From 6afeea39f2636365702f577c1a8b932e338a260c Mon Sep 17 00:00:00 2001 From: aleidk Date: Wed, 11 Dec 2024 12:03:50 -0300 Subject: [PATCH] feat: add Fresh RSS service --- .justfile | 5 +++ files/docker/rss/docker-stack.yaml | 50 +++++++++++++++++++++ files/docker/stack-rss.yaml | 54 ---------------------- playbooks/docker/services.yaml | 65 ++++++++++++++++++++++++--- roles/docker/tasks/docker_alpine.yaml | 1 + 5 files changed, 115 insertions(+), 60 deletions(-) create mode 100644 files/docker/rss/docker-stack.yaml delete mode 100644 files/docker/stack-rss.yaml diff --git a/.justfile b/.justfile index 632afcb..3a26484 100644 --- a/.justfile +++ b/.justfile @@ -1,5 +1,10 @@ export ANSIBLE_VAULT_PASSWORD_FILE := ".decrypt-pass.txt" +# Debug output, disabled in CI +export ANSIBLE_DISPLAY_ARGS_TO_STDOUT := if env('CI', '') == 'true' { 'false' } else { 'true' } +export ANSIBLE_ENABLE_TASK_DEBUGGER := if env('CI', '') == 'true' { 'false' } else { 'true' } + + play +ARGS: ansible-playbook {{ ARGS }} diff --git a/files/docker/rss/docker-stack.yaml b/files/docker/rss/docker-stack.yaml new file mode 100644 index 0000000..65d8321 --- /dev/null +++ b/files/docker/rss/docker-stack.yaml @@ -0,0 +1,50 @@ +networks: + reverse-proxy: + external: true + +volumes: + fresh_rss_data: + fresh_rss_extensions: + +services: + freshrss: + image: freshrss/freshrss:latest + container_name: freshrss + hostname: freshrss + restart: unless-stopped + networks: + - reverse-proxy + logging: + options: + max-size: 10m + volumes: + - fresh_rss_data:/var/www/FreshRSS/data + - fresh_rss_extensions:/var/www/FreshRSS/extensions + environment: + TZ: America/Santiago + CRON_MIN: '3,33' + TRUSTED_PROXY: 10.0.10.0/24 + + OIDC_ENABLED: 1 + OIDC_PROVIDER_METADATA_URL: https://auth.alecodes.page/.well-known/openid-configuration + OIDC_CLIENT_ID: ${OIDC_CLIENT_ID} + OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET} + OIDC_CLIENT_CRYPTO_KEY: ${OIDC_CLIENT_CRYPTO_KEY} + OIDC_REMOTE_USER_CLAIM: preferred_username + OIDC_SCOPES: openid groups email profile + OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto + + deploy: + rollback_config: + failure_action: continue + update_config: + delay: 2s + failure_action: rollback + order: start-first + placement: + constraints: + - node.labels.services_kind==${SERVICE_KIND:-common} + labels: + - traefik.enable=true + - traefik.http.routers.freshrss.rule=Host(`rss.alecodes.page`) + - traefik.http.services.freshrss.loadbalancer.server.port=80 diff --git a/files/docker/stack-rss.yaml b/files/docker/stack-rss.yaml deleted file mode 100644 index b1f7606..0000000 --- a/files/docker/stack-rss.yaml +++ /dev/null @@ -1,54 +0,0 @@ -networks: - reverse-proxy: - external: true - -volumes: - fresh-rss-data: - fresh-rss-extensions: - fresh-rss-db: - -services: - freshrss: - image: freshrss/freshrss:latest - container_name: freshrss - hostname: freshrss - restart: unless-stopped - logging: - options: - max-size: 10m - volumes: - - data:/var/www/FreshRSS/data - - extensions:/var/www/FreshRSS/extensions - environment: - TZ: America/Santiago - CRON_MIN: '3,33' - TRUSTED_PROXY: 10.0.10.0 - deploy: - rollback_config: - failure_action: continue - update_config: - delay: 2s - failure_action: rollback - order: start-first - placement: - constraints: - - node.labels.services_kind==common - labels: - - traefik.enable=true - - traefik.http.routers.personal-page.rule=Host(`rss.alecodes.page`) - - traefik.http.services.personal-page.loadbalancer.server.port=80 - - freshrss-db: - image: postgres:17 - container_name: freshrss-db - hostname: freshrss-db - restart: unless-stopped - logging: - options: - max-size: 10m - volumes: - - fresh-rss-db:/var/lib/postgresql/data - environment: - POSTGRES_DB: ${DB_BASE:-freshrss} - POSTGRES_USER: ${DB_USER:-freshrss} - POSTGRES_PASSWORD: ${DB_PASSWORD:-freshrss} diff --git a/playbooks/docker/services.yaml b/playbooks/docker/services.yaml index 0018cb1..d8a079c 100644 --- a/playbooks/docker/services.yaml +++ b/playbooks/docker/services.yaml @@ -3,9 +3,62 @@ - name: Deploy homelab services hosts: 10.0.10.50 tasks: - - name: Deploy RSS Feed - community.docker.docker_stack: - state: present - name: rss - compose: - - files/docker/stack-rss.yml + - name: Deploy RSS Services + vars: + project_name: rss + block: + # - name: Generate random hash + # no_log: true + # community.crypto.openssl_random: + # length: 32 + # hex: false + # register: random_hash + # + # - name: Create Docker secret for PostgreSQL password + # no_log: true + # community.docker.docker_secret: + # state: present + # name: "{{ project_name + '_db_password'}}" + # secret: "{{ random_hash.stdout }}" + + - name: Deploy RSS Feed + environment: + SERVICE_KIND: common + OIDC_CLIENT_ID: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64373465396361306338353037613339383136643235633433396436313265343565343335386439 + 6364653962636630393031326266626631353163656364620a366663306633623163306631323836 + 31666165343039613838656236333232336631373139626230633266306134613665366135363763 + 6239303930306435390a326263653938343931323962343935323136386633376437666231333163 + 62623366393664643136393638323665313263383934646565366331663163653862386635333562 + 63396636646663326637333563303734313336653038323334646164306336393562313030353063 + 61643537393062336438623762633331666562303335393434666437336636613935626435363631 + 33386337336365353733 + OIDC_CLIENT_SECRET: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31666165626661336330303635343437313563343234383966383862653735643734633130626631 + 3335656237326535333132666432646563386131303636350a626534653338343236313636623234 + 34323364333834376334383431323434643634363336363333306634383232393132316662333134 + 6266653032646635380a313633363439613637303636316436383030636132356233306661323734 + 35663535373663373364616130333334613366616432616162323961666136383236353466373831 + 61386464313533643464323762333639316631393364393062666566666233623364376334376139 + 31366363376564353135646134396666373166386461376162656231323335396539323533643734 + 39306533333436363361 + OIDC_CLIENT_CRYPTO_KEY: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65353837666236363262613131653664633166646236363133356335636263363361373934626166 + 3935346135393061346566326130643134383363323433370a316131376666626139373430393135 + 65653464646336316135323965363734306131313430646164363533343465633231363865333062 + 3061383330383435650a363338666164336663383462333130623963376332333964306565326262 + 30616562333734363938373739636262363461313636386634373565373236383835383336376435 + 31633938643738303464633133363365316365376237313237376436393835623366346665303964 + 38323132643665613361643565636130303166386339363264306234616366313462616461316632 + 34633339613264353632303232633962303361343630653633383234663536323361646639383933 + 37333837383538613866663564616334636330636431663936373238613862316239663566333737 + 65333264666234643765623636393832363763343339386266316365623331333132303361336566 + 613766343761383861323138623536366431 + community.docker.docker_stack: + state: present + name: "{{ project_name }}" + compose: + - "{{ lookup('file', '../../files/docker/rss/docker-stack.yaml') | from_yaml }}" diff --git a/roles/docker/tasks/docker_alpine.yaml b/roles/docker/tasks/docker_alpine.yaml index 2c6c2b4..b73338b 100644 --- a/roles/docker/tasks/docker_alpine.yaml +++ b/roles/docker/tasks/docker_alpine.yaml @@ -9,6 +9,7 @@ - py3-yaml - py3-pip - py3-docker-py + - py3-jsondiff - name: Copy openrc.sh to /etc/init.d/docker copy: