Deploy comentario

ansible/host_vars/walker/main.yml

@@ -13,3 +13,5 @@ certbot_certs:
       - elbisualp.theorangeone.net
   - domains:
       - slides.jakehoward.tech
+  - domains:
+      - comentario.theorangeone.net

ansible/main.yml

@@ -121,6 +121,7 @@
     - website
     - artis3n.tailscale
     - slides
+    - comentario
 
 - hosts: jellyfin
   roles:

ansible/roles/comentario/files/docker-compose.yml

@@ -0,0 +1,29 @@
+version: "2.3"
+
+services:
+  comentario:
+    image: registry.gitlab.com/comentario/comentario:latest
+    restart: unless-stopped
+    user: "{{ docker_user.id }}:{{ docker_user.id }}"
+    depends_on:
+      - db
+    networks:
+      - default
+      - coredns
+    volumes:
+      - ./secrets.yml:/comentario/secrets.yaml
+    environment:
+      - BASE_URL=https://comentario.theorangeone.net
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=comentario
+      - POSTGRES_USER=comentario
+
+networks:
+  coredns:
+    external: true

ansible/roles/comentario/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart comentario
+  shell:
+    chdir: /opt/comentario
+    cmd: "{{ docker_update_command }}"

ansible/roles/comentario/tasks/main.yml

@@ -0,0 +1,38 @@
+- name: Create install directory
+  file:
+    path: /opt/comentario
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/comentario/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart comentario
+  become: true
+
+- name: Install secrets
+  copy:
+    content: "{{ comentario_secrets | to_nice_yaml }}"
+    dest: /opt/comentario/secrets.yml
+    mode: "600"
+    owner: "{{ docker_user.name }}"
+  notify: restart comentario
+  become: true
+
+- name: Install nginx config
+  template:
+    src: files/nginx-docker.conf
+    dest: /etc/nginx/http.d/comentario.conf
+    mode: "0644"
+  notify: reload nginx
+  become: true
+  vars:
+    server_name: comentario.theorangeone.net
+    upstream: comentario-comentario-1.docker:80
+    ssl_cert_path: /etc/letsencrypt/live/comentario.theorangeone.net

ansible/roles/comentario/vars/main.yml

@@ -0,0 +1,6 @@
+comentario_secrets:
+  postgres:
+    host: db
+    database: comentario
+    username: comentario
+    password: comentario

terraform/theorangeone.net.tf

@@ -237,6 +237,14 @@ resource "cloudflare_record" "theorangeonenet_mastodon" {
   ttl     = 1
 }
 
+resource "cloudflare_record" "theorangeonenet_comentario" {
+  zone_id = cloudflare_zone.theorangeonenet.id
+  name    = "comentario"
+  value   = cloudflare_record.sys_domain_walker.value
+  type    = "A"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "theorangeonenet_caa" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "@"