alecodes/homelab
2
1
Fork 0
Code Issues 20 Pull requests Projects 1 Releases Packages Wiki Activity Actions

feat: add Fresh RSS service

Browse source
This commit is contained in:
Alexander Navarro 2024-12-11 12:03:50 -03:00
parent 7ebbac3870
commit 6afeea39f2
5 changed files with 115 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.justfile
View file

@ -1,5 +1,10 @@
export ANSIBLE_VAULT_PASSWORD_FILE := ".decrypt-pass.txt" export ANSIBLE_VAULT_PASSWORD_FILE := ".decrypt-pass.txt"
# Debug output, disabled in CI
export ANSIBLE_DISPLAY_ARGS_TO_STDOUT := if env('CI', '') == 'true' { 'false' } else { 'true' }
export ANSIBLE_ENABLE_TASK_DEBUGGER := if env('CI', '') == 'true' { 'false' } else { 'true' }
play +ARGS: play +ARGS:
ansible-playbook {{ ARGS }} ansible-playbook {{ ARGS }}

50
files/docker/rss/docker-stack.yaml Normal file
View file

@ -0,0 +1,50 @@
networks:
reverse-proxy:
external: true
volumes:
fresh_rss_data:
fresh_rss_extensions:
services:
freshrss:
image: freshrss/freshrss:latest
container_name: freshrss
hostname: freshrss
restart: unless-stopped
networks:
- reverse-proxy
logging:
options:
max-size: 10m
volumes:
- fresh_rss_data:/var/www/FreshRSS/data
- fresh_rss_extensions:/var/www/FreshRSS/extensions
environment:
TZ: America/Santiago
CRON_MIN: '3,33'
TRUSTED_PROXY: 10.0.10.0/24
OIDC_ENABLED: 1
OIDC_PROVIDER_METADATA_URL: https://auth.alecodes.page/.well-known/openid-configuration
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
OIDC_CLIENT_CRYPTO_KEY: ${OIDC_CLIENT_CRYPTO_KEY}
OIDC_REMOTE_USER_CLAIM: preferred_username
OIDC_SCOPES: openid groups email profile
OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
deploy:
rollback_config:
failure_action: continue
update_config:
delay: 2s
failure_action: rollback
order: start-first
placement:
constraints:
- node.labels.services_kind==${SERVICE_KIND:-common}
labels:
- traefik.enable=true
- traefik.http.routers.freshrss.rule=Host(`rss.alecodes.page`)
- traefik.http.services.freshrss.loadbalancer.server.port=80

54
files/docker/stack-rss.yaml
View file

@ -1,54 +0,0 @@
networks:
reverse-proxy:
external: true
volumes:
fresh-rss-data:
fresh-rss-extensions:
fresh-rss-db:
services:
freshrss:
image: freshrss/freshrss:latest
container_name: freshrss
hostname: freshrss
restart: unless-stopped
logging:
options:
max-size: 10m
volumes:
- data:/var/www/FreshRSS/data
- extensions:/var/www/FreshRSS/extensions
environment:
TZ: America/Santiago
CRON_MIN: '3,33'
TRUSTED_PROXY: 10.0.10.0
deploy:
rollback_config:
failure_action: continue
update_config:
delay: 2s
failure_action: rollback
order: start-first
placement:
constraints:
- node.labels.services_kind==common
labels:
- traefik.enable=true
- traefik.http.routers.personal-page.rule=Host(`rss.alecodes.page`)
- traefik.http.services.personal-page.loadbalancer.server.port=80
freshrss-db:
image: postgres:17
container_name: freshrss-db
hostname: freshrss-db
restart: unless-stopped
logging:
options:
max-size: 10m
volumes:
- fresh-rss-db:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${DB_BASE:-freshrss}
POSTGRES_USER: ${DB_USER:-freshrss}
POSTGRES_PASSWORD: ${DB_PASSWORD:-freshrss}

65
playbooks/docker/services.yaml
View file

@ -3,9 +3,62 @@
- name: Deploy homelab services - name: Deploy homelab services
hosts: 10.0.10.50 hosts: 10.0.10.50
tasks: tasks:
- name: Deploy RSS Feed - name: Deploy RSS Services
community.docker.docker_stack: vars:
state: present project_name: rss
name: rss block:
compose: # - name: Generate random hash
- files/docker/stack-rss.yml # no_log: true
# community.crypto.openssl_random:
# length: 32
# hex: false
# register: random_hash
#
# - name: Create Docker secret for PostgreSQL password
# no_log: true
# community.docker.docker_secret:
# state: present
# name: "{{ project_name + '_db_password'}}"
# secret: "{{ random_hash.stdout }}"
- name: Deploy RSS Feed
environment:
SERVICE_KIND: common
OIDC_CLIENT_ID: !vault |
$ANSIBLE_VAULT;1.1;AES256
64373465396361306338353037613339383136643235633433396436313265343565343335386439
6364653962636630393031326266626631353163656364620a366663306633623163306631323836
31666165343039613838656236333232336631373139626230633266306134613665366135363763
6239303930306435390a326263653938343931323962343935323136386633376437666231333163
62623366393664643136393638323665313263383934646565366331663163653862386635333562
63396636646663326637333563303734313336653038323334646164306336393562313030353063
61643537393062336438623762633331666562303335393434666437336636613935626435363631
33386337336365353733
OIDC_CLIENT_SECRET: !vault |
$ANSIBLE_VAULT;1.1;AES256
31666165626661336330303635343437313563343234383966383862653735643734633130626631
3335656237326535333132666432646563386131303636350a626534653338343236313636623234
34323364333834376334383431323434643634363336363333306634383232393132316662333134
6266653032646635380a313633363439613637303636316436383030636132356233306661323734
35663535373663373364616130333334613366616432616162323961666136383236353466373831
61386464313533643464323762333639316631393364393062666566666233623364376334376139
31366363376564353135646134396666373166386461376162656231323335396539323533643734
39306533333436363361
OIDC_CLIENT_CRYPTO_KEY: !vault |
$ANSIBLE_VAULT;1.1;AES256
65353837666236363262613131653664633166646236363133356335636263363361373934626166
3935346135393061346566326130643134383363323433370a316131376666626139373430393135
65653464646336316135323965363734306131313430646164363533343465633231363865333062
3061383330383435650a363338666164336663383462333130623963376332333964306565326262
30616562333734363938373739636262363461313636386634373565373236383835383336376435
31633938643738303464633133363365316365376237313237376436393835623366346665303964
38323132643665613361643565636130303166386339363264306234616366313462616461316632
34633339613264353632303232633962303361343630653633383234663536323361646639383933
37333837383538613866663564616334636330636431663936373238613862316239663566333737
65333264666234643765623636393832363763343339386266316365623331333132303361336566
613766343761383861323138623536366431
community.docker.docker_stack:
state: present
name: "{{ project_name }}"
compose:
- "{{ lookup('file', '../../files/docker/rss/docker-stack.yaml') | from_yaml }}"

1
roles/docker/tasks/docker_alpine.yaml
View file

@ -9,6 +9,7 @@
- py3-yaml - py3-yaml
- py3-pip - py3-pip
- py3-docker-py - py3-docker-py
- py3-jsondiff
- name: Copy openrc.sh to /etc/init.d/docker - name: Copy openrc.sh to /etc/init.d/docker
copy: copy: