Add blog deployment

2021-11-22 13:36:29 +01:00 · 2021-11-22 13:36:29 +01:00 · ee44506186
commit ee44506186
parent ab67fa16c8
11 changed files with 220 additions and 9 deletions
--- a/group_vars/testing.yml
+++ b/group_vars/testing.yml
@ -5,15 +5,16 @@ docker_swarm_advertise_addr: eth1
 caddy_use_debug: yes
 caddy_tls_use_staging: yes

-caddy_use_https: no
-whoami_use_https: no
-wallabag_use_https: no
-miniflux_use_https: no
-searx_use_https: no
-traggo_use_https: no
-monica_use_https: no
-nextcloud_use_https: no
-shaarli_use_https: no
+caddy_use_https:       no
+whoami_use_https:      no
+wallabag_use_https:    no
+miniflux_use_https:    no
+searx_use_https:       no
+traggo_use_https:      no
+monica_use_https:      no
+nextcloud_use_https:   no
+shaarli_use_https:     no
 landingpage_use_https: no
+blog_use_https:        no

 #server_domain: mytest.com
--- a/roles/blog/README.md
+++ b/roles/blog/README.md
@ -0,0 +1,37 @@
+# landingpage
+
+The public face of my server. 
+Not much to see here honestly,
+just a few simple lines of html explaining what this server is about and how to contact me.
+
+I don't see anybody else benefiting massively from this role but me, 
+but if you want the same web presence go for it I suppose 😉
+
+## Defaults
+
+```
+landingpage_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
+```
+
+The on-target directory where the proxy configuration file should be stashed.
+
+```
+landingpage_use_https: true
+```
+
+Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. Usually you will want this to stay `true`.
+
+```
+landingpage_version: latest
+```
+
+The docker image version to be used in stack creation.
+
+```
+subdomain_alias: www
+```
+
+If the deployed container should be served over a uri that is not the stack name. 
+By default, it will be set to `www.yourdomain.com` - 
+if this option is not set it will be served on `landingpage.yourdomain.com` instead.
+
--- a/roles/blog/defaults/main.yml
+++ b/roles/blog/defaults/main.yml
@ -0,0 +1,11 @@
+---
+
+# never got around to removing the master tag from the images
+blog_version: master
+
+blog_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
+
+blog_use_https: true
+
+# the subdomain link blog will be reachable under
+# subdomain_alias: blog
--- a/roles/blog/handlers/main.yml
+++ b/roles/blog/handlers/main.yml
@ -0,0 +1,53 @@
+## Register reverse proxy
+- name: Ensure upstream directory exists
+  ansible.builtin.file:
+    path: "{{ blog_upstream_file_dir }}"
+    state: directory
+    mode: '0755'
+  become: yes
+  listen: "update blog upstream"
+
+- name: Update upstream template
+  ansible.builtin.template:
+    src: upstream.json.j2
+    dest: "{{ blog_upstream_file_dir }}/upstream.json"
+  become: yes
+  listen: "update blog upstream"
+
+# figure out if upstream id exists
+- name: check {{ stack_name }} upstream
+  community.docker.docker_container_exec:
+    container: "{{ caddy_container_id }}"
+    command: >
+      curl localhost:2019/id/{{ stack_name }}_upstream/
+  changed_when: False
+  register: result
+  become: yes
+  listen: "update blog upstream"
+
+# upstream already exists, patch it
+- name: remove old {{ stack_name }} upstream
+  community.docker.docker_container_exec:
+    container: "{{ caddy_container_id }}"
+    command: >
+      curl -X DELETE localhost:2019/id/{{ stack_name }}_upstream/
+  become: yes
+  when: (result.stdout | from_json)['error'] is not defined
+  listen: "update blog upstream"
+
+# upstream has to be created
+- name: add {{ stack_name }} upstream
+  community.docker.docker_container_exec:
