Update traefik, introduce crowdsec, add hydra stack to infra.

2026-03-27 19:36:37 +00:00
parent 8d3d7e7434
commit a930db1b3a
7 changed files with 202 additions and 13 deletions
--- a/hydra/.env
+++ b/hydra/.env
@@ -0,0 +1,68 @@
+APP_NAME=Hydra
+APP_ENV=production
+APP_KEY=base64:qSmM2c7YWgiFKS62S2m6w8pVslaBC8WBIHttObhDu1U=
+APP_DEBUG=true
+APP_TIMEZONE=UTC
+APP_URL=https://hydras-revenge.ddnss.org
+
+APP_LOCALE=en
+APP_CURRENCY=EUR
+APP_FALLBACK_LOCALE=en
+APP_FAKER_LOCALE=en_US
+
+APP_MAINTENANCE_DRIVER=file
+# APP_MAINTENANCE_STORE=database
+
+PHP_CLI_SERVER_WORKERS=4
+
+BCRYPT_ROUNDS=12
+
+LOG_CHANNEL=stack
+LOG_STACK=single
+LOG_DEPRECATIONS_CHANNEL=null
+LOG_LEVEL=debug
+
+DB_CONNECTION=pgsql
+DB_HOST=pgsql
+DB_PORT=5432
+DB_DATABASE=hydra
+DB_USERNAME=hydra
+DB_PASSWORD=$*8D%!nnoiiu6w
+
+SESSION_DRIVER=database
+SESSION_LIFETIME=120
+SESSION_ENCRYPT=false
+SESSION_PATH=/
+SESSION_DOMAIN=null
+
+BROADCAST_CONNECTION=log
+FILESYSTEM_DISK=local
+QUEUE_CONNECTION=database
+
+CACHE_STORE=database
+CACHE_PREFIX=
+
+MEMCACHED_HOST=127.0.0.1
+
+REDIS_CLIENT=phpredis
+REDIS_HOST=127.0.0.1
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+MAIL_MAILER=log
+MAIL_HOST=mail
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDRESS="hello@example.com"
+MAIL_FROM_NAME="${APP_NAME}"
+
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_DEFAULT_REGION=us-east-1
+AWS_BUCKET=
+AWS_USE_PATH_STYLE_ENDPOINT=false
+
+VITE_APP_NAME="${APP_NAME}"
+VITE_APP_URL="${APP_URL}/api"
--- a/hydra/docker-compose.yaml
+++ b/hydra/docker-compose.yaml
@@ -0,0 +1,55 @@
+networks:
+  proxy:
+    external: true
+  hydra:
+
+volumes:
+  hydra-db:
+  hydra-storage:
+    name: hydra-storage
+
+services:
+  app:
+    image: gitea.fam-steinle.de/cs/hydra:latest
+    restart: always
+    dns:
+      - '8.8.8.8'
+    links:
+      - pgsql
+    depends_on:
+      pgsql:
+        condition: service_healthy
+    working_dir: /var/www
+    volumes:
+      - ./.env:/var/www/.env
+      - hydra-storage:/var/www/storage/app/private
+    networks:
+      - proxy
+      - hydra
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.hydra.rule=Host(`hydras-revenge.ddnss.org`) || Host(`hydra.steinle-computer.de`)"
+      - "traefik.http.routers.hydra.entrypoints=web"
+      - "traefik.http.routers.hydra.middlewares=hydra"
+      - "traefik.http.middlewares.hydra.redirectscheme.scheme=https"
+      - "traefik.http.routers.hydra-secure.rule=Host(`hydras-revenge.ddnss.org`) || Host(`hydra.steinle-computer.de`)"
+      - "traefik.http.routers.hydra-secure.entrypoints=websecure"
+      - "traefik.http.routers.hydra-secure.tls=true"
+      - "traefik.http.routers.hydra-secure.tls.certresolver=cs"
+      - "traefik.http.routers.hydra-secure.service=hydra-secure"
+      - "traefik.http.services.hydra-secure.loadbalancer.server.port=80"
+
+  pgsql:
+    image: postgres:17-alpine
+    restart: unless-stopped
+    volumes:
+      - hydra-db:/var/lib/postgresql/data
+    networks:
+      - hydra
+    environment:
+      PGPASSWORD: $*8D%!nnoiiu6w
+      POSTGRES_PASSWORD: $*8D%!nnoiiu6w
+      POSTGRES_USER: hydra
+      POSTGRES_DB: hydra
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U steinle"]