feat: add Fresh RSS service

2024-12-11 12:03:50 -03:00 · 2024-12-11 12:03:50 -03:00 · 6afeea39f2
commit 6afeea39f2
parent 7ebbac3870
5 changed files with 115 additions and 60 deletions
--- a/.justfile
+++ b/.justfile
@ -1,5 +1,10 @@
 export ANSIBLE_VAULT_PASSWORD_FILE := ".decrypt-pass.txt"
 # Debug output, disabled in CI
 export ANSIBLE_DISPLAY_ARGS_TO_STDOUT := if env('CI', '') == 'true' { 'false' } else { 'true' }
 export ANSIBLE_ENABLE_TASK_DEBUGGER := if env('CI', '') == 'true' { 'false' } else { 'true' }
 play +ARGS:
  ansible-playbook {{ ARGS }}
--- a/files/docker/rss/docker-stack.yaml
+++ b/files/docker/rss/docker-stack.yaml
@ -0,0 +1,50 @@
 networks:
  reverse-proxy:
    external: true
 volumes:
  fresh_rss_data:
  fresh_rss_extensions:
 services:
  freshrss:
    image: freshrss/freshrss:latest
    container_name: freshrss
    hostname: freshrss
    restart: unless-stopped
    networks:
        - reverse-proxy
    logging:
      options:
        max-size: 10m
    volumes:
      - fresh_rss_data:/var/www/FreshRSS/data
      - fresh_rss_extensions:/var/www/FreshRSS/extensions
    environment:
      TZ: America/Santiago
      CRON_MIN: '3,33'
      TRUSTED_PROXY: 10.0.10.0/24
      OIDC_ENABLED: 1
      OIDC_PROVIDER_METADATA_URL: https://auth.alecodes.page/.well-known/openid-configuration
      OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
      OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
      OIDC_CLIENT_CRYPTO_KEY: ${OIDC_CLIENT_CRYPTO_KEY}
      OIDC_REMOTE_USER_CLAIM: preferred_username
      OIDC_SCOPES: openid groups email profile
      OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
    deploy:
      rollback_config:
        failure_action: continue
      update_config:
        delay: 2s
        failure_action: rollback
        order: start-first
      placement:
        constraints:
          - node.labels.services_kind==${SERVICE_KIND:-common}
      labels:
        - traefik.enable=true
        - traefik.http.routers.freshrss.rule=Host(`rss.alecodes.page`)
        - traefik.http.services.freshrss.loadbalancer.server.port=80
--- a/files/docker/stack-rss.yaml
+++ b/files/docker/stack-rss.yaml
@ -1,54 +0,0 @@
 networks:
  reverse-proxy:
    external: true
 volumes:
  fresh-rss-data:
  fresh-rss-extensions:
  fresh-rss-db:
 services:
  freshrss:
    image: freshrss/freshrss:latest
    container_name: freshrss
    hostname: freshrss
    restart: unless-stopped
    logging:
      options:
        max-size: 10m
    volumes:
      - data:/var/www/FreshRSS/data
      - extensions:/var/www/FreshRSS/extensions
    environment:
      TZ: America/Santiago
      CRON_MIN: '3,33'
      TRUSTED_PROXY: 10.0.10.0
    deploy:
      rollback_config:
        failure_action: continue
      update_config:
        delay: 2s
        failure_action: rollback
        order: start-first
      placement:
        constraints:
          - node.labels.services_kind==common
      labels:
        - traefik.enable=true
        - traefik.http.routers.personal-page.rule=Host(`rss.alecodes.page`)
        - traefik.http.services.personal-page.loadbalancer.server.port=80
  freshrss-db:
    image: postgres:17
    container_name: freshrss-db
    hostname: freshrss-db
    restart: unless-stopped
    logging:
      options:
        max-size: 10m
    volumes:
      - fresh-rss-db:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${DB_BASE:-freshrss}
      POSTGRES_USER: ${DB_USER:-freshrss}
      POSTGRES_PASSWORD: ${DB_PASSWORD:-freshrss}
--- a/playbooks/docker/services.yaml
+++ b/playbooks/docker/services.yaml
@ -3,9 +3,62 @@
 - name: Deploy homelab services
  hosts: 10.0.10.50
  tasks:
    - name: Deploy RSS Services
      vars:
        project_name: rss
      block:
      # - name: Generate random hash
      #   no_log: true
      #   community.crypto.openssl_random:
      #     length: 32
      #     hex: false
      #   register: random_hash
      #
      # - name: Create Docker secret for PostgreSQL password
      #   no_log: true
      #   community.docker.docker_secret:
      #     state: present
      #     name: "{{ project_name + '_db_password'}}"
      #     secret: "{{ random_hash.stdout }}"
      - name: Deploy RSS Feed
        environment:
          SERVICE_KIND: common
          OIDC_CLIENT_ID: !vault |
            $ANSIBLE_VAULT;1.1;AES256
            64373465396361306338353037613339383136643235633433396436313265343565343335386439
            6364653962636630393031326266626631353163656364620a366663306633623163306631323836
            31666165343039613838656236333232336631373139626230633266306134613665366135363763
            6239303930306435390a326263653938343931323962343935323136386633376437666231333163
            62623366393664643136393638323665313263383934646565366331663163653862386635333562
            63396636646663326637333563303734313336653038323334646164306336393562313030353063
            61643537393062336438623762633331666562303335393434666437336636613935626435363631
            33386337336365353733
          OIDC_CLIENT_SECRET: !vault |
            $ANSIBLE_VAULT;1.1;AES256
            31666165626661336330303635343437313563343234383966383862653735643734633130626631
            3335656237326535333132666432646563386131303636350a626534653338343236313636623234
            34323364333834376334383431323434643634363336363333306634383232393132316662333134
            6266653032646635380a313633363439613637303636316436383030636132356233306661323734
            35663535373663373364616130333334613366616432616162323961666136383236353466373831
            61386464313533643464323762333639316631393364393062666566666233623364376334376139
            31366363376564353135646134396666373166386461376162656231323335396539323533643734
            39306533333436363361
          OIDC_CLIENT_CRYPTO_KEY: !vault |
            $ANSIBLE_VAULT;1.1;AES256
            65353837666236363262613131653664633166646236363133356335636263363361373934626166
            3935346135393061346566326130643134383363323433370a316131376666626139373430393135
            65653464646336316135323965363734306131313430646164363533343465633231363865333062
            3061383330383435650a363338666164336663383462333130623963376332333964306565326262
            30616562333734363938373739636262363461313636386634373565373236383835383336376435
            31633938643738303464633133363365316365376237313237376436393835623366346665303964
            38323132643665613361643565636130303166386339363264306234616366313462616461316632
            34633339613264353632303232633962303361343630653633383234663536323361646639383933
            37333837383538613866663564616334636330636431663936373238613862316239663566333737
            65333264666234643765623636393832363763343339386266316365623331333132303361336566
            613766343761383861323138623536366431
        community.docker.docker_stack:
          state: present
-        name: rss
+          name: "{{ project_name }}"
          compose:
-          - files/docker/stack-rss.yml
+            - "{{ lookup('file', '../../files/docker/rss/docker-stack.yaml') | from_yaml }}"
--- a/roles/docker/tasks/docker_alpine.yaml
+++ b/roles/docker/tasks/docker_alpine.yaml
@ -9,6 +9,7 @@
      - py3-yaml
      - py3-pip
      - py3-docker-py
      - py3-jsondiff
 - name: Copy openrc.sh to /etc/init.d/docker
  copy: