From dd83d30d146cea2e2c2e8453385efe37b23b1348 Mon Sep 17 00:00:00 2001 From: Javier Feliz Date: Fri, 11 Jul 2025 23:07:32 -0400 Subject: [PATCH] Added stuff --- .vscode/settings.json | 3 +- playbooks/nodes/apps.yml | 33 +++++++++- playbooks/nodes/prod-services.yml | 8 +++ playbooks/proxy/external.yml | 13 +++- roles/apps/ghost/defaults/main.yml | 0 roles/apps/ghost/tasks/main.yml | 27 ++++++++ roles/apps/outline-wiki/defaults/main.yml | 7 ++ roles/apps/outline-wiki/tasks/main.yml | 80 +++++++++++++++++++++++ roles/apps/postiz/defaults/main.yml | 0 roles/apps/postiz/tasks/main.yml | 48 ++++++++++++++ roles/services/mysql/defaults/main.yml | 0 roles/services/mysql/tasks/main.yml | 0 roles/services/valkey/defaults/main.yml | 3 + roles/services/valkey/tasks/main.yml | 18 +++++ 14 files changed, 237 insertions(+), 3 deletions(-) create mode 100644 playbooks/nodes/prod-services.yml create mode 100644 roles/apps/ghost/defaults/main.yml create mode 100644 roles/apps/ghost/tasks/main.yml create mode 100644 roles/apps/outline-wiki/defaults/main.yml create mode 100644 roles/apps/outline-wiki/tasks/main.yml create mode 100644 roles/apps/postiz/defaults/main.yml create mode 100644 roles/apps/postiz/tasks/main.yml create mode 100644 roles/services/mysql/defaults/main.yml create mode 100644 roles/services/mysql/tasks/main.yml create mode 100644 roles/services/valkey/defaults/main.yml create mode 100644 roles/services/valkey/tasks/main.yml diff --git a/.vscode/settings.json b/.vscode/settings.json index 5d71af8..2a18481 100755 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,3 +1,4 @@ { - "ansible.python.interpreterPath": "/bin/python3" + "ansible.python.interpreterPath": "/bin/python3", + "ansible.validation.lint.enabled": false } \ No newline at end of file diff --git a/playbooks/nodes/apps.yml b/playbooks/nodes/apps.yml index bae3116..3976d1c 100644 --- a/playbooks/nodes/apps.yml +++ b/playbooks/nodes/apps.yml @@ -36,6 +36,29 @@ - role: apps/komga vars: port: 7080 + - role: apps/outline-wiki + vars: + port: 7083 + url: "https://docs.thegrind.dev" + container_name: "the-grind-outline-wiki" + outline_db_name: "the_grind_docs" + data_dir_name: "the-grind-docs" + secret_key: "42f5ab8c01771f40f1e1bae554b82b883f25ab13a79767ffc57e8c31ab172c43" + utils_secret_key: "f8410c6a12da5e92ac4200ef923fe516bed3cef2abacfb1877e32f2f1c63a325" + oidc_client_id: "XfaDJwpZfdHXiK6kulZiAK9nCliUieOdW0Ah1jJ1" + oidc_client_secret: "FtouI96uTg4YJc3ViSfcQ9SdubviXiPULne5tKyIXKbHxDczdlZoWkpwroobEGcgxrJaMFmdX6vBLJACZJVojFW1DJLyqt7gTAo6SmfuL7cJVzAnvDagxWJtamqhkKGR" + oidc_auth_uri: "https://auth.thegrind.dev/application/o/authorize/" + oidc_token_uri: "https://auth.thegrind.dev/application/o/token/" + oidc_userinfo_uri: "https://auth.thegrind.dev/application/o/userinfo/" + oidc_logout_uri: "https://auth.thegrind.dev/application/o/the-grind-docs/end-session/" + odic_button_text: "The Grind Auth" + # - role: apps/postiz + # vars: + # port: 7084 + # url: "https://postiz.blinker.club" + # postiz_instance_name: "postiz-main" + # postiz_db_name: "postiz_main" + # jwt_secret: "42cd08e857d0178075a305d7511c778336a501951ae0e4f05bf5ad862f611e72" tasks: - name: Personal DW drop ansible.builtin.include_role: @@ -52,4 +75,12 @@ page_title: "Contribute to the book library" port: 7081 pin: "1337" - directory: "komga/data/books" \ No newline at end of file + directory: "komga/data/books" + - name: Javier Feliz Blog + ansible.builtin.include_role: + name: apps/ghost + vars: + ghost_instance_name: javierfeliz-blog + database_name: ghostcms_javierfelizblog + blog_url: "https://javierfeliz.com" + port: 7082 \ No newline at end of file diff --git a/playbooks/nodes/prod-services.yml b/playbooks/nodes/prod-services.yml new file mode 100644 index 0000000..f336f1b --- /dev/null +++ b/playbooks/nodes/prod-services.yml @@ -0,0 +1,8 @@ +--- +- name: Set up the prod services node + hosts: prod_services + become: true + roles: + - role: services/valkey + vars: + container_name: "prod-valkey" \ No newline at end of file diff --git a/playbooks/proxy/external.yml b/playbooks/proxy/external.yml index c0688db..e607029 100644 --- a/playbooks/proxy/external.yml +++ b/playbooks/proxy/external.yml @@ -69,6 +69,14 @@ - name: "bookupload" host: "{{ lookup('hostip', 'apps') }}" port: 7081 + - name: "postiz" + host: "{{ lookup('hostip', 'apps') }}" + port: 