From cc3f980d3464e8d0fceb70d094eb6d040ee4057d Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Wed, 24 Aug 2022 22:17:29 +0100
Subject: [PATCH] Deploy tandoor

---
 ansible/main.yml                              |  1 +
 .../roles/tandoor/files/docker-compose.yml    | 43 +++++++++++++++++++
 ansible/roles/tandoor/handlers/main.yml       |  4 ++
 ansible/roles/tandoor/tasks/main.yml          | 20 +++++++++
 ansible/roles/tandoor/vars/main.yml           |  1 +
 ansible/roles/tandoor/vars/vault.yml          |  9 ++++
 terraform/jakehoward.tech.tf                  |  8 ++++
 7 files changed, 86 insertions(+)
 create mode 100644 ansible/roles/tandoor/files/docker-compose.yml
 create mode 100644 ansible/roles/tandoor/handlers/main.yml
 create mode 100644 ansible/roles/tandoor/tasks/main.yml
 create mode 100644 ansible/roles/tandoor/vars/main.yml
 create mode 100644 ansible/roles/tandoor/vars/vault.yml

diff --git a/ansible/main.yml b/ansible/main.yml
index 436b29c..3e674fa 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -66,6 +66,7 @@
     - pve_nebula_route
     - privatebin
     - vaultwarden
+    - tandoor
 
 - hosts: ingress
   roles:
diff --git a/ansible/roles/tandoor/files/docker-compose.yml b/ansible/roles/tandoor/files/docker-compose.yml
new file mode 100644
index 0000000..3509c38
--- /dev/null
+++ b/ansible/roles/tandoor/files/docker-compose.yml
@@ -0,0 +1,43 @@
+version: "2.3"
+
+services:
+  tandoor:
+    image: vabene1111/recipes:1.3.3
+    environment:
+      - TIMEZONE={{ timezone }}
+      - DEBUG=0
+      - ALLOWED_HOSTS=recipes.jakehoward.tech
+      - SECRET_KEY={{ tandoor_secret_key }}
+      - DATABASE_URL=postgres://tandoor:tandoor@db:5432/tandoor
+      - DB_ENGINE=django.db.backends.postgresql
+      - POSTGRES_HOST=db
+      - POSTGRES_PORT=5432
+      - POSTGRES_USER=tandoor
+      - POSTGRES_PASSWORD=tandoor
+      - GUNICORN_MEDIA=1
+    restart: unless-stopped
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.tandoor.rule=Host(`recipes.jakehoward.tech`)
+    depends_on:
+      - db
+    networks:
+      - default
+      - traefik
+    volumes:
+      - "{{ app_data_dir }}/tandoor/media:/opt/recipes/mediafiles"
+    tmpfs:
+      - /opt/recipes/staticfiles
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/tank/dbs/postgres/tandoor/:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=tandoor
+      - POSTGRES_USER=tandoor
+
+networks:
+  traefik:
+    external: true
diff --git a/ansible/roles/tandoor/handlers/main.yml b/ansible/roles/tandoor/handlers/main.yml
new file mode 100644
index 0000000..c0d2432
--- /dev/null
+++ b/ansible/roles/tandoor/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart tandoor
+  shell:
+    chdir: /opt/tandoor
+    cmd: "{{ docker_update_command }}"
diff --git a/ansible/roles/tandoor/tasks/main.yml b/ansible/roles/tandoor/tasks/main.yml
new file mode 100644
index 0000000..6b67033
--- /dev/null
+++ b/ansible/roles/tandoor/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/tandoor
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/tandoor/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart tandoor
+  become: true
diff --git a/ansible/roles/tandoor/vars/main.yml b/ansible/roles/tandoor/vars/main.yml
new file mode 100644
index 0000000..ac8b946
--- /dev/null
+++ b/ansible/roles/tandoor/vars/main.yml
@@ -0,0 +1 @@
+tandoor_secret_key: "{{ vault_tandoor_secret_key }}"
diff --git a/ansible/roles/tandoor/vars/vault.yml b/ansible/roles/tandoor/vars/vault.yml
new file mode 100644
index 0000000..3d30c55
--- /dev/null
+++ b/ansible/roles/tandoor/vars/vault.yml
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+37383465336661346131616431653662623562386238373738383866336165663263363033323535
+6339643539373037663938636636353362313064366636330a333637316665326530646430666663
+35616463626139373136383538336466653236336330376534373931656435393562323033313730
+3361613934643538650a646237326665313538613264303836393032666631346366653361303039
+30353163346538356431303564613837363364323035313239623364643538663336383962396530
+66663063333938363034316330333936633535346538323938346461343234636236363863353235
+36323362396438613039313039353038323733613764383538393961626561373835653963336638
+64393133353161656266
diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf
index 6f238fa..0c5e91b 100644
--- a/terraform/jakehoward.tech.tf
+++ b/terraform/jakehoward.tech.tf
@@ -139,3 +139,11 @@ resource "cloudflare_record" "jakehowardtech_vaultwarden" {
   type    = "A"
   ttl     = 1
 }
+
+resource "cloudflare_record" "jakehowardtech_tandoor" {
+  zone_id = cloudflare_zone.jakehowardtech.id
+  name    = "recipes"
+  value   = linode_instance.casey.ip_address
+  type    = "A"
+  ttl     = 1
+}