Added nise-infra

external-sync.sh

@@ -1,94 +0,0 @@
-#!/bin/bash
-
-# Initialize variables
-commit_message=""
-action=""
-folder_to_sync=""
-external_base_dir="../external-nise.moe"
-
-# Manual argument parsing
-while [ "$#" -gt 0 ]; do
-  case "$1" in
-    sync|create|configure|push)
-      action="$1"
-      folder_to_sync="$2"
-      shift 2
-      ;;
-    -m)
-      commit_message="$2"
-      shift 2
-      ;;
-    *)
-      echo "Invalid argument: $1"
-      exit 1
-      ;;
-  esac
-done
-
-# Validation
-if [ -z "$action" ]; then
-  echo "Error: Please provide an action (sync or create)."
-  exit 1
-fi
-
-if [ -z "$folder_to_sync" ]; then
-  echo "Error: Please provide a folder name."
-  exit 1
-fi
-
-target_folder="$external_base_dir/$folder_to_sync"
-
-# Further validation and action handling
-if [ "$action" == "sync" ]; then
-  if [ ! -d "$folder_to_sync" ]; then
-    echo "Error: Folder '$folder_to_sync' does not exist in the monorepo."
-    exit 1
-  fi
-
-  mkdir -p "$target_folder"
-  echo "Synchronizing files from '$folder_to_sync' to '$target_folder'..."
-  rsync -av --delete --exclude-from='.gitignore' --exclude='.git' "$folder_to_sync/" "$target_folder/"
-
-  cd "$target_folder" || { echo "Error: Failed to change directory to $target_folder"; exit 1; }
-
-  git add .
-  if [ -z "$commit_message" ]; then
-    commit_message=$(date +%Y%m%d)
-  fi
-  git commit -S -am "$commit_message"
-
-  echo "Synchronization complete and changes committed with message: '$commit_message'."
-elif [ "$action" == "configure" ]; then
-  echo "Configuring external folder '$target_folder'..."
-  cd "$target_folder" || { echo "Error: Failed to change directory to $target_folder"; exit 1; }
-
-  git config user.email "162507023+nise-moe@users.noreply.github.com"
-  git config user.name "nise.moe"
-  git config gpg.format ssh
-  git config commit.gpgsign true
-  git config user.signingkey /home/anon/.ssh/nise-moe.pub
-elif [ "$action" == "push" ]; then
-  echo "Pushing changes to remote repository..."
-  cd "$target_folder" || { echo "Error: Failed to change directory to $target_folder"; exit 1; }
-
-  git push origin main
-  echo "Changes pushed to remote repository."
-elif [ "$action" == "create" ]; then
-  mkdir -p "$target_folder"
-
-  cd "$target_folder" || { echo "Error: Failed to change directory to $target_folder"; exit 1; }
-
-  git init
-  git config user.email "162507023+nise-moe@users.noreply.github.com"
-  git config user.name "nise.moe"
-  git config gpg.format ssh
-  git config commit.gpgsign true
-  git config user.signingkey /home/anon/.ssh/nise-moe.pub
-  git branch -M main
-  git remote add origin git@github.com:nise-moe/"$folder_to_sync".git
-
-  echo "External folder '$target_folder' created and initialized as a Git repository."
-else
-  echo "Error: Invalid action '$action'."
-  exit 1
-fi

