Komga was spiking CPU usage. Deleted

group_vars/all/secrets.yml

@@ -1,22 +1,34 @@
 $ANSIBLE_VAULT;1.1;AES256
-39373266356536656663653438363463633264366465316163353764366463383431376131643433
-6433303537373830643432633533663334326632656364390a303161333635343966393537303665
-65383565643732386333613139623235623262353834313464333136383637666361373764333164
-3138643563373137380a363934613635343431346339393130643266666532613438656535386535
-62643332656437326131336366396365666333346230613863306137353162313032393262303366
-38663932343962323161643836353031303638623037303831656464663664373265396163643661
-36623638353337663132336164336466383139613264353136663833633438303835333436386430
-61363832643136323933343261356236396363396266393932343732653664393931653237373832
-37303665353764343466333534323833396532373563663863363766303230616538343535316334
-31663139626562393837393163356337303236363739333738363735386434656437366232636666
-64393031323964313239346436323162356231366662623635323834356339323866653864333231
-61613464303065666262623466343165393238373232636637376434636538316639393437366236
-36386337313361383632333737313437386336326633353934656566343064636237623361366262
-63323632613336303237613764376636316166666530666136653661336232333536393231663936
-33396661636331663362663930323466346466383236353830313966363133366137353063613033
-31623936343865326336366361396464383733393561663962613039653466366235666364363162
-35623865646438336532313231343633663762643066303632353762343435663630363562313332
-37363237313662313933636630396231343134383034366330616134633233663537393334373332
-65343763313133353035623438646361613038333732613438303336643861333034383531336335
-34613530656664353238363231386565306134366131373538623631616334616463356637356164
-3939
+65353562636430376563366133363132626163613334633266323765333734633731323332653437
+6634666438313066323466343331346337353334336435310a336132333463633131353134336162
+66343637656233626336336461323836303665613334333938326532316330646235393965373164
+3430656664373764620a353832616537633532393731646633383738333362313138623862653661
+66373562393638623539373462623166656337326436326631333132346464656432323162616364
+34663161303434343234326232643234633530343738316334373064323237383839343232633264
+37643130663935363964616333653139653262303366656332373062626662373663656534633666
+61326363326561333834343765343565363465336335393535316663623532613839343461353830
+36356663356263613363663830623063306236323061353437326335393230323165613135366665
+66303863346531386538653064613238323666356662626533643534386336376334353837373764
+63316333343736623939373866353138396235356135326532386138396465396438613736346437
+33363038386332613336316538393962663465616666373931323939623737363934666534626238
+34626264336230333761643732333934636535303636373436343037666332663832323136323234
+62356336633038316161323234316231393065653838653839643861386430653238393934376439
+63616335623933383863613561363062386161343032383830373034383439653135333430303665
+63396464626637613133313964303134633934343262306163623534616134643431376138366161
+32346663333234343265313632616436643430363735643539616165633863336230396631333766
+62633439343361383535636338643438313664363561363434636464383532643536343366383161
+65613135316635396663626634386161373961363461353835396263646238653437373234313639
+32663365333561646332306263356330653037666437633630353333303535333937323435613630
+62343262646638613230376635336330653734376436356165383263643333336432636166343162
+64663332323565373236343533366665623531356336643139343833393462666532363435343130
+31623736663433343762646566323861373238373738306331383861336532396234343737313066
+30353936613838386661356437666463303662623730653038303364663666353130653064363331
+66623666666431633231376137663532616635383834373063383163313465646636646434363831
+35646261333830616134633066663338353338373533343636343036646636636539363762353466
+39303634323938613731393865333338336366363130656237333832393363326564626561633133
+65306361383531396466653764643366373832346266336437636563623038363564396663623239
+35653438343834363561633331663663383363643735363032643739313965343232613561383337
+65633263316632656434633539393635626664616136343861396639663536656465643439373032
+39353362333130323066323037373637353630356633623263383231633738633533646462366639
+38313738363361306130393135333862616464333962366164656266396239336530616161313664
+6462