+    container: "{{ caddy_container_id }}"
+    command: >
+      curl -X POST -H "Content-Type: application/json" -d @{{ blog_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (blog_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+  become: yes
+  listen: "update blog upstream"
+
+- name: Ensure upstream directory is gone again
+  ansible.builtin.file:
+    path: "{{ blog_upstream_file_dir }}"
+    state: absent
+  become: yes
+  listen: "update blog upstream"
+
--- a/roles/blog/meta/main.yml
+++ b/roles/blog/meta/main.yml
@ -0,0 +1,14 @@
+---
+
+galaxy_info:
+  author: Marty Oehme
+  description: Installs my personal public facing landing page as a docker stack service
+  license: GPL-3.0-only
+  min_ansible_version: 2.9
+  galaxy_tags: []
+
+
+dependencies:
+  - docker
+  - docker-swarm
+  - caddy
--- a/roles/blog/tasks/main.yml
+++ b/roles/blog/tasks/main.yml
@ -0,0 +1,24 @@
+---
+## install blog container
+- name: Check upstream status
+  community.docker.docker_container_exec:
+    container: "{{ caddy_container_id }}"
+    command: >
+      curl localhost:2019/id/{{ stack_name }}_upstream/
+  register: result
+  changed_when: (result.stdout | from_json) != (lookup('template', 'upstream.json.j2') | from_yaml)
+  become: yes
+  notify: "update blog upstream"
+
+- name: Deploy blog to swarm
+  community.general.docker_stack:
+    name: "{{ stack_name }}"
+    state: present
+    prune: yes
+    compose:
+      - "{{ stack_compose }}"
+  become: yes
+  tags:
+    - docker-swarm
+  notify: "update blog upstream"
+
--- a/roles/blog/templates/docker-stack.yml.j2
+++ b/roles/blog/templates/docker-stack.yml.j2
@ -0,0 +1,20 @@
+version: '3.4'
+
+services:
+  app:
+    image: "{{ stack_image }}:{{ blog_version }}"
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "localhost"]
+      interval: 1m
+      timeout: 10s
+      retries: 3
+      start_period: 1m
+    entrypoint: sh -c "/docker-entrypoint.sh nginx -g 'daemon off;'"
+    networks:
+      - "{{ docker_swarm_public_network_name }}"
+
+networks:
+  "{{ docker_swarm_public_network_name }}":
+    external: true
+
+
--- a/roles/blog/templates/upstream.json.j2
+++ b/roles/blog/templates/upstream.json.j2
@ -0,0 +1,42 @@
+{
+    "@id": "{{ stack_name }}_upstream",
+{% if server_domain is not undefined and not none %}   
+    "match": [
+        {
+            "host": [
+{% if subdomain_alias is not undefined and not none %}
+                "{{ subdomain_alias }}.{{ server_domain }}"
+{% else %}
+                "{{ stack_name }}.{{ server_domain }}"
+{% endif %}
+            ,
+            "{{ server_domain }}"
+            ]
+        }
+    ],
+{% else %}
+    "match": [
+        {
+            "path": [
+{% if subdomain_alias is not undefined and not none %}
+                "/{{ subdomain_alias }}*"
+{% else %}
+                "/{{ stack_name }}*"
+{% endif %}
+            ,
+            "/"
+            ]
+        }
+    ],
+{% endif %}
+    "handle": [
+        {
+            "handler": "reverse_proxy",
+            "upstreams": [
+                {
+                    "dial": "{{ stack_name }}_app:80"
+                }
+            ]
+        }
+    ]
+}
--- a/roles/blog/vars/main.yml
+++ b/roles/blog/vars/main.yml
@ -0,0 +1,7 @@
+---
+
+stack_name: blog
+
+stack_image: "registry.gitlab.com/cloud-serve/blog"
+
+stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
--- a/site-dev.yml
+++ b/site-dev.yml
@ -11,3 +11,4 @@
    - nextcloud
    - shaarli
    - landingpage
+    - blog
--- a/site.yml
+++ b/site.yml
@ -18,3 +18,4 @@
    - nextcloud
    - shaarli
    - landingpage
+    - blog