Feature/72 on prem installer

.gitignore

@@ -1,4 +1,5 @@
 .env
 .ipynb_checkpoints
 .DS_Store
-.virtual_documents
+.virtual_documents
+app.env

backend/Dockerfile

@@ -1,6 +1,6 @@
 FROM python:3.12.3
 
-WORKDIR /usr/src/app
+WORKDIR /app
 
 COPY . .
 

backend/Dockerfile.prod

@@ -1,6 +1,6 @@
 FROM python:3.12.3
 
-WORKDIR /usr/src/app
+WORKDIR /app
 
 COPY . .
 

db/docker-entrypoint-initdb.d.prod/000-init.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+
+psql -v ON_ERROR_STOP=1 --username "postgres" <<-EOSQL
+
+CREATE USER "${DB_USER}" WITH CREATEDB PASSWORD '${DB_PASSWORD}';
+
+CREATE DATABASE "${DB_SCHEMA}"
+WITH OWNER = "${DB_USER}"
+     TEMPLATE = template0
+     ENCODING = 'UTF8'
+     LC_COLLATE = 'en_US.UTF-8'
+     LC_CTYPE = 'en_US.UTF-8';
+
+\c "${DB_SCHEMA}"
+
+CREATE EXTENSION IF NOT EXISTS ltree WITH SCHEMA public;
+
+EOSQL

self-hosted/app.env.template

@@ -0,0 +1,12 @@
+DB_HOST=<<your postgresql ip>>
+POSTGRES_PASSWORD=<<yout superadmin postgres user password>>
+DB_PASSWORD=<<your standard postgresql user password>>
+DB_SCHEMA=<<your postgresql schema name>>
+DB_USER=<<your standart postgresql db user>>
+DEBUG="False"
+SECRET_KEY=<<your Django secret key>>
+NEXT_AUTH_SECRET_KEY=<<your secret for Next auth>>
+MAILJET_APIKEY=<<your mailjet api key from mailjet portal>>
+MAILJET_SECRET=<<your mailjet api secret from mailjet portal>>
+WEBDOMAIN=<<your exposed domain url, keep on https:// format>>
+TRAEFIK_CERTIFICATESRESOLVERS_MYRESOLVER_ACME_EMAIL=<<administrator email for Letsencrypt registration>>

self-hosted/docker-compose.frontend-build.yml

@@ -0,0 +1,20 @@
+---
+services:
+  frontend_build:
+    image: akvo/akvo-node-18-alpine:20230831.105309.b9593b7
+    container_name: frontend_build
+    env_file: "./app.env"
+    working_dir: /app
+    environment:
+      - CI_COMMIT=${CI_COMMIT}
+    command:
+      - /bin/bash
+      - -c
+      - |
+        cp i18n frontend/ -R
+        mv frontend/next.config.prod.mjs frontend/next.config.mjs
+        echo 'WEBDOMAIN=${WEBDOMAIN}' >> frontend/.env
+        echo 'NEXT_AUTH_SECRET_KEY=${SECRET_KEY}' >> frontend/.env
+        cd frontend && yarn install --no-progress --frozen-lock && yarn build
+    volumes:
+      - ..:/app:delegated

