A roles/containers/homepage/README.org => roles/containers/homepage/README.org +13 -0
@@ 0,0 1,13 @@
+* container/alpine-mirror
+Ansible role used to setup a rsyncd+nginx static file server
+which can be used to publish assets and download them.
+
+#+begin_src yaml
+alpine_mirror_domain: "mirror.ccw.icu"
+alpine_mirror_user: "deploy"
+alpine_mirror_token: "changeme"
+alpine_mirror_bucket: "aports"
+alpine_mirror_project_dir: "mirror"
+alpine_mirror_backend_port: "29027"
+alpine_mirror_frontend_port: "9027"
+#+end_src
A roles/containers/homepage/defaults/main.yml => roles/containers/homepage/defaults/main.yml +8 -0
@@ 0,0 1,8 @@
+---
+homepage_domain: "ccw.icu"
+homepage_user: "deploy"
+homepage_token: "changeme"
+homepage_bucket: "pages"
+homepage_project_dir: "pages"
+homepage_backend_port: "29463"
+homepage_frontend_port: "9463"
A roles/containers/homepage/handlers/main.yml => roles/containers/homepage/handlers/main.yml +6 -0
@@ 0,0 1,6 @@
+---
+- name: Restart nftables
+ become: true
+ ansible.builtin.service:
+ name: nftables
+ state: restarted
A roles/containers/homepage/tasks/caddy.yml => roles/containers/homepage/tasks/caddy.yml +29 -0
@@ 0,0 1,29 @@
+---
+- name: Make sure homepage caddy reverse proxy config exists
+ become: true
+ vars:
+ project_domain: "{{ homepage_domain }}"
+ project_port: "{{ homepage_frontend_port }}"
+ ansible.builtin.template:
+ src: ../../../network/caddy/templates/reverse-proxy.template
+ dest: /etc/caddy/homepage
+ mode: "0644"
+ validate: caddy validate --adapter caddyfile --config %s
+ register: projectconfig
+
+- name: Make sure caddy links to the homepage config
+ become: true
+ ansible.builtin.lineinfile:
+ path: /etc/caddy/Caddyfile
+ mode: "0644"
+ search_string: ^import /etc/caddy/homepage
+ line: import /etc/caddy/homepage
+ validate: caddy validate --adapter caddyfile --config %s
+ register: caddyconfig
+
+- name: Restart caddy
+ become: true
+ ansible.builtin.service:
+ name: caddy
+ state: restarted
+ when: caddyconfig.changed or projectconfig.changed
A roles/containers/homepage/tasks/main.yml => roles/containers/homepage/tasks/main.yml +7 -0
@@ 0,0 1,7 @@
+---
+- name: Setup homepage docker images
+ ansible.builtin.include_tasks: setup.yml
+- name: Setup homepage reverse proxy
+ ansible.builtin.include_tasks: caddy.yml
+- name: Ensure the homepage backend can be accessed by the CI
+ ansible.builtin.include_tasks: nftables.yml
A roles/containers/homepage/tasks/nftables.yml => roles/containers/homepage/tasks/nftables.yml +8 -0
@@ 0,0 1,8 @@
+---
+- name: Make sure the nftables vpn rule exists
+ become: true
+ ansible.builtin.template:
+ mode: "0644"
+ src: 53_rsync.nft
+ dest: /etc/nftables.d/53_homepage.nft
+ notify: Restart nftables
A roles/containers/homepage/tasks/setup.yml => roles/containers/homepage/tasks/setup.yml +39 -0
@@ 0,0 1,39 @@
+---
+- name: Ensure homepage-project-dir exists
+ ansible.builtin.file:
+ path: "{{ container_dir }}/{{ homepage_project_dir }}"
+ state: directory
+ recurse: true
+
+- name: Create rsync file server docker container
+ community.docker.docker_container:
+ name: homepage-backend
+ image: codeberg.org/comcloudway/docker-rsyncd:latest
+ restart_policy: unless-stopped
+ env:
+ RSYNC_USER: "{{ homepage_user }}"
+ RSYNC_PASS: "{{ homepage_token }}"
+ BUCKET_NAME: "{{ homepage_bucket }}"
+ volumes:
+ - "{{ container_dir }}/{{ homepage_project_dir }}/files:/storage"
+ ports:
+ - "{{ homepage_backend_port }}:873"
+
+- name: Make sure nginx static file server config is installed
+ ansible.builtin.template:
+ src: "nginx.conf"
+ dest: "{{ container_dir }}/{{ homepage_project_dir }}/nginx.conf"
+ mode: "0644"
+
+- name: Create nginx file server docker container
+ community.docker.docker_container:
+ name: homepage-frontend
+ image: nginx:mainline-alpine
+ restart_policy: unless-stopped
+ volumes:
+ - "{{ container_dir }}/{{ homepage_project_dir }}/files:\
+ /usr/share/nginx/html/:ro"
+ - "{{ container_dir }}/{{ homepage_project_dir }}/nginx.conf:\
+ /etc/nginx/conf.d/default.conf/:ro"
+ ports:
+ - "{{ homepage_frontend_port }}:80"
A roles/containers/homepage/templates/53_rsync.nft => roles/containers/homepage/templates/53_rsync.nft +8 -0
@@ 0,0 1,8 @@
+#!/usr/sbin/nft -f
+
+table inet filter {
+ chain input {
+ # allow homepage rsync access
+ tcp dport {{ homepage_backend_port }} accept comment "Allow Homepage deployment"
+ }
+}
A roles/containers/homepage/templates/nginx.conf => roles/containers/homepage/templates/nginx.conf +8 -0
@@ 0,0 1,8 @@
+server {
+ listen 80;
+ server_name default;
+ location / {
+ root /usr/share/nginx/html;
+ autoindex on;
+ }
+}
M run.yml => run.yml +5 -0
@@ 69,3 69,8 @@
roles:
- role: containers/alpine-mirror
tags: aports
+- name: Setup homepage
+ hosts: all
+ roles:
+ - role: containers/homepage
+ tags: homepage