From 604202fdce913cad8e58cbe6c638985edcf2e4cd Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sat, 16 Jan 2021 23:29:55 +0000
Subject: [PATCH] Add traefik pages

Add it ready for the migration in future
---
 ansible/group_vars/all/traefik.yml           | 11 ++++++++
 ansible/host_vars/grimes.yml                 |  1 +
 ansible/main.yml                             |  1 +
 ansible/roles/pages/files/docker-compose.yml | 29 ++++++++++++++++++++
 ansible/roles/pages/handlers/main.yml        |  4 +++
 ansible/roles/pages/tasks/main.yml           | 25 +++++++++++++++++
 ansible/roles/pages/vars/main.yml            | 24 ++++++++++++++++
 ansible/roles/traefik/defaults/main.yml      |  2 ++
 ansible/roles/traefik/files/traefik.yml      |  5 ++++
 ansible/yamllint.yml                         |  1 +
 10 files changed, 103 insertions(+)
 create mode 100644 ansible/group_vars/all/traefik.yml
 create mode 100644 ansible/roles/pages/files/docker-compose.yml
 create mode 100644 ansible/roles/pages/handlers/main.yml
 create mode 100644 ansible/roles/pages/tasks/main.yml
 create mode 100644 ansible/roles/pages/vars/main.yml

diff --git a/ansible/group_vars/all/traefik.yml b/ansible/group_vars/all/traefik.yml
new file mode 100644
index 0000000..e81ff56
--- /dev/null
+++ b/ansible/group_vars/all/traefik.yml
@@ -0,0 +1,11 @@
+traefik_pages_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  36613865643964363065396534373438383931323930333962653762633831383039363737386430
+  3832343537373366306162383136316365313836623236360a343936623764383264633166666139
+  37666165653938636164363765613964336663326666643537343131613133313336626266663138
+  6162326633306162650a363731663031613738333564393033333131373630383163666264663130
+  36323039363133366562626262386530616134623234623365663662643362386239643637346633
+  33383735303736336661633739623565356664386462653062313632353830323439393563386439
+  35313433666362383066303135396265393632376535396265323838376437653132393637376531
+  66643233353735353133626539346432366166303732343666333735633136313661333761653865
+  33623164306363623665613063656438303938306138336233393234663532323938
diff --git a/ansible/host_vars/grimes.yml b/ansible/host_vars/grimes.yml
index c32dd2f..7efbff0 100644
--- a/ansible/host_vars/grimes.yml
+++ b/ansible/host_vars/grimes.yml
@@ -1 +1,2 @@
 app_data_dir: .
+with_traefik_pages: true
diff --git a/ansible/main.yml b/ansible/main.yml
index 9679ea3..fe0694c 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -40,6 +40,7 @@
   roles:
     - plausible
     - duplicati
+    - pages
 
