From e5c4cf490fd97b894430fdec3515f6b58625b09b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 27 Apr 2025 22:30:48 +0200 Subject: [PATCH] Include newsreader provisioning --- host_vars/fudiggity/network.yml | 2 +- host_vars/fudiggity/newsreader.yml | 39 +++++++++++++++++ playbook.yml | 4 ++ tasks/newsreader.yml | 58 ++++++++++++++++++++++++++ templates/newsreader/docker-compose.j2 | 37 ++++++++++++++++ templates/newsreader/env.j2 | 16 +++++++ templates/nginx/newsreader.j2 | 14 +++---- 7 files changed, 162 insertions(+), 8 deletions(-) create mode 100644 host_vars/fudiggity/newsreader.yml create mode 100644 tasks/newsreader.yml create mode 100644 templates/newsreader/docker-compose.j2 create mode 100644 templates/newsreader/env.j2 diff --git a/host_vars/fudiggity/network.yml b/host_vars/fudiggity/network.yml index f9ca113..11d6725 100644 --- a/host_vars/fudiggity/network.yml +++ b/host_vars/fudiggity/network.yml @@ -44,7 +44,7 @@ woodpecker_app_port: 7000 woodpecker_domain: woodpecker.fudiggity.nl newsreader_ip: 127.0.0.1 -newsreader_port: 5000 +newsreader_nginx_port: 5000 newsreader_domain: rss.fudiggity.nl glitchtip_ip: 127.0.0.1 diff --git a/host_vars/fudiggity/newsreader.yml b/host_vars/fudiggity/newsreader.yml new file mode 100644 index 0000000..b395818 --- /dev/null +++ b/host_vars/fudiggity/newsreader.yml @@ -0,0 +1,39 @@ +newsreader_app_name: newsreader +newsreader_app_repository: https://forgejo.fudiggity.nl/sonny/newsreader +newsreader_app_ref: 0.5.3 +newsreader_app_dir: /srv/docker/newsreader + +newsreader_postgres_host: db +newsreader_postgres_port: 5432 +newsreader_postgres_db: newsreader +newsreader_postgres_user: newsreader +newsreader_postgres_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65613063373266623636626561646639393263313030386337633737636137363730353561356339 + 6433646638316465623338396637623732623563643561640a616639393639356533316431663665 + 30646637363364353062353338303331343234626138653037373661636234373238343264356265 + 6539643939376662650a613631636531383534666435383763613038393966633031353765323234 + 62613865373661333661373562366466333732663737643739663862376466646331386133326364 + 6638366665623036666634616131636634663933323136303334 + +newsreader_django_settings_module: newsreader.conf.production +newsreader_django_secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65353236663439393937623930623830313365663766663966343661376662366131313838316536 + 3430633837666138633063333630373338366331653865320a646563663262656464636434323166 + 63616435356533643735343165363761336537616439303464353164633233626632666263636633 + 3237613866353131300a653366313635313365623539393438383434653134396137666533353063 + 63363335643135653535613231653434653566343964363431636264633963326239646633663031 + 38323266326165303064333666653630316634383864666232376165393362323261363833376334 + 323636376639353730366332323039633036 + +newsreader_sentry_dsn: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33323865313232393535336363613261663030656465323734323266303837393561633435613736 + 3135353435633337346363316262373431393738303033390a333230343037656266366539323366 + 31373761356431666332396665393564656662396339393531326232366333323861376133653664 + 3739646664623230630a366239623838393766666237643663626261636237393839646136303931 + 66396263623432636430643839336463343438383461646165666131633762646438663532313633 + 66343562376632316665356163633064336530346463636432396537363938363062333861656362 + 63333832663737396330366430336632376638393632656565376436653839363634373437376261 + 36313337616533633239 diff --git a/playbook.yml b/playbook.yml index 1e04ecf..17d39fa 100644 --- a/playbook.yml +++ b/playbook.yml @@ -61,6 +61,10 @@ - name: Woodpecker CI provisioning ansible.builtin.import_tasks: tasks/woodpecker_ci.yml tags: woodpecker-ci + + - name: Newsreader provisioning + ansible.builtin.import_tasks: tasks/newsreader.yml + tags: newsreader handlers: - name: Import handlers ansible.builtin.import_tasks: 'handlers.yml' diff --git a/tasks/newsreader.yml b/tasks/newsreader.yml new file mode 100644 index 0000000..411999c --- /dev/null +++ b/tasks/newsreader.yml @@ -0,0 +1,58 @@ +- name: Create newsreader app directory + become: true + ansible.builtin.file: + path: '{{ newsreader_app_dir }}' + state: directory + owner: sonny + group: sonny + mode: '0755' + +- name: Clone project + ansible.builtin.git: + repo: '{{ newsreader_app_repository }}' + dest: '{{ newsreader_app_dir }}' + version: '{{ newsreader_app_ref }}' + +- name: Copy templates + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '{{ item.mode }}' + loop: + - src: templates/newsreader/env.j2 + dest: '{{ newsreader_app_dir }}/.production.env' + mode: '0750' + - src: templates/newsreader/docker-compose.j2 + dest: '{{ newsreader_app_dir }}/docker-compose.resources.yml' + mode: '0750' + +- name: Stop current containers + community.docker.docker_compose_v2: + project_src: '{{ newsreader_app_dir }}' + env_files: + - .production.env + state: absent + +- name: Remove dangling containers + community.docker.docker_compose_v2: + project_src: '{{ newsreader_app_dir }}' + remove_orphans: true + state: absent + +# Note: requires python's requests module +- name: Remove static volume + community.docker.docker_volume: + volume_name: newsreader_static-files + state: absent + +- name: Start container + community.docker.docker_compose_v2: + env_files: + - .production.env + files: + - docker-compose.yml + - docker-compose.production.yml + - docker-compose.resources.yml + project_src: '{{ newsreader_app_dir }}' + build: always + state: present diff --git a/templates/newsreader/docker-compose.j2 b/templates/newsreader/docker-compose.j2 new file mode 100644 index 0000000..8390ae8 --- /dev/null +++ b/templates/newsreader/docker-compose.j2 @@ -0,0 +1,37 @@ +# {{ ansible_managed }} + +x-web-resources: &web-resources + deploy: + resources: + limits: + cpus: '2' + memory: 2GB + +services: + db: + restart: always + deploy: + resources: + limits: + cpus: '4' + + rabbitmq: + restart: always + + memcached: + restart: always + + celery: + <<: *web-resources + restart: always + + django: + <<: *web-resources + deploy: + resources: + limits: + memory: 4GB + restart: always + + nginx: + restart: always diff --git a/templates/newsreader/env.j2 b/templates/newsreader/env.j2 new file mode 100644 index 0000000..a236eb0 --- /dev/null +++ b/templates/newsreader/env.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +POSTGRES_HOST='{{ newsreader_postgres_host }}' +POSTGRES_PORT='{{ newsreader_postgres_port }}' +POSTGRES_DB='{{ newsreader_postgres_db }}' +POSTGRES_USER='{{ newsreader_postgres_user }}' +POSTGRES_PASSWORD='{{ newsreader_postgres_password }}' + +NGINX_HTTP_PORT='{{ newsreader_nginx_port }}' + +DJANGO_SETTINGS_MODULE='{{ newsreader_django_settings_module }}' +DJANGO_SECRET_KEY='{{ newsreader_django_secret_key }}' + +VERSION='{{ newsreader_app_ref }}' + +SENTRY_DSN='{{ newsreader_sentry_dsn }}' diff --git a/templates/nginx/newsreader.j2 b/templates/nginx/newsreader.j2 index 20137a8..af0dcb0 100644 --- a/templates/nginx/newsreader.j2 +++ b/templates/nginx/newsreader.j2 @@ -17,13 +17,13 @@ server { proxy_connect_timeout 90; proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://{{ newsreader_ip }}:{{ newsreader_port }}; + proxy_pass http://{{ newsreader_ip }}:{{ newsreader_port }}; } }