Include newsreader provisioning

host_vars/fudiggity/network.yml

@@ -44,7 +44,7 @@ woodpecker_app_port: 7000
 woodpecker_domain: woodpecker.fudiggity.nl
 
 newsreader_ip: 127.0.0.1
-newsreader_port: 5000
+newsreader_nginx_port: 5000
 newsreader_domain: rss.fudiggity.nl
 
 glitchtip_ip: 127.0.0.1

host_vars/fudiggity/newsreader.yml

@@ -0,0 +1,39 @@
+newsreader_app_name: newsreader
+newsreader_app_repository: https://forgejo.fudiggity.nl/sonny/newsreader
+newsreader_app_ref: 0.5.3
+newsreader_app_dir: /srv/docker/newsreader
+
+newsreader_postgres_host: db
+newsreader_postgres_port: 5432
+newsreader_postgres_db: newsreader
+newsreader_postgres_user: newsreader
+newsreader_postgres_password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      65613063373266623636626561646639393263313030386337633737636137363730353561356339
+      6433646638316465623338396637623732623563643561640a616639393639356533316431663665
+      30646637363364353062353338303331343234626138653037373661636234373238343264356265
+      6539643939376662650a613631636531383534666435383763613038393966633031353765323234
+      62613865373661333661373562366466333732663737643739663862376466646331386133326364
+      6638366665623036666634616131636634663933323136303334
+
+newsreader_django_settings_module: newsreader.conf.production
+newsreader_django_secret_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      65353236663439393937623930623830313365663766663966343661376662366131313838316536
+      3430633837666138633063333630373338366331653865320a646563663262656464636434323166
+      63616435356533643735343165363761336537616439303464353164633233626632666263636633
+      3237613866353131300a653366313635313365623539393438383434653134396137666533353063
+      63363335643135653535613231653434653566343964363431636264633963326239646633663031
+      38323266326165303064333666653630316634383864666232376165393362323261363833376334
+      323636376639353730366332323039633036
+
+newsreader_sentry_dsn: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      33323865313232393535336363613261663030656465323734323266303837393561633435613736
+      3135353435633337346363316262373431393738303033390a333230343037656266366539323366
+      31373761356431666332396665393564656662396339393531326232366333323861376133653664
+      3739646664623230630a366239623838393766666237643663626261636237393839646136303931
+      66396263623432636430643839336463343438383461646165666131633762646438663532313633
+      66343562376632316665356163633064336530346463636432396537363938363062333861656362
+      63333832663737396330366430336632376638393632656565376436653839363634373437376261
+      36313337616533633239

playbook.yml

@@ -61,6 +61,10 @@
     - name: Woodpecker CI provisioning
       ansible.builtin.import_tasks: tasks/woodpecker_ci.yml
       tags: woodpecker-ci
+
+    - name: Newsreader provisioning
+      ansible.builtin.import_tasks: tasks/newsreader.yml
+      tags: newsreader
   handlers:
     - name: Import handlers
       ansible.builtin.import_tasks: 'handlers.yml'

tasks/newsreader.yml

@@ -0,0 +1,58 @@
+- name: Create newsreader app directory
+  become: true
+  ansible.builtin.file:
+    path: '{{ newsreader_app_dir }}'
+    state: directory
+    owner: sonny
+    group: sonny
+    mode: '0755'
+
+- name: Clone project
+  ansible.builtin.git:
+    repo: '{{ newsreader_app_repository }}'
+    dest: '{{ newsreader_app_dir }}'
+    version: '{{ newsreader_app_ref }}'
+
+- name: Copy templates
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '{{ item.mode }}'
+  loop:
+    - src: templates/newsreader/env.j2
+      dest: '{{ newsreader_app_dir }}/.production.env'
+      mode: '0750'
+    - src: templates/newsreader/docker-compose.j2
+      dest: '{{ newsreader_app_dir }}/docker-compose.resources.yml'
+      mode: '0750'
+
+- name: Stop current containers
+  community.docker.docker_compose_v2:
+    project_src: '{{ newsreader_app_dir }}'
+    env_files:
+      - .production.env
+    state: absent
+
+- name: Remove dangling containers
+  community.docker.docker_compose_v2:
+    project_src: '{{ newsreader_app_dir }}'
+    remove_orphans: true
+    state: absent
+
+# Note: requires python's requests module
+- name: Remove static volume
+  community.docker.docker_volume:
+    volume_name: newsreader_static-files
+    state: absent
+
+- name: Start container
+  community.docker.docker_compose_v2:
+    env_files:
+      - .production.env
+    files:
+      - docker-compose.yml
+      - docker-compose.production.yml
+      - docker-compose.resources.yml
+    project_src: '{{ newsreader_app_dir }}'
+    build: always
+    state: present

templates/newsreader/docker-compose.j2

@@ -0,0 +1,37 @@
+# {{ ansible_managed }}
+
+x-web-resources: &web-resources
+  deploy:
+    resources:
+      limits:
+        cpus: '2'
+        memory: 2GB
+
+services:
+  db:
+    restart: always
+    deploy:
+      resources:
+        limits:
+          cpus: '4'
+
+  rabbitmq:
+    restart: always
+
+  memcached:
+    restart: always
+
+  celery:
+    <<: *web-resources
+    restart: always
+
+  django:
+    <<: *web-resources
+    deploy:
+      resources:
+        limits:
+          memory: 4GB
+    restart: always
+
+  nginx:
+    restart: always

templates/newsreader/env.j2

@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+
+POSTGRES_HOST='{{ newsreader_postgres_host }}'
+POSTGRES_PORT='{{ newsreader_postgres_port }}'
+POSTGRES_DB='{{ newsreader_postgres_db }}'
+POSTGRES_USER='{{ newsreader_postgres_user }}'
+POSTGRES_PASSWORD='{{ newsreader_postgres_password }}'
+
+NGINX_HTTP_PORT='{{ newsreader_nginx_port }}'
+
+DJANGO_SETTINGS_MODULE='{{ newsreader_django_settings_module }}'
+DJANGO_SECRET_KEY='{{ newsreader_django_secret_key }}'
+
+VERSION='{{ newsreader_app_ref }}'
+
+SENTRY_DSN='{{ newsreader_sentry_dsn }}'

templates/nginx/newsreader.j2

@@ -17,13 +17,13 @@ server {
 		proxy_connect_timeout   90;
 		proxy_redirect          off;
 
-		proxy_set_header Host 			$host;
+		proxy_set_header Host               $host;
-		proxy_set_header X-Real-IP 		$remote_addr;
+		proxy_set_header X-Real-IP          $remote_addr;
-		proxy_set_header X-Forwarded-For   	$proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Ssl     	on;
+		proxy_set_header X-Forwarded-Ssl    on;
-		proxy_set_header X-Forwarded-Proto 	$scheme;
+		proxy_set_header X-Forwarded-Proto  $scheme;
-		proxy_set_header X-Frame-Options 	SAMEORIGIN;
+		proxy_set_header X-Frame-Options    SAMEORIGIN;
 
-		proxy_pass 				http://{{ newsreader_ip }}:{{ newsreader_port }};
+		proxy_pass http://{{ newsreader_ip }}:{{ newsreader_port }};
 	}
 }