7084 + - name: "javierfeliz.com" + host: "{{ lookup('hostip', 'apps') }}" + port: 7082 + dynamic_dns: true + sites: [] - name: "thegrind.dev" dynamic_dns: true sites: @@ -89,4 +97,7 @@ port: 7074 - name: "tasks" host: "{{ lookup('hostip', 'apps') }}" - port: 7070 \ No newline at end of file + port: 7070 + - name: "docs" + host: "{{ lookup('hostip', 'apps') }}" + port: 7083 \ No newline at end of file diff --git a/roles/apps/ghost/defaults/main.yml b/roles/apps/ghost/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/apps/ghost/tasks/main.yml b/roles/apps/ghost/tasks/main.yml new file mode 100644 index 0000000..e9de832 --- /dev/null +++ b/roles/apps/ghost/tasks/main.yml @@ -0,0 +1,27 @@ +# TODO: Once I set up the mysql role set it up here +- name: Container data + ansible.builtin.include_role: + role: docker/container-data + vars: + dir_name: "{{ ghost_instance_name }}-data" + +- name: Deploy Ghost CMS + community.docker.docker_container: + name: "{{ ghost_instance_name }}" + image: ghost:5-alpine + restart_policy: always + ports: + - "{{ port }}:2368" + env: + # see https://ghost.org/docs/config/#configuration-options + database__client: mysql + database__connection__host: 10.89.0.102 + database__connection__user: root + database__connection__password: rootpassword + database__connection__database: "{{ database_name }}" + # this url value is just an example, and is likely wrong for your environment! + url: "{{ blog_url }}" + # contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired) + #NODE_ENV: development + volumes: + - "{{ container_data_base_path }}/{{ ghost_instance_name }}-data:/var/lib/ghost/content" \ No newline at end of file diff --git a/roles/apps/outline-wiki/defaults/main.yml b/roles/apps/outline-wiki/defaults/main.yml new file mode 100644 index 0000000..d8d01a3 --- /dev/null +++ b/roles/apps/outline-wiki/defaults/main.yml @@ -0,0 +1,7 @@ +container_name: "outline-wiki" +storage_mode: "local" +smtp_service: "" +smtp_username: "" +smtp_password: "" +smtp_from_email: "" +pg_ssl_mode: "disable" \ No newline at end of file diff --git a/roles/apps/outline-wiki/tasks/main.yml b/roles/apps/outline-wiki/tasks/main.yml new file mode 100644 index 0000000..e613dc7 --- /dev/null +++ b/roles/apps/outline-wiki/tasks/main.yml @@ -0,0 +1,80 @@ +- name: Create database + ansible.builtin.include_role: + role: app/database + vars: + app_name: "{{ outline_db_name }}" + +- name: Create data volume + ansible.builtin.include_role: + role: docker/container-data + vars: + dir_name: "{{ data_dir_name }}" + +- name: Deploy Outline Wiki Container + community.docker.docker_container: + name: "{{ container_name }}" + image: docker.getoutline.com/outlinewiki/outline:latest + ports: + - "{{ port }}:3000" + volumes: + - "{{ container_data_base_path }}/{{ data_dir_name }}:/var/lib/outline/data" + env: + URL: "{{ url }}" + # Generate a hex-encoded 32-byte random key. Use `openssl rand -hex 32` in your + # terminal to generate a random value. + SECRET_KEY: "{{ secret_key }}" + # Generate a unique random key. The format is not important but you could still use + # `openssl rand -hex 32` in your terminal to generate a random value. + UTILS_SECRET: "{{ utils_secret_key }}" + DEFAULT_LANGUAGE: en_US + DATABASE_URL: "postgres://{{ outline_db_name }}:password@{{ pg_host }}:5432/{{ outline_db_name }}" + # Uncomment this line if you will not use SSL for connecting to Postgres. This is acceptable + # if the database and the application are on the same machine. + PGSSLMODE: "{{ pg_ssl_mode }}" + REDIS_URL: "redis://{{ lookup('hostip', 'prod_services') }}:6379" + FILE_STORAGE: "{{ storage_mode }}" + FILE_STORAGE_UPLOAD_MAX_SIZE: "262144000" + # Auto-redirect to https in production. The default is true but you may set to + # false if you can be sure that SSL is terminated at an external loadbalancer. + FORCE_HTTPS: "true" + # Generic OIDC provider + # DOCS: https://docs.getoutline.com/s/hosting/doc/oidc-8CPBm6uC0I + OIDC_CLIENT_ID: "{{ oidc_client_id }}" + OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}" + OIDC_AUTH_URI: "{{ oidc_auth_uri }}" + OIDC_TOKEN_URI: "{{ oidc_token_uri }}" + OIDC_USERINFO_URI: "{{ oidc_userinfo_uri }}" + OIDC_LOGOUT_URI: "{{ oidc_logout_uri }}" + + # Specify which claims to derive user information from + # Supports any valid JSON path with the JWT payload + OIDC_USERNAME_CLAIM: preferred_username + # Display name for OIDC authentication + OIDC_DISPLAY_NAME: "{{ odic_button_text }}" + OIDC_SCOPES: openid profile email + + SMTP_SERVICE: "{{ smtp_service }}" + SMTP_USERNAME: "{{ smtp_username }}" + SMTP_PASSWORD: "{{ smtp_password }}" + SMTP_FROM_EMAIL: "{{ smtp_from_email }}" + + # Whether the rate limiter is enabled or not + RATE_LIMITER_ENABLED: "true" + + # Individual endpoints have hardcoded rate limits that are enabled + # with the above setting, however this is a global rate limiter + # across all requests + RATE_LIMITER_REQUESTS: "1000" + RATE_LIMITER_DURATION_WINDOW: "60" + + # Have the installation check for updates by sending anonymized statistics to + # the maintainers + ENABLE_UPDATES: "true" + + # Debugging categories to enable – you can remove the default "http" value if + # your proxy already logs incoming http requests and this ends up being duplicative + DEBUG: "http" + + # Configure lowest severity level for server logs. Should be one of + # error, warn, info, http, verbose, debug, or silly + LOG_LEVEL: "info" \ No newline at end of file diff --git a/roles/apps/postiz/defaults/main.yml b/roles/apps/postiz/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/apps/postiz/tasks/main.yml b/roles/apps/postiz/tasks/main.yml new file mode 100644 index 0000000..98c5360 --- /dev/null +++ b/roles/apps/postiz/tasks/main.yml @@ -0,0 +1,48 @@ +- name: Create postiz db + ansible.builtin.include_role: + role: app/database + vars: + app_name: "{{ postiz_db_name }}" + +- name: Container data on NAS + ansible.builtin.include_role: + role: docker/container-data + vars: + dir_name: "{{ postiz_instance_name }}" + +- name: Create needed subdirectories + ansible.builtin.file: + dest: "{{ container_data_base_path }}/{{postiz_instance_name}}/{{ item }}" + state: directory + mode: '0777' + loop: + - config + - uploads + +- name: Deploy postiz container + community.docker.docker_container: + name: "{{ postiz_instance_name }}" + image: ghcr.io/gitroomhq/postiz-app:latest + restart_policy: always + env: + MAIN_URL: "{{ url }}" + FRONTEND_URL: "{{ url }}" + NEXT_PUBLIC_BACKEND_URL: "{{ url }}/api" + JWT_SECRET: "{{ jwt_secret }}" + # These defaults are probably fine, but if you change your user/password, update it in the + # postiz-postgres or postiz-redis services below. + DATABASE_URL: "postgresql://{{ postiz_db_name }}:{{ postiz_db_name }}@password:5432/{{ postiz_db_name }}" + REDIS_URL: "redis://{{ lookup('hostip', 'prod_services') }}:6379" + BACKEND_INTERNAL_URL: "http://localhost:3000" + IS_GENERAL: "true" # Required for self-hosting. + DISABLE_REGISTRATION: "false" # Only allow single registration, then disable signup + # The container images are pre-configured to use /uploads for file storage. + # You probably should not change this unless you have a really good reason! + STORAGE_PROVIDER: "local" + UPLOAD_DIRECTORY: "/uploads" + NEXT_PUBLIC_UPLOAD_DIRECTORY: "/uploads" + volumes: + - "{{ container_data_base_path }}/config:/config/" + - "{{ container_data_base_path }}/uploads:/uploads/" + ports: + - "{{ port }}:5000" \ No newline at end of file diff --git a/roles/services/mysql/defaults/main.yml b/roles/services/mysql/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/services/mysql/tasks/main.yml b/roles/services/mysql/tasks/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/services/valkey/defaults/main.yml b/roles/services/valkey/defaults/main.yml new file mode 100644 index 0000000..940e3d6 --- /dev/null +++ b/roles/services/valkey/defaults/main.yml @@ -0,0 +1,3 @@ +port: "6379" +container_name: "valkey" +volume_path: "/home/docker/valkey" \ No newline at end of file diff --git a/roles/services/valkey/tasks/main.yml b/roles/services/valkey/tasks/main.yml new file mode 100644 index 0000000..7d8715a --- /dev/null +++ b/roles/services/valkey/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Create persistence volume + ansible.builtin.file: + dest: "{{ volume_path }}" + state: directory + mode: '0777' + +- name: Deploy valkey container + community.docker.docker_container: + name: "{{ container_name }}" + image: bitnami/valkey:latest + pull: true + restart_policy: always + ports: + - "{{ port }}:6379" + env: + ALLOW_EMPTY_PASSWORD: "yes" + volumes: + - "{{ volume_path }}:/bitnami/valkey/data" \ No newline at end of file