nise-infra/.gitignore

@@ -0,0 +1,2 @@
+*.env
+*.sql

nise-infra/docker-compose.yml

@@ -0,0 +1,165 @@
+version: '3'
+
+services:
+
+  nginx-main:
+    image: nginx:latest
+    container_name: nginx-main
+    restart: always
+    volumes:
+      - ./nginx-main.conf:/etc/nginx/nginx.conf:ro
+      # nise.moe certificates (by Cloudflare)
+      - ./nise-data/certificate.pem:/etc/ssl/certs/nisemoe/certificate.pem:ro
+      - ./nise-data/private.key:/etc/ssl/certs/nisemoe/private.key:ro
+    ports:
+      - "443:443"
+      - "80:80"
+
+  # Shared services which are used by others
+  postgres:
+    image: groonga/pgroonga:3.1.6-alpine-15
+    container_name: postgres
+    restart: always
+    environment:
+      POSTGRES_USER: ${DB_USER}
+      POSTGRES_PASSWORD: ${DB_PASS}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    command: >
+      -c shared_buffers=6GB
+      -c effective_cache_size=12GB
+      -c work_mem=64MB
+      -c maintenance_work_mem=2GB
+      -c checkpoint_completion_target=0.9
+      -c checkpoint_timeout=15min
+      -c max_wal_size=2GB
+      -c wal_buffers=16MB
+      -c max_connections=100
+      -c max_worker_processes=8
+      -c max_parallel_workers_per_gather=4
+      -c max_parallel_workers=8
+      -c effective_io_concurrency=40
+    shm_size: '128mb'
+
+  redis:
+    image: redis:alpine
+    container_name: redis
+    restart: always
+
+  # ------------------------------------------------------------------
+
+  gitea:
+    image: gitea/gitea
+    container_name: gitea
+    restart: always
+    environment:
+      USER_UID: 1336
+      USER_GID: 1336
+      GITEA__database__DB_TYPE: postgres
+      GITEA__database__HOST: ${DB_HOST}:5432
+      GITEA__database__NAME: gitea
+      GITEA__database__USER: ${DB_USER}
+      GITEA__database__PASSWD: ${DB_PASS}
+    depends_on:
+      - postgres
+      - redis
+    volumes:
+      - ./gitea-data/app.ini:/data/gitea/conf/app.ini
+      - gitea-data:/data
+
+ # ------------------------------------------------------------------
+
+  nise-nginx:
+    image: nginx:latest
+    container_name: nise-nginx
+    restart: always
+    volumes:
+      - ./nise-data/nginx.conf:/etc/nginx/nginx.conf:ro
+
+  nise-backend:
+    image: git.nise.moe/nuff/nise-backend:latest
+    container_name: nise-backend
+    environment:
+      SPRING_PROFILES_ACTIVE: postgres,discord,import:scores,import:users,fix:scores
+      # App configuration
+      OLD_SCORES_PAGE_SIZE: 1000
+      # Postgres
+      POSTGRES_HOST: ${DB_HOST}
+      POSTGRES_USER: ${DB_USER}
+      POSTGRES_PASS: ${DB_PASS}
+      POSTGRES_DB: nise
+      # redis
+      REDIS_DB: 4
+      # Discord
+      WEBHOOK_URL: ${WEBHOOK_URL}
+      SCORES_WEBHOOK_URL: ${SCORES_WEBHOOK_URL}
+      # osu!api
+      OSU_API_KEY: ${OSU_API_KEY}
+      OSU_CLIENT_ID: ${OSU_CLIENT_ID}
+      OSU_CLIENT_SECRET: ${OSU_CLIENT_SECRET}
+      OSU_CALLBACK: "https://nise.moe/api/login/oauth2/code/osu"
+      # Metabase
+      METABASE_API_KEY: ${METABASE_API_KEY}
+      # Internal API
+      CIRCLEGUARD_API_URL: http://nise-circleguard:5000
+      # Auth
+      ORIGIN: "https://nise.moe"
+      REPLAY_ORIGIN: "https://replay.nise.moe"
+      COOKIE_SECURE: false
+      BEATMAPS_PATH: "/app/dbs"
+    restart: always
+    volumes:
+        - ./nise-data/beatmaps:/app/dbs
+    depends_on:
+      - postgres
+      - redis
+
+  nise-circleguard:
+    image: git.nise.moe/nuff/nise-circleguard:latest
+    container_name: nise-circleguard
+    environment:
+      OSU_API_KEY: ${OSU_API_KEY}
+    restart: always
+    volumes:
+      - ./nise-data/beatmaps:/app/dbs
+
+  nise-frontend2:
+    image: git.nise.moe/nuff/nise-frontend:latest
+    container_name: nise-frontend2
+    restart: always
+
+  nise-replay-viewer:
+    image: git.nise.moe/nuff/nise-replay-viewer:latest
+    container_name: nise-replay-viewer
+    restart: always
+
+  nise-discord:
+    image: git.nise.moe/nuff/nise-discord:latest
+    container_name: nise-discord
+    environment:
+      DISCORD_TOKEN: ${DISCORD_TOKEN}
+      REACTION_CHANNEL_ID: ${REACTION_CHANNEL_ID}
+      REACTION_EMOJI_ID: ${REACTION_EMOJI_ID}
+    restart: always
+
+  nise-metabase:
+    image: metabase/metabase:latest
+    container_name: nise-metabase
+    volumes:
+    - /dev/urandom:/dev/random:ro
+    environment:
+      MB_DB_TYPE: postgres
+      MB_DB_DBNAME: metabase
+      MB_DB_PORT: 5432
+      MB_DB_USER: ${DB_METABASE_USER}
+      MB_DB_PASS: ${DB_METABASE_PASS}
+      MB_DB_HOST: postgres
+    healthcheck:
+      test: curl --fail -I http://localhost:3000/api/health || exit 1
+      interval: 15s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  postgres-data:
+  gitea-data:

