Add transip client provisioning

2025-05-03 17:36:21 +02:00 · 2025-05-03 17:36:21 +02:00 · f052126445
commit f052126445
parent b7d5b72345
10 changed files with 223 additions and 0 deletions
--- a/files/transip_client/private_key.key
+++ b/files/transip_client/private_key.key
@ -0,0 +1,90 @@
+$ANSIBLE_VAULT;1.1;AES256
+33336137326162636264613466393865633065653136333132313862393939393338643262323166
+6665326136613031643832306463656539316261666165390a353038396630643832386664393263
+39393464373465366335366463356337653466376263353461613166363632303335613030323362
+3836306631336538630a643162303831363864353833333265616662326266313538363564353864
+33663234323863653932623731353264316430343463343939633265633433323932653733343164
+34376365663135363665313562376361353561663539363934353433343635373139643764353337
+64646434383562303431623530336437643131323830653732396133333635333734616139313665
+62316162623864636661333061303330653735313161356565303365643832666261643766373934
+66336666396532373131643133613064356634376437336634636139653231303565643732663164
+65313833643238343735646335333631326266313835623963313761336630616561366532666539
+64643665653138326438383939666632313634303031346331643539643438356636383532616437
+34323964333065363236363531623564643365633338383566346138613234663533393163356237
+35386232626366353761383666366165306462316164643066653938313833343130663032393063
+37306135353633306537326466346236343433633961643863386565356231396335626639333136
+36616237303362396639363465333565326438616632343332363336653565613163643831363238
+61303738356132323939623466353436366332336166373061383465646461663034383763653762
+66373538326539343635643731626235363939613031623732383439303031306239393565333936
+32646430333735633536376538626638663937356532336666653235333632613761396334326662
+36633338643033663333323339613262373163306139666335386164363035303130636434656633
+35613265313662346534303833646238663365303830643364316431396533623562366566636666
+61393432336234643134343964646634383033333233303733363336336432623536613034386430
+64393363333363303239666262383764623832636636656232366538353464353266363262333339
+65633933303064623734373734636634633063316631313466616238633134386337613438366239
+31623565633066613731373466316333396262386262323233333132383666326234383633323635
+34643364613136306564323765323164316162356339326532353466353335393732656363303964
+31626263333361633631336138363835633138646261326163313336316633636564343761626234
+33656664396132353437376164313232353062323532303538303061616530383635316661333565
+36333633373064326539343239383961656461363330396366643463326236373135306364646238
+62306361636438333966643562616138663031356439616236353738343735333630633236656662
+66313531616633356666633132373137633035396337613735653337313433383566306164363330
+65653462303131663630653863366262353162363764613237363536343137656638373731313464
+38636364303461333962616564633737323030623739353836646564303461353365643831613632
+30303634666361623062306337376333663965663831633066633539343030396263663166366233
+31383839363063393534616336363164303665336166343739656563353333386233386662303662
+61663731623735623634643939353037663561623866646137656638666331366331336266323037
+62633138346264346435616434366635633932643633396230396263303330333239636362336361
+30323435623038393263346639356163376261323138323166376336626339353936393637623262
+34396634616266663532643231663663323431353366653664643538393763616262353437636365
+34383534373762343262343862663466343738356361373162303262336161326466316564383663
+32623938303439303233356239373464666532653839386533656432616239313462646432326638
+62386533633963643331383863313565643565303730616435613736663262343731366534323235
+37623264616232323038646137643366376530343436323733663361356362326131366436623738
+61663637333039383830323532363938333632613264336238313663613633316633653231363666
+32653830666564313433363333663737636235303739393835383935633434623662363631303338
+38633933643566396666326638633163636333613663633037626166613564373437646165343066
+34383930653633386361646364626530353636383039396130623362613562376461393762626661
+39356437623363396231653466326239646330313262373063656138653762613665363737343063
+34313037613431626431363731653232316666313963386637346663666665363837333939353538
+34396231663539396465313734383839383935653935633235376263303930323437636135663631