hosts.yml

@@ -33,6 +33,8 @@ all:
           ansible_host: 10.89.0.107
         apps:
           ansible_host: 10.89.0.108
+        gitea_runners:
+          ansible_host: 10.89.0.109
     utility:
       hosts:
         observability_hub:

playbooks/nodes/apps.yml

@@ -15,9 +15,6 @@
     - role: apps/flowtodo
       vars:
         port: 7076
-    - role: apps/komga
-      vars:
-        port: 7080
     - role: apps/outline-wiki
       vars:
         port: 7083
@@ -59,6 +56,12 @@
     - role: apps/umami
       vars:
         port: 7088
+    - role: apps/scripthost
+      vars:
+        port: 7089
+    - role: apps/authentikate
+      vars:
+        port: 7090
   tasks:
     - name: Personal DW drop
       ansible.builtin.include_role:
@@ -66,16 +69,6 @@
       vars:
         port: 7077
         pin: "8989"
-
-    - name: Komga DW drop
-      ansible.builtin.include_role:
-        name: apps/dumbware-drop
-      vars:
-        container_name: dw-drop-komga-books
-        page_title: "Contribute to the book library"
-        port: 7081
-        pin: "1337"
-        directory: "komga/data/books"
     - name: Javier Feliz Blog 
       ansible.builtin.include_role:
         name: apps/ghost

playbooks/nodes/gitea-runners.yml

@@ -0,0 +1,10 @@
+---
+- name: Set up gitea runners node
+  hosts: gitea_runners
+  become: true
+  roles:
+      # - role: docker/install
+      # - role: docker/portainer
+      # - role: observability/prometheus-node-exporter
+      # - role: server/setup/sshkey
+      - role: services/gitea-act-runner

playbooks/proxy/external.yml

@@ -25,6 +25,9 @@
           - name: "share"
             host: "{{ lookup('hostip', 'apps') }}"
             port: 7078
+          - name: "run"
+            host: "{{ lookup('hostip', 'apps') }}"
+            port: 7089
       - name: "blinker.club"
         host: "{{ lookup('hostip', 'portainer_main') }}"
         port: 7575
@@ -101,3 +104,6 @@
           - name: "analytics"
             host: "{{ lookup('hostip', 'apps') }}"
             port: 7088
+          - name: "auth"
+            host: "{{ lookup('hostip', 'apps') }}"
+            port: 7090

roles/apps/authentikate/tasks/main.yml

@@ -0,0 +1,48 @@
+- name: Container data folder for oauth keys
+  ansible.builtin.include_role:
+    role: docker/container-data
+  vars:
+    dir_name: "authentikate" 
+
+- name: Make keys folder in container data
+  ansible.builtin.file:
+    path: "{{ container_data_base_path }}/authentikate/keys"
+    state: directory
+    mode: '0777'
+
+- name: Make avatars folder in container data
+  ansible.builtin.file:
+    path: "{{ container_data_base_path }}/authentikate/avatars"
+    state: directory
+    mode: '0777'
+
+- name: Create database
+  ansible.builtin.include_role:
+    role: app/database
+  vars:
+    app_name: "authentikate"
+
+- name: Deploy container
+  community.docker.docker_container:
+    image: gitgud.foo/thegrind/authentikate:latest
+    name: authentikate
+    pull: true
+    state: started
+    ports:
+      - "{{ port }}:8000"
+    env:
+      APP_URL: "https://auth.melab.fyi"
+      APP_NAME: "The Grind Auth"
+      APP_TIMEZONE: "America/New_York"
+      APP_KEY: "base64:5T2vyytKe4gILICvEoNqBxoiSFwrY4qZ0/264gDHJxI="
+      OCTANE_HTTPS: "true"
+      DB_CONNECTION: "pgsql"
+      DB_HOST: "{{ pg_host }}" 
+      DB_PORT: "{{ pg_port | string }}"
+      DB_DATABASE: "authentikate"
+      DB_USERNAME: "authentikate"
+      DB_PASSWORD: "password"
+      LOG_CHANNEL: daily
+    volumes:
+      - "{{container_data_base_path}}/authentikate/keys:/app/storage/oauth" 
+      - "{{container_data_base_path}}/authentikate/avatars:/app/storage/avatars" 