nise-infra/nginx-main.conf

@@ -0,0 +1,40 @@
+events {}
+
+http {
+
+    upstream nise-nginx {
+        server nise-nginx:80;
+    }
+
+    # Redirect HTTP to HTTPS
+    server {
+        listen 80;
+        server_name nise.moe replay.nise.moe neko.nise.moe;
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name nise.moe replay.nise.moe git.nise.moe neko.nise.moe;
+
+        ssl_certificate /etc/ssl/certs/nisemoe/certificate.pem;
+        ssl_certificate_key /etc/ssl/certs/nisemoe/private.key;
+
+        location / {
+            # For git.nise.moe
+            client_max_body_size 512M;
+
+            proxy_pass http://nise-nginx;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Websockets
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+    }
+
+}

nise-infra/nise-data/nginx.conf

@@ -0,0 +1,94 @@
+events {}
+
+http {
+
+    upstream gitea {
+        server gitea:3000;
+    }
+
+    upstream nise-frontend {
+        server nise-frontend2:80;
+    }
+
+    upstream nise-replay-viewer {
+        server nise-replay-viewer:80;
+    }
+
+    upstream nise-backend {
+        server nise-backend:8080;
+    }
+
+    upstream nise-metabase {
+        server nise-metabase:3000;
+    }
+
+    server {
+        listen 80;
+        server_name nise.moe;
+
+        location / {
+            proxy_pass http://nise-frontend;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        location /api/ {
+            proxy_pass http://nise-backend/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Websockets
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+
+    }
+
+    server {
+        listen 80;
+
+        server_name git.nise.moe;
+
+        location / { 
+            client_max_body_size 10G;
+            proxy_pass http://gitea/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+    }
+
+    server {
+        listen 80;
+        server_name replay.nise.moe;
+
+        location / { 
+            proxy_pass http://nise-replay-viewer/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+
+    server {
+        listen 80;
+        server_name neko.nise.moe;
+
+        location / { 
+            proxy_pass http://nise-metabase/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+
+}

readme.md

@@ -16,6 +16,7 @@ the website is split into the following modules, each with their own folder and
 | nise-frontend      | The frontend module (Angular), uses the API to display data.              | Angular             |
 | nise-circleguard   | Written in Python, serves as an HTTP interface for circleguard.           | Python              |
 | nise-discord       | Module that runs a Discord bot for role management                        | Python              |
+| nise-infra         | Docker (compose) configuration for production deployment                  | Docker              |
 | nise-replay-viewer | Standalone react-based website that plays osu!std replays in your browser | React/p5.js         |
 
 # how to run
@@ -26,7 +27,7 @@ you can read the individual readme files for each module to see how to run them
 
 ### production
 
-we manage the production stack in a separate `infra` repository. it uses docker-compose to handle the containers, and traefik as a reverse proxy.
+we manage the production stack in the `nise-infra` folder. it uses docker-compose to handle the containers, and nginx as a reverse proxy.
 
 # contributing
 

sync-infra.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+rsync -avz --exclude '.git' --exclude '.env' --exclude 'nise-data/beatmaps/*' --exclude 'nise-data/private.key' --exclude 'nise-data/certificate.pem' --exclude 'gitea-data' nise-moe:/root/Lab/ ./nise-infra