diff --git a/ansible/host_vars/walker/main.yml b/ansible/host_vars/walker/main.yml index 9a00b8b..77540e6 100644 --- a/ansible/host_vars/walker/main.yml +++ b/ansible/host_vars/walker/main.yml @@ -13,3 +13,5 @@ certbot_certs: - elbisualp.theorangeone.net - domains: - slides.jakehoward.tech + - domains: + - comentario.theorangeone.net diff --git a/ansible/main.yml b/ansible/main.yml index 2b20bc0..2bc70a9 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -121,6 +121,7 @@ - website - artis3n.tailscale - slides + - comentario - hosts: jellyfin roles: diff --git a/ansible/roles/comentario/files/docker-compose.yml b/ansible/roles/comentario/files/docker-compose.yml new file mode 100644 index 0000000..d795290 --- /dev/null +++ b/ansible/roles/comentario/files/docker-compose.yml @@ -0,0 +1,29 @@ +version: "2.3" + +services: + comentario: + image: registry.gitlab.com/comentario/comentario:latest + restart: unless-stopped + user: "{{ docker_user.id }}:{{ docker_user.id }}" + depends_on: + - db + networks: + - default + - coredns + volumes: + - ./secrets.yml:/comentario/secrets.yaml + environment: + - BASE_URL=https://comentario.theorangeone.net + + db: + image: postgres:14-alpine + restart: unless-stopped + volumes: + - ./postgres:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=comentario + - POSTGRES_USER=comentario + +networks: + coredns: + external: true diff --git a/ansible/roles/comentario/handlers/main.yml b/ansible/roles/comentario/handlers/main.yml new file mode 100644 index 0000000..8018955 --- /dev/null +++ b/ansible/roles/comentario/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart comentario + shell: + chdir: /opt/comentario + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/comentario/tasks/main.yml b/ansible/roles/comentario/tasks/main.yml new file mode 100644 index 0000000..8e128f0 --- /dev/null +++ b/ansible/roles/comentario/tasks/main.yml @@ -0,0 +1,38 @@ +- name: Create install directory + file: + path: /opt/comentario + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/comentario/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart comentario + become: true + +- name: Install secrets + copy: + content: "{{ comentario_secrets | to_nice_yaml }}" + dest: /opt/comentario/secrets.yml + mode: "600" + owner: "{{ docker_user.name }}" + notify: restart comentario + become: true + +- name: Install nginx config + template: + src: files/nginx-docker.conf + dest: /etc/nginx/http.d/comentario.conf + mode: "0644" + notify: reload nginx + become: true + vars: + server_name: comentario.theorangeone.net + upstream: comentario-comentario-1.docker:80 + ssl_cert_path: /etc/letsencrypt/live/comentario.theorangeone.net diff --git a/ansible/roles/comentario/vars/main.yml b/ansible/roles/comentario/vars/main.yml new file mode 100644 index 0000000..9cc6f17 --- /dev/null +++ b/ansible/roles/comentario/vars/main.yml @@ -0,0 +1,6 @@ +comentario_secrets: + postgres: + host: db + database: comentario + username: comentario + password: comentario diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index bc3b85a..a73ac75 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -237,6 +237,14 @@ resource "cloudflare_record" "theorangeonenet_mastodon" { ttl = 1 } +resource "cloudflare_record" "theorangeonenet_comentario" { + zone_id = cloudflare_zone.theorangeonenet.id + name = "comentario" + value = cloudflare_record.sys_domain_walker.value + type = "A" + ttl = 1 +} + resource "cloudflare_record" "theorangeonenet_caa" { zone_id = cloudflare_zone.theorangeonenet.id name = "@"