replace hugo with jekyll

README.md

@@ -12,7 +12,7 @@ All services below are running under Docker, except NSD and Borg.
 - Authoritative DNS using [NSD](https://www.nlnetlabs.nl/projects/nsd/about/) (ns.pizzapim.nl)
 - Reverse proxy using [Traefik](https://doc.traefik.io/traefik/)
 - Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl))
-- Static website using [Hugo](https://gohugo.io/) ([pizzapim.nl](https://pizzapim.nl))
+- Static website using [Jekyll](https://jekyllrb.com/) ([pizzapim.nl](https://pizzapim.nl))
 - File sychronisation using [Syncthing](https://syncthing.net/)
 - Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
 - Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
@@ -27,11 +27,14 @@ All services below are running under Docker, except NSD and Borg.
 - peertube?
 - Pixelfed?
 - Prometheus
+- Concourse CI?
 
 ## TODO
 
 - Forward to https not working correctly yet. I think it works now? Should check it.
 - Expose treafik dashboard only on local network
+- Clear view of what services + which versions we are running. This way, we can track security updates better.
+- Mastodon links verifications
 
 ### NSD
 

playbooks/all.yml

@@ -7,12 +7,12 @@
     - {role: 'forgejo', tags: 'forgejo'}
     - {role: 'syncthing', tags: 'syncthing'}
     - {role: 'kms', tags: 'kms'}
-    - {role: 'pizzeria', tags: 'pizzeria'}
     - {role: 'radicale', tags: 'radicale'}
     - {role: 'mastodon', tags: 'mastodon'}
     - {role: 'seafile', tags: 'seafile'}
     - {role: 'jitsi', tags: 'jitsi'}
     - {role: 'freshrss', tags: 'freshrss'}
+    - {role: 'blog', tags: 'blog'}
 - name: Setup dataserver
   hosts: dataserver
   roles:

roles/blog/files/nginx.conf

@@ -0,0 +1,18 @@
+server {
+	listen 80;
+	server_name pizzapim.nl;
+	index index.html index.htm;
+	root /var/www/blog;
+
+	location / {
+	    try_files $uri $uri/ /index.html;
+	}
+
+	location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+	    expires 30d;
+	    add_header Pragma public;
+	    add_header Cache-Control "public";
+	}
+
+	error_page 404 /404.html;
+}

roles/blog/tasks/main.yml

@@ -0,0 +1,34 @@
+- name: Create service directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Clone git repo
+  git:
+    repo: "{{ git_origin }}"
+    dest: "{{ service_dir }}/git"
+  register: repo
+- name: Add open permissions for git repo
+  file:
+    path: "{{ service_dir }}/git"
+    state: directory
+    mode: 0757
+- name: Generate static files
+  command:
+    cmd: "docker run --rm --volume=\"{{ service_dir }}/git:/srv/jekyll:Z\" -it jekyll/minimal jekyll build"
+    chdir: "{{ service_dir }}"
+  when: repo.changed
+- name: Copy docker compose file
+  template:
+    src: "{{ role_path }}/templates/docker-compose.yml.j2"
+    dest: "{{ service_dir }}/docker-compose.yml"
+- name: Copy nginx config
+  copy:
+    src: "{{ role_path }}/files/nginx.conf"
+    dest: "{{ service_dir }}/nginx.conf"
+  register: nginx_conf
+- name: Start docker compose
+  docker_compose:
+    project_src: "{{ service_dir }}"
+    pull: true
+    remove_orphans: true
+    restarted: "{{ nginx_conf.changed }}"

roles/blog/templates/docker-compose.yml.j2

@@ -0,0 +1,23 @@
+version: "3.8"
+
+services:
+  blog:
+    image: nginx
+    container_name: blog
+    volumes:
+      - {{ service_dir }}/git/templates:/etc/nginx/templates
+      - {{ service_dir }}/git/_site:/var/www/blog
+      - {{ service_dir }}/nginx.conf:/etc/nginx/conf.d/default.conf
+    networks:
+      - traefik
+    labels:
+      - traefik.http.routers.blog.entrypoints=websecure
+      - traefik.http.routers.blog.rule=Host(`pizzapim.nl`)
+      - traefik.http.routers.blog.tls=true
+      - traefik.http.routers.blog.tls.certresolver=pizzapim
+      - traefik.http.routers.blog.service=blog
+      - traefik.http.services.blog.loadbalancer.server.port=80
+
+networks:
+  traefik:
+    external: true

roles/blog/vars/main.yml

@@ -0,0 +1,3 @@
+service_name: blog
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+git_origin: https://git.pizzapim.nl/pim/blog.git

roles/pizzeria/meta/main.yml

@@ -1,4 +0,0 @@
-dependencies:
-  - role: common
-  - role: docker
-  - role: traefik

roles/pizzeria/tasks/main.yml

@@ -1,9 +0,0 @@
-- name: Clone pizzeria repository
-  git:
-    repo: "{{ git_origin }}"
-    dest: "{{ service_dir }}"
-- name: Start the Docker Compose
-  docker_compose:
-    project_src: "{{ service_dir }}"
-    pull: true
-    remove_orphans: true

roles/pizzeria/vars/main.yml

@@ -1,4 +0,0 @@
-service_name: pizzeria
-data_dir: "{{ base_data_dir }}/{{ service_name }}"
-service_dir: "{{ base_service_dir }}/{{ service_name }}"
-git_origin: https://git.pizzapim.nl/pim/pizzeria.git