Add faas to ansible

2023-12-10 23:49:02 +01:00 · 2023-12-10 23:49:02 +01:00 · 2a3fe723ab
commit 2a3fe723ab
parent 063b422426
13 changed files with 84 additions and 52 deletions
--- a/.gitignore
+++ b/.gitignore
@ -24,6 +24,7 @@
 /caddy/config/conf.002.d/acme.serguzim.me.conf
 /caddy/config/conf.002.d/analytics.serguzim.me.conf
 /caddy/config/conf.002.d/coder.serguzim.me.conf
+/caddy/config/conf.002.d/faas.serguzim.me.conf
 /caddy/config/conf.002.d/git.serguzim.me.conf
 /caddy/config/conf.002.d/inventory.serguzim.me.conf
 /caddy/config/conf.002.d/media.serguzim.me.conf
--- a/_ansible/local-dev.yml
+++ b/_ansible/local-dev.yml
@ -8,11 +8,18 @@
  hosts: local-dev
  roles:
    - acme-dns
-    - gitea
-    - gitea-runner
+    - coder
+    - faas
+    - forgejo
+    - forgejo-runner
+    - healthcheck
+    - homebox
    - influxdb
+    - jellyfin
+    - tandoor
+    - telegraf
    - umami
+    - uptime-kuma
    - watchtower
+    - webdis
    - wiki-js
-
-    - caddy
--- a/_ansible/node002.yml
+++ b/_ansible/node002.yml
@ -4,6 +4,7 @@
  roles:
    - acme-dns
    - coder
+    - faas
    - forgejo
    - forgejo-runner
    - healthcheck
--- a/_ansible/roles/faas/tasks/main.yml
+++ b/_ansible/roles/faas/tasks/main.yml
@ -0,0 +1,6 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - faas
+  block:
+    - import_tasks: steps/template-site-config.yml
--- a/_ansible/roles/faas/vars/main.yml
+++ b/_ansible/roles/faas/vars/main.yml
@ -0,0 +1,31 @@
+svc:
+  name: faas
+  domain: faas.serguzim.me
+  docker_host: host.docker.internal
+  port: 8080
+  extra_svcs:
+  - domain: link.serguzim.me
+    faas_function: url-mapper
+  - domain: msrg.cc
+    faas_function: webpage-msrg-cc
+    www_domain: true
+    caddy_extra: |
+      header /.well-known/* Access-Control-Allow-Origin *
+
+      handle /.well-known/webfinger {
+          map {query.resource} {user} {
+              acct:tobias@msrg.cc serguzim
+              acct:serguzim@msrg.cc serguzim
+          }
+          rewrite * /.well-known/webfinger/{user}.json
+          import faas webpage-msrg-cc
+      }
+  - domain: serguzim.me
+    faas_function: webpage-serguzim-me
+    www_domain: true
+    hsts: true
+  - domain: team-leon.eu
+    faas_function: webpage-team-leon-eu
+    www_domain: true
+  - domain: xn--sder-5qa.stream
+    faas_function: webpage-soeder-stream
--- a/_ansible/tasks/steps/template-site-config.yml
+++ b/_ansible/tasks/steps/template-site-config.yml
@ -13,4 +13,5 @@
  ansible.builtin.command:
    cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile && caddy reload --config /etc/caddy/Caddyfile"
    chdir: "{{ caddy_path }}"
+  when: "'local-dev' != inventory_hostname"
  changed_when: template_result.changed
--- a/_ansible/templates/caddy_site.conf.j2
+++ b/_ansible/templates/caddy_site.conf.j2
@ -1,8 +1,39 @@
+{%- macro caddy_site_hsts(svc, for_www) -%}
+{%- if svc.hsts|default(false) and (svc.www_domain|default(false) == for_www) -%}
+{{ 'header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"' if svc.hsts|default(false) }}
+{%- endif -%}
+{%- endmacro -%}
+
+{% macro caddy_site(svc) %}
 {%- for domain in svc.additional_domains|default([]) %}
 {{ domain }}, 
 {% endfor -%}
+{{ "www." + svc.domain if svc.www_domain|default(false) else svc.domain }} {
+	import default
+	{{ caddy_site_hsts(svc, false) }}
+
+{{ svc.caddy_extra | indent(width='\t', first=True) if svc.caddy_extra|default(false) }}
+
+	handle {
+{% if svc.faas_function|default(false) %}
+		import faas {{ svc.faas_function }}
+{% else %}
+		reverse_proxy {{ svc.docker_host|default(svc.name) }}:{{ svc.port }}
+{% endif %}
+	}
+}
+
+{% if svc.www_domain|default(false) %}
 {{ svc.domain }} {
 	import default
-{{ svc.caddy_extra | default('') | indent(width='\t', first=True) }}
-	reverse_proxy {{ svc.name }}:{{ svc.port }}
+	{{ caddy_site_hsts(svc, true) }}
+	redir https://www.{{ svc.domain }}{uri}
 }
+{% endif %}
+{% endmacro -%}
+
+{{ caddy_site(svc) }}
+
+{%- for extra_svc in svc.extra_svcs %}
+{{ caddy_site(extra_svc) }}
+{% endfor %}
--- a/caddy/config/conf.002.d/faas.serguzim.me.conf
+++ b/caddy/config/conf.002.d/faas.serguzim.me.conf
@ -1,4 +0,0 @@
-faas.serguzim.me {
-	import default
-	reverse_proxy host.docker.internal:8080
-}
--- a/caddy/config/conf.002.d/link.serguzim.me.conf
+++ b/caddy/config/conf.002.d/link.serguzim.me.conf
@ -1,4 +0,0 @@
-link.serguzim.me {
-	import default
-	import faas url-mapper
-}
--- a/caddy/config/conf.002.d/msrg.cc.conf
+++ b/caddy/config/conf.002.d/msrg.cc.conf
@ -1,17 +0,0 @@
-msrg.cc {
-	import default
-	header /.well-known/* Access-Control-Allow-Origin *
-
-	handle /.well-known/webfinger {
-		map {query.resource} {user} {
-			acct:tobias@msrg.cc serguzim
-			acct:serguzim@msrg.cc serguzim
-		}
-		rewrite * /.well-known/webfinger/{user}.json
-		import faas webpage-msrg-cc
-	}
-
-	handle {
-		import faas webpage-msrg-cc
-	}
-}
--- a/caddy/config/conf.002.d/serguzim.me.conf
+++ b/caddy/config/conf.002.d/serguzim.me.conf
@ -1,9 +0,0 @@
-serguzim.me {
-	header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
-	redir https://www.serguzim.me{uri}
-}
-
-www.serguzim.me {
-	import default
-	import faas webpage-serguzim-me
-}
--- a/caddy/config/conf.002.d/soeder.stream.conf
+++ b/caddy/config/conf.002.d/soeder.stream.conf
@ -1,4 +0,0 @@
-xn--sder-5qa.stream {
-	import default
-	import faas webpage-soeder-stream
-}
--- a/caddy/config/conf.002.d/team-leon.eu.conf
+++ b/caddy/config/conf.002.d/team-leon.eu.conf
@ -1,8 +0,0 @@
-team-leon.eu {
-	redir https://www.team-leon.eu{uri}
-}
-
-www.team-leon.eu {
-	import default
-	import faas webpage-team-leon.eu
-}