Add faas to ansible

.gitignore

@@ -24,6 +24,7 @@
 /caddy/config/conf.002.d/acme.serguzim.me.conf
 /caddy/config/conf.002.d/analytics.serguzim.me.conf
 /caddy/config/conf.002.d/coder.serguzim.me.conf
+/caddy/config/conf.002.d/faas.serguzim.me.conf
 /caddy/config/conf.002.d/git.serguzim.me.conf
 /caddy/config/conf.002.d/inventory.serguzim.me.conf
 /caddy/config/conf.002.d/media.serguzim.me.conf

_ansible/local-dev.yml

@@ -8,11 +8,18 @@
   hosts: local-dev
   roles:
     - acme-dns
-    - gitea
+    - coder
-    - gitea-runner
+    - faas
+    - forgejo
+    - forgejo-runner
+    - healthcheck
+    - homebox
     - influxdb
+    - jellyfin
+    - tandoor
+    - telegraf
     - umami
+    - uptime-kuma
     - watchtower
+    - webdis
     - wiki-js
-
-    - caddy

_ansible/node002.yml

@@ -4,6 +4,7 @@
   roles:
     - acme-dns
     - coder
+    - faas
     - forgejo
     - forgejo-runner
     - healthcheck

_ansible/roles/faas/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - faas
+  block:
+    - import_tasks: steps/template-site-config.yml

_ansible/roles/faas/vars/main.yml

@@ -0,0 +1,31 @@
+svc:
+  name: faas
+  domain: faas.serguzim.me
+  docker_host: host.docker.internal
+  port: 8080
+  extra_svcs:
+  - domain: link.serguzim.me
+    faas_function: url-mapper
+  - domain: msrg.cc
+    faas_function: webpage-msrg-cc
+    www_domain: true
+    caddy_extra: |
+      header /.well-known/* Access-Control-Allow-Origin *
+
+      handle /.well-known/webfinger {
+          map {query.resource} {user} {
+              acct:tobias@msrg.cc serguzim
+              acct:serguzim@msrg.cc serguzim
+          }
+          rewrite * /.well-known/webfinger/{user}.json
+          import faas webpage-msrg-cc
+      }
+  - domain: serguzim.me
+    faas_function: webpage-serguzim-me
+    www_domain: true
+    hsts: true
+  - domain: team-leon.eu
+    faas_function: webpage-team-leon-eu
+    www_domain: true
+  - domain: xn--sder-5qa.stream
+    faas_function: webpage-soeder-stream

_ansible/tasks/steps/template-site-config.yml

@@ -13,4 +13,5 @@
   ansible.builtin.command:
     cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile && caddy reload --config /etc/caddy/Caddyfile"
     chdir: "{{ caddy_path }}"
+  when: "'local-dev' != inventory_hostname"
   changed_when: template_result.changed

_ansible/templates/caddy_site.conf.j2

@@ -1,8 +1,39 @@
+{%- macro caddy_site_hsts(svc, for_www) -%}
+{%- if svc.hsts|default(false) and (svc.www_domain|default(false) == for_www) -%}
+{{ 'header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"' if svc.hsts|default(false) }}
+{%- endif -%}
+{%- endmacro -%}
+
+{% macro caddy_site(svc) %}
 {%- for domain in svc.additional_domains|default([]) %}
 {{ domain }}, 
 {% endfor -%}
+{{ "www." + svc.domain if svc.www_domain|default(false) else svc.domain }} {
+	import default
+	{{ caddy_site_hsts(svc, false) }}
+
+{{ svc.caddy_extra | indent(width='\t', first=True) if svc.caddy_extra|default(false) }}
+
+	handle {
+{% if svc.faas_function|default(false) %}
+		import faas {{ svc.faas_function }}
+{% else %}
+		reverse_proxy {{ svc.docker_host|default(svc.name) }}:{{ svc.port }}
+{% endif %}
+	}
+}
+
+{% if svc.www_domain|default(false) %}
 {{ svc.domain }} {
 	import default
-{{ svc.caddy_extra | default('') | indent(width='\t', first=True) }}
+	{{ caddy_site_hsts(svc, true) }}
-	reverse_proxy {{ svc.name }}:{{ svc.port }}
+	redir https://www.{{ svc.domain }}{uri}
 }
+{% endif %}
+{% endmacro -%}
+
+{{ caddy_site(svc) }}
+
+{%- for extra_svc in svc.extra_svcs %}
+{{ caddy_site(extra_svc) }}
+{% endfor %}

caddy/config/conf.002.d/faas.serguzim.me.conf

@@ -1,4 +0,0 @@
-faas.serguzim.me {
-	import default
-	reverse_proxy host.docker.internal:8080
-}

caddy/config/conf.002.d/link.serguzim.me.conf

@@ -1,4 +0,0 @@
-link.serguzim.me {
-	import default
-	import faas url-mapper
-}

caddy/config/conf.002.d/msrg.cc.conf

@@ -1,17 +0,0 @@
-msrg.cc {
-	import default
-	header /.well-known/* Access-Control-Allow-Origin *
-
-	handle /.well-known/webfinger {
-		map {query.resource} {user} {
-			acct:tobias@msrg.cc serguzim
-			acct:serguzim@msrg.cc serguzim
-		}
-		rewrite * /.well-known/webfinger/{user}.json
-		import faas webpage-msrg-cc
-	}
-
-	handle {
-		import faas webpage-msrg-cc
-	}
-}

caddy/config/conf.002.d/serguzim.me.conf

@@ -1,9 +0,0 @@
-serguzim.me {
-	header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
-	redir https://www.serguzim.me{uri}
-}
-
-www.serguzim.me {
-	import default
-	import faas webpage-serguzim-me
-}

caddy/config/conf.002.d/soeder.stream.conf

@@ -1,4 +0,0 @@
-xn--sder-5qa.stream {
-	import default
-	import faas webpage-soeder-stream
-}

caddy/config/conf.002.d/team-leon.eu.conf

@@ -1,8 +0,0 @@
-team-leon.eu {
-	redir https://www.team-leon.eu{uri}
-}
-
-www.team-leon.eu {
-	import default
-	import faas webpage-team-leon.eu
-}