Add phpvms service

.gitignore

@@ -15,6 +15,9 @@ inventory/group_vars/all/serguzim.net.yml
 
 infrastructure.svg
 
+# Secrets
+playbooks/roles/phpvms/files/vmsacars.tar.gz
+
 # Devenv
 .devenv*
 devenv.local.nix

dns/functions.js

@@ -69,8 +69,8 @@ function acme_challenge(subd, target) {
 
 function verify_dmarc_reports(domains) {
 	var result = [];
-	for (d in domains) {
+	for (i in domains) {
-		result.push(TXT(d + "._report._dmarc", "v=DMARC1"));
+		result.push(TXT(domains[i] + "._report._dmarc", "v=DMARC1"));
 	}
 	return result;
 }

dnsconfig.js

@@ -69,8 +69,9 @@ D("serguzim.me", REG_OVH, DnsProvider(DSP_OVH),
 	TXT("dkim._domainkey.direct", "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6u35rrOuft3r46/wo+2lPtylIGs2fsOAcHKGQzFwjjcE6D5XIJULg8mvhi7T6JwB8OUNrukIAy5iwjiAQA6GJoohq53BLL82qzfcZqUepsm4+nf6XTbClGSKbKbgl4wDhYkxSFb/FAK9149gh7zFT1I/vw/RbgjYgwZ//Q+sXFhozo5INtByHXDuSoDL830FM+AgiDCKf3ToM36rL+CTIQcNx0f/xOXFlyl94hvmK74PU8nEpRjSm+i6nPJs2XHpjKurthwoO1qOH/3j+rWSn/VCOFXKDwnMvglu55V2OdCg/+E5nmyyMKapb+R2Jxox+ayZF7VtD90KIrfDuM+vEwIDAQAB"),
 
 	verify_dmarc_reports([
+		"kondor-virtual.de",
 		"msrg.cc",
-		"reitanlage-oranienburg.de"
+		"reitanlage-oranienburg.de",
 	]),
 
