init

2026-04-01 15:42:52 +02:00
parent beb12d2b75
commit 686de99909
258 changed files with 32993 additions and 2714 deletions
--- a/docker/caddy/Caddyfile
+++ b/docker/caddy/Caddyfile
@@ -0,0 +1,34 @@
+:80 {
+    root * /app/public
+
+    handle_path /stats/* {
+        rewrite * {uri}
+        reverse_proxy https://tools-security.esy-web.dev {
+            header_up Host tools-security.esy-web.dev
+        }
+    }
+
+    handle /assets/perf.js {
+        rewrite * /beacon.min.js
+        reverse_proxy https://static.cloudflareinsights.com {
+            header_up Host static.cloudflareinsights.com
+        }
+    }
+
+    handle_path /sperf {
+        rewrite * /cdn-cgi/rum
+        reverse_proxy https://cloudflareinsights.com {
+            header_up Host cloudflareinsights.com
+        }
+    }
+
+    php_fastcgi php:9000 {
+        trusted_proxies private_ranges
+    }
+
+    file_server
+
+    encode gzip
+
+    try_files {path} /index.php?{query}
+}
--- a/docker/cron/Dockerfile
+++ b/docker/cron/Dockerfile
@@ -0,0 +1,25 @@
+FROM php:8.4-fpm
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libpq-dev \
+    libzip-dev \
+    libicu-dev \
+    cron \
+    && rm -rf /var/lib/apt/lists/* \
+    && docker-php-ext-install pdo_pgsql intl \
+    && pecl install redis \
+    && docker-php-ext-enable redis \
+    && groupadd -g 1000 appuser && useradd -u 1000 -g appuser -m appuser
+
+COPY crontab /etc/cron.d/app-crontab
+RUN chmod 0644 /etc/cron.d/app-crontab && crontab -u appuser /etc/cron.d/app-crontab
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+WORKDIR /app
+
+# cron daemon requires root to manage user crontabs, jobs run as appuser
+USER root
+
+CMD ["/entrypoint.sh"]
--- a/docker/cron/crontab
+++ b/docker/cron/crontab
@@ -0,0 +1,7 @@
+*/5 * * * * echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] START app:orders:expire-pending" >> /proc/1/fd/1 && php /app/bin/console app:orders:expire-pending --env=dev >> /proc/1/fd/1 2>&1 && echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] END app:orders:expire-pending" >> /proc/1/fd/1
+0 * * * * echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] START app:monitor:messenger" >> /proc/1/fd/1 && php /app/bin/console app:monitor:messenger --env=dev >> /proc/1/fd/1 2>&1 && echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] END app:monitor:messenger" >> /proc/1/fd/1
+0 3 * * * echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] START app:meilisearch:check-consistency" >> /proc/1/fd/1 && php /app/bin/console app:meilisearch:check-consistency --fix --env=dev >> /proc/1/fd/1 2>&1 && echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] END app:meilisearch:check-consistency" >> /proc/1/fd/1
+0 */6 * * * echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] START app:stripe:sync" >> /proc/1/fd/1 && php /app/bin/console app:stripe:sync --env=dev >> /proc/1/fd/1 2>&1 && echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] END app:stripe:sync" >> /proc/1/fd/1
+*/5 * * * * php /app/bin/console app:infra:snapshot --env=dev >> /proc/1/fd/1 2>&1
+0 4 * * * echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] START app:attestations:clean" >> /proc/1/fd/1 && php /app/bin/console app:attestations:clean --env=dev >> /proc/1/fd/1 2>&1 && echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] END app:attestations:clean" >> /proc/1/fd/1
+*/15 * * * * echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] START app:services:check" >> /proc/1/fd/1 && php /app/bin/console app:services:check --env=dev >> /proc/1/fd/1 2>&1 && echo "[$(date '+\%Y-\%m-\%d \%H:\%M:\%S')] END app:services:check" >> /proc/1/fd/1
--- a/docker/cron/entrypoint.sh
+++ b/docker/cron/entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+echo "=== CRM Ecosplay Cron ==="
+echo "Registered tasks:"
+echo "  - */5 * * * *  app:orders:expire-pending"
+echo "  - 0   * * * *  app:monitor:messenger"
+echo "  - 0   3 * * *  app:meilisearch:check-consistency --fix"
+echo "  - 0   4 * * *  app:attestations:clean"
+echo "  - */15 * * *   app:services:check"
+echo "===================="
+exec cron -f
--- a/docker/ngrok/sync.sh
+++ b/docker/ngrok/sync.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+set -e
+
+echo "Waiting for ngrok to start..."
+sleep 5
+
+NGROK_URL=""
+RETRIES=10
+
+while [ -z "$NGROK_URL" ] && [ "$RETRIES" -gt 0 ]; do
+    NGROK_URL=$(curl -s http://ngrok:4040/api/tunnels | grep -o '"public_url":"https://[^"]*"' | head -1 | cut -d'"' -f4)
+    if [ -z "$NGROK_URL" ]; then
+        echo "Waiting for tunnel..."
+        sleep 2
+        RETRIES=$((RETRIES - 1))
+    fi
+done
+
+if [ -z "$NGROK_URL" ]; then
+    echo "ERROR: Could not get ngrok URL"
+    exit 1
+fi
+
+touch /app/.env.local
+sed -i '/^OUTSIDE_URL=/d' /app/.env.local
+echo "OUTSIDE_URL=$NGROK_URL" >> /app/.env.local
+
+echo "Ngrok URL: $NGROK_URL"
+echo "Written to .env.local"
--- a/docker/pgsql/init-master.sh
+++ b/docker/pgsql/init-master.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE USER replicator WITH REPLICATION ENCRYPTED PASSWORD 'crm-ecosplay';
+    SELECT pg_create_physical_replication_slot('slave_slot');
+EOSQL
+
+echo "host replication replicator 0.0.0.0/0 md5" >> "$PGDATA/pg_hba.conf"
+echo "host all all 0.0.0.0/0 md5" >> "$PGDATA/pg_hba.conf"
+
+pg_ctl reload -D "$PGDATA"
--- a/docker/pgsql/init-master.sql
+++ b/docker/pgsql/init-master.sql
@@ -0,0 +1,2 @@
+CREATE USER replicator WITH REPLICATION ENCRYPTED PASSWORD 'crm-ecosplay';
+SELECT pg_create_physical_replication_slot('slave_slot');
--- a/docker/pgsql/init-slave.sh
+++ b/docker/pgsql/init-slave.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+until pg_isready -h db-master -U crm-ecosplay; do
+  echo "Waiting for master..."
