Add coder to ansible

.gitignore

@@ -7,17 +7,21 @@ diagram_assets/
 
 # services already handled by ansible
 /acme-dns/
+/coder/
 /gitea/
 /gitea-runner/
 /homebox/
 /influxdb/
 /umami/
+/uptime-kuma/
 /watchtower/
 /wiki-js/
 
 /caddy/config/conf.002.d/acme.serguzim.me.conf
 /caddy/config/conf.002.d/analytics.serguzim.me.conf
+/caddy/config/conf.002.d/coder.serguzim.me.conf
 /caddy/config/conf.002.d/git.serguzim.me.conf
 /caddy/config/conf.002.d/inventory.serguzim.me.conf
 /caddy/config/conf.002.d/tick.serguzim.me.conf
+/caddy/config/conf.002.d/status.serguzim.me.conf
 /caddy/config/conf.002.d/wiki.serguzim.me.conf

_ansible/node002.yml

@@ -3,6 +3,7 @@
   hosts: node002
   roles:
     - acme-dns
+    - coder
     - forgejo
     #- gitea
     #- gitea-runner

_ansible/roles/coder/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - coder
+  block:
+    - import_tasks: deploy-common-service.yml

_ansible/roles/coder/vars/main.yml

@@ -0,0 +1,32 @@
+svc:
+  domain: "coder.serguzim.me"
+  additional_domains:
+    - "*.coder.serguzim.me"
+  caddy_extra: "import acmedns"
+  name: coder
+  port: 7080
+  db:
+    host: "{{ postgres.host }}"
+    port: "{{ postgres.port }}"
+  ssh_port: 22
+  ssh_port_alt: 3022
+
+svc_env:
+  CODER_ADDRESS: "0.0.0.0:7080"
+  CODER_ACCESS_URL: "https://{{ svc.domain }}"
+  CODER_WILDCARD_ACCESS_URL: "*.{{ svc.domain }}"
+
+  CODER_PG_CONNECTION_URL: "postgres://{{ vault_coder.db.user }}:{{ vault_coder.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/coder?sslmode=verify-full"
+
+  CODER_OIDC_ISSUER_URL: "https://auth.serguzim.me/application/o/coder-serguzim-me/"
+  CODER_OIDC_CLIENT_ID: "{{ vault_coder.oidc_client.id }}"
+  CODER_OIDC_CLIENT_SECRET: "{{ vault_coder.oidc_client.secret }}"
+
+compose:
+  watchtower: true
+  image: ghcr.io/coder/coder:latest
+  env: true
+  group_add:
+  - "972" # docker group on host
+  volumes:
+  - /var/run/docker.sock:/var/run/docker.sock