initial src stuff

author: Elizabeth Hunt <me@liz.coffee> 2025-05-01 00:27:42 -0700
committer: Elizabeth Hunt <me@liz.coffee> 2025-05-01 00:27:42 -0700
commit: 2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77 (patch)
tree: 17155b8b7c970d2fdd4b8ea87646a07a9d27ee59
parent: d357056752382ffe4ae866304d3573c361dbe21a (diff)
download: infra-2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77.tar.gz
infra-2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77.zip
14 files changed, 104 insertions, 2 deletions
diff --git a/create.py b/create.py
index 842237d..bccdee2 100755
--- a/create.py
+++ b/create.py
@@ -26,7 +26,7 @@ class Config:
     ANSIBLE_PLAYBOOKS = Path("playbooks/")
     ANSIBLE_ROLES = ANSIBLE_PLAYBOOKS / Path("roles/")
     GROUP_VARS = Path("group_vars/")
-    NGINX_SITES_ENABLED = ANSIBLE_ROLES / Path("outbound/templates/proxy/sites-enabled")
+    NGINX_SITES_ENABLED = ANSIBLE_ROLES / Path("outbound/templates/proxy/nginx/conf.d")
 
     INTERNAL_LOADBALANCER_HOST = "floating.home.arpa"
     EXTERNAL_LOADBALANCER_HOST = "outbound.liz.coffee"
diff --git a/deploy.yml b/deploy.yml
index 00b3852..a6ff65f 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -50,3 +50,6 @@
 
 - name: passwd
   ansible.builtin.import_playbook: playbooks/passwd.yml
+
+- name: src
+  ansible.builtin.import_playbook: playbooks/src.yml
diff --git a/group_vars/all.yml b/group_vars/all.yml
index bd10011..6c39b25 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -29,3 +29,5 @@ traextor_base: "{{ swarm_base }}/traextor"
 letsencrypt_certs: "{{ traextor_base }}/volumes/certs/letsencrypt"
 
 deployment_time: "{{ now(utc=true,fmt='%s') }}"
+
+me_lizcoffee_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRHu3h9mDjQyFbojcxGKW0hPUDfgUmb2WCzd4Dv2qISM3GGt9LjD8o0IbWRNaTf5UyId5lu7wNHtygs5ZDfUVnlfxrI1CmoExuqkYFjy+R9Cu0x1J2w7+MrKPBd5akLCuKTTnXbyv79T0tLb07rCpGHojW8HH6wdDtg0siVqsPqZVTjg7WGbBYqiqlA5p8s+V9xN1q8lTOZrRI0PdgoU8W+1oIr9OHSG1ZeUBQx60izTEwMnWBxY2aA8SQolIVvsJCcMMc/EAnaz/rdJ5IkeqXGslIhUI7WCPHnPWN8CSdwMOLi5BNaOAK7Y2FkfKTUlO7I52BL87Cl3YpMxR0mTDrfSJTSp0B3ZAbUIXDA7biSh04YLwGQVI799vcyJf355A60btPaiuiBgI0am3h0WxnOACg7K6eV023EiUQ24UjlQ8pufHcJ1oDW8v6LHlp/atCWOl9KQIun9UUg8DD8/BLPprc0wzAV6Nco0ZIedouxZuUhduYYvUrLJ+ICpaZg6oPGitVJPIgyyI+WTfjRN4WTj/Z3Yhuj0RqF8b5ea4FNWuJtfF724t7SVnZsYlZGSCqL8gaEzbIATVe3THn5VwbK+S4ELD/9W6MOd6aZcTOK2yP3jlwjcjnW8sLuX+2qNwtSVVa4o5VsRZU40Da+3flzoBsyUwSE3H2PsFPH29lIQ== lizzy@yubikey"
diff --git a/group_vars/src.yml b/group_vars/src.yml
new file mode 100644
index 0000000..3d8689a
--- /dev/null
+++ b/group_vars/src.yml
@@ -0,0 +1,5 @@
+---
+
+src_domain: src.liz.coffee
+src_base: "{{ swarm_base }}/src"
+src_admin_keys: "{{ me_lizcoffee_key }}"
diff --git a/inventory b/inventory
index 1ce98a4..712c7a6 100644
--- a/inventory
+++ b/inventory
@@ -58,3 +58,6 @@ swarm-one ansible_host=10.128.0.201 ansible_user=serve         ansible_connectio
 [passwd]
 swarm-one ansible_host=10.128.0.201 ansible_user=serve         ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
 
+[src]
+swarm-one ansible_host=10.128.0.201 ansible_user=serve         ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
+
diff --git a/playbooks/roles/common/files/authorized_keys b/playbooks/roles/common/files/authorized_keys
index abc559d..60edc04 100644
--- a/playbooks/roles/common/files/authorized_keys
+++ b/playbooks/roles/common/files/authorized_keys
@@ -1,2 +1,2 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnLAE5TrdYF8QWCSkvgUp15XKcwQJ9393a/CghSo8dG serve@ansible
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRHu3h9mDjQyFbojcxGKW0hPUDfgUmb2WCzd4Dv2qISM3GGt9LjD8o0IbWRNaTf5UyId5lu7wNHtygs5ZDfUVnlfxrI1CmoExuqkYFjy+R9Cu0x1J2w7+MrKPBd5akLCuKTTnXbyv79T0tLb07rCpGHojW8HH6wdDtg0siVqsPqZVTjg7WGbBYqiqlA5p8s+V9xN1q8lTOZrRI0PdgoU8W+1oIr9OHSG1ZeUBQx60izTEwMnWBxY2aA8SQolIVvsJCcMMc/EAnaz/rdJ5IkeqXGslIhUI7WCPHnPWN8CSdwMOLi5BNaOAK7Y2FkfKTUlO7I52BL87Cl3YpMxR0mTDrfSJTSp0B3ZAbUIXDA7biSh04YLwGQVI799vcyJf355A60btPaiuiBgI0am3h0WxnOACg7K6eV023EiUQ24UjlQ8pufHcJ1oDW8v6LHlp/atCWOl9KQIun9UUg8DD8/BLPprc0wzAV6Nco0ZIedouxZuUhduYYvUrLJ+ICpaZg6oPGitVJPIgyyI+WTfjRN4WTj/Z3Yhuj0RqF8b5ea4FNWuJtfF724t7SVnZsYlZGSCqL8gaEzbIATVe3THn5VwbK+S4ELD/9W6MOd6aZcTOK2yP3jlwjcjnW8sLuX+2qNwtSVVa4o5VsRZU40Da+3flzoBsyUwSE3H2PsFPH29lIQ== lizzy@yubikey
+{{ me_lizcoffee_key }}
diff --git a/playbooks/roles/nginx-proxy/templates/docker-compose.yml b/playbooks/roles/nginx-proxy/templates/docker-compose.yml
index 49947a6..57f4d64 100644
--- a/playbooks/roles/nginx-proxy/templates/docker-compose.yml
+++ b/playbooks/roles/nginx-proxy/templates/docker-compose.yml
@@ -16,6 +16,8 @@ services:
       - "993:993"
       # sieve
       - "4190:4190"
+      # src
+      - "23231:23231"
     volumes:
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - {{ nginx_proxy_base }}/certs:/etc/nginx/certs
diff --git a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf b/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf
index fd2babe..315743a 100644
--- a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf
+++ b/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf
@@ -20,6 +20,10 @@ stream {
         server {{ vpn_proxy_filter_container_name }}:4190;
     }
 
+    upstream src {
+        server {{ vpn_proxy_filter_container_name }}:23231;
+    }
+
     server {
         listen     993;
         proxy_pass imaps;
@@ -45,6 +49,10 @@ stream {
         proxy_pass managesieve;
         proxy_protocol on;
     }
+    server {
+        listen     23231;
+        proxy_pass src;
+    }
 }
 
