manage lewis with nix

move docker swarm ansible to this repo move thecloud ansible to this repo support data disks in terraform
2023-12-25 19:22:22 +01:00 · 2023-12-25 19:22:22 +01:00 · 111bf68a0a
commit 111bf68a0a
parent d7ef46b642
92 changed files with 2730 additions and 26 deletions
--- a/legacy/projects/docker_swarm/ansible/roles/mastodon/docker-stack.yml.j2
+++ b/legacy/projects/docker_swarm/ansible/roles/mastodon/docker-stack.yml.j2
@ -0,0 +1,131 @@
+# vi: ft=yaml
+version: '3'
+
+networks:
+  traefik:
+    external: true
+  mastodon:
+
+volumes:
+  system:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/mastodon/system"
+  redis:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/mastodon/redis"
+
+services:
+  redis:
+    image: redis:7-alpine
+    networks:
+      mastodon:
+        aliases:
+          - redis
+    healthcheck:
+      test: ['CMD', 'redis-cli', 'ping']
+    volumes:
+      - type: volume
+        source: redis
+        target: /data
+        volume:
+          nocopy: true
+
+  web:
+    image: tootsuite/mastodon:v4.1
+    environment:
+      - 'OTP_SECRET={{ otp_secret }}'
+      - 'SECRET_KEY_BASE={{ secret_key_base }}'
+      - 'REDIS_HOST=redis'
+      - 'DB_HOST=192.168.30.10'
+      - 'DB_USER=mastodon'
+      - 'DB_NAME=mastodon'
+      - 'DB_PASS={{ database_passwords.mastodon }}'
+      - 'VAPID_PRIVATE_KEY={{ vapid_private_key }}'
+      - 'VAPID_PUBLIC_KEY=BDcpOP2ThgD13i2ENjnlVXG7QH-m3xuNE4rySx6_NBYQz34UxSM3N4nT7GUxN5zBF-Kehlv0CpqBDDa78QFiS0g='
+      - 'SMTP_SERVER=smtp.tweak.nl'
+      - 'SMTP_PORT=587'
+      - 'SMTP_LOGIN='
+      - 'SMTP_PASSWORD='
+      - 'SMTP_FROM_ADDRESS=mastodon@kunis.nl'
+      - 'LOCAL_DOMAIN=social.pizzapim.nl'
+    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
+    networks:
+      - mastodon
+      - traefik
+    healthcheck:
+      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
+    volumes:
+      - type: volume
+        source: system
+        target: /mastodon/public/system
+        volume:
+          nocopy: true
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.mastodon.entrypoints=websecure
+        - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
+        - traefik.http.routers.mastodon.tls=true
+        - traefik.http.routers.mastodon.tls.certresolver=letsencrypt
+        - traefik.http.services.mastodon.loadbalancer.server.port=3000
+        - traefik.http.routers.mastodon.service=mastodon
+        - traefik.docker.network=traefik
+    depends_on:
+      - redis
+
+  streaming:
+    image: tootsuite/mastodon:v4.1
+    command: node ./streaming
+    environment:
+      - 'REDIS_HOST=redis'
+      - 'LOCAL_DOMAIN=social.pizzapim.nl'
+      - 'DB_HOST=192.168.30.10'
+      - 'DB_USER=mastodon'
+      - 'DB_NAME=mastodon'
+      - 'DB_PASS={{ database_passwords.mastodon }}'
+    networks:
+      - mastodon
+      - traefik
+    healthcheck:
+      # prettier-ignore
+      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.mastodon-streaming.entrypoints=websecure
+        - "traefik.http.routers.mastodon-streaming.rule=(Host(`social.pizzapim.nl`) && PathPrefix(`/api/v1/streaming`))"
+        - traefik.http.routers.mastodon-streaming.service=mastodon-streaming
+        - traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
+        - traefik.http.routers.mastodon-streaming.tls=true
+        - traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt
+        - traefik.docker.network=traefik
+    depends_on:
+      - redis
+
+  sidekiq:
+    image: tootsuite/mastodon:v4.1
+    command: bundle exec sidekiq
+    environment:
+      - 'OTP_SECRET={{ otp_secret }}'
+      - 'SECRET_KEY_BASE={{ secret_key_base }}'
+      - 'REDIS_HOST=redis'
+      - 'DB_HOST=192.168.30.10'
+      - 'DB_USER=mastodon'
+      - 'DB_NAME=mastodon'
