- node.labels.backend == true # Same node as backend
restart_policy:
condition: on-failure
delay: 5s
@ -38,12 +38,20 @@ services:
resources:
limits:
memory: 256M
cpus: '0.5'
cpus: "0.5"
reservations:
memory: 128M
cpus: '0.25'
cpus: "0.25"
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80/health"]
test:
[
"CMD",
"wget",
"--no-verbose",
"--tries=1",
"--spider",
"http://localhost:80/health",
]
interval: 30s
timeout: 5s
retries: 3

14
cloud/infrastructure/production/setup/templates/redis-stack.yml
View file

@ -1,7 +1,7 @@
version: '3.8'
version: "3.8"
networks:
maple-private-prod:
mapleopentech-private-prod:
external: true
volumes:
@ -16,7 +16,7 @@ services:
image: redis:7-alpine
hostname: redis
networks:
- maple-private-prod
- mapleopentech-private-prod
volumes:
- redis-data:/data
secrets:
@ -66,7 +66,13 @@ services:
reservations:
memory: 512M
healthcheck:
test: ["CMD", "sh", "-c", "redis-cli -a $$(cat /run/secrets/redis_password) ping | grep PONG"]
test:
[
"CMD",
"sh",
"-c",
"redis-cli -a $$(cat /run/secrets/redis_password) ping | grep PONG",
]
interval: 10s
timeout: 3s
retries: 3

2
cloud/infrastructure/production/setup/templates/redis.prod.conf
View file

@ -11,7 +11,7 @@ bind 0.0.0.0
port 6379
# Protected mode disabled (we rely on Docker network isolation)
# Only containers on maple-prod overlay network can access
# Only containers on mapleopentech-prod overlay network can access
protected-mode no
# ==============================================================================