Deploy slides hosting

ansible/host_vars/walker/main.yml

@@ -11,3 +11,5 @@ certbot_certs:
   - domains:
       - plausible.theorangeone.net
       - elbisualp.theorangeone.net
+  - domains:
+      - slides.jakehoward.tech

ansible/main.yml

@@ -118,6 +118,7 @@
     - website
     - remark42
     - artis3n.tailscale
+    - slides
 
 - hosts: jellyfin
   roles:

ansible/roles/slides/files/docker-compose.yml

@@ -0,0 +1,19 @@
+version: "2.3"
+
+services:
+  slides:
+    image: ghcr.io/realorangeone/slides:latest
+    restart: unless-stopped
+    environment:
+      - TZ={{ timezone }}
+      - PUID={{ docker_user.id }}
+    volumes:
+      - ./htpasswd:/etc/nginx/.htpasswd:ro
+      - ./slides:/srv
+    networks:
+      - default
+      - coredns
+
+networks:
+  coredns:
+    external: true

ansible/roles/slides/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart slides
+  shell:
+    chdir: /opt/slides
+    cmd: "{{ docker_update_command }}"

ansible/roles/slides/tasks/main.yml

@@ -0,0 +1,47 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/slides
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/slides/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart slides
+  become: true
+
+- name: Create credentials
+  htpasswd:
+    path: /opt/slides/htpasswd
+    name: "{{ item.user }}"
+    password: "{{ item.password }}"
+    owner: "{{ docker_user.name }}"
+    mode: "0600"
+  loop: "{{ webdav_credentials }}"
+  loop_control:
+    label: "{{ item.user }}"
+  notify: restart slides
+  become: true
+
+- name: Install nginx config
+  template:
+    src: files/nginx-docker.conf
+    dest: /etc/nginx/http.d/slides.conf
+    mode: "0644"
+  notify: reload nginx
+  become: true
+  vars:
+    server_name: slides.jakehoward.tech
+    upstream: slides-slides-1.docker:80
+    ssl_cert_path: /etc/letsencrypt/live/slides.jakehoward.tech
+    location_extra: |
+      client_max_body_size 15m;

ansible/roles/slides/vars/vault.yml

@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+39346133313638313030663139356637666666346665356161383332613836656131353830323530
+6636613939346437633430316436363538623339643439300a363464383763613631333161613034
+31336138386639306166313532633439343763363563616130633165323166376265303663643130
+3634303836383737340a643834373666386261363533353936623335396633396366373230653932
+38316662333932646636623839396630383339393135643533323832623330323666613465626431
+36356663653861666362376265636162336531663266616432636635333537656661396263643631
+36653462663365646338623434393738346566633266643634633430336235343531613631383562
+30333165313438363966626264643732353833366662653164666631636465636538303961316465
+62356132643837646638376334343935313338316266393261316538393561356264313932623236
+62326235303139353034636365663434383439366163646635626563666434636564623336653634
+35363834306534333531383131323830623438323736656234623263353930666130363132343464
+32363433653066656364393732366366353033663332366166343139616433303439623631663537
+65313539663333626333623966313864623639353031313131346635666138613032

terraform/jakehoward.tech.tf

@@ -253,6 +253,14 @@ resource "cloudflare_record" "jakehowardtech_headscale" {
   ttl     = 1
 }
 
+resource "cloudflare_record" "jakehowardtech_slides" {
+  zone_id = cloudflare_zone.jakehowardtech.id
+  name    = "slides"
+  value   = cloudflare_record.sys_domain_walker.hostname
+  type    = "CNAME"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "jakehowardtech_caa" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "@"