roles/apps/komga/tasks/main.yml

@@ -1,35 +0,0 @@
-# - name: Create DB
-#   ansible.builtin.include_role:
-#     name: app/database
-#   vars:
-#     app_name: "booklore"
-- name: Create data folder
-  ansible.builtin.include_role:
-    name: docker/container-data
-  vars:
-    dir_name: "komga"
-
-- name: Create necessary subfolders
-  ansible.builtin.file:
-    dest: "{{ container_data_base_path }}/komga/{{ item }}"
-    state: directory
-    mode: '0777'
-  loop:
-    - data
-    - "data/books"
-    - config
-
-- name: Deploy container
-  community.docker.docker_container:
-    name: komga-ebook-library
-    pull: true
-    state: started
-    image: gotson/komga
-    volumes:
-      - "{{ container_data_base_path }}/komga/config:/config"
-      - "{{ container_data_base_path }}/komga/data:/data"
-      - /etc/timezone:/etc/timezone
-    ports:
-      - "{{ port }}:25600"
-    user: "1000:1000"
-    restart_policy: unless-stopped

roles/apps/maxun/tasks/main.yml

@@ -0,0 +1,68 @@
+- name: Create database
+  ansible.builtin.include_role:
+    role: app/database
+  vars:
+    app_name: "maxun"
+
+- name: Deploy maxun backend 
+  community.docker.docker_container:
+    name: maxun-backend
+    image: getmaxun/maxun-backend:v0.0.18
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - "{{ backend_port }}:{{ backend_port }}"
+    env:
+      URL: "{{ backend_url }}"
+      PLAYWRIGHT_BROWSERS_PATH: "/ms-playwright"
+      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: "0"
+      CHROMIUM_FLAGS: "'--disable-gpu --no-sandbox --headless=new'"
+      # Adapted from the example .env
+      NODE_ENV: "production"
+      JWT_SECRET: "{{ maxun.jwt_secret }}"
+      DB_NAME: "maxun"
+      DB_USER: "maxun"
+      DB_PASSWORD: "password"
+      DB_HOST: "{{ pg_host }}"
+      DB_PORT: "{{ pg_port | string }}"
+      ENCRYPTION_KEY: "{{ maxun.app_key }}"
+      SESSION_SECRET: "{{ maxun.session_secret }}"
+
+      MINIO_ENDPOINT: "{{ lookup('hostip', 'prod_services') }}"
+      MINIO_PORT: "5002"
+      MINIO_CONSOLE_PORT: "5001"
+      MINIO_ACCESS_KEY: "K8YFuQFhUm8i7F9KuAMy"
+      MINIO_SECRET_KEY: "Vw9MGxOQWe3MaBjTBnqK8VxL1YGwQxEgLC1A6ZwO"
+      REDIS_HOST: "{{ lookup('hostip', 'prod_services') }}"
+      REDIS_PORT: "6379"
+      REDIS_PASSWORD: ""
+
+      # Backend and Frontend URLs and Ports
+      BACKEND_PORT: "{{ backend_port | string }}" # Port to run backend on. Needed for Docker setup 
+      FRONTEND_PORT: "{{ frontend_port | string }}" # Port to run frontend on. Needed for Docker setup 
+      VITE_BACKEND_URL: "{{ backend_url }}" 
+      VITE_PUBLIC_URL: "{{ frontend_url }}" 
+      MAXUN_TELEMETRY: "false"
+    security_opts:
+      - seccomp=unconfined
+    shm_size: "2G"
+    memory_reservation: "2G"
+    volumes:
+      - "/var/run/dbus:/var/run/dbus"
+
+- name: Deploy maxun front end
+  community.docker.docker_container:
+    name: maxun-frontend
+    image: getmaxun/maxun-frontend:v0.0.18
+    state: started
+    ports:
+      - "{{ frontend_port }}:5173"
+    env:
+      PUBLIC_URL: "{{ frontend_url }}" 
+      BACKEND_URL: "{{ backend_url }}"
+      NODE_ENV: "production"
+      MAXUN_TELEMETRY: "false"
+      BACKEND_PORT: "{{ backend_port | string }}" # Port to run backend on. Needed for Docker setup 
+      FRONTEND_PORT: "{{ frontend_port | string }}" # Port to run frontend on. Needed for Docker setup 
+      VITE_BACKEND_URL: "{{ backend_url }}" 
+      VITE_PUBLIC_URL: "{{ frontend_url }}" 

roles/apps/scripthost/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: Create database
+  ansible.builtin.include_role:
+    role: app/database
+  vars:
+    app_name: "scripthost"
+
+- name: Deploy container
+  community.docker.docker_container:
+    image: gitgud.foo/thegrind/scripthost
+    name: scripthost
+    pull: true
+    state: started
+    ports:
+      - "{{ port }}:8000"
+    env:
+      APP_URL: "https://run.thatshit.live"
+      APP_TIMEZONE: "America/New_York"
+      APP_KEY: "base64:rq0EBhrppwplUkdUPnN6G54nSn+pUiZE1T0WG6Q3gzc="
+      OCTANE_HTTPS: "true"
+      DB_CONNECTION: "pgsql"
+      DB_HOST: "{{ pg_host }}" 
+      DB_PORT: "{{ pg_port | string }}"
+      DB_DATABASE: "scripthost"
+      DB_USERNAME: "scripthost"
+      DB_PASSWORD: "password"

roles/caddy/proxy/templates/Caddyfile.j2

@@ -37,6 +37,17 @@
     {% for site in domain.sites %}
         @{{ site.name }} host {{ site.name }}.{{ base_domain }}
         handle @{{ site.name }} {
+            {% if site.api_path is defined %}
+            handle_path /{{ site.api_path }}/* {
+                reverse_proxy {{ site.host }}:{{ site.api_port }} {
+                    transport http {
+                        {% for opt in (site.api_transport_opts | default([])) %}
+                        {{ opt }}
+                        {% endfor %}
+                    }
+                }
+            }
+            {% endif %}
             reverse_proxy {{ site.host }}:{{ site.port }} {
                 transport http {
                     {% for opt in (site.transport_opts | default([])) %}

roles/observability/prometheus-node-exporter/tasks/main.yml

@@ -1,4 +1,4 @@
-- name: Deploy node exporter container
+- name: deploy node exporter container
   community.docker.docker_container:
     name: prometheus-node-exporter
     image: quay.io/prometheus/node-exporter:latest
@@ -7,6 +7,6 @@
     restart: true
     network_mode: host
     pid_mode: host
-    restart_policy: unless-stopped
+    restart_policy: always 
     volumes:
       - '/:/host:ro,rslave'

roles/services/gitea-act-runner/tasks/main.yml

@@ -0,0 +1,61 @@
+- name: Ensure act_runner user exists
+  ansible.builtin.user:
+    name: "{{ gitea_runner_user }}"
+    groups: "{{ gitea_runner_group }}"
+    append: true
+    shell: /bin/bash
+
+- name: Create data directory
+  ansible.builtin.file:
+    path: "{{ gitea_runner_data_dir }}"
+    state: directory
+    owner: "{{ gitea_runner_user }}"
+    group: "{{ gitea_runner_group }}"
+    mode: "0755"
+
+- name: Download act_runner binary
+  ansible.builtin.get_url:
+    url: "{{ gitea_runner_download_url }}"
+    dest: "{{ gitea_runner_install_path }}"
+    mode: "0755"
+
+- name: Generate act_runner config
+  ansible.builtin.template:
+    src: config.yml.j2
+    dest: "{{ gitea_runner_config_path }}"
+    owner: "{{ gitea_runner_user }}"
+    group: "{{ gitea_runner_group }}"
+    mode: "0644"
+
+- name: Register runner
+  become: true
+  ansible.builtin.shell: >
+    rm -f {{ gitea_runner_data_dir }}/.runner &&
+    sudo -u {{ gitea_runner_user }} {{ gitea_runner_install_path }} register
+    --no-interactive
+    --config {{ gitea_runner_config_path }}
+    --instance {{ gitea_instance_url }}
+    --token {{ gitea_runner_token }}
+    --name {{ gitea_runner_name }}
+    --labels {{ gitea_runner_labels | join(',') }}
+  args:
+    chdir: "{{ gitea_runner_data_dir }}"
+    executable: /bin/bash
+
+- name: Install systemd service
+  ansible.builtin.template:
+    src: act_runner.service.j2
+    dest: /etc/systemd/system/act_runner.service
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Enable and start act_runner
+  ansible.builtin.systemd:
+    name: act_runner
+    enabled: true
+    state: restarted

roles/services/gitea-act-runner/templates/act_runner.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=Gitea Actions runner
+After=docker.service
+
+[Service]
+ExecStart={{ gitea_runner_install_path }} daemon --config {{ gitea_runner_config_path }}
+WorkingDirectory={{ gitea_runner_data_dir }}
+Restart=always
+RestartSec=10
+User={{ gitea_runner_user }}
+
+[Install]
+WantedBy=multi-user.target

roles/services/gitea-act-runner/templates/config.yml.j2

@@ -0,0 +1,18 @@
+log:
+  level: info
+
+runner:
+  name: {{ gitea_runner_name }}
+  priviledged: true
+  volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+  labels: 
+{% for label in gitea_runner_labels %}
+    - "{{ label }}"
+{% endfor %}
+  data_dir: {{ gitea_runner_data_dir }}
+  config_file: {{ gitea_runner_config_path }}
+  capacity: 4
+
+cache:
+  enabled: false

roles/services/gitea-act-runner/vars/main.yml

@@ -0,0 +1,23 @@
+gitea_runner_version: "0.2.12"
+gitea_runner_download_url: "https://dl.gitea.com/act_runner/{{ gitea_runner_version }}/act_runner-{{ gitea_runner_version }}-linux-amd64"
+gitea_runner_install_path: "/usr/local/bin/act_runner"
+
+gitea_instance_url: "https://gitgud.foo"
+gitea_runner_token: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63333331616539333263306466323537616665383838383934313633656633326535643139313930
+          6238363266333530343531663866343232343232343930330a333964643234653262393133393262
+          34313237313866633739666432663061343965376232383639626366343833323637633262663035
+          3166646562383034380a333130336334356338616463643638623936393138393363343535366436
+          66303933613535363630313430323765376637623530343232623161653333383934336462613832
+          3837663036326136316236313537356639353537626132333963
+gitea_runner_name: "melab_dot_fyi"
+gitea_runner_labels:
+  - "ubuntu-latest:docker://node:20-bullseye"
+  - "laravel-runner:docker://gitgud.foo/thegrind/laravel-runner:latest"
+  - "laravel-runner-php84:docker://gitgud.foo/thegrind/laravel-runner:php8.4"
+
+gitea_runner_user: "act_runner"
+gitea_runner_group: "docker"
+gitea_runner_config_path: "/home/act_runner/config.yaml"
+gitea_runner_data_dir: "/var/lib/act_runner"