Add foundryvtt service

2026-06-24 21:27:57 +02:00 · 2026-06-24 21:27:57 +02:00 · 189f1972e2
commit 189f1972e2
parent 52c44da32e
8 changed files with 124 additions and 0 deletions
--- a/modules/infrastructure/scaleway.tf
+++ b/modules/infrastructure/scaleway.tf
@ -65,6 +65,18 @@ resource "scaleway_object_bucket_policy" "service_bucket_policies" {
          "${scaleway_object_bucket.service_buckets[each.key].name}/*",
        ]
      },
+      {
+        Sid = "Public statement"
+        Effect = "Allow"
+        Action = try(var.services[each.value].s3_public, false) ? "s3:GetObject" : "s3:GetBucketLocation"
+        Principal = {
+          SCW = "*"
+        }
+        Resource = [
+          "${scaleway_object_bucket.service_buckets[each.key].name}",
+          "${scaleway_object_bucket.service_buckets[each.key].name}/*",
+        ]
+      },
    ]
  })
 }
--- a/modules/infrastructure/variables.tf
+++ b/modules/infrastructure/variables.tf
@ -37,6 +37,7 @@ variable "services" {
    auth_redirects = optional(list(string))
    s3 = optional(string)
    s3_buckets = optional(list(string))
+    s3_public = bool
    database = bool
    storage_box = optional(bool, false)
  }))
--- a/playbooks/roles/foundryvtt/defaults/main.yml
+++ b/playbooks/roles/foundryvtt/defaults/main.yml
@ -0,0 +1,69 @@
+---
+foundryvtt_release_url: "{{ undef() }}"
+foundryvtt_license_key: "{{ undef() }}"
+foundryvtt_admin_key: "{{ undef() }}"
+
+foundryvtt_s3_bucket: "{{ opentofu.scaleway_data.foundryvtt.name }}"
+foundryvtt_s3_region: "{{ opentofu.scaleway_data.foundryvtt.region }}"
+foundryvtt_s3_api_endpoint: "{{ opentofu.scaleway_data.foundryvtt.api_endpoint }}"
+foundryvtt_s3_access_key: "{{ opentofu.scaleway_data.foundryvtt.access_key }}"
+foundryvtt_s3_secret_key: "{{ opentofu.scaleway_data.foundryvtt.secret_key }}"
+
+foundryvtt_aws_config:
+  buckets:
+    - "{{ foundryvtt_s3_bucket }}"
+  endpoint: "{{ foundryvtt_s3_api_endpoint }}"
+  region: "{{ foundryvtt_s3_region }}"
+  s3ForcePathStyle: true
+  s3BucketEndpoint: false
+  credentials:
+    accessKeyId: "{{ foundryvtt_s3_access_key }}"
+    secretAccessKey: "{{ foundryvtt_s3_secret_key }}"
+
+foundryvtt_svc:
+  domain: "{{ all_services | service_get_domain(service_name) }}"
+  port: 30000
+  caddy_extra: |
+    handle_path /s3proxy/* {
+      rewrite * /{{ foundryvtt_aws_config.buckets[0] }}{uri}
+      reverse_proxy {{ foundryvtt_s3_api_endpoint }} {
+        header_up Host {http.reverse_proxy.upstream.hostport}
+      }
+    }
+
+    handle_path /{{ foundryvtt_s3_bucket }}.{{ foundryvtt_s3_api_endpoint | urlsplit('hostname') }}/{{ foundryvtt_s3_bucket }}/* {
+      rewrite * /{{ foundryvtt_aws_config.buckets[0] }}{uri}
+      reverse_proxy {{ foundryvtt_s3_api_endpoint }} {
+        header_up Host {http.reverse_proxy.upstream.hostport}
+      }
+    }
+
+foundryvtt_env:
+  FOUNDRY_RELEASE_URL: "{{ foundryvtt_release_url | mandatory }}"
+  FOUNDRY_LICENSE_KEY: "{{ foundryvtt_license_key | mandatory }}"
+  FOUNDRY_ADMIN_KEY: "{{ foundryvtt_admin_key | mandatory }}"
+
+  FOUNDRY_COMPRESS_WEBSOCKET: true
+  FOUNDRY_MINIFY_STATIC_FILES: true
+
+  FOUNDRY_HOSTNAME: "{{ foundryvtt_svc.domain }}"
+  FOUNDRY_PROXY_SSL: true
+  FOUNDRY_PROXY_PORT: 443
+
+  FOUNDRY_LANGUAGE: de.lang-de
+  FOUNDRY_TELEMETRY: true
+
+  FOUNDRY_AWS_CONFIG: aws.json
+
+  TZ: "{{ timezone }}"
+
+
+foundryvtt_compose:
+  watchtower: update
+  image: ghcr.io/felddy/foundryvtt:14
+  volumes:
+    - data:/data
+    - ./aws.json:/data/Config/aws.json
+  file:
+    volumes:
+      data:
--- a/playbooks/roles/foundryvtt/handlers/main.yml
+++ b/playbooks/roles/foundryvtt/handlers/main.yml
@ -0,0 +1,3 @@
+---
+- name: Restart service foundryvtt
+  ansible.builtin.include_tasks: tasks/restart-service.yml
--- a/playbooks/roles/foundryvtt/tasks/main.yml
+++ b/playbooks/roles/foundryvtt/tasks/main.yml
@ -0,0 +1,25 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ service_name }}
+  vars:
+    svc: "{{ foundryvtt_svc }}"
+    env: "{{ foundryvtt_env }}"
+    compose: "{{ foundryvtt_compose }}"
+  block:
+    - name: Import prepare tasks for common service
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
+
+    - name: Create aws config
+      ansible.builtin.copy:
+        dest: "{{ (service_path, 'aws.json') | path_join }}"
+        content: "{{ foundryvtt_aws_config | to_json }}"
+        owner: 1000
+        group: 1000
+        mode: 0644
+      become: true
+      notify: Restart service {{ service_name }}
+
+    - name: Import start tasks for common service
+      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/scripts/visualize.py
+++ b/scripts/visualize.py
@ -16,6 +16,7 @@ icon_overrides = {
    "emgauwa": None,
    "extra_services": None,
    "forgejo_runner": "forgejo",
+    "foundryvtt": "foundry-virtual-tabletop",
    "healthcheck": "healthchecks",
    "immich_worker": "immich",
    "jitsi": "jitsi-meet",
@ -35,6 +36,7 @@ icon_overrides = {
 }

 icon_format = {
+    "foundry-virtual-tabletop": "webp",
    "restic": "webp",
    "telegraf": "webp",
    "tiny-tiny-rss": "webp",
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@ -275,6 +275,17 @@ services = {
    database = false
  },

+  "foundryvtt" = {
+    host = "node002"
+    dns = [{
+      domain = "dnd.serguzim.me"
+    }]
+    auth = false
+    database = false
+    s3 = "external"
+    s3_public = true
+  }
+
  "healthcheck" = {
    host = "node001"
    auth = false
--- a/variables.tf
+++ b/variables.tf
@ -171,6 +171,7 @@ variable "services" {
    auth_redirects = optional(list(string))
    s3 = optional(string)
    s3_buckets = optional(list(string))
+    s3_public = optional(bool, false)
    database = bool
    storage_box = optional(bool, false)
    mail = optional(string)