+      - 'DB_PASS={{ database_passwords.mastodon }}'
+    networks:
+      - mastodon
+    volumes:
+      - type: volume
+        source: system
+        target: /mastodon/public/system
+        volume:
+          nocopy: true
+    healthcheck:
+      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
+    depends_on:
+      - redis
--- a/legacy/projects/docker_swarm/ansible/roles/mastodon/tasks/main.yml
+++ b/legacy/projects/docker_swarm/ansible/roles/mastodon/tasks/main.yml
@ -0,0 +1,5 @@
+- name: Deploy Docker stack
+  docker_stack:
+    name: mastodon
+    compose:
+      - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"
--- a/legacy/projects/docker_swarm/ansible/roles/mastodon/vars/main.yml
+++ b/legacy/projects/docker_swarm/ansible/roles/mastodon/vars/main.yml
@ -0,0 +1,42 @@
+mastodon_postgres_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34643131323762373635383736636432643161646130373565333432323337646435656233383131
+  3066353734373938353162656335666536323265643162620a663562303636383737393061396331
+  30353538326333393031373736363933666636383866373763303237376561333061323131303062
+  3532316632613062310a343566393237363364613931353062636537663864383839623930383836
+  32613634616335616462336261303632646266326663383166366236643438616538626263343835
+  6539616439636364626466333163316164633631616132623665
+otp_secret: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  33303436663063313039636335623937343530323636346363306234333135306138653337313034
+  3337363432363734353363623738653630373536653433350a356336383235383430613934623937
+  36316638343439376134383635336630313065623138326630303131333136626636386361313661
+  6134613862366463300a313765366136343431343838363230363134613164373931623564626466
+  32623137666364326234383264396336636561313132313930383964656434656535663861343337
+  65316331323335626464626231653236313932663334316134633837646330303563633162373036
+  66326135656531393839343138376666623337616162653137393764306265323065356431343162
+  36373135303339356366356263623334373361326561396562353332323363623738626132303738
+  38383638616363386536386461353465353765366234353862653765376330663661326138626266
+  30633134643632393630323834323538326339373361363235666133303761323261336637663862
+  326633383933663530653230336364653461
+secret_key_base: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  32373731376166613238303535646633326162613137366165643037643966643637316265653832
+  3035393061616431666162373133393666653634386338350a376136653961646239656534336230
+  33366235343365653234333866393965643131306636373566623665646562353234323065393262
+  6264313430333262390a626338333932363137356338636132636133613239633537623064666438
+  32343063653664393530353536643963353364373830303563346163613862653161343165363062
+  61396630353036333634313033663962613930336637323461313731633136366365623732306337
+  37646265613639306133373736353365366461373264356665623236313836633565343764626238
+  38353637613064306162393430323662616231623965643933383339616561353963663366396363
+  33346332343336386266636165616135343732353365336630653334383533633831636138623733
+  34396266643166386130383334666565303865396135613863336261656135343564376537383634
+  353635336365613765363931373636363465
+vapid_private_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  33376430313539346137343237313061653164343861623563656638306539373837393364326235
+  3435396264613533633138346231303137663763323361360a356137306330343939353732356535
+  33396336633966623266396265356435343633373766363637616635326563623130653039343665
+  3465306562306261660a303131666436333137306139366636646232333061383935353263396534
+  63376635393966653636316236316538656361393631626465383233386136313366363531363663
+  3436326431353435653666356266333835303061616436323061