diff --git a/.gitignore b/.gitignore index df375e6..8ef34d1 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,7 @@ diagram_assets/ /homebox/ /influxdb/ /jellyfin/ +/tandoor/ /telegraf/ /umami/ /uptime-kuma/ @@ -28,7 +29,8 @@ diagram_assets/ /caddy/config/conf.002.d/git.serguzim.me.conf /caddy/config/conf.002.d/inventory.serguzim.me.conf /caddy/config/conf.002.d/media.serguzim.me.conf -/caddy/config/conf.002.d/tick.serguzim.me.conf +/caddy/config/conf.002.d/recipes.serguzim.me.conf /caddy/config/conf.002.d/status.serguzim.me.conf +/caddy/config/conf.002.d/tick.serguzim.me.conf /caddy/config/conf.002.d/webdis.huck.serguzim.me.conf /caddy/config/conf.002.d/wiki.serguzim.me.conf diff --git a/_ansible/inventory/group_vars/all/main.yml b/_ansible/inventory/group_vars/all/main.yml index 6189e24..1dc45ad 100644 --- a/_ansible/inventory/group_vars/all/main.yml +++ b/_ansible/inventory/group_vars/all/main.yml @@ -1,4 +1,5 @@ admin_email: tobias@msrg.cc +timezone: Europe/Berlin postgres: host: db.serguzim.me diff --git a/_ansible/node002.yml b/_ansible/node002.yml index be89bf5..e77ae33 100644 --- a/_ansible/node002.yml +++ b/_ansible/node002.yml @@ -9,6 +9,7 @@ - homebox - influxdb - jellyfin + - tandoor - telegraf - umami - uptime-kuma diff --git a/_ansible/roles/tandoor/tasks/main.yml b/_ansible/roles/tandoor/tasks/main.yml new file mode 100644 index 0000000..ebe514f --- /dev/null +++ b/_ansible/roles/tandoor/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: Deploy {{ svc.name }} + tags: + - tandoor + - recipies + block: + - import_tasks: deploy-common-service.yml diff --git a/_ansible/roles/tandoor/vars/main.yml b/_ansible/roles/tandoor/vars/main.yml new file mode 100644 index 0000000..5bf549d --- /dev/null +++ b/_ansible/roles/tandoor/vars/main.yml @@ -0,0 +1,64 @@ +svc: + domain: "recipes.serguzim.me" + name: tandoor + port: 80 + db: + host: "{{ postgres.host }}" + port: "{{ postgres.port }}" + database: tandoor + user: "{{ vault_tandoor.db.user }}" + pass: "{{ vault_tandoor.db.pass }}" + +svc_env: + DEBUG: 0 + SQL_DEBUG: 0 + + ALLOWED_HOSTS: recipes.serguzim.me + SECRET_KEY: + TIMEZONE: "{{ timezone }}" + + DB_ENGINE: django.db.backends.postgresql + DB_OPTIONS: "{\"sslmode\": \"require\"}" + POSTGRES_HOST: "{{ svc.db.host }}" + POSTGRES_PORT: "{{ svc.db.port }}" + POSTGRES_DB: "{{ svc.db.database }}" + POSTGRES_USER: "{{ svc.db.user }}" + POSTGRES_PASSWORD: "{{ svc.db.pass }}" + + SHOPPING_MIN_AUTOSYNC_INTERVAL: 5 + + ENABLE_SIGNUP: 0 + ENABLE_METRICS: 1 + ENABLE_PDF_EXPORT: 1 + + SOCIAL_DEFAULT_ACCESS: 1 + SOCIAL_DEFAULT_GROUP: guest + +compose: + watchtower: true + image: nginx:mainline-alpine + env: true + volumes: + - nginx_config:/etc/nginx/conf.d:ro + - staticfiles:/static + - mediafiles:/media + file: + services: + web_recipes: + image: vabene1111/recipes + restart: always + labels: + com.centurylinklabs.watchtower.enable: true + env_file: + - service.env + volumes: + - staticfiles:/opt/recipes/staticfiles + - nginx_config:/opt/recipes/nginx/conf.d + - mediafiles:/opt/recipes/mediafiles + networks: + local-net: + volumes: + nginx_config: + staticfiles: + mediafiles: + diff --git a/caddy/config/conf.002.d/recipes.serguzim.me.conf b/caddy/config/conf.002.d/recipes.serguzim.me.conf deleted file mode 100644 index aa75aae..0000000 --- a/caddy/config/conf.002.d/recipes.serguzim.me.conf +++ /dev/null @@ -1,4 +0,0 @@ -recipes.serguzim.me { - import default - reverse_proxy tandoor:80 -} diff --git a/tandoor/.env b/tandoor/.env deleted file mode 100644 index a885667..0000000 --- a/tandoor/.env +++ /dev/null @@ -1,158 +0,0 @@ -# only set this to true when testing/debugging -# when unset: 1 (true) - dont unset this, just for development -DEBUG=0 -SQL_DEBUG=0 - -# HTTP port to bind to -# TANDOOR_PORT=8080 - -# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,... -ALLOWED_HOSTS=recipes.serguzim.me - -# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one -SECRET_KEY= - -# your default timezone See https://timezonedb.com/time-zones