Add tandoor to ansible

2023-12-09 17:35:28 +01:00 · 2023-12-09 17:35:28 +01:00 · e0933af438
commit e0933af438
parent dc24b5798c
8 changed files with 76 additions and 209 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,6 +15,7 @@ diagram_assets/
 /homebox/
 /influxdb/
 /jellyfin/
+/tandoor/
 /telegraf/
 /umami/
 /uptime-kuma/
@ -28,7 +29,8 @@ diagram_assets/
 /caddy/config/conf.002.d/git.serguzim.me.conf
 /caddy/config/conf.002.d/inventory.serguzim.me.conf
 /caddy/config/conf.002.d/media.serguzim.me.conf
-/caddy/config/conf.002.d/tick.serguzim.me.conf
+/caddy/config/conf.002.d/recipes.serguzim.me.conf
 /caddy/config/conf.002.d/status.serguzim.me.conf
+/caddy/config/conf.002.d/tick.serguzim.me.conf
 /caddy/config/conf.002.d/webdis.huck.serguzim.me.conf
 /caddy/config/conf.002.d/wiki.serguzim.me.conf
--- a/_ansible/inventory/group_vars/all/main.yml
+++ b/_ansible/inventory/group_vars/all/main.yml
@ -1,4 +1,5 @@
 admin_email: tobias@msrg.cc
+timezone: Europe/Berlin

 postgres:
  host: db.serguzim.me
--- a/_ansible/node002.yml
+++ b/_ansible/node002.yml
@ -9,6 +9,7 @@
    - homebox
    - influxdb
    - jellyfin
+    - tandoor
    - telegraf
    - umami
    - uptime-kuma
--- a/_ansible/roles/tandoor/tasks/main.yml
+++ b/_ansible/roles/tandoor/tasks/main.yml
@ -0,0 +1,7 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - tandoor
+    - recipies
+  block:
+    - import_tasks: deploy-common-service.yml
--- a/_ansible/roles/tandoor/vars/main.yml
+++ b/_ansible/roles/tandoor/vars/main.yml
@ -0,0 +1,64 @@
+svc:
+  domain: "recipes.serguzim.me"
+  name: tandoor
+  port: 80
+  db:
+    host: "{{ postgres.host }}"
+    port: "{{ postgres.port }}"
+    database: tandoor
+    user: "{{ vault_tandoor.db.user }}"
+    pass: "{{ vault_tandoor.db.pass }}"
+
+svc_env:
+  DEBUG: 0
+  SQL_DEBUG: 0
+
+  ALLOWED_HOSTS: recipes.serguzim.me
+  SECRET_KEY: 
+  TIMEZONE: "{{ timezone }}"
+
+  DB_ENGINE: django.db.backends.postgresql
+  DB_OPTIONS: "{\"sslmode\": \"require\"}"
+  POSTGRES_HOST: "{{ svc.db.host }}"
+  POSTGRES_PORT: "{{ svc.db.port }}"
+  POSTGRES_DB: "{{ svc.db.database }}"
+  POSTGRES_USER: "{{ svc.db.user }}"
+  POSTGRES_PASSWORD: "{{ svc.db.pass }}"
+
+  SHOPPING_MIN_AUTOSYNC_INTERVAL: 5
+
+  ENABLE_SIGNUP: 0
+  ENABLE_METRICS: 1
+  ENABLE_PDF_EXPORT: 1
+
+  SOCIAL_DEFAULT_ACCESS: 1
+  SOCIAL_DEFAULT_GROUP: guest
+
+compose:
+  watchtower: true
+  image: nginx:mainline-alpine
+  env: true
+  volumes:
+    - nginx_config:/etc/nginx/conf.d:ro
+    - staticfiles:/static
+    - mediafiles:/media
+  file:
+    services:
+      web_recipes:
+        image: vabene1111/recipes
+        restart: always
+        labels:
+          com.centurylinklabs.watchtower.enable: true
+        env_file:
+          - service.env
+        volumes:
+          - staticfiles:/opt/recipes/staticfiles
+          - nginx_config:/opt/recipes/nginx/conf.d
+          - mediafiles:/opt/recipes/mediafiles
+        networks:
+          local-net:
+    volumes:
+      nginx_config:
+      staticfiles:
+      mediafiles:
+
--- a/caddy/config/conf.002.d/recipes.serguzim.me.conf
+++ b/caddy/config/conf.002.d/recipes.serguzim.me.conf
@ -1,4 +0,0 @@
-recipes.serguzim.me {
-	import default
-	reverse_proxy tandoor:80
-}
--- a/tandoor/.env
+++ b/tandoor/.env
@ -1,158 +0,0 @@
-# only set this to true when testing/debugging
-# when unset: 1 (true) - dont unset this, just for development
-DEBUG=0
-SQL_DEBUG=0
-
-# HTTP port to bind to
-# TANDOOR_PORT=8080
-
-# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,...
-ALLOWED_HOSTS=recipes.serguzim.me
-
-# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
-SECRET_KEY=
-
-# your default timezone See https://timezonedb.com/time-zones for a list of timezones
-TIMEZONE=Europe/Berlin
-
-# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
-DB_ENGINE=django.db.backends.postgresql
-# DB_OPTIONS= {} # e.g. {"sslmode":"require"} to enable ssl
-POSTGRES_HOST=db.serguzim.me
-POSTGRES_PORT=5432
-POSTGRES_USER=tandoor
-POSTGRES_PASSWORD=
-POSTGRES_DB=tandoor
-
-# database connection string, when used overrides other database settings.
-# format might vary depending on backend
-# DATABASE_URL=engine://username:password@host:port/dbname
-
-# the default value for the user preference 'fractions' (enable/disable fraction support)
-# default: disabled=0
-FRACTION_PREF_DEFAULT=0
-
-# the default value for the user preference 'comments' (enable/disable commenting system)
-# default comments enabled=1
-COMMENT_PREF_DEFAULT=1
-
-# Users can set a amount of time after which the shopping list is refreshed when they are in viewing mode
-# This is the minimum interval users can set. Setting this to low will allow users to refresh very frequently which
-# might cause high load on the server. (Technically they can obviously refresh as often as they want with their own scripts)
-SHOPPING_MIN_AUTOSYNC_INTERVAL=5
-
-# Default for user setting sticky navbar
-# STICKY_NAV_PREF_DEFAULT=1
-
-# If base URL is something other than just / (you are serving a subfolder in your proxy for instance http://recipe_app/recipes/)
-# Be sure to not have a trailing slash: e.g. '/recipes' instead of '/recipes/'
-# SCRIPT_NAME=/recipes
-
-# If staticfiles are stored at a different location uncomment and change accordingly, MUST END IN /
-# this is not required if you are just using a subfolder
-# This can either be a relative path from the applications base path or the url of an external host
-# STATIC_URL=/static/
-
-# If mediafiles are stored at a different location uncomment and change accordingly, MUST END IN /
-# this is not required if you are just using a subfolder
-# This can either be a relative path from the applications base path or the url of an external host
-# MEDIA_URL=/media/
-
-# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples
-# provided that include an additional nxginx container to handle media file serving.
-# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method.
-# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate
-GUNICORN_MEDIA=0
-
-# S3 Media settings: store mediafiles in s3 or any compatible storage backend (e.g. minio)
-# as long as S3_ACCESS_KEY is not set S3 features are disabled
-# S3_ACCESS_KEY=
-# S3_SECRET_ACCESS_KEY=
-# S3_BUCKET_NAME=
-# S3_REGION_NAME= # default none, set your region might be required
-# S3_QUERYSTRING_AUTH=1 # default true, set to 0 to serve media from a public bucket without signed urls
-# S3_QUERYSTRING_EXPIRE=3600 # number of seconds querystring are valid for
-# S3_ENDPOINT_URL= # when using a custom endpoint like minio
-
-# Email Settings, see https://docs.djangoproject.com/en/3.2/ref/settings/#email-host
-# Required for email confirmation and password reset (automatically activates if host is set)
-# EMAIL_HOST=
-# EMAIL_PORT=
-# EMAIL_HOST_USER=
-# EMAIL_HOST_PASSWORD=
-# EMAIL_USE_TLS=0
-# EMAIL_USE_SSL=0
-# DEFAULT_FROM_EMAIL= # email sender address (default 'webmaster@localhost')
-# ACCOUNT_EMAIL_SUBJECT_PREFIX= # prefix used for account related emails (default "[Tandoor Recipes] ")
-
-# allow authentication via reverse proxy (e.g. authelia), leave off if you dont know what you are doing
-# see docs for more information https://vabene1111.github.io/recipes/features/authentication/
-# when unset: 0 (false)
-REVERSE_PROXY_AUTH=0
-
-# Default settings for spaces, apply per space and can be changed in the admin view
-# SPACE_DEFAULT_MAX_RECIPES=0 # 0=unlimited recipes
-# SPACE_DEFAULT_MAX_USERS=0 # 0=unlimited users per space
-# SPACE_DEFAULT_MAX_FILES=0 # Maximum file storage for space in MB. 0 for unlimited, -1 to disable file upload.
