From 15c1dd6655ecc1c781df47ff25111196e3a43af9 Mon Sep 17 00:00:00 2001
From: Kacper Donat <kadet1090@gmail.com>
Date: Mon, 24 Oct 2022 22:16:06 +0200
Subject: [PATCH] wipe: Initial service config

---
 services/wipe/config/.env      | 19 ++++++++++
 services/wipe/stack.yml        | 66 ++++++++++++++++++++++++++++++++++
 services/wipe/tasks/config.yml |  8 +++++
 services/wipe/vars/main.yml    |  7 ++++
 vars/services.yml              | 33 +++++++++++++++++
 5 files changed, 133 insertions(+)
 create mode 100644 services/wipe/config/.env
 create mode 100644 services/wipe/stack.yml
 create mode 100644 services/wipe/tasks/config.yml
 create mode 100644 services/wipe/vars/main.yml

diff --git a/services/wipe/config/.env b/services/wipe/config/.env
new file mode 100644
index 0000000..5f9f14c
--- /dev/null
+++ b/services/wipe/config/.env
@@ -0,0 +1,19 @@
+APP_ENV=prod
+APP_KEY=base64:{{ wipe_secret|b64encode }}
+APP_DEBUG=false
+APP_URL=https://wipe.kadet.net
+APP_DATABASE=mysql://{{ wipe_database.user }}:{{ wipe_database.password }}@{{ database_mysql_host }}/{{ wipe_database.name }}
+
+BROADCAST_DRIVER=log
+CACHE_DRIVER=array
+SESSION_DRIVER=file
+QUEUE_DRIVER=sync
+
+MAIL_DRIVER=smtp
+MAIL_HOST={{ wipe_mail.host }}
+MAIL_PORT={{ wipe_mail.port|default(587) }}
+MAIL_USERNAME={{ wipe_mail.user }}
+MAIL_PASSWORD={{ wipe_mail.password }}
+MAIL_ENCRYPTION={{ wipe_mail.encryption|default("tls") }}
+
+STEAM_API_KEY={{ wipe_steam_key }}
diff --git a/services/wipe/stack.yml b/services/wipe/stack.yml
new file mode 100644
index 0000000..975cfc4
--- /dev/null
+++ b/services/wipe/stack.yml
@@ -0,0 +1,66 @@
+version: '{{ compose_version }}'
+
+services:
+  site:
+    image: rycus86/podlike
+    command: -logs -ipc=false
+    networks: ['{{ ingress_network }}']
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}.rule=Host(`{{ service }}.{{ main_domain }}`)
+        - traefik.http.routers.{{ service }}.priority=100
+        - traefik.http.routers.{{ service }}.tls=true
+        - traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
+        - traefik.http.services.{{ service }}.loadbalancer.server.port=80
+      restart_policy:
+        condition: any
+        max_attempts: 3
+    labels:
+      pod.component.fpm: |
+        image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
+        volumes:
+          - www-data:/var/www
+      pod.component.nginx: |
+        image: nginx:latest
+        volumes:
+          - www-data:/var/www
+          - nginx-config:/etc/nginx/templates
+      pod.copy.fpm: /var/conf/wipe/.env:/var/www/.env
+      pod.init.components: |
+        - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
+          entrypoint: ["/bin/sh", "-c"]
+          command: ["cp -r /var/www/* /mnt/www"]
+          volumes:
+            - www-data:/mnt/www
+        - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
+          entrypoint: ["/bin/sh", "-c"]
+          command: ["cp -r /var/www/nginx/* /mnt/config"]
+          volumes:
+            - nginx-config:/mnt/config
+    configs:
+      - source: dotenv_{{ dotenv_file.checksum }}
+        target: /var/conf/wipe/.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - nginx-config:/mnt/nginx-config
+      - www-data:/mnt/www-data
+
+configs:
+  dotenv_{{ dotenv_file.checksum }}:
+    file: ./config/.env
+
+volumes:
+  nginx-config:
+    name: {{'nginx-config.{{.Task.ID}}'}}
+    labels:
+      com.github.rycus86.podlike.volume-ref: nginx-config
+  www-data:
+    name: {{'www-data.{{.Task.ID}}'}}
+    labels:
+      com.github.rycus86.podlike.volume-ref: www-data
diff --git a/services/wipe/tasks/config.yml b/services/wipe/tasks/config.yml
new file mode 100644
index 0000000..7c1c505
--- /dev/null
+++ b/services/wipe/tasks/config.yml
@@ -0,0 +1,8 @@
+---
+- name: 'Copy .env file for "{{ service }}"'
+  template:
+    src: "{{ service_path }}/config/.env"
+    dest: "{{ remote_service_path }}/config/.env"
+  register: dotenv_file
+  tags:
+    - config
diff --git a/services/wipe/vars/main.yml b/services/wipe/vars/main.yml
new file mode 100644
index 0000000..d3c4ab8
--- /dev/null
+++ b/services/wipe/vars/main.yml
@@ -0,0 +1,7 @@
+---
+wipe_host: https://wipe.kadet.net
+wipe_version: latest
+wipe_database:
+  name: wipe
+  user: wipe
+  password: "{{ mysql_user_passwords['wipe'] }}"
diff --git a/vars/services.yml b/vars/services.yml
index 8a098af..debbefb 100644
--- a/vars/services.yml
+++ b/vars/services.yml
@@ -68,6 +68,39 @@ service_config:
   legacy:
     www_data_users: ["{{ ansible_user }}"]
 
+  wipe:
+    wipe_steam_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          39346630373366616136343766616630323439383333653431633462633537326161646234626263
+          6333363737653234653565313635373966373161346337390a313437616633303632323236623230
+          36396432356538353565313734376166336534393063613631653861636139366664303332383637
+          3630326566313239320a653634383431613333636138313330306634626139333830643135373331
+          37303233613065646638303535643535386162316330316161383537313132626261356465313065
+          6134633232366434643833333762316462363639653034636438
+    wipe_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65376438366231353937393636626635383236353261653230333438623532373162376465393730
+          3337376563306331616261663136626136373330656138660a363434656133386565363634376237
+          38633266386533333836363333323832333630366538323463343637343364656564383734643731
+          6638396338366430620a643931636661343336353838373834313163623566653237653263643363
+          65623661623039306461326136636162363834616563346632343730383730616633623861383865
+          3332393865376631346632653462366363623231393839613366
+    wipe_mail:
+      host: smtp.googlemail.com
+      user: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31346166396462643734663735323164343665393930613665643963616538363363346561343531
+          6538613135353762656434383831386438636565373865650a623730643062643538663235616363
+          34363938383133633964666130396265343134623939323562363234313664386337636635633035
+          3939643362333366300a376135393436663765316132643639366466373665663133363761366234
+          38306230633661653133653961356633376166633761333738633030643765313135
+      password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31663537613531663362383135343538393663383566383030643339643733326333663133663362
+          3566303538353239666139363764373166626261366435330a646166623736636566346162366164
+          33636566393161336362643038353163623264393134353639653339613066343965303434303234
+          6666613363613731330a643065613838356131633031356233656535363138323366373737393135
+          38633831306539613634326530383234306361623237633832623662333539626339
   cojedzie:
     cojedzie_version: '2022.3.1'
     cojedzie_gtm: GTM-TQNX386