From d0e787e2c73082433258e7d3baa04afe87580410 Mon Sep 17 00:00:00 2001
From: Maieul BOYER <maieul.dev@familleboyer.net>
Date: Tue, 13 Jan 2026 17:38:14 +0100
Subject: [PATCH] feat(devops): removed stuff and added jwt

---
 .gitignore         |  1 +
 Docker.mk          | 21 +++++++++++++--------
 Makefile           |  5 ++++-
 docker-compose.yml | 45 ++++++++++++++++++++-------------------------
 env.example        |  9 +++++----
 5 files changed, 43 insertions(+), 38 deletions(-)

diff --git a/.gitignore b/.gitignore
index ee404c9..716fa6f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ openapi.jar
 .vscode
 nginx-dev/nginx
 nginx-dev/nginx.deb
+.env
 
 # sqlite stuff
 *.db
diff --git a/Docker.mk b/Docker.mk
index b2db912..23990f2 100644
--- a/Docker.mk
+++ b/Docker.mk
@@ -2,13 +2,13 @@
 
 # TODO: REMOVE THIS BEFORE LAUNCH
 # this allows the us to only start the non-monitoring sercices
-DOCKER_SERVICE=        \
-			  auth     \
-			  chat     \
-			  tic-tac-toe \
-			  nginx    \
-			  user     \
-			  pong     \
+#DOCKER_SERVICE=        \
+#			  auth     \
+#			  chat     \
+#			  tic-tac-toe \
+#			  nginx    \
+#			  user     \
+#			  pong     \
 
 all: build
 	docker compose up -d $(DOCKER_SERVICE)
@@ -19,7 +19,7 @@ logs:
 down:
 	docker compose down
 
-build:
+build: .env
 	docker compose build $(DOCKER_SERVICE)
 
 re:
@@ -38,3 +38,8 @@ prune: clean
 	-docker volume  prune
 	-docker network prune
 	-docker system  prune -a
+
+.env:
+	@echo "edit the env.example file and use the \`make jwt_secret\` to create a valid jwt secret"
+	@echo "write the stuff to .env"
+	exit 1
diff --git a/Makefile b/Makefile
index e8f0b69..57f5abf 100644
--- a/Makefile
+++ b/Makefile
@@ -148,5 +148,8 @@ fnginx: nginx-dev/nginx nginx-dev/nginx-selfsigned.crt nginx-dev/nginx-selfsigne
 	-(cd ./frontend && npx pnpm exec vite --clearScreen false)
 	wait
 
+jwt_secret:
+	sh -c "dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\n' | tr -- '+/' '-_'; echo"
+
 #	phony
-.PHONY: all clean fclean re header footer npm@install npm@clean npm@fclean npm@build sql tmux logs
+.PHONY: all clean fclean re header footer npm@install npm@clean npm@fclean npm@build sql tmux logs jwt_secret
diff --git a/docker-compose.yml b/docker-compose.yml
index 2cd1d56..6341289 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -51,9 +51,7 @@ services:
     volumes:
       # if you need to share files with nginx, you do it here.
       - static-volume:/volumes/static
-    environment:
-      # this can stay the same for developpement. This is an alias to `localhost`
-      - NGINX_DOMAIN=local.maix.me
+    env_file: .env
     logging:
       driver: gelf
       options:
@@ -76,8 +74,7 @@ services:
       - sqlite-volume:/volumes/database
       - static-volume:/volumes/static
       - ./src/auth/config:/config
-    environment:
-      - JWT_SECRET=KRUGKIDROVUWG2ZAMJZG653OEBTG66BANJ2W24DTEBXXMZLSEB2GQZJANRQXU6JA
+    env_file: .env
     logging:
       driver: gelf
       options:
@@ -102,8 +99,7 @@ services:
      volumes:
        - sqlite-volume:/volumes/database
        - static-volume:/volumes/static
-     environment:
-       - JWT_SECRET=KRUGKIDROVUWG2ZAMJZG653OEBTG66BANJ2W24DTEBXXMZLSEB2GQZJANRQXU6JA
+     env_file: .env
      logging:
        driver: gelf
        options:
@@ -125,18 +121,15 @@ services:
     restart: always
     networks:
       - app
+    env_file: .env
     volumes:
       - sqlite-volume:/volumes/database
       - static-volume:/volumes/static
-    environment:
-      - JWT_SECRET=KRUGKIDROVUWG2ZAMJZG653OEBTG66BANJ2W24DTEBXXMZLSEB2GQZJANRQXU6JA
-      - PROVIDER_FILE=/extra/providers.toml
-      - SESSION_MANAGER=${SESSION_MANAGER}
-    # logging:
-    #   driver: gelf
-    #   options:
-    #     gelf-address: "udp://127.0.0.1:12201"
-    #     tag: "{{.Name}}"
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://127.0.0.1:12201"
+        tag: "{{.Name}}"
 
