From a32e2da6c30212f5e275d9e72fbc77d8dc8cc88f Mon Sep 17 00:00:00 2001 From: Robert Rapp Date: Mon, 15 Sep 2025 19:38:57 +0200 Subject: [PATCH] chore(infra): add env templates and bootstrap script; ignore secrets in git --- infra/env/common.env.example | 14 ++++++++++++++ infra/env/development/common.env | 11 +++++++++++ scripts/infra/bootstrap.sh | 24 ++++++++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 infra/env/common.env.example create mode 100644 infra/env/development/common.env create mode 100644 scripts/infra/bootstrap.sh diff --git a/infra/env/common.env.example b/infra/env/common.env.example new file mode 100644 index 0000000..fb6b485 --- /dev/null +++ b/infra/env/common.env.example @@ -0,0 +1,14 @@ +# Global/defaults +INFRASTRUCTURE_LABEL=mindboost +TZ=UTC + +# Traefik / proxy +TRAEFIK_NETWORK=proxy +TRAEFIK_HTTP_PORT=80 +TRAEFIK_HTTPS_PORT=443 +TRAEFIK_LOG_LEVEL=INFO +ACME_EMAIL=you@example.com +TRAEFIK_DASHBOARD_DOMAIN=traefik.example.com +# Optional basic auth users for dashboard (format: user:hashed) +#TRAEFIK_BASIC_AUTH_USERS=admin:$2y$05$... + diff --git a/infra/env/development/common.env b/infra/env/development/common.env new file mode 100644 index 0000000..f4a42cf --- /dev/null +++ b/infra/env/development/common.env @@ -0,0 +1,11 @@ +# Development defaults (copy to production and adjust as needed) +INFRASTRUCTURE_LABEL=dev +TZ=UTC + +TRAEFIK_NETWORK=proxy +TRAEFIK_HTTP_PORT=80 +TRAEFIK_HTTPS_PORT=443 +TRAEFIK_LOG_LEVEL=INFO +ACME_EMAIL=dev@example.com +TRAEFIK_DASHBOARD_DOMAIN=traefik.local + diff --git a/scripts/infra/bootstrap.sh b/scripts/infra/bootstrap.sh new file mode 100644 index 0000000..58039be --- /dev/null +++ b/scripts/infra/bootstrap.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Create external proxy network if it doesn't exist and prepare Traefik state + +NETWORK_NAME=${TRAEFIK_NETWORK:-proxy} +ACME_FILE="infra/core/traefik/data/acme.json" + +echo "[bootstrap] Ensuring external network '${NETWORK_NAME}' exists..." +if ! docker network ls --format '{{.Name}}' | grep -qx "${NETWORK_NAME}"; then + docker network create "${NETWORK_NAME}" + echo "[bootstrap] Created network '${NETWORK_NAME}'." +else + echo "[bootstrap] Network '${NETWORK_NAME}' already exists." +fi + +echo "[bootstrap] Ensuring ACME storage exists with correct permissions..." +mkdir -p "$(dirname "${ACME_FILE}")" +touch "${ACME_FILE}" +chmod 600 "${ACME_FILE}" +echo "[bootstrap] ACME storage ready at ${ACME_FILE}." + +echo "[bootstrap] Done." +