-# SPACE_DEFAULT_ALLOW_SHARING=1 # Allow users to share recipes with public links
-
-# allow people to create accounts on your application instance (without an invite link)
-# when unset: 0 (false)
-# ENABLE_SIGNUP=0
-
-# If signup is enabled you might want to add a captcha to it to prevent spam
-# HCAPTCHA_SITEKEY=
-# HCAPTCHA_SECRET=
-
-# if signup is enabled you might want to provide urls to data protection policies or terms and conditions
-# TERMS_URL=
-# PRIVACY_URL=
-# IMPRINT_URL=
-
-# enable serving of prometheus metrics under the /metrics path
-# ATTENTION: view is not secured (as per the prometheus default way) so make sure to secure it
-# trough your web server (or leave it open of you dont care if the stats are exposed)
-ENABLE_METRICS=1
-
-# allows you to setup OAuth providers
-# see docs for more information https://vabene1111.github.io/recipes/features/authentication/
-#SOCIAL_PROVIDERS=allauth.socialaccount.providers.openid
-
-#SOCIALACCOUNT_PROVIDERS="{'openid': {'SERVERS': [{'id': 'auth.serguzim.me', 'name': 'auth.serguzim.me', 'openid_url': 'https://auth.serguzim.me/application/o/recipes_serguzim_me/'},]}}"
-
-# Should a newly created user from a social provider get assigned to the default space and given permission by default ?
-# ATTENTION: This feature might be deprecated in favor of a space join and public viewing system in the future
-# default 0 (false), when 1 (true) users will be assigned space and group
-SOCIAL_DEFAULT_ACCESS=1
-
-# if SOCIAL_DEFAULT_ACCESS is used, which group should be added
-SOCIAL_DEFAULT_GROUP=guest
-
-# Django session cookie settings. Can be changed to allow a single django application to authenticate several applications
-# when running under the same database
-# SESSION_COOKIE_DOMAIN=.serguzim.me
-# SESSION_COOKIE_NAME=sessionid # use this only to not interfere with non unified django applications under the same top level domain
-
-# by default SORT_TREE_BY_NAME is disabled this will store all Keywords and Food in the order they are created
-# enabling this setting makes saving new keywords and foods very slow, which doesn't matter in most usecases.
-# however, when doing large imports of recipes that will create new objects, can increase total run time by 10-15x
-# Keywords and Food can be manually sorted by name in Admin
-# This value can also be temporarily changed in Admin, it will revert the next time the application is started
-# This will be fixed/changed in the future by changing the implementation or finding a better workaround for sorting
-# SORT_TREE_BY_NAME=0
-# LDAP authentication
-# default 0 (false), when 1 (true) list of allowed users will be fetched from LDAP server
-#LDAP_AUTH=
-#AUTH_LDAP_SERVER_URI=
-#AUTH_LDAP_BIND_DN=
-#AUTH_LDAP_BIND_PASSWORD=
-#AUTH_LDAP_USER_SEARCH_BASE_DN=
-#AUTH_LDAP_TLS_CACERTFILE=
-
-# Enables exporting PDF (see export docs)
-# Disabled by default, uncomment to enable
-# ENABLE_PDF_EXPORT=1
-
-# Recipe exports are cached for a certain time by default, adjust time if needed
-# EXPORT_FILE_CACHE_DURATION=600
-
--- a/tandoor/docker-compose.yml
+++ b/tandoor/docker-compose.yml
@ -1,46 +0,0 @@
-version: "3"
-services:
-  web_recipes:
-    image: vabene1111/recipes
-    restart: always
-    labels:
-      com.centurylinklabs.watchtower.enable: true
-    env_file:
-      - .env
-      - .secret.env
-    volumes:
-      - staticfiles:/opt/recipes/staticfiles
-      - nginx_config:/opt/recipes/nginx/conf.d
-      - mediafiles:/opt/recipes/mediafiles
-    networks:
-      tandoor:
-
-  nginx_recipes:
-    image: nginx:mainline-alpine
-    restart: always
-    labels:
-      com.centurylinklabs.watchtower.enable: true
-    env_file:
-      - .env
-      - .secret.env
-    depends_on:
-      - web_recipes
-    volumes:
-      - nginx_config:/etc/nginx/conf.d:ro
-      - staticfiles:/static
-      - mediafiles:/media
-    networks:
-      tandoor:
-      apps:
-        aliases:
-          - tandoor
-
-volumes:
-  nginx_config:
-  staticfiles:
-  mediafiles:
-
-networks:
-  tandoor:
-  apps:
-    external: true