   ###############
   #    PONG     #
@@ -156,8 +149,7 @@ services:
     volumes:
       - sqlite-volume:/volumes/database
       - static-volume:/volumes/static
-    environment:
-      - JWT_SECRET=KRUGKIDROVUWG2ZAMJZG653OEBTG66BANJ2W24DTEBXXMZLSEB2GQZJANRQXU6JA
+    env_file: .env
 
   ###############
   #    USER     #
@@ -177,8 +169,7 @@ services:
     volumes:
       - sqlite-volume:/volumes/database
       - static-volume:/volumes/static
-    environment:
-      - JWT_SECRET=KRUGKIDROVUWG2ZAMJZG653OEBTG66BANJ2W24DTEBXXMZLSEB2GQZJANRQXU6JA
+    env_file: .env
     logging:
       driver: gelf
       options:
@@ -205,11 +196,10 @@ services:
       - ./monitoring/grafana/dashboards-config:/etc/grafana/provisioning/dashboards
       - ./monitoring/grafana/dashboards:/var/lib/grafana/dashboards
       - grafana-data:/var/lib/grafana
+    env_file: .env
     environment:
-      # this can stay the same for developpement. This is an alias to `localhost`
-      - NGINX_DOMAIN=local.maix.me
       - GF_LOG_LEVEL=warn
-      - GF_SERVER_ROOT_URL=https://local.maix.me:9090/grafana/
+      - GF_SERVER_ROOT_URL=https:/${NGINX_DOMAIN}/:9090/grafana/
       - GF_SECURITY_ADMIN_USER=${GRAFANA_ADMIN_USER}
       - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASS}
     logging:
@@ -238,6 +228,7 @@ services:
       options:
         gelf-address: "udp://127.0.0.1:12201"
         tag: "{{.Name}}"
+    env_file: .env
     healthcheck:
       test: ["CMD", "wget", "--quiet", "--spider", "http://localhost:9090/-/healthy"]
       interval: 30s
@@ -252,6 +243,7 @@ services:
     container_name: mon-cadvisor
     command:
       - '-url_base_prefix=/cadvisor'
+    env_file: .env
     environment:
       - CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz
     volumes:
@@ -277,6 +269,7 @@ services:
       options:
         gelf-address: "udp://127.0.0.1:12201"
         tag: "{{.Name}}"
+    env_file: .env
     healthcheck:
       test: ["CMD", "wget", "--quiet", "--spider", "http://localhost:9115/-/healthy"]
       interval: 30s
@@ -295,10 +288,10 @@ services:
     container_name: log-elasticsearch
     networks:
       - monitoring
+    env_file: .env
     environment:
       - discovery.type=single-node
       - ES_JAVA_OPTS=-Xms512m -Xmx512m
-      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
     volumes:
       - elastic-data:/usr/share/elasticsearch/data
       - ./logs/elasticsearch:/setup
@@ -323,6 +316,7 @@ services:
     ports:
       - "12201:12201/udp"
     restart: unless-stopped
+    env_file: .env
     healthcheck:
       test: ["CMD", "curl", "-f", "-s", "localhost:9600"]
       interval: 30s
@@ -338,9 +332,10 @@ services:
     networks:
       - monitoring
       - app
+    env_file: .env
     environment:
       - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
-      - SERVER_PUBLICBASEURL=https://local.maix.me:9090/kibana
+      - SERVER_PUBLICBASEURL=https://${NGINX_DOMAIN}:9090/kibana
       - SERVER_BASEPATH=/kibana
       - SERVER_REWRITEBASEPATH=true
       - ELASTICSEARCH_USERNAME=elastic
diff --git a/env.example b/env.example
index 1c3d2d9..e5f44ea 100644
--- a/env.example
+++ b/env.example
@@ -1,5 +1,6 @@
-GRAFANA_ADMIN_USER=
-GRAFANA_ADMIN_PASS=
+GRAFANA_ADMIN_USER=admintochange
+GRAFANA_ADMIN_PASS=passwordtochange
 GRAFANA_WEBHOOK_URL=
-
-ELASTIC_PASSWORD=
+ELASTIC_PASSWORD=passwordtochange
+JWT_SECRET=
+NGINX_DOMAIN=local.maix.me