diff --git a/dnsconfig.js b/dnsconfig.js index e7df78c..e28c2a5 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -68,8 +68,9 @@ D("serguzim.me", REG_OVH, DnsProvider(DSP_OVH), TLSA("_25._tcp.mail", 3, 1, 1, "e66a608a3ec459bda7fb1f2d500b8abeb78f2910f26641204b6bc454b8aa2a49"), - acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"), acme_challenge("auth", "18a42983-3d19-4c17-8213-fc275a8be721"), + acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"), + acme_challenge("paas", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"), verify_amazon_ses(dkim_ses["serguzim.me"]), diff --git a/playbooks/for-ansible-lint.yml b/playbooks/for-ansible-lint.yml index ec44b2b..1a84708 100644 --- a/playbooks/for-ansible-lint.yml +++ b/playbooks/for-ansible-lint.yml @@ -9,8 +9,8 @@ - authentik - backup - caddy + - dokku - extra_services - - faas - forgejo - forgejo_runner - gatus diff --git a/playbooks/roles/dokku/tasks/main.yml b/playbooks/roles/dokku/tasks/main.yml new file mode 100644 index 0000000..dfc5337 --- /dev/null +++ b/playbooks/roles/dokku/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + +- name: Deploy {{ role_name }} + vars: + svc: "{{ dokku_svc }}" + env: "{{ dokku_env }}" + compose: "{{ dokku_compose }}" + block: + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/playbooks/roles/dokku/vars/main.yml b/playbooks/roles/dokku/vars/main.yml new file mode 100644 index 0000000..1c3d999 --- /dev/null +++ b/playbooks/roles/dokku/vars/main.yml @@ -0,0 +1,35 @@ +--- +dokku_svc: + domain: "{{ all_services | service_get_domain(role_name) }}" + additional_domains: + - "*.paas.serguzim.me" + caddy_extra: import acmedns + docker_host: host.docker.internal + port: 3080 + extra_svcs: + - domain: serguzim.me + www_domain: true + hsts: true + docker_host: host.docker.internal + port: 3080 + + +dokku_env: + DOKKU_HOSTNAME: "{{ dokku_svc.domain }}" + DOKKU_HOST_ROOT: /var/lib/dokku/home/dokku + DOKKU_LIB_HOST_ROOT: /var/lib/dokku/var/lib/dokku + +dokku_compose: + watchtower: false + network: false + image: dokku/dokku:0.35.8 + volumes: + - "/var/lib/dokku:/mnt/dokku" + - "/var/run/docker.sock:/var/run/docker.sock" + file: + services: + app: + network_mode: bridge + ports: + - "3022:22" + - "3080:80" diff --git a/playbooks/roles/faas/tasks/main.yml b/playbooks/roles/faas/tasks/main.yml deleted file mode 100644 index 85e7c33..0000000 --- a/playbooks/roles/faas/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Set common facts - ansible.builtin.import_tasks: tasks/set-default-facts.yml - -- name: Deploy {{ role_name }} - vars: - svc: "{{ faas_svc }}" - block: - - name: Import tasks to template the site and functions for the reverse proxy - ansible.builtin.import_tasks: tasks/steps/template-site-config.yml diff --git a/playbooks/roles/faas/vars/main.yml b/playbooks/roles/faas/vars/main.yml deleted file mode 100644 index fce3f0f..0000000 --- a/playbooks/roles/faas/vars/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -faas_svc: - domain: "{{ all_services | service_get_domain(role_name) }}" - docker_host: host.docker.internal - port: 8080 - extra_svcs: - - domain: serguzim.me - faas_function: webpage-serguzim-me - www_domain: true - hsts: true - caddy_extra: | - header /.well-known/* Access-Control-Allow-Origin * - - handle /.well-known/webfinger { - map {query.resource} {user} { - acct:tobias@msrg.cc serguzim - acct:serguzim@msrg.cc serguzim - } - rewrite * /.well-known/webfinger/{user}.json - import faas webpage-msrg-cc - } diff --git a/playbooks/roles/synapse/vars/main.yml b/playbooks/roles/synapse/vars/main.yml index d17e736..f1e62ed 100644 --- a/playbooks/roles/synapse/vars/main.yml +++ b/playbooks/roles/synapse/vars/main.yml @@ -12,8 +12,6 @@ synapse_svc: } extra_svcs: - domain: matrix.serguzim.me:8448 - additional_domains: - - serguzim.me:8448 docker_host: synapse port: 8008 db: diff --git a/services.auto.tfvars b/services.auto.tfvars index 6fb5ad0..ac3252d 100644 --- a/services.auto.tfvars +++ b/services.auto.tfvars @@ -60,32 +60,34 @@ services = { s3 = false }, - "extra_services" = { + "dokku" = { host = "node001" - auth = false - database = false - s3 = false - }, - - "faas" = { - host = "node002" dns = [ { - domain = "faas.serguzim.me" + domain = "paas.serguzim.me" + }, + { + domain = "*.paas.serguzim.me" + name = "dokku-wildcard" + alias = "dokku" }, { domain = "serguzim.me" name = "webpage-serguzim" - alias = "faas" + alias = "dokku" }, { domain = "www.serguzim.me" name = "webpage-serguzim-www" alias = "webpage-serguzim" - } + }, ] + backup = [{ + name = "dokku" + type = "directory" + path = "/var/lib/dokku" + }] monitoring = { - url = "/healthz" group = "7-support" } auth = false @@ -93,6 +95,13 @@ services = { s3 = false }, + "extra_services" = { + host = "node001" + auth = false + database = false + s3 = false + }, + "forgejo" = { host = "node001" dns = [{ @@ -278,7 +287,7 @@ services = { }, "minio" = { - host = "node002" + host = "node001" dns = [ { domain = "s3.serguzim.me" diff --git a/variables.tf b/variables.tf index 89db8ea..fb508e5 100644 --- a/variables.tf +++ b/variables.tf @@ -151,6 +151,7 @@ variable "services" { backup = optional(list(object({ name = string type = string + path = optional(string) }))) monitoring = optional(object({ url = optional(string) diff --git a/visualize.py b/visualize.py index b187341..13b2d5c 100755 --- a/visualize.py +++ b/visualize.py @@ -9,8 +9,8 @@ import hcl2 icon_overrides = { "acme_dns": "lets-encrypt", "backup": "restic", + "dokku": None, "extra_services": None, - "faas": None, "forgejo_runner": "forgejo", "healthcheck": "healthchecks", "lego": "lets-encrypt",