for a list of timezones -TIMEZONE=Europe/Berlin - -# add only a database password if you want to run with the default postgres, otherwise change settings accordingly -DB_ENGINE=django.db.backends.postgresql -# DB_OPTIONS= {} # e.g. {"sslmode":"require"} to enable ssl -POSTGRES_HOST=db.serguzim.me -POSTGRES_PORT=5432 -POSTGRES_USER=tandoor -POSTGRES_PASSWORD= -POSTGRES_DB=tandoor - -# database connection string, when used overrides other database settings. -# format might vary depending on backend -# DATABASE_URL=engine://username:password@host:port/dbname - -# the default value for the user preference 'fractions' (enable/disable fraction support) -# default: disabled=0 -FRACTION_PREF_DEFAULT=0 - -# the default value for the user preference 'comments' (enable/disable commenting system) -# default comments enabled=1 -COMMENT_PREF_DEFAULT=1 - -# Users can set a amount of time after which the shopping list is refreshed when they are in viewing mode -# This is the minimum interval users can set. Setting this to low will allow users to refresh very frequently which -# might cause high load on the server. (Technically they can obviously refresh as often as they want with their own scripts) -SHOPPING_MIN_AUTOSYNC_INTERVAL=5 - -# Default for user setting sticky navbar -# STICKY_NAV_PREF_DEFAULT=1 - -# If base URL is something other than just / (you are serving a subfolder in your proxy for instance http://recipe_app/recipes/) -# Be sure to not have a trailing slash: e.g. '/recipes' instead of '/recipes/' -# SCRIPT_NAME=/recipes - -# If staticfiles are stored at a different location uncomment and change accordingly, MUST END IN / -# this is not required if you are just using a subfolder -# This can either be a relative path from the applications base path or the url of an external host -# STATIC_URL=/static/ - -# If mediafiles are stored at a different location uncomment and change accordingly, MUST END IN / -# this is not required if you are just using a subfolder -# This can either be a relative path from the applications base path or the url of an external host -# MEDIA_URL=/media/ - -# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples -# provided that include an additional nxginx container to handle media file serving. -# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method. -# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate -GUNICORN_MEDIA=0 - -# S3 Media settings: store mediafiles in s3 or any compatible storage backend (e.g. minio) -# as long as S3_ACCESS_KEY is not set S3 features are disabled -# S3_ACCESS_KEY= -# S3_SECRET_ACCESS_KEY= -# S3_BUCKET_NAME= -# S3_REGION_NAME= # default none, set your region might be required -# S3_QUERYSTRING_AUTH=1 # default true, set to 0 to serve media from a public bucket without signed urls -# S3_QUERYSTRING_EXPIRE=3600 # number of seconds querystring are valid for -# S3_ENDPOINT_URL= # when using a custom endpoint like minio - -# Email Settings, see https://docs.djangoproject.com/en/3.2/ref/settings/#email-host -# Required for email confirmation and password reset (automatically activates if host is set) -# EMAIL_HOST= -# EMAIL_PORT= -# EMAIL_HOST_USER= -# EMAIL_HOST_PASSWORD= -# EMAIL_USE_TLS=0 -# EMAIL_USE_SSL=0 -# DEFAULT_FROM_EMAIL= # email sender address (default 'webmaster@localhost') -# ACCOUNT_EMAIL_SUBJECT_PREFIX= # prefix used for account related emails (default "[Tandoor Recipes] ") - -# allow authentication via reverse proxy (e.g. authelia), leave off if you dont know what you are doing -# see docs for more information https://vabene1111.github.io/recipes/features/authentication/ -# when unset: 0 (false) -REVERSE_PROXY_AUTH=0 - -# Default settings for spaces, apply per space and can be changed in the admin view -# SPACE_DEFAULT_MAX_RECIPES=0 # 0=unlimited recipes -# SPACE_DEFAULT_MAX_USERS=0 # 0=unlimited users per space -# SPACE_DEFAULT_MAX_FILES=0 # Maximum file storage for space in MB. 0 for unlimited, -1 to disable file upload. -# SPACE_DEFAULT_ALLOW_SHARING=1 # Allow users to share recipes with public links - -# allow people to create accounts on your application instance (without an invite link) -# when unset: 0 (false) -# ENABLE_SIGNUP=0 - -# If signup is enabled you might want to add a captcha to it to prevent spam -# HCAPTCHA_SITEKEY= -# HCAPTCHA_SECRET= - -# if signup is enabled you might want to provide urls to data protection policies or terms and conditions -# TERMS_URL= -# PRIVACY_URL= -# IMPRINT_URL= - -# enable serving of prometheus metrics under the /metrics path -# ATTENTION: view is not secured (as per the prometheus default way) so make sure to secure it -# trough your web server (or leave it open of you dont care if the stats are exposed) -ENABLE_METRICS=1 - -# allows you to setup OAuth providers -# see docs for more information https://vabene1111.github.io/recipes/features/authentication/ -#SOCIAL_PROVIDERS=allauth.socialaccount.providers.openid - -#SOCIALACCOUNT_PROVIDERS="{'openid': {'SERVERS': [{'id': 'auth.serguzim.me', 'name': 'auth.serguzim.me', 'openid_url': 'https://auth.serguzim.me/application/o/recipes_serguzim_me/'},]}}" - -# Should a newly created user from a social provider get assigned to the default space and given permission by default ? -# ATTENTION: This feature might be deprecated in favor of a space join and public viewing system in the future -# default 0 (false), when 1 (true) users will be assigned space and group -SOCIAL_DEFAULT_ACCESS=1 - -# if SOCIAL_DEFAULT_ACCESS is used, which group should be added -SOCIAL_DEFAULT_GROUP=guest - -# Django session cookie settings. Can be changed to allow a single django application to authenticate several applications -# when running under the same database -# SESSION_COOKIE_DOMAIN=.serguzim.me -# SESSION_COOKIE_NAME=sessionid # use this only to not interfere with non unified django applications under the same top level domain - -# by default SORT_TREE_BY_NAME is disabled this will store all Keywords and Food in the order they are created -# enabling this setting makes saving new keywords and foods very slow, which doesn't matter in most usecases. -# however, when doing large imports of recipes that will create new objects, can increase total run time by 10-15x -# Keywords and Food can be manually sorted by name in Admin -# This value can also be temporarily changed in Admin, it will revert the next time the application is started -# This will be fixed/changed in the future by changing the implementation or finding a better workaround for sorting -# SORT_TREE_BY_NAME=0 -# LDAP authentication -# default 0 (false), when 1 (true) list of allowed users will be fetched from LDAP server -#LDAP_AUTH= -#AUTH_LDAP_SERVER_URI= -#AUTH_LDAP_BIND_DN= -#AUTH_LDAP_BIND_PASSWORD= -#AUTH_LDAP_USER_SEARCH_BASE_DN= -#AUTH_LDAP_TLS_CACERTFILE= - -# Enables exporting PDF (see export docs) -# Disabled by default, uncomment to enable -# ENABLE_PDF_EXPORT=1 - -# Recipe exports are cached for a certain time by default, adjust time if needed -# EXPORT_FILE_CACHE_DURATION=600 - diff --git a/tandoor/docker-compose.yml b/tandoor/docker-compose.yml deleted file mode 100644 index b8a1a61..0000000 --- a/tandoor/docker-compose.yml +++ /dev/null @@ -1,46 +0,0 @@ -version: "3" -services: - web_recipes: - image: vabene1111/recipes - restart: always - labels: - com.centurylinklabs.watchtower.enable: true - env_file: - - .env - - .secret.env - volumes: - - staticfiles:/opt/recipes/staticfiles - - nginx_config:/opt/recipes/nginx/conf.d - - mediafiles:/opt/recipes/mediafiles - networks: - tandoor: - - nginx_recipes: - image: nginx:mainline-alpine - restart: always - labels: - com.centurylinklabs.watchtower.enable: true - env_file: - - .env - - .secret.env - depends_on: - - web_recipes - volumes: - - nginx_config:/etc/nginx/conf.d:ro - - staticfiles:/static - - mediafiles:/media - networks: - tandoor: - apps: - aliases: - - tandoor - -volumes: - nginx_config: - staticfiles: - mediafiles: - -networks: - tandoor: - apps: - external: true