keylighter: Initial config

2024-01-10 22:24:42 +01:00 · 2024-01-10 22:24:42 +01:00 · 7acd968f52
commit 7acd968f52
parent 4c95c79f05
6 changed files with 155 additions and 0 deletions
--- a/services/keylighter/config/.env
+++ b/services/keylighter/config/.env
@ -0,0 +1,9 @@
+APP_ENV={{ keylighter_app_env|default("prod") }}
+APP_SECRET={{ keylighter_app_secret }}
+
+DATABASE_URL="sqlite:///%kernel.project_dir%/var/app.db"
+MESSENGER_TRANSPORT_DSN=redis://redis:6379/messages
+
+COMPOSER_PATH=composer
+BOX_PATH=box
+
--- a/services/keylighter/config/nginx.conf
+++ b/services/keylighter/config/nginx.conf
@ -0,0 +1,24 @@
+server {
+    root /var/www/public/;
+
+    index index.php;
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location /keylighter.css {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~ ^/index\.php(/|$) {
+        fastcgi_pass localhost:9000;
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+        internal;
+    }
+}
--- a/services/keylighter/stack.yml
+++ b/services/keylighter/stack.yml
@ -0,0 +1,89 @@
+version: "{{ compose_version }}"
+
+services:
+  redis:
+    image: redis:latest
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+
+  site:
+    image: registry.kadet.net/podlike
+    command: -logs -ipc=false -pull
+    networks: ["{{ ingress_network }}", "default"]
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}.rule={{ traefik_routing_rule }}
+        - traefik.http.routers.{{ service }}.priority=100
+        - traefik.http.routers.{{ service }}.tls=true
+        - traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt-tls
+        - traefik.http.services.{{ service }}.loadbalancer.server.port=80
+      restart_policy:
+        condition: any
+        delay: 60s
+    labels:
+      pod.component.fpm: |
+        image: registry.kadet.net/keylighter.kadet.net/php-fpm:{{ keylighter_version }}
+        environment:
+          - TRUSTED_PROXIES=10.0.0.0/8
+        volumes:
+          - {{ service }}-www-data:/var/www
+          - {{ service }}-storage-data:/var/www/var
+      pod.component.nginx: |
+        image: nginx:latest
+        volumes:
+          - {{ service }}-www-data:/var/www
+          - {{ service }}-storage-data:/var/www/var
+          - {{ service }}-nginx-config:/etc/nginx/templates
+      pod.copy.fpm: /var/conf/keylighter/.env:/var/www/.env.local
+      pod.copy.nginx: /var/conf/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
+      pod.init.components: |
+        - image: registry.kadet.net/keylighter.kadet.net/php-fpm:{{ keylighter_version }}
+          entrypoint: ["/bin/sh", "-c"]
+          command: ["cp -a /var/www /mnt"]
+          volumes:
+            - {{ service }}-www-data:/mnt/www
+    configs:
+      - source: dotenv_{{ dotenv_file.checksum }}
+        target: /var/conf/keylighter/.env
+      - source: nginx_conf_{{ nginx_conf.checksum }}
+        target: /var/conf/nginx/nginx.conf
+    secrets:
+      - source: dockerregistryauth
+        target: /var/run/secrets/podlike/dockerregistryauth.json
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - nginx-config:/mnt/nginx-config
+      - www-data:/mnt/www-data
+      - storage-data:/mnt/storage-data
+
+secrets:
+  dockerregistryauth:
+    name: dockerregistryauth
+    external: true
+
+configs:
+  dotenv_{{ dotenv_file.checksum }}:
+    file: ./config/.env
+  nginx_conf_{{ nginx_conf.checksum }}:
+    file: ./config/nginx.conf
+
+volumes:
+  nginx-config:
+    name: '{{ service }}-{{ "nginx-config.{{.Task.ID}}" }}'
+    labels:
+      com.github.rycus86.podlike.volume-ref: "{{ service }}-nginx-config"
+  www-data:
+    name: '{{ service }}-{{ "www-data.{{.Task.ID}}" }}'
+    labels:
+      com.github.rycus86.podlike.volume-ref: "{{ service }}-www-data"
+  storage-data:
+    labels:
+      com.github.rycus86.podlike.volume-ref: "{{ service }}-storage-data"
--- a/services/keylighter/tasks/config.yml
+++ b/services/keylighter/tasks/config.yml
@ -0,0 +1,16 @@
+---
+- name: 'Copy .env file for "{{ service }}"'
+  template:
+    src: "{{ service_path }}/config/.env"
+    dest: "{{ remote_service_path }}/config/.env"
+  register: dotenv_file
+  tags:
+    - config
+
+- name: 'Copy nginx.conf file for "{{ service }}"'
+  template:
+    src: "{{ service_path }}/config/nginx.conf"
+    dest: "{{ remote_service_path }}/config/nginx.conf"
+  register: nginx_conf
+  tags:
+    - config
--- a/services/keylighter/vars/main.yml
+++ b/services/keylighter/vars/main.yml
@ -0,0 +1,5 @@
+---
+traefik_routing_rule: "Host(`{{ keylighter_host }}`)"
+
+keylighter_host: keylighter.kadet.net
+keylighter_version: latest
--- a/vars/services.yml
+++ b/vars/services.yml
@ -304,5 +304,17 @@ service_config:
          65616339303364343737383065626665323766613035313563613131376661333336313437653037
          65366633306635343662
        allowed_services: ["echo"]
+  
+  keylighter:
+    keylighter_version: latest
+    keylighter_app_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63303033343833663565393866636164383062343661376230363032306530393066363138343837
+          6661633433663738333631396637646365643864643734380a343631616632393939373964396330
+          30653930323261333333666362323632303539666633636434663265623836396438323132323565
+          6366333138333465340a376431363939366164316163633030616130653465613532323765306339
+          30653966353632333164306262363031626137373761636166663533366231336637383334316637
+          3463613562343766613666666264646433353731313334336130
+
 www_data_users:
  - vagrant