Replace openfaas with dokku
This commit is contained in:
parent
7748ecf828
commit
53d9cd1190
10 changed files with 74 additions and 49 deletions
|
@ -68,8 +68,9 @@ D("serguzim.me", REG_OVH, DnsProvider(DSP_OVH),
|
||||||
|
|
||||||
TLSA("_25._tcp.mail", 3, 1, 1, "e66a608a3ec459bda7fb1f2d500b8abeb78f2910f26641204b6bc454b8aa2a49"),
|
TLSA("_25._tcp.mail", 3, 1, 1, "e66a608a3ec459bda7fb1f2d500b8abeb78f2910f26641204b6bc454b8aa2a49"),
|
||||||
|
|
||||||
acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"),
|
|
||||||
acme_challenge("auth", "18a42983-3d19-4c17-8213-fc275a8be721"),
|
acme_challenge("auth", "18a42983-3d19-4c17-8213-fc275a8be721"),
|
||||||
|
acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"),
|
||||||
|
acme_challenge("paas", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
|
||||||
|
|
||||||
verify_amazon_ses(dkim_ses["serguzim.me"]),
|
verify_amazon_ses(dkim_ses["serguzim.me"]),
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
- authentik
|
- authentik
|
||||||
- backup
|
- backup
|
||||||
- caddy
|
- caddy
|
||||||
|
- dokku
|
||||||
- extra_services
|
- extra_services
|
||||||
- faas
|
|
||||||
- forgejo
|
- forgejo
|
||||||
- forgejo_runner
|
- forgejo_runner
|
||||||
- gatus
|
- gatus
|
||||||
|
|
12
playbooks/roles/dokku/tasks/main.yml
Normal file
12
playbooks/roles/dokku/tasks/main.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: Set common facts
|
||||||
|
ansible.builtin.import_tasks: tasks/set-default-facts.yml
|
||||||
|
|
||||||
|
- name: Deploy {{ role_name }}
|
||||||
|
vars:
|
||||||
|
svc: "{{ dokku_svc }}"
|
||||||
|
env: "{{ dokku_env }}"
|
||||||
|
compose: "{{ dokku_compose }}"
|
||||||
|
block:
|
||||||
|
- name: Import tasks to deploy common service
|
||||||
|
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
35
playbooks/roles/dokku/vars/main.yml
Normal file
35
playbooks/roles/dokku/vars/main.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
dokku_svc:
|
||||||
|
domain: "{{ all_services | service_get_domain(role_name) }}"
|
||||||
|
additional_domains:
|
||||||
|
- "*.paas.serguzim.me"
|
||||||
|
caddy_extra: import acmedns
|
||||||
|
docker_host: host.docker.internal
|
||||||
|
port: 3080
|
||||||
|
extra_svcs:
|
||||||
|
- domain: serguzim.me
|
||||||
|
www_domain: true
|
||||||
|
hsts: true
|
||||||
|
docker_host: host.docker.internal
|
||||||
|
port: 3080
|
||||||
|
|
||||||
|
|
||||||
|
dokku_env:
|
||||||
|
DOKKU_HOSTNAME: "{{ dokku_svc.domain }}"
|
||||||
|
DOKKU_HOST_ROOT: /var/lib/dokku/home/dokku
|
||||||
|
DOKKU_LIB_HOST_ROOT: /var/lib/dokku/var/lib/dokku
|
||||||
|
|
||||||
|
dokku_compose:
|
||||||
|
watchtower: false
|
||||||
|
network: false
|
||||||
|
image: dokku/dokku:0.35.8
|
||||||
|
volumes:
|
||||||
|
- "/var/lib/dokku:/mnt/dokku"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
file:
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
network_mode: bridge
|
||||||
|
ports:
|
||||||
|
- "3022:22"
|
||||||
|
- "3080:80"
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
- name: Set common facts
|
|
||||||
ansible.builtin.import_tasks: tasks/set-default-facts.yml
|
|
||||||
|
|
||||||
- name: Deploy {{ role_name }}
|
|
||||||
vars:
|
|
||||||
svc: "{{ faas_svc }}"
|
|
||||||
block:
|
|
||||||
- name: Import tasks to template the site and functions for the reverse proxy
|
|
||||||
ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
|
|
|
@ -1,21 +0,0 @@
|
||||||
---
|
|
||||||
faas_svc:
|
|
||||||
domain: "{{ all_services | service_get_domain(role_name) }}"
|
|
||||||
docker_host: host.docker.internal
|
|
||||||
port: 8080
|
|
||||||
extra_svcs:
|
|
||||||
- domain: serguzim.me
|
|
||||||
faas_function: webpage-serguzim-me
|
|
||||||
www_domain: true
|
|