+34616430373638393037313137643665626439623730386230643030643433613134623732323435
+33356238643766613931333837313661353664333264333038663266333037373736663663306639
+61303033343530316361333430656132356131303536353535653964373963333763353563636563
+30626562373734343533613432396230303536393437323633613233373138653865383131373362
+36326565633739666434636239333062323632376338316632303434383536393665626239383366
+62373637393064356231656564386430613837626363363865356263376437346266656466613136
+66633465376134306332623232396239376234633039666631326134643931373263396233353661
+37333566633739366462316130383365323130626230343564373532633734333263646133313633
+64643063376266376630383835323435633565643232383435396663366533363439353862346230
+30306331613465303334346465656535653336626664613732656536633932343065313334666461
+36393338313535386532613139323930633235303161316138376533373333653664363365356338
+63613965363965383731343337396561396637376638353633373230343465343134616635323061
+65656630333731353763366231383737323565386633653931343062326538376464306364326662
+63623531333664363335363762623039336264356465386665373731313361353139623166643062
+34303366313835303137343232383337323739346237383331363331393233396139393930313133
+30393333353965323833343963323264613439313731623861623538643336656564356634373664
+32303737653630326438316262623739666338326538613364376632343562316263346661343738
+65383762643432306362383531633232373737306138386630386434623733636361336339343635
+30363137633161383036303864646135393162653337383163656433386561383064656164656138
+62613235636634643139656262316464613436316231383464313162643964396264316439376565
+63313662323638333933326538303332393633333736303866383938393430623132643530656238
+62643938343736373832333731663333336636653038613533616366623763303830306463353466
+31626636333931613836346261396264313931386437323430396430383939333436376561613835
+31303163666233633233396564366431366461333732616137393030633535343462393165666666
+35636431343236383831373633306632613835303862353661323935656431326461316535353130
+63306530323866356432393335653535363033346235663237303236623936613932303663333238
+35313365396636656535663661346633383039353532393065316661626366353430323332373166
+36613064366464623438383037663436663637353638323264343437326366653464313739346531
+31626638383662623938336261366661666634343063653336616166643831333935653539663931
+38343734616362323037353365373537393336663432373831383437613238386230653639343832
+39343539616136343131623563666436336130376665616432343263373738393164393536383164
+33633766653262313338636230393338373261613836653933353537656231343539336237316135
+31323430366230316337303632356535373932316166393763326138306663626465336336616364
+32653132306262383235633531636165393532323031393030646231363537373532356138346633
+38333464313961386631356162313064396361393563313139343533623837653063666239343135
+63353732613566653833316335646433633334396532396264363335613839353064653933643839
+64663239646265393938643534306363633066633839666535346432316131383761363162363734
+65646463376661386265616533666163396561313336353339626534623338636235666534646333
+32313937383566346539623032623634303066326234666136643735376531396662613733333763
+34363931353161303539393066646537316264666563353935633232353731653838
--- a/handlers.yml
+++ b/handlers.yml
@ -40,6 +40,14 @@
    state: restarted
    enabled: true

+- name: enable transip-client timer
+  become: true
+  systemd:
+    daemon-reload: true
+    name: transip-client.timer
+    state: restarted
+    enabled: true
+
 - name: regenerate initramfs
  become: true
  command: update-initramfs -u -k all
--- a/host_vars/fudiggity/main.yml
+++ b/host_vars/fudiggity/main.yml
@ -19,3 +19,5 @@ hostname: 'fudiggity'
 xdg_config_dir: '/home/sonny/.config'
 xdg_data_dir: '/home/sonny/.local/share'
 xdg_state_dir: '/home/sonny/.local/state'
+
+systemd_service_dir: /etc/systemd/system
--- a/host_vars/fudiggity/transip_client.yml
+++ b/host_vars/fudiggity/transip_client.yml
@ -0,0 +1,28 @@
+transip_client_repository: https://forgejo.fudiggity.nl/sonny/transip-client
+
+transip_client_app_ref: 0.7.0
+transip_client_image_name: transip-client:0.7.0
+transip_client_login: SonnyBakker
+
+transip_client_app_dir: /home/sonny/apps/transip_client
+transip_client_private_key_src_path: /home/sonny/.ssh/transip-client.key