+  sleep 2
+done
+
+echo "db-master:5432:replication:replicator:crm-ecosplay" > /tmp/.pgpass
+chown postgres:postgres /tmp/.pgpass
+chmod 600 /tmp/.pgpass
+
+rm -rf "$PGDATA"/*
+chown postgres:postgres "$PGDATA"
+chmod 700 "$PGDATA"
+su-exec postgres env PGPASSFILE=/tmp/.pgpass pg_basebackup -h db-master -D "$PGDATA" -U replicator -Fp -Xs -P -R
+
+echo "hot_standby = on" >> "$PGDATA/postgresql.conf"
+
+exec su-exec postgres "$@"
--- a/docker/pgsql/pgbouncer-dev.ini
+++ b/docker/pgsql/pgbouncer-dev.ini
@@ -0,0 +1,22 @@
+[databases]
+crm_ecosplay = host=database port=5432 dbname=crm_ecosplay
+crm_ecosplay_test = host=database port=5432 dbname=crm_ecosplay_test
+
+[pgbouncer]
+listen_addr = 0.0.0.0
+listen_port = 6432
+auth_type = plain
+auth_file = /etc/pgbouncer/userlist.txt
+pool_mode = transaction
+max_client_conn = 200
+default_pool_size = 20
+min_pool_size = 5
+reserve_pool_size = 5
+reserve_pool_timeout = 3
+server_lifetime = 3600
+server_idle_timeout = 600
+log_connections = 0
+log_disconnections = 0
+ignore_startup_parameters = extra_float_digits
+admin_users = app
+stats_users = app
--- a/docker/pgsql/userlist-dev.txt
+++ b/docker/pgsql/userlist-dev.txt
@@ -0,0 +1 @@
+"app" "secret"
--- a/docker/php/dev/Dockerfile
+++ b/docker/php/dev/Dockerfile
@@ -0,0 +1,35 @@
+# hadolint global ignore=DL3008
+FROM php:8.4-fpm
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libpq-dev \
+    libsqlite3-dev \
+    libzip-dev \
+    libxml2-dev \
+    libicu-dev \
+    libpng-dev \
+    libjpeg-dev \
+    libfreetype-dev \
+    libmagickwand-dev \
+    unzip \
+    qpdf \
+    curl \
+    python3 \
+    python3-pip \
+    git \
+    && rm -rf /var/lib/apt/lists/* \
+    && docker-php-ext-configure gd --with-freetype --with-jpeg \
+    && docker-php-ext-install \
+    pdo_mysql \
+    pdo_pgsql \
+    pdo_sqlite \
+    zip \
+    intl \
+    gd \
+    && pecl install redis imagick pcov \
+    && docker-php-ext-enable redis imagick pcov \
+    && groupadd -g 1000 appuser && useradd -u 1000 -g appuser -m appuser
+
+WORKDIR /app
+
+USER appuser
--- a/docker/php/prod/Dockerfile
+++ b/docker/php/prod/Dockerfile
@@ -0,0 +1,35 @@
+# hadolint global ignore=DL3008
+FROM php:8.4-fpm
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libpq-dev \
+    libsqlite3-dev \
+    libzip-dev \
+    libxml2-dev \
+    libicu-dev \
+    libpng-dev \
+    libjpeg-dev \
+    libfreetype-dev \
+    libmagickwand-dev \
+    unzip \
+    && rm -rf /var/lib/apt/lists/* \
+    && docker-php-ext-configure gd --with-freetype --with-jpeg \
+    && docker-php-ext-install \
+    pdo_mysql \
+    pdo_pgsql \
+    pdo_sqlite \
+    zip \
+    intl \
+    gd \
+    exif \
+    opcache \
+    && pecl install redis imagick \
+    && docker-php-ext-enable redis imagick \
+    && groupadd -g 1000 appuser && useradd -u 1000 -g appuser -m appuser
+
+COPY php.ini /usr/local/etc/php/conf.d/app.ini
+COPY opcache.ini /usr/local/etc/php/conf.d/opcache.ini
+
+WORKDIR /app
+
+USER appuser
--- a/docker/php/prod/opcache.ini
+++ b/docker/php/prod/opcache.ini
@@ -0,0 +1,9 @@
+opcache.enable=1
+opcache.memory_consumption=256
+opcache.interned_strings_buffer=16
+opcache.max_accelerated_files=20000
+opcache.validate_timestamps=0
+opcache.save_comments=0
+opcache.enable_cli=1
+opcache.jit=tracing
+opcache.jit_buffer_size=128M
--- a/docker/php/prod/php.ini
+++ b/docker/php/prod/php.ini
@@ -0,0 +1,21 @@
+date.timezone = Europe/Paris
+
+memory_limit = 256M
+upload_max_filesize = 100M
+post_max_size = 150M
+max_execution_time = 30
+max_input_time = 30
+
+expose_php = Off
+display_errors = Off
+display_startup_errors = Off
+log_errors = On
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600
+
+session.cookie_secure = On
+session.cookie_httponly = On
+session.cookie_samesite = Lax
+session.use_strict_mode = 1