 {% endif %}
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
new file mode 100644
index 0000000..ad24e23
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
@@ -0,0 +1,15 @@
+server {
+    listen 80;
+    server_name src.liz.coffee;
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/toplevel.conf.d/stream.conf b/playbooks/roles/outbound/templates/proxy/nginx/toplevel.conf.d/stream.conf
index 193e65a..80a4510 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/toplevel.conf.d/stream.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/toplevel.conf.d/stream.conf
@@ -17,6 +17,9 @@ stream {
     upstream managesieve {
         server {{ loadbalancer_ip }}:4190;
     }
+    upstream src {
+        server {{ loadbalancer_ip }}:23231;
+    }
 
     server {
         set_real_ip_from {{ docker_network }};
@@ -53,4 +56,8 @@ stream {
         proxy_pass managesieve;
         proxy_protocol on;
     }
+    server {
+        listen     23231;
+        proxy_pass src;
+    }
 }
diff --git a/playbooks/roles/src/tasks/main.yml b/playbooks/roles/src/tasks/main.yml
new file mode 100644
index 0000000..a18b2c1
--- /dev/null
+++ b/playbooks/roles/src/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Deploy src
+  ansible.builtin.import_tasks: manage-docker-swarm-service.yml
+  vars:
+    service_name: src
+    template_render_dir: "../templates"
+    service_destination_dir: "{{ src_base }}"
diff --git a/playbooks/roles/src/templates/stacks/docker-compose.yml b/playbooks/roles/src/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..11d95e6
--- /dev/null
+++ b/playbooks/roles/src/templates/stacks/docker-compose.yml
@@ -0,0 +1,42 @@
+services:
+  src:
+    image: charmcli/soft-serve
+    volumes:
+      - {{ src_base }}/volumes/data:/soft-serve
+    ports:
+      - "23231:23231"
+    environment:
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ now() }}
+      - SOFT_SERVE_NAME={{ src_domain }}
+      - SOFT_SERVE_HTTP_PUBLIC_URL=https://{{ src_domain }}
+      - SOFT_SERVE_INITIAL_ADMIN_KEYS={{ src_admin_keys }}
+    networks:
+      - proxy
+    healthcheck:
+      test: ["CMD-SHELL", "echo hi"] # todo: something more meaningful
+      timeout: 15s
+      interval: 30s
+      retries: 3
+      start_period: 10s
+    deploy:
+      mode: replicated
+      update_config:
+        parallelism: 1
+        failure_action: rollback
+        order: start-first
+        delay: 10s
+        monitor: 45s
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.swarm.network=proxy
+        - traefik.http.routers.src.tls=true
+        - traefik.http.routers.src.tls.certResolver=letsencrypt
+        - traefik.http.routers.src.rule=Host(`{{ src_domain }}`)
+        - traefik.http.routers.src.entrypoints=websecure
+        - traefik.http.services.src.loadbalancer.server.port=23232
+
+networks:
+  proxy:
+    external: true
diff --git a/playbooks/roles/src/templates/volumes/data/.gitkeep b/playbooks/roles/src/templates/volumes/data/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/src/templates/volumes/data/.gitkeep
diff --git a/playbooks/src.yml b/playbooks/src.yml
new file mode 100644
index 0000000..f261886
--- /dev/null
+++ b/playbooks/src.yml
@@ -0,0 +1,7 @@
+---
+
+- name: src setup
+  hosts: src
+  become: true
+  roles:
+    - src
author	Elizabeth Hunt <me@liz.coffee>	2025-05-01 00:27:42 -0700
committer	Elizabeth Hunt <me@liz.coffee>	2025-05-01 00:27:42 -0700
commit	2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77 (patch)
tree	17155b8b7c970d2fdd4b8ea87646a07a9d27ee59
parent	d357056752382ffe4ae866304d3573c361dbe21a (diff)
download	infra-2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77.tar.gz infra-2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77.zip