||||||
hsts: true
|
|
||||||
caddy_extra: |
|
|
||||||
header /.well-known/* Access-Control-Allow-Origin *
|
|
||||||
|
|
||||||
handle /.well-known/webfinger {
|
|
||||||
map {query.resource} {user} {
|
|
||||||
acct:tobias@msrg.cc serguzim
|
|
||||||
acct:serguzim@msrg.cc serguzim
|
|
||||||
}
|
|
||||||
rewrite * /.well-known/webfinger/{user}.json
|
|
||||||
import faas webpage-msrg-cc
|
|
||||||
}
|
|
|
@ -12,8 +12,6 @@ synapse_svc:
|
||||||
}
|
}
|
||||||
extra_svcs:
|
extra_svcs:
|
||||||
- domain: matrix.serguzim.me:8448
|
- domain: matrix.serguzim.me:8448
|
||||||
additional_domains:
|
|
||||||
- serguzim.me:8448
|
|
||||||
docker_host: synapse
|
docker_host: synapse
|
||||||
port: 8008
|
port: 8008
|
||||||
db:
|
db:
|
||||||
|
|
|
@ -60,32 +60,34 @@ services = {
|
||||||
s3 = false
|
s3 = false
|
||||||
},
|
},
|
||||||
|
|
||||||
"extra_services" = {
|
"dokku" = {
|
||||||
host = "node001"
|
host = "node001"
|
||||||
auth = false
|
|
||||||
database = false
|
|
||||||
s3 = false
|
|
||||||
},
|
|
||||||
|
|
||||||
"faas" = {
|
|
||||||
host = "node002"
|
|
||||||
dns = [
|
dns = [
|
||||||
{
|
{
|
||||||
domain = "faas.serguzim.me"
|
domain = "paas.serguzim.me"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
domain = "*.paas.serguzim.me"
|
||||||
|
name = "dokku-wildcard"
|
||||||
|
alias = "dokku"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
domain = "serguzim.me"
|
domain = "serguzim.me"
|
||||||
name = "webpage-serguzim"
|
name = "webpage-serguzim"
|
||||||
alias = "faas"
|
alias = "dokku"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
domain = "www.serguzim.me"
|
domain = "www.serguzim.me"
|
||||||
name = "webpage-serguzim-www"
|
name = "webpage-serguzim-www"
|
||||||
alias = "webpage-serguzim"
|
alias = "webpage-serguzim"
|
||||||
}
|
},
|
||||||
]
|
]
|
||||||
|
backup = [{
|
||||||
|
name = "dokku"
|
||||||
|
type = "directory"
|
||||||
|
path = "/var/lib/dokku"
|
||||||
|
}]
|
||||||
monitoring = {
|
monitoring = {
|
||||||
url = "/healthz"
|
|
||||||
group = "7-support"
|
group = "7-support"
|
||||||
}
|
}
|
||||||
auth = false
|
auth = false
|
||||||
|
@ -93,6 +95,13 @@ services = {
|
||||||
s3 = false
|
s3 = false
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"extra_services" = {
|
||||||
|
host = "node001"
|
||||||
|
auth = false
|
||||||
|
database = false
|
||||||
|
s3 = false
|
||||||
|
},
|
||||||
|
|
||||||
"forgejo" = {
|
"forgejo" = {
|
||||||
host = "node001"
|
host = "node001"
|
||||||
dns = [{
|
dns = [{
|
||||||
|
@ -278,7 +287,7 @@ services = {
|
||||||
},
|
},
|
||||||
|
|
||||||
"minio" = {
|
"minio" = {
|
||||||
host = "node002"
|
host = "node001"
|
||||||
dns = [
|
dns = [
|
||||||
{
|
{
|
||||||
domain = "s3.serguzim.me"
|
domain = "s3.serguzim.me"
|
||||||
|
|
|
@ -151,6 +151,7 @@ variable "services" {
|
||||||
backup = optional(list(object({
|
backup = optional(list(object({
|
||||||
name = string
|
name = string
|
||||||
type = string
|
type = string
|
||||||
|
path = optional(string)
|
||||||
})))
|
})))
|
||||||
monitoring = optional(object({
|
monitoring = optional(object({
|
||||||
url = optional(string)
|
url = optional(string)
|
||||||
|
|
|
@ -9,8 +9,8 @@ import hcl2
|
||||||
icon_overrides = {
|
icon_overrides = {
|
||||||
"acme_dns": "lets-encrypt",
|
"acme_dns": "lets-encrypt",
|
||||||
"backup": "restic",
|
"backup": "restic",
|
||||||
|
"dokku": None,
|
||||||
"extra_services": None,
|
"extra_services": None,
|
||||||
"faas": None,
|
|
||||||
"forgejo_runner": "forgejo",
|
"forgejo_runner": "forgejo",
|
||||||
"healthcheck": "healthchecks",
|
"healthcheck": "healthchecks",
|
||||||
"lego": "lets-encrypt",
|
"lego": "lets-encrypt",
|
||||||
|
|
Loading…
Reference in a new issue