 - hosts: pve-docker
   roles:
diff --git a/ansible/roles/pages/files/docker-compose.yml b/ansible/roles/pages/files/docker-compose.yml
new file mode 100644
index 0000000..6d5dd2d
--- /dev/null
+++ b/ansible/roles/pages/files/docker-compose.yml
@@ -0,0 +1,29 @@
+version: "2.3"
+
+services:
+  minio:
+    image: minio/minio:latest
+    restart: unless-stopped
+    user: "{{ pages_user_id }}"
+    volumes:
+      - ./sites:/data
+    command: server /data --quiet
+    environment:
+      - MINIO_ACCESS_KEY={{ minio_access_key }}
+      - MINIO_SECRET_KEY={{ minio_secret_key }}
+
+  traefik-pages:
+    image: theorangeone/traefik-pages:latest
+    volumes:
+      - ./sites:/sites:ro
+    restart: unless-stopped
+    user: "{{ pages_user_id }}"
+    ports:
+      - 127.0.0.1:5000:5000
+    environment:
+      - SITES_ROOT=/sites
+      - TRAEFIK_SERVICE=traefik-pages-pages@docker
+      - AUTH_PASSWORD={{ traefik_pages_password }}
+      - TRAEFIK_CERT_RESOLVER=le
+    labels:
+      - traefik.enable=true
diff --git a/ansible/roles/pages/handlers/main.yml b/ansible/roles/pages/handlers/main.yml
new file mode 100644
index 0000000..323474b
--- /dev/null
+++ b/ansible/roles/pages/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart pages
+  shell:
+    chdir: /opt/pages
+    cmd: "{{ docker_update_command }}"
diff --git a/ansible/roles/pages/tasks/main.yml b/ansible/roles/pages/tasks/main.yml
new file mode 100644
index 0000000..5ac998e
--- /dev/null
+++ b/ansible/roles/pages/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: Create install directory
+  file:
+    path: /opt/pages/sites
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Create sites directory
+  file:
+    path: /opt/pages/sites
+    state: directory
+    owner: "{{ pages_user_id }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/pages/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: /usr/bin/docker-compose -f %s config
+  notify: restart pages
+  become: true
diff --git a/ansible/roles/pages/vars/main.yml b/ansible/roles/pages/vars/main.yml
new file mode 100644
index 0000000..28ac663
--- /dev/null
+++ b/ansible/roles/pages/vars/main.yml
@@ -0,0 +1,24 @@
+minio_access_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  36353266366231326332636363333537356564336266613763333934333062356134393561336166
+  3864643564356533383561326336656239366163363861340a393564386234373632356530636165
+  64326637643237633366333931653265663534363831383063376665376163653861303464613035
+  3436613338323537640a616266623930633862306638633166373634393739336635323031393361
+  37383136326330653239356431363935623530653531356135633463643638363036643634653336
+  31316266373539653063666438376364663734323837356330393436303836633239353037343738
+  31303933376162623838386233366363643532323366306161663838313530366535636532666530
+  65666633306534616165393930303738313737353635306635373430613261633265616536386336
+  31393238643230336130643938373432396238613931663939383464343533303865
+minio_secret_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34633434353863636337666139366530656164613565356465336538386162393539666638383831
+  3666623139366138393465646536396537323739383061390a373465626233396439336235323964
+  61326266666333393265636666326336343334646538306466643064366639353431393336616436
+  6438313535613638310a623466313233643066656163646334336536333136636136386561623536
+  31653262346331343737346337323738313138626236363962616661383634613435396334326633
+  34343464386239333938383365343431396236653865326536353238653431643539653731636130
+  32353265353237346565373333646161356664663862393364313463333533643331396535393937
+  61613737396262316165326633363833343133363838633836376631666432653237393739396131
+  36643531353739373063393230356137623833346439393035646463636336356334
+
+pages_user_id: 33
diff --git a/ansible/roles/traefik/defaults/main.yml b/ansible/roles/traefik/defaults/main.yml
index ace9b9c..67357fd 100644
--- a/ansible/roles/traefik/defaults/main.yml
+++ b/ansible/roles/traefik/defaults/main.yml
@@ -5,3 +5,5 @@ traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}"
 
 traefik_provider_jellyfin: false
 traefik_provider_homeassistant: false
+
+with_traefik_pages: false
diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml
index e8213bb..7f44c84 100644
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@@ -26,6 +26,11 @@ providers:
     exposedByDefault: false
   file:
     directory: /etc/traefik/conf
+{% if with_traefik_pages %}
+  http:
+    endpoint:
+      - "http://{{ traefik_pages_password }}@127.0.0.1:5000/.traefik-pages/provider"
+{% endif %}
 
 api:
   dashboard: true
diff --git a/ansible/yamllint.yml b/ansible/yamllint.yml
index 91959fc..24ad3bb 100644
--- a/ansible/yamllint.yml
+++ b/ansible/yamllint.yml
@@ -3,6 +3,7 @@ extends: default
 ignore: |
   ansible/galaxy_roles
   ansible/group_vars/all/hosts.yml
+  ansible/roles/traefik/files/traefik.yml
 
 rules:
   document-start: disable