From 08afdd951e3ea8e2e6ef3cec396e9902117d0353 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sat, 29 Oct 2022 18:09:30 +0100
Subject: [PATCH] Add hosting for new website

Top sneaky
---
 ansible/main.yml                              |  1 +
 .../roles/website/files/docker-compose.yml    | 65 +++++++++++++++++++
 ansible/roles/website/handlers/main.yml       |  4 ++
 ansible/roles/website/tasks/main.yml          | 20 ++++++
 ansible/roles/website/vars/main.yml           |  5 ++
 ansible/roles/website/vars/vault.yml          | 29 +++++++++
 6 files changed, 124 insertions(+)
 create mode 100644 ansible/roles/website/files/docker-compose.yml
 create mode 100644 ansible/roles/website/handlers/main.yml
 create mode 100644 ansible/roles/website/tasks/main.yml
 create mode 100644 ansible/roles/website/vars/main.yml
 create mode 100644 ansible/roles/website/vars/vault.yml

diff --git a/ansible/main.yml b/ansible/main.yml
index 5d8a7d9..26c328c 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -105,6 +105,7 @@
     - pages
     - restic
     - commento
+    - website
 
 - hosts: jellyfin
   roles:
diff --git a/ansible/roles/website/files/docker-compose.yml b/ansible/roles/website/files/docker-compose.yml
new file mode 100644
index 0000000..875e8f7
--- /dev/null
+++ b/ansible/roles/website/files/docker-compose.yml
@@ -0,0 +1,65 @@
+version: "2.3"
+
+x-website: &website
+  image: registry.git.theorangeone.net/repos/website:latest
+  user: "{{ docker_user.id }}"
+  restart: unless-stopped
+  init: true
+  environment:
+    - TZ={{ timezone }}
+    - DEBUG=false
+    - SECRET_KEY={{ website_secret_key }}
+    - DATABASE_URL=postgres://website:website@db/website?conn_max_age=600
+    - CACHE_URL=redis://redis/0
+    - QUEUE_STORE_URL=redis://redis/1
+    - RENDITION_CACHE_URL=redis://redis/2
+    - SPOTIFY_PROXY_HOST={{ spotify_proxy_host }}
+    - UNSPLASH_CLIENT_ID={{ unsplash_client_id }}
+    - SENTRY_DSN={{ website_sentry_dsn }}
+    - BASE_HOSTNAME=staging.theorangeone.net
+    - WEB_CONCURRENCY=4
+    - SEO_INDEX=true
+  volumes:
+    - ./media:/app/media
+  depends_on:
+    - db
+    - redis
+
+services:
+  website:
+    <<: *website
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.website.rule=Host(`staging.theorangeone.net`)
+      - traefik.http.middlewares.website-auth.basicauth.users={{ website_basic_auth }}
+      - traefik.http.routers.website.middlewares=website-auth
+    networks:
+      - default
+      - traefik
+
+  worker:
+    <<: *website
+    command: python manage.py rqworker
+
+  cron:
+    <<: *website
+    command: supercronic etc/crontab
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=website
+      - POSTGRES_USER=website
+
+  redis:
+    image: redis:6.0-alpine
+    restart: unless-stopped
+    volumes:
+      - ./redis:/data
+
+networks:
+  traefik:
+    external: true
diff --git a/ansible/roles/website/handlers/main.yml b/ansible/roles/website/handlers/main.yml
new file mode 100644
index 0000000..44d84e2
--- /dev/null
+++ b/ansible/roles/website/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart website
+  shell:
+    chdir: /opt/website
+    cmd: "{{ docker_update_command }}"
diff --git a/ansible/roles/website/tasks/main.yml b/ansible/roles/website/tasks/main.yml
new file mode 100644
index 0000000..0e94285
--- /dev/null
+++ b/ansible/roles/website/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/website
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/website/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart website
+  become: true
diff --git a/ansible/roles/website/vars/main.yml b/ansible/roles/website/vars/main.yml
new file mode 100644
index 0000000..b24996e
--- /dev/null
+++ b/ansible/roles/website/vars/main.yml
@@ -0,0 +1,5 @@
+spotify_proxy_host: "{{ vault_spotify_proxy_host }}"
+website_secret_key: "{{ vault_website_secret_key }}"
+website_sentry_dsn: "{{ vault_website_sentry_dsn }}"
+unsplash_client_id: "{{ vault_unsplash_client_id }}"
+website_basic_auth: "{{ vault_website_basic_auth }}"
diff --git a/ansible/roles/website/vars/vault.yml b/ansible/roles/website/vars/vault.yml
new file mode 100644
index 0000000..9acf5ae
--- /dev/null
+++ b/ansible/roles/website/vars/vault.yml
@@ -0,0 +1,29 @@
+$ANSIBLE_VAULT;1.1;AES256
+36303635376432353532636330353063656433363436663336373063653362396238316462333062
+6365643764353136373064623662653731343135343036310a333864386563623934316532633234
+66643232343936383134316265336237306364346335313163323465393265633239383763346636
+6638616635373531630a376534663138343963613530636265323731663132626265383538343065
+66343932333632643632313563343163393832363633383032643330323434323438393333643230
+31653362653761313938333437616638363665323463656264353265653137323537306665616331
+61613437393131383735313034326237663230643834356463356637626431353561663635613962
+31336537306537383437623939396636613131383061383434373436333931633039313130613237
+34663935613165626236323238646264346530323339303633626261393338363965653861323134
+33373833663737623939666366373962313935363161383564313435373138666534666330346334
+35623032636362646635363361616537626362626262333437373932646439386562643832343535
+61646532643134656638323130613236393138376363373437343232353231326131636232356636
+30396262313439616533346230356339376134653939303138313831333935616238313035613432
+65633935646136613538633466306362643535346538383534383761363937373332333739656363
+65643338336234643238643035393663346431306137393462636430653932333363303764306634
+61643335383235356262653864666266666535393233396162366630613261326666653835386339
+64313066303537623163333937626231623063653831386338303338656263313266396637646331
+39333839363764366235336230326432373732383433393766343765346531633565383635343235
+37316631396464366235323034356161343263376461393533633061643736333365376562306130
+66326165613939626136306430306637626139343166626333343139633863633164326238643863
+39636534653166646666373034643439366461636530663239633864633737666265356666383137
+39356437303964656634326435326232316265366564373537333538313163373132316438323064
+30333130343965396265323663363765336366366637366163396663376265376431623839373363
+61393065326433393235633338333638333631633136356462333637373739343432623834636238
+39393465353538653233316334623337373662656331643330613565613333633865663962346137
+32333235303331623432306265386437613061613438373366306235396539663464383835613930
+37343864336630666439356164663061373066313063313933643062326239326131383531653366
+39363136623861386637