Secrets VM: v2 (#50)

Closes #44. We'll do a manual migration for stability and simplicity. Reviewed-on: #50
2024-03-29 15:24:57 +00:00
parent da90d463de
commit 20b72f085f
5 changed files with 38 additions and 25 deletions
--- a/infra/secrets/infisical/.env
+++ b/infra/secrets/infisical/.env
@@ -8,19 +8,17 @@ ENCRYPTION_KEY=ENCRYPTION_KEY_VALUE
 # THIS IS A SAMPLE AUTH_SECRET KEY AND SHOULD NEVER BE USED FOR PRODUCTION
 AUTH_SECRET=AUTH_SECRET_VALUE

-# MongoDB
-# Backend will connect to the MongoDB instance at connection string MONGO_URL which can either be a ref
-# to the MongoDB container instance or Mongo Cloud
+# Postgres creds
+POSTGRES_PASSWORD=infisical
+POSTGRES_USER=infisical
+POSTGRES_DB=infisical
+
 # Required
-MONGO_URL=mongodb://root:MONGO_PASSWORD_VALUE@mongo:27017/?authSource=admin
+DB_CONNECTION_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}

 # Redis
 REDIS_URL=redis://redis:6379

-# Optional credentials for MongoDB container instance and Mongo-Express
-MONGO_USERNAME=root
-MONGO_PASSWORD=MONGO_PASSWORD_VALUE
-
 # Website URL
 # Required
 SITE_URL=https://secrets.koval.net
@@ -70,4 +68,4 @@ CLIENT_SECRET_GITLAB_LOGIN=

 # Other
 INVITE_ONLY_SIGNUP=true
-TELEMETRY_ENABLED=false
+TELEMETRY_ENABLED=false
--- a/infra/secrets/infisical/docker-compose.yml
+++ b/infra/secrets/infisical/docker-compose.yml
@@ -1,11 +1,28 @@
 version: "3"

 services:
+  db-migration:
+    depends_on:
+      db:
+        condition: service_healthy
+    image: infisical/infisical:latest-postgres
+    env_file: .env
+    command: npm run migration:latest
+    pull_policy: always
+    networks:
+      - infisical
+
  backend:
    restart: unless-stopped
    depends_on:
-      - mongo
-    image: infisical/infisical:latest
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+      db-migration:
+        condition: service_completed_successfully
+    image: infisical/infisical:latest-postgres
+    pull_policy: always
    env_file: .env
    ports:
      - 80:8080
@@ -20,14 +37,18 @@ services:
    ports:
      - 6379:6379
    volumes:
-      - /mnt/nvme/redis-data:/data
+      - /mnt/nvme/redis_data:/data

-  mongo:
-    image: mongo
+  db:
+    image: postgres:14-alpine
    restart: always
    env_file: .env
-    environment:
-      - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
-      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
    volumes:
-      - /mnt/nvme/mongo-data:/data/db
+      - /mnt/nvme/pg_data:/var/lib/postgresql/data
+    networks:
+      - infisical
+    healthcheck:
+      test: "pg_isready --username=${POSTGRES_USER} && psql --username=${POSTGRES_USER} --list"
+      interval: 5s
+      timeout: 10s
+      retries: 10