 	NS("acme", services["acme_dns"].resolve_host().fqdn + "."),

playbooks/roles/phpvms/defaults/main.yml

@@ -0,0 +1,179 @@
+---
+phpvms_version: 7.0.5
+phpvms_docker_image: ghcr.io/phpvms/phpvms:{{ phpvms_version }}-gd
+
+phpvms_uid: 1000
+phpvms_gid: 1000
+
+phpvms_app_key: "{{ undef() }}"
+
+phpvms_svc:
+  domain: "kondor-virtual.de"
+  port: 80
+
+phpvms_env:
+  WWWUSER: "{{ phpvms_uid }}"
+  WWWGROUP: "{{ phpvms_gid }}"
+
+  CADDY_DOMAIN: "http://{{ svc.domain }}"
+
+  APP_KEY: "{{ phpvms_app_key | mandatory }}"
+  APP_NAME: phpVMS
+  SITE_NAME: phpVMS
+  APP_URL: "https://{{ svc.domain }}"
+  APP_LOCALE: de
+
+  APP_ENV: production
+  LOG_LEVEL: debug
+  APP_DEBUG: false
+  DEBUG_TOOLBAR: false
+
+  ## DATABASE SETTINGS
+
+  DB_CONNECTION: mysql
+  DB_HOST: mariadb
+  DB_PORT: 3306
+  DB_DATABASE: phpvms
+  DB_USERNAME: phpvms
+  DB_PASSWORD: "{{ vault_phpvms.db.pass }}"
+
+  ## CACHE SETTINGS
+  CACHE_DRIVER: redis
+
+  REDIS_URL: redis
+  REDIS_HOST: redis
+  REDIS_PORT: 6379
+
+  ## EMAIL SETTINGS
+  MAIL_MAILER: smtp
+  MAIL_HOST: "{{ mailer.host }}"
+  MAIL_PORT: "{{ mailer.port }}"
+  MAIL_USERNAME: "{{ opentofu.mailcow_data.phpvms.address }}"
+  MAIL_PASSWORD: "{{ opentofu.mailcow_data.phpvms.password }}"
+  MAIL_ENCRYPTION: tls
+  MAIL_FROM_ADDRESS: "{{ opentofu.mailcow_data.phpvms.address }}"
+  MAIL_FROM_NAME: "${APP_NAME}"
+
+  ## QUEUE SETTINGS
+
+  # Set this to "database" if you have slow pages due to notifications/emails
+  # They will then be sent out via cron
+  QUEUE_DRIVER: database
+
+  # If youre using the Laravel Queue Worker, set this to true. This will stop the queue tasks
+  # from being run during the cron job
+  # https://laravel.com/docs/8.x/queues#running-the-queue-worker
+  QUEUE_WORKER: true
+
+  # Whether to prefetch the data in the admin panel
+  # This will speed up the admin panel, but will use more bandwidth
+  # See https://filamentphp.com/docs/4.x/panel-configuration#enabling-spa-prefetching
+  USE_PREFETCHING_IN_ADMIN: false
+
+phpvms_compose:
+  watchtower: false
+  image: caddy:2
+  volumes:
+    - ./public/:/var/www/html/public:ro
+    - ./Caddyfile:/etc/caddy/Caddyfile:ro
+  file:
+    services:
+      phpvms-app:
+        user: "${WWWUSER:-1000}:${WWWGROUP:-1000}"
+        image: "{{ phpvms_docker_image }}"
+        restart: always
+        command: sh -c sed -i
+          's/Paginator::useBootstrap();/Paginator::useBootstrap();
+          \\\\Illuminate\\\\Support\\\\Facades\\\\URL::forceScheme(\"https\");/'
+          app/Providers/AppServiceProvider.php && php-fpm
+        environment:
+          PHP_OPCACHE_ENABLE: 1
+          # some basic laravel stuff
+          AUTORUN_ENABLED: 1
+        env_file: .env
+        volumes:
+          - ./public/:/var/www/html/public:rw
+          - ./modules:/var/www/html/modules:ro
+          - ./public/uploads:/var/www/html/public/uploads:rw
+          - ./storage:/var/www/html/storage:rw
+        depends_on:
+          - mariadb
+          - redis
+        networks:
+          default:
+
+      task:
+        user: "${WWWUSER:-1000}:${WWWGROUP:-1000}"
+        image: "{{ phpvms_docker_image }}"
+        restart: always
+        command: ["php", "/var/www/html/artisan", "schedule:work"]
+        environment:
+          PHP_OPCACHE_ENABLE: 1
+        healthcheck:
+          # This is our native healthcheck script for the scheduler
+          test: ["CMD", "healthcheck-schedule"]
+          start_period: 10s
+        env_file: .env
+        volumes:
+          - ./modules:/var/www/html/modules:ro
+          - ./public/uploads:/var/www/html/public/uploads:rw
+          - ./storage:/var/www/html/storage:rw
+        networks:
+          default:
+
+      queue:
+        user: "${WWWUSER:-1000}:${WWWGROUP:-1000}"
+        image: "{{ phpvms_docker_image }}"
+        restart: always
+        command: ["php", "/var/www/html/artisan", "queue:work", "--tries=3"]
+        environment:
+          PHP_OPCACHE_ENABLE: 1
+        healthcheck:
+          # This is our native healthcheck script for the queue
+          test: ["CMD", "healthcheck-queue"]
+          start_period: 10s
+        env_file: .env
+        volumes:
+          - ./modules:/var/www/html/modules:ro
+          - ./public/uploads:/var/www/html/public/uploads:rw
+          - ./storage:/var/www/html/storage:rw
+        networks:
+          default:
+
+      mariadb:
+        container_name: phpvms-mariadb
+        image: mariadb:11
+        restart: always
+        # If someone need to access db from the outside
+        ports:
+          - '${FORWARD_DB_PORT:-3306}:3306'
+        environment:
+          MYSQL_ROOT_PASSWORD: '${DB_PASSWORD}'
+          MYSQL_DATABASE: '${DB_DATABASE}'
+          MYSQL_USER: '${DB_USERNAME}'
+          MYSQL_PASSWORD: '${DB_PASSWORD}'
+          MYSQL_ALLOW_EMPTY_PASSWORD: 'no'
+        volumes:
+          - mariadb:/var/lib/mysql
+        networks:
+          default:
+        healthcheck:
+          test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+          start_period: 10s
+          interval: 10s
+          timeout: 5s
+          retries: 3
+
+      redis:
+        container_name: phpvms-redis
+        image: redis:alpine
+        restart: always
+        networks:
+          default:
+        healthcheck:
+          test: ["CMD", "redis-cli", "ping"]
+          retries: 3
+          timeout: 5s
+
+    volumes:
+      mariadb:

playbooks/roles/phpvms/files/Caddyfile

@@ -0,0 +1,9 @@
+{$CADDY_DOMAIN} {
+    root * /var/www/html/public
+
+    encode zstd gzip
+
+    file_server
+
+    php_fastcgi phpvms-app:9000
+}

playbooks/roles/phpvms/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Restart service {{ role_name }}
+  ansible.builtin.include_tasks: tasks/restart-service.yml

playbooks/roles/phpvms/tasks/main.yml

@@ -0,0 +1,44 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+  vars:
+    svc: "{{ phpvms_svc }}"
+    env: "{{ phpvms_env }}"
+    compose: "{{ phpvms_compose }}"
+  block:
+    - name: Import prepare tasks for common service
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
+
+    - name: Fetch resources from latest phpvms release
+      ansible.builtin.unarchive:
+        src: https://github.com/phpvms/phpvms/releases/download/{{ phpvms_version }}/phpvms-{{ phpvms_version }}.tar.gz
+        dest: "{{ service_path }}"
+        include:
+          - modules
+          - public
+          - storage
+        remote_src: true
+        owner: "{{ phpvms_uid }}"
+        group: "{{ phpvms_gid }}"
+      become: true
+
+    # You must provide this file yourself.
+    - name: Load VMSArcas module
+      ansible.builtin.unarchive:
+        src: vmsacars.tar.gz
+        dest: "{{ (service_path, 'modules') | path_join }}"
+        owner: "{{ phpvms_uid }}"
+        group: "{{ phpvms_gid }}"
+      become: true
+      notify: Restart service {{ role_name }}
+
+    - name: Copy Caddyfile
+      ansible.builtin.copy:
+        src: Caddyfile
+        dest: "{{ (service_path, 'Caddyfile') | path_join }}"
+        mode: "0644"
+
+    - name: Import start tasks for common service
+      ansible.builtin.import_tasks: tasks/start-common-service.yml

scripts/visualize.py

@@ -24,6 +24,7 @@ icon_overrides = {
     "minecraft_3": "minecraft",
     "node_exporter": "prometheus",
     "paperless": "paperless-ngx",
+    "phpvms": None,
     "reitanlage_oranienburg": "grav",
     "tandoor": "tandoor-recipes",
     "tinytinyrss": "tiny-tiny-rss",

services.auto.tfvars

@@ -627,6 +627,20 @@ services = {
     mail = "documents@serguzim.me"
   },
 
+  "phpvms" = {
+    host = "node002"
+    dns = [{
+      domain = "airline.serguzim.me"
+    }]
+    #backup = [{
+    #  name = "phpvms_mariadb"
+    #  type = "docker"
+    #}]
+    auth = false
+    database = false
+    mail = "phpvms@kondor-virtual.de"
+  }
+
   "postgresql" = {
     host = "node001"
     dns = [{