feat/pre deployment setup

.env.sample

@@ -0,0 +1,26 @@
+# vim: filetype=bash
+
+COMPOSE_PROFILES=core
+COMPOSE_PROJECT_NAME=mapswipe-deploy
+MAPSWIPE_ENVIRONMENT=prod|stage
+
+# Ofelia
+OFELIA_PROJECT_NAME=mapswipe-prod
+OFELIA_SLACK_WEBHOOK=
+
+# Postgres
+# NOTE: Password: Use openssl rand -base64 48 | tr -dc 'A-Za-z0-9_@#%^+=-' | head -c 24
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+
+# Caddy
+CADDY_EMAIL=mapswipe@example.org
+CADDY_HOST_BACKEND=https://backend.example.org
+CADDY_HOST_MANAGER_DASHBOARD=https://manager.example.org
+CADDY_HOST_COMMUNITY_DASHBOARD=https://community.example.org
+
+# PgBackRest
+# https://pgbackrest.org/command.html
+# https://pgbackrest.org/configuration.html#introduction
+PGBACKREST_REPO1_GCS_BUCKET=demo-bucket
+PGBACKREST_REPO1_PATH=/demo-repo

.github/workflows/pre-commit.yaml

@@ -0,0 +1,47 @@
+name: Pre commit
+
+on:
+  push:
+
+jobs:
+  pre_commit_checks:
+    name: Pre-Commit checks
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@main
+        with:
+          submodules: true
+
+      - name: Generate fake ./terraform/live/secrets.auto.tfvars
+        run: |
+          echo "project_id_map = { stage = \"mapswipe\" }" > ./terraform/live/secrets.auto.tfvars
+
+      # TODO: Cache plugins?
+      - uses: terraform-linters/setup-tflint@v5
+        name: Setup TFLint
+        with:
+          tflint_version: v0.52.0
+
+      - name: Install Terragrunt and OpenTofu
+        uses: gruntwork-io/terragrunt-action@v3
+        with:
+          # TODO: Use mise instead? https://github.com/gruntwork-io/terragrunt-action#tool-version-management
+          tg_version: 0.80.4
+          tofu_version: v1.10.5
+
+      - name: Initialize tofu without any backend
+        run: |
+          # Find all directories containing terragrunt.hcl
+          find . -type f -name "terragrunt.hcl" | while read hcl_file; do
+            dir=$(dirname "$hcl_file")
+            echo "Entering directory: $dir"
+            (
+              cd "$dir" || exit
+              tofu init -backend=false
+            )
+          done
+
+      - uses: pre-commit/action@main
+        env:
+          DISABLE_INIT: true

.gitignore

@@ -0,0 +1,3 @@
+.env*
+!.env.sample
+data/

.gitmodules

@@ -1,8 +1,8 @@
 [submodule "mapswipe-firebase"]
-	path = mapswipe-firebase
+	path = firebase
 	url = git@github.com:mapswipe/mapswipe-firebase.git
 [submodule "mapswipe-backend"]
-	path = mapswipe-backend
+	path = backend
 	url = git@github.com:mapswipe/mapswipe-backend.git
 [submodule "community-dashboard"]
 	path = community-dashboard

.pre-commit-config.yaml

@@ -0,0 +1,45 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.24.2
+    hooks:
+      - id: gitleaks
+
+  - repo: https://github.com/crate-ci/typos
+    rev: v1.31.1
+    hooks:
+      - id: typos
+        args: ["--exclude=CHANGELOG.md", "--force-exclude"]
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-case-conflict
+      - id: detect-private-key
+      - id: check-merge-conflict
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-json
+      - id: check-toml
+      - id: check-xml
+      - id: check-yaml
+        args: [--unsafe]
+      - id: debug-statements
+      - id: detect-private-key
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: "v1.100.0"
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_tflint
+      - id: terragrunt_fmt
+      - id: terragrunt_validate_inputs
+        files: (/terragrunt\.hcl)$
+      - id: terragrunt_validate
+        files: (/terragrunt\.hcl)$
+        args:
+          - --hook-config=--tf-path=tofu
+      # - id: terraform_trivy
+      # - id: infracost_breakdown

README.md

@@ -0,0 +1,68 @@
+## Setup
+
+### Cloning the Repository
+
+Most submodules use SSH URLs. To avoid setting up SSH keys, run this command to use HTTPS instead:
+
+```bash
+git config --global url."https://github.com/".insteadOf "git@github.com:"
+```
+
+Clone and pull all submodules
+```bash
+git clone git@github.com:mapswipe/mapswipe-deploy.git
+cd mapswipe-deploy
+git submodule update --init --recursive
+```
+
+### Environment Variables
+
+Make sure these environment files are in place:
+
+- .env (based on `.env.sample`)
+- env/backend.env
+- env/community-dashboard.env
+- env/manager-dashboard.env
+- secrets/pgbackrest_gc_service_account_key.json
+
+```bash
+cp .env.sample .env
+touch env/backend.env
+touch env/community-dashboard.env
+touch env/manager-dashboard.env
+touch secrets/pgbackrest_gc_service_account_key.json
+```
+
+## Apply changes
+
+The `task` tool is used to set up a pre-alias.
+> https://taskfile.dev/
+
+
+```bash
+task --list-all
+
+# Deploy all
+task deploy
+
+# Deploy web apps
+task web-builds
+
+# Deploy backend resources
+task backend-deploy
+
+# Deploy caddy
+task caddy-deploy
+```
+
+### pgBackRest
+
+Create "main" stanza
+```bash
+docker compose exec -u postgres postgres pgbackrest --stanza=main stanza-create
+```
+
+View backup info
+```bash
+docker compose exec -u postgres postgres pgbackrest --stanza=main info
+```

caddy/Caddyfile

@@ -0,0 +1,43 @@
+(file_server_config) {
+    encode gzip
+    file_server
+}
+
+
+{$CADDY_HOST_BACKEND} {
+    request_body {
+        max_size 10MB
+    }
+
+    handle_path /static/* {
+        root * /assets/backend/static
+        import file_server_config
+    }
+
+    handle_path /media/* {
+        root * /assets/backend/media
+        import file_server_config
+    }
+
+    handle {
+        reverse_proxy http://web:80
+    }
+}
+
+
+{$CADDY_HOST_MANAGER_DASHBOARD} {
+    handle {
+        try_files {path} /index.html
+        root * /assets/manager-dashboard
+        import file_server_config
+    }
+}
+
+
+{$CADDY_HOST_COMMUNITY_DASHBOARD} {
+    handle {
+        try_files {path} /index.html
+        root * /assets/community-dashboard
+        import file_server_config
+    }
+}