+transip_client_private_key_dest_path: /app/transip-client.key
+
+transip_client_env_src_path: /home/sonny/apps/transip_client/.env
+transip_client_env_dest_path: /app/.env
+
+transip_client_start_script: /home/sonny/apps/transip_client/start.sh
+
+transip_client_app_domains:
+  - fudiggity.nl
+
+transip_client_sentry_dsn: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  65363436646537353934623163613439376232636238356331363137623431393831313964663737
+  6532613530623935383135616232356265623565306363370a353563663664343362303766633939
+  36346635373766663335303033623963633430313963646237613432396634613631616634383061
+  6434356362643061380a373136396436396162353663316633643536343730333639336363666666
+  62323134363236323561303538623038373263643966366338653761303765646366386235613765
+  65396262373061393135376136623936633261343733306237653466623063336131616262623665
+  32356130653339316232323339336663326363636465343631376331353738343363393461656364
+  64366231366163303833
--- a/playbook.yml
+++ b/playbook.yml
@ -65,6 +65,10 @@
    - name: Newsreader provisioning
      ansible.builtin.import_tasks: tasks/newsreader.yml
      tags: newsreader
+
+    - name: Transip client provisioning
+      ansible.builtin.import_tasks: tasks/transip_client.yml
+      tags: transip-client
  handlers:
    - name: Import handlers
      ansible.builtin.import_tasks: 'handlers.yml'
--- a/tasks/transip_client.yml
+++ b/tasks/transip_client.yml
@ -0,0 +1,54 @@
+- name: Create application directory
+  ansible.builtin.file:
+    path: '{{ transip_client_app_dir }}'
+    state: directory
+    mode: '0755'
+
+- name: Clone project
+  ansible.builtin.git:
+    repo: '{{ transip_client_repository }}'
+    dest: '{{ transip_client_app_dir }}'
+    version: '{{ transip_client_app_ref }}'
+
+- name: Copy environment variables file
+  ansible.builtin.template:
+    src: templates/transip_client/env.j2
+    dest: '{{ transip_client_env_src_path }}'
+    mode: '0640'
+
+- name: Copy private key file
+  ansible.builtin.copy:
+    src: files/transip_client/private_key.key
+    dest: '{{ transip_client_private_key_src_path }}'
+    mode: '0600'
+
+- name: Build docker image
+  community.docker.docker_image_build:
+    name: '{{ transip_client_image_name }}'
+    path: '{{ transip_client_app_dir }}'
+    dockerfile: '{{ transip_client_app_dir }}/Dockerfile'
+    rebuild: always
+    args:
+      UV_ARGS: "--extra sentry-enabled"
+
+- name: Copy start script
+  ansible.builtin.template:
+    src: templates/transip_client/start.j2
+    dest: '{{ transip_client_start_script }}'
+    mode: '0750'
+
+- name: Copy systemd templates
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '{{ item.mode }}'
+  loop:
+    - src: templates/transip_client/timer.j2
+      dest: '{{ systemd_service_dir }}/transip-client.timer'
+      mode: '0644'
+
+    - src: templates/transip_client/service.j2
+      dest: '{{ systemd_service_dir }}/transip-client.service'
+      mode: '0640'
+  notify: enable transip-client timer
--- a/templates/transip_client/env.j2
+++ b/templates/transip_client/env.j2
@ -0,0 +1,3 @@
+SENTRY_DSN="{{ transip_client_sentry_dsn }}"
+VERSION="{{ transip_client_app_ref }}"
+ENVIRONMENT="production"
--- a/templates/transip_client/service.j2
+++ b/templates/transip_client/service.j2
@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+#
+
+[Unit]
+Description=Transip client service
+
+[Service]
+Type=oneshot
+User=sonny
+ExecStart={{ transip_client_start_script }}
--- a/templates/transip_client/start.j2
+++ b/templates/transip_client/start.j2
@ -0,0 +1,10 @@
+#!/bin/bash
+
+/usr/bin/docker container run \
+  --rm \
+  --volume {{ transip_client_private_key_src_path }}:{{ transip_client_private_key_dest_path }} \
+  --volume {{ transip_client_env_src_path }}:{{ transip_client_env_dest_path }} \
+  {{ transip_client_image_name }} \
+  {{ transip_client_login }} \
+  {{ transip_client_private_key_dest_path }} \
+  {{ transip_client_app_domains|join(' ') }}
--- a/templates/transip_client/timer.j2
+++ b/templates/transip_client/timer.j2
@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+#
+
+[Unit]
+Description=Transip client timer
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=35min
+Unit=transip-client.service
+Persistent=true
+
+[Install]
+WantedBy=timers.target