Merge pull request #7 from rushsteve1/main

Docker Compose and Caddyfile

README.md

@@ -19,13 +19,11 @@ allows access to some resources when unauthenticated for public access, and
 allows full access to all resources when authenticated. RCOS infrastructure
 cannot connect to the database directly but must interact through this API.
 
-## Setup
-
-TODO DbMate docs
-
-## Postgrest Deployment
-
-1. Copy and modify `postgrest.conf`
-2. Run Postgrest with the .conf file
-
-TODO docker-compose stuff
+## Deployment
+
+1. Replace the `<PASSWORD>` and `<ADMINPASS>` placeholders in
+   `docker-compose.yml` and the [roles migration
+   file](./db/migrations/20210117194733_create_roles.sql) with secure passwords.
+2. Run `docker-compose up -d` to start everything.
+3. Use [DbMate](https://github.com/amacneil/dbmate) to apply the migations
+   `dbmate up`.

config/Caddyfile

@@ -0,0 +1,32 @@
+{
+    email [email protected]
+}
+
+rcos.io, www.rcos.io {
+    encode zstd gzip
+    log { output discard }
+
+    # TODO Observatory/Telescope
+    respond "Hello, world!"
+}
+
+api.rcos.io {
+    encode zstd gzip
+    log { output discard }
+
+    reverse_proxy postgrest:3000
+}
+
+swagger.rcos.io {
+    encode zstd gzip
+    log { output discard }
+
+    reverse_proxy swagger:8080
+}
+
+wiki.rcos.io {
+    encode zstd gzip
+    log { output discard }
+
+    reverse_proxy wikijs:3000
+}

config/wiki.yml

@@ -0,0 +1,129 @@
+#######################################################################
+# Wiki.js - CONFIGURATION                                             #
+#######################################################################
+# Full documentation + examples:
+# https://docs.requarks.io/install
+
+# ---------------------------------------------------------------------
+# Port the server should listen to
+# ---------------------------------------------------------------------
+
+port: 3000
+
+# ---------------------------------------------------------------------
+# Database
+# ---------------------------------------------------------------------
+# Supported Database Engines:
+# - postgres = PostgreSQL 9.5 or later
+# - mysql = MySQL 8.0 or later (5.7.8 partially supported, refer to docs)
+# - mariadb = MariaDB 10.2.7 or later
+# - mssql = MS SQL Server 2012 or later
+# - sqlite = SQLite 3.9 or later
+
+db:
+  type: postgres
+
+  # PostgreSQL / MySQL / MariaDB / MS SQL Server only:
+  host: private-rcos-db-do-user-8558031-0.b.db.ondigitalocean.com
+  port: 25060
+  user: wiki
+  pass: <CHANGEME>
+  db: wiki
+  ssl: true
+
+  # Optional - PostgreSQL / MySQL / MariaDB only:
+  # -> Uncomment lines you need below and set `auto` to false
+  # -> Full list of accepted options: https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
+  sslOptions:
+    auto: false
+    # rejectUnauthorized: false
+    ca: /wiki/db-cert.crt
+    # cert: path/to/cert.crt
+    # key: path/to/key.pem
+    # pfx: path/to/cert.pfx
+    # passphrase: xyz123
+
+  # SQLite only:
+  # storage: path/to/database.sqlite
+
+#######################################################################
+# ADVANCED OPTIONS                                                    #
+#######################################################################
+# Do not change unless you know what you are doing!
+
+# ---------------------------------------------------------------------
+# SSL/TLS Settings
+# ---------------------------------------------------------------------
+# Consider using a reverse proxy (e.g. nginx) if you require more
+# advanced options than those provided below.
+
+ssl:
+  enabled: false
+  port: 3443
+
+  # Provider to use, possible values: custom, letsencrypt
+  provider: custom
+
+  # ++++++ For custom only ++++++
+  # Certificate format, either 'pem' or 'pfx':
+  format: pem
+  # Using PEM format:
+  key: path/to/key.pem
+  cert: path/to/cert.pem
+  # Using PFX format:
+  pfx: path/to/cert.pfx
+  # Passphrase when using encrypted PEM / PFX keys (default: null):
+  passphrase: null
+  # Diffie Hellman parameters, with key length being greater or equal
+  # to 1024 bits (default: null):
+  dhparam: null
+
+  # ++++++ For letsencrypt only ++++++
+  domain: wiki.yourdomain.com
+  subscriberEmail: [email protected]
+
+# ---------------------------------------------------------------------
+# Database Pool Options
+# ---------------------------------------------------------------------
+# Refer to https://github.com/vincit/tarn.js for all possible options
+
+pool:
+  # min: 2
+  # max: 10
+
+# ---------------------------------------------------------------------
+# IP address the server should listen to
+# ---------------------------------------------------------------------
+# Leave 0.0.0.0 for all interfaces
+
+bindIP: 0.0.0.0
+
+# ---------------------------------------------------------------------
+# Log Level
+# ---------------------------------------------------------------------
+# Possible values: error, warn, info (default), verbose, debug, silly
+
+logLevel: info
+
+# ---------------------------------------------------------------------
+# Offline Mode
+# ---------------------------------------------------------------------
+# If your server cannot access the internet. Set to true and manually
+# download the offline files for sideloading.
+
+offline: false
+
+# ---------------------------------------------------------------------
+# High-Availability
+# ---------------------------------------------------------------------
+# Set to true if you have multiple concurrent instances running off the
+# same DB (e.g. Kubernetes pods / load balanced instances). Leave false
+# otherwise. You MUST be using PostgreSQL to use this feature.
+
+ha: false
+
+# ---------------------------------------------------------------------
+# Data Path
+# ---------------------------------------------------------------------
+# Writeable data path used for cache and temporary user uploads.
+dataPath: ./data

db/migrations/20210117194733_create_roles.sql

@@ -16,7 +16,7 @@ GRANT ALL ON ALL TABLES IN SCHEMA public TO api_user;
 GRANT ALL ON ALL sequences IN SCHEMA public TO api_user;
 
 -- Create user that can be logged in for the API
-CREATE ROLE authenticator NOINHERIT LOGIN PASSWORD '<password>'; -- MAKE SURE TO CHANGE THIS
+CREATE ROLE authenticator NOINHERIT LOGIN PASSWORD '<PASSWORD>'; -- MAKE SURE TO CHANGE THIS
 GRANT web_anon TO authenticator;
 
 -- migrate:down

docker-compose.yml

@@ -0,0 +1,32 @@
+version: '3'
+services:
+    postgrest:
+        image: postgrest/postgrest:v7.0.1
+        restart: unless-stopped
+        environment:
+            PGRST_DB_URI: <FILL ME IN>
+            PGRST_DB_SCHEMA: public
+            PGRST_DB_ANON_ROLE: web_anon
+
+    swagger:
+        image: swaggerapi/swagger-ui:v3.40.0
+        restart: unless-stopped
+        environment:
+            URL: api.rcos.io
+
+    wikijs:
+        image: requarks/wiki:2
+        restart: unless-stopped
+        volumes:
+        - /home/rcos/config/wiki.yml:/wiki/config.yml
+        - /home/rcos/config/db-cert.crt:/wiki/db-cert.crt
+
+    caddy:
+        image: caddy:2
+        restart: unless-stopped
+        volumes:
+        - /home/rcos/config/Caddyfile:/etc/caddy/Caddyfile
+        - caddy_data:/data
+
+volumes:
+    caddy_data: