diff --git a/dnsconfig.js b/dnsconfig.js
index e7df78c..e28c2a5 100644
--- a/dnsconfig.js
+++ b/dnsconfig.js
@@ -68,8 +68,9 @@ D("serguzim.me", REG_OVH, DnsProvider(DSP_OVH),
TLSA("_25._tcp.mail", 3, 1, 1, "e66a608a3ec459bda7fb1f2d500b8abeb78f2910f26641204b6bc454b8aa2a49"),
- acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"),
acme_challenge("auth", "18a42983-3d19-4c17-8213-fc275a8be721"),
+ acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"),
+ acme_challenge("paas", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
verify_amazon_ses(dkim_ses["serguzim.me"]),
diff --git a/playbooks/for-ansible-lint.yml b/playbooks/for-ansible-lint.yml
index ec44b2b..1a84708 100644
--- a/playbooks/for-ansible-lint.yml
+++ b/playbooks/for-ansible-lint.yml
@@ -9,8 +9,8 @@
- authentik
- backup
- caddy
+ - dokku
- extra_services
- - faas
- forgejo
- forgejo_runner
- gatus
diff --git a/playbooks/roles/dokku/tasks/main.yml b/playbooks/roles/dokku/tasks/main.yml
new file mode 100644
index 0000000..dfc5337
--- /dev/null
+++ b/playbooks/roles/dokku/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Set common facts
+ ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+ vars:
+ svc: "{{ dokku_svc }}"
+ env: "{{ dokku_env }}"
+ compose: "{{ dokku_compose }}"
+ block:
+ - name: Import tasks to deploy common service
+ ansible.builtin.import_tasks: tasks/deploy-common-service.yml
diff --git a/playbooks/roles/dokku/vars/main.yml b/playbooks/roles/dokku/vars/main.yml
new file mode 100644
index 0000000..1c3d999
--- /dev/null
+++ b/playbooks/roles/dokku/vars/main.yml
@@ -0,0 +1,35 @@
+---
+dokku_svc:
+ domain: "{{ all_services | service_get_domain(role_name) }}"
+ additional_domains:
+ - "*.paas.serguzim.me"
+ caddy_extra: import acmedns
+ docker_host: host.docker.internal
+ port: 3080
+ extra_svcs:
+ - domain: serguzim.me
+ www_domain: true
+ hsts: true
+ docker_host: host.docker.internal
+ port: 3080
+
+
+dokku_env:
+ DOKKU_HOSTNAME: "{{ dokku_svc.domain }}"
+ DOKKU_HOST_ROOT: /var/lib/dokku/home/dokku
+ DOKKU_LIB_HOST_ROOT: /var/lib/dokku/var/lib/dokku
+
+dokku_compose:
+ watchtower: false
+ network: false
+ image: dokku/dokku:0.35.8
+ volumes:
+ - "/var/lib/dokku:/mnt/dokku"
+ - "/var/run/docker.sock:/var/run/docker.sock"
+ file:
+ services:
+ app:
+ network_mode: bridge
+ ports:
+ - "3022:22"
+ - "3080:80"
diff --git a/playbooks/roles/faas/tasks/main.yml b/playbooks/roles/faas/tasks/main.yml
deleted file mode 100644
index 85e7c33..0000000
--- a/playbooks/roles/faas/tasks/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-- name: Set common facts
- ansible.builtin.import_tasks: tasks/set-default-facts.yml
-
-- name: Deploy {{ role_name }}
- vars:
- svc: "{{ faas_svc }}"
- block:
- - name: Import tasks to template the site and functions for the reverse proxy
- ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
diff --git a/playbooks/roles/faas/vars/main.yml b/playbooks/roles/faas/vars/main.yml
deleted file mode 100644
index fce3f0f..0000000
--- a/playbooks/roles/faas/vars/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-faas_svc:
- domain: "{{ all_services | service_get_domain(role_name) }}"
- docker_host: host.docker.internal
- port: 8080
- extra_svcs:
- - domain: serguzim.me
- faas_function: webpage-serguzim-me
- www_domain: true
- hsts: true
- caddy_extra: |
- header /.well-known/* Access-Control-Allow-Origin *
-
- handle /.well-known/webfinger {
- map {query.resource} {user} {
- acct:tobias@msrg.cc serguzim
- acct:serguzim@msrg.cc serguzim
- }
- rewrite * /.well-known/webfinger/{user}.json
- import faas webpage-msrg-cc
- }
diff --git a/playbooks/roles/synapse/vars/main.yml b/playbooks/roles/synapse/vars/main.yml
index d17e736..f1e62ed 100644
--- a/playbooks/roles/synapse/vars/main.yml
+++ b/playbooks/roles/synapse/vars/main.yml
@@ -12,8 +12,6 @@ synapse_svc:
}
extra_svcs:
- domain: matrix.serguzim.me:8448
- additional_domains:
- - serguzim.me:8448
docker_host: synapse
port: 8008
db:
diff --git a/services.auto.tfvars b/services.auto.tfvars
index 6fb5ad0..ac3252d 100644
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@@ -60,32 +60,34 @@ services = {
s3 = false
},
- "extra_services" = {
+ "dokku" = {
host = "node001"
- auth = false
- database = false
- s3 = false
- },
-
- "faas" = {
- host = "node002"
dns = [
{
- domain = "faas.serguzim.me"
+ domain = "paas.serguzim.me"
+ },
+ {
+ domain = "*.paas.serguzim.me"
+ name = "dokku-wildcard"
+ alias = "dokku"
},
{
domain = "serguzim.me"
name = "webpage-serguzim"
- alias = "faas"
+ alias = "dokku"
},
{
domain = "www.serguzim.me"
name = "webpage-serguzim-www"
alias = "webpage-serguzim"
- }
+ },
]
+ backup = [{
+ name = "dokku"
+ type = "directory"
+ path = "/var/lib/dokku"
+ }]
monitoring = {
- url = "/healthz"
group = "7-support"
}
auth = false
@@ -93,6 +95,13 @@ services = {
s3 = false
},
+ "extra_services" = {
+ host = "node001"
+ auth = false
+ database = false
+ s3 = false
+ },
+
"forgejo" = {
host = "node001"
dns = [{
@@ -278,7 +287,7 @@ services = {
},
"minio" = {
- host = "node002"
+ host = "node001"
dns = [
{
domain = "s3.serguzim.me"
diff --git a/variables.tf b/variables.tf
index 89db8ea..fb508e5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -151,6 +151,7 @@ variable "services" {
backup = optional(list(object({
name = string
type = string
+ path = optional(string)
})))
monitoring = optional(object({
url = optional(string)
diff --git a/visualize.py b/visualize.py
index b187341..13b2d5c 100755
--- a/visualize.py
+++ b/visualize.py
@@ -9,8 +9,8 @@ import hcl2
icon_overrides = {
"acme_dns": "lets-encrypt",
"backup": "restic",
+ "dokku": None,
"extra_services": None,
- "faas": None,
"forgejo_runner": "forgejo",
"healthcheck": "healthchecks",
"lego": "lets-encrypt",