# Name of your application. Used to uniquely configure containers.
service: myapp

# Name of the container image.
image: myusername/myapp

# Deploy to these servers.
servers:
  web:
    - 111.111.111.111
  # job:
  #   hosts:
  #     - 192.168.0.1
  #   cmd: bin/jobs

# Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server.
# Remove this section when using multiple web servers and ensure you terminate SSL at your load balancer.
#
# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption. 
proxy: 
  ssl: false
  host: 111.111.111.111
  # Proxy connects to your container on port 80 by default.
  app_port: 3000

# Credentials for your image host.
registry:
  # Specify the registry server, if you're not using Docker Hub
  # server: registry.digitalocean.com / ghcr.io / ...
  username: myusername

  # Always use an access token rather than real password (pulled from .kamal/secrets).
  password:
    - KAMAL_REGISTRY_PASSWORD

# Configure builder setup.
builder:
  arch: amd64

# Inject ENV variables into containers (secrets come from .kamal/secrets).
#
env:
  secret:
    - RAILS_MASTER_KEY
    - POSTGRES_PASSWORD
    - POSTGRES_USERNAME

# Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
# "bin/kamal logs -r job" will tail logs from the first server in the job section.
#
# aliases:
#   shell: app exec --interactive --reuse "bash"

# Use a different ssh user than root
#
ssh:
  user: myapp

# Use a persistent storage volume.
#
# volumes:
#   - "app_storage:/app/storage"

# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
# hitting 404 on in-flight requests. Combines all files from new and old
# version inside the asset_path.
#
asset_path: /myapp/public

# Configure rolling deploys by setting a wait time between batches of restarts.
#
# boot:
#   limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
#   wait: 2

# Use accessory services (secrets come from .kamal/secrets).
#
accessories:
  db:
    image: postgres:14
    host: 111.111.111.111
    port: 5432
    env:
      secret:
        - POSTGRES_PASSWORD
        - DB_HOST
    directories:
      - data:/var/lib/postgresql/data
  redis:
    image: "redis:7-alpine"
    host: 111.111.111.111
    port: 6379
    directories:
    - data:/data

RAILS_MASTER_KEY=$(cat config/credentials/production.key)
KAMAL_REGISTRY_PASSWORD=$(RAILS_ENV=production bin/rails runner "puts Rails.application.credentials.dig(:kamal, :registry_password)")
POSTGRES_PASSWORD=$(RAILS_ENV=production bin/rails runner "puts Rails.application.credentials.dig(:db, :password)")

kamal registry login
  INFO [2ad7cb24] Running docker login -u [REDACTED] -p [REDACTED] as thiago@localhost
  ERROR (SSHKit::Command::Failed): docker exit status: 256
docker stdout: Nothing written
docker stderr: WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or password

docker login -u myusername -p myregistrypassword
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

RAILS_ENV=production bin/rails runner "puts Rails.application.credentials.dig(:kamal, :registry_password)"
myregistrypassword

sudo apt-get update && sudo apt-get install docker-ce docker-ce-cli containerd.io

{
  "registry-mirrors": ["https://8wvomdt4.mirror.aliyuncs.com"],

  "proxies": {
    "http-proxy": "http://127.0.0.1:10809",
    "https-proxy": "http://127.0.0.1:10809",
    "no-proxy": "*.test.example.com,.example.org,10.0.0.0/24"
  }

}