self-hosted/docker-compose.yml

@@ -0,0 +1,79 @@
+---
+services:
+  mainnetwork:
+    image: alpine:3.14
+    command: ["tail", "-f", "/dev/null"]
+    ports:
+      - 8000:8000 # backend port
+      - 5050:5050 # pgAdmin port
+      - 80:80 # traefik port http
+      - 443:443 # traefik port https
+      - 81:81 # frontend port
+  traefik:
+    image: traefik:v3.0
+    container_name: traefik
+    env_file: "./app.env"
+    restart: unless-stopped
+    environment:
+      - TRAEFIK_PROVIDERS_FILE_FILENAME=/traefik-config/dynamic.yml
+      - TRAEFIK_PROVIDERS_FILE_WATCH=true
+      - TRAEFIK_ENTRYPOINTS_WEB_ADDRESS=:80
+      - TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS=:443
+      - TRAEFIK_CERTIFICATESRESOLVERS_MYRESOLVER_ACME_STORAGE=/letsencrypt/acme.json
+      - TRAEFIK_CERTIFICATESRESOLVERS_MYRESOLVER_ACME_TLSCHALLENGE=true
+      - TRAEFIK_LOG_LEVEL=DEBUG
+      - TRAEFIK_LOG=true
+      - TRAEFIK_LOG_FORMAT=common
+      - TRAEFIK_ACCESSLOG=false
+      - TRAEFIK_ACCESSLOG_FILEPATH=/var/log/traefik/access.log
+      - TRAEFIK_ACCESSLOG_FORMAT=common
+    entrypoint: ["sh", "-c", "/generate_dynamic_config.sh && traefik"]
+    volumes:
+      - "traefik-certificates:/letsencrypt"
+      - "./generate_dynamic_config.sh:/generate_dynamic_config.sh:ro"
+      - "/traefik-config"
+    network_mode: service:mainnetwork
+
+  db:
+    env_file: "./app.env"
+    image: postgres:12-alpine
+    container_name: db
+    restart: unless-stopped
+    volumes:
+      - ../db/docker-entrypoint-initdb.d.prod:/docker-entrypoint-initdb.d
+      - pg-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 2s
+      timeout: 5s
+      retries: 5
+    network_mode: service:mainnetwork
+
+  backend:
+    container_name: backend
+    build:
+      context: ../backend
+      dockerfile: Dockerfile.prod
+    env_file: "./app.env"
+    restart: unless-stopped
+    working_dir: /app
+    depends_on:
+      db:
+        condition: service_healthy
+    network_mode: service:mainnetwork
+
+  frontend:
+    container_name: frontend
+    build:
+      context: ../frontend
+      dockerfile: Dockerfile
+    env_file: "./app.env"
+    restart: unless-stopped
+    working_dir: /app
+    network_mode: service:mainnetwork
+    depends_on:
+      - backend
+
+volumes:
+  traefik-certificates:
+  pg-data:

self-hosted/generate_dynamic_config.sh

@@ -0,0 +1,56 @@
+#!/bin/sh
+
+# Remove 'https://' from WEBDOMAIN if present
+WEBDOMAIN=${WEBDOMAIN#https://}
+
+cat << EOF > /traefik-config/dynamic.yml
+http:
+  routers:
+    frontend-service-router-80:
+      rule: "Host(\`${WEBDOMAIN}\`)"
+      service: frontend-service
+      entrypoints: web
+      middlewares:
+        - redirect-to-https
+
+    frontend-service-router-443:
+      entrypoints:
+        - websecure
+      rule: "Host(\`${WEBDOMAIN}\`)"
+      service: frontend-service
+      tls:
+        certResolver: myresolver
+
+    api-service-router-80:
+      rule: "Host(\`${WEBDOMAIN}\`) && PathPrefix(\`/api\`)"
+      service: api-service
+      entrypoints: web
+      middlewares:
+        - redirect-to-https
+
+    api-service-router-443:
+      entrypoints:
+        - websecure
+      rule: "Host(\`${WEBDOMAIN}\`) && PathPrefix(\`/api\`)"
+      service: api-service
+      tls:
+        certResolver: myresolver
+
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: "https"
+        permanent: true
+
+  services:
+    frontend-service:
+      loadBalancer:
+        servers:
+          - url: "http://localhost:3000"
+
+    api-service:
+      loadBalancer:
+        servers:
+          - url: "http://localhost:8000"
+
+EOF

self-hosted/install.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -euv
+
+#Git Pull
+git pull
+
+#Rebuild Frontend
+CI_COMMIT=latest docker compose -f docker-compose.frontend-build.yml up --build
+
+#Rebuild App
+CI_COMMIT=latest docker compose -f docker-compose.yml build --no-cache
+
+#Restart Service
+docker compose -f docker-compose.yml stop && docker compose -f docker-compose.yml up -d

self-hosted/restart.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -euv
+
+#Restart App
+docker compose -f docker-compose.yml restart

self-hosted/update.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -euv
+
+#Git Pull
+git pull
+
+#Rebuild Frontend
+CI_COMMIT=latest docker compose -f docker-compose.frontend-build.yml up --build
+
+#Rebuild App
+CI_COMMIT=latest docker compose -f docker-compose.yml build --no-cache
+
+#Restart Service
+docker compose -f docker-compose.yml stop && docker compose -f docker-compose.yml up -d