diff --git a/playbooks/02b-services-user.yml b/playbooks/02b-services-user.yml index ecd8345..9cde950 100644 --- a/playbooks/02b-services-user.yml +++ b/playbooks/02b-services-user.yml @@ -17,6 +17,8 @@ - "data" git: - "data" + notes: + - "data" tasks: - include_tasks: tasks/services/b-user/service-user.yml diff --git a/playbooks/02c-services-deploy.yml b/playbooks/02c-services-deploy.yml index e7567ed..b8b76ca 100644 --- a/playbooks/02c-services-deploy.yml +++ b/playbooks/02c-services-deploy.yml @@ -10,6 +10,8 @@ nextcloud: "25-fpm" git: gitea: "1" + notes: + joplin: "2" tasks: - import_tasks: tasks/services/c-deploy/00-hosts.yml diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf b/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf new file mode 100644 index 0000000..cc22127 --- /dev/null +++ b/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf @@ -0,0 +1,35 @@ +server { + listen 80; + server_name notes.wojciechkozlowski.eu; + + location ^~ /.well-known { + allow all; + root /var/www/html; + } + + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name notes.wojciechkozlowski.eu; + + ssl_certificate /etc/letsencrypt/live/notes.wojciechkozlowski.eu/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/notes.wojciechkozlowski.eu/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/notes.wojciechkozlowski.eu/chain.pem; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://pod-notes:22300; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-notes/.config/systemd/user/container-notes-joplin.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-notes/.config/systemd/user/container-notes-joplin.service.j2 new file mode 100644 index 0000000..fe712f5 --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-notes/.config/systemd/user/container-notes-joplin.service.j2 @@ -0,0 +1,43 @@ +[Unit] +Description=Podman container-notes-joplin.service +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +BindsTo=pod-notes.service +After=pod-notes.service +OnFailure=status-mail@%n.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/container-notes-joplin.pid %t/container-notes-joplin.ctr-id +ExecStart=/usr/bin/podman run \ + --conmon-pidfile %t/container-notes-joplin.pid \ + --cidfile %t/container-notes-joplin.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-notes.pod-id \ + --replace \ + --label "io.containers.autoupdate=image" \ + -dt \ + --add-host=pod-database:{{ services['database'].address }} \ + -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v /var/lib/yggdrasil/data/pod-notes/data/_data:/data \ + -e APP_BASE_URL="https://{{ services[service_name].domain }}" \ + -e APP_PORT="22300" \ + -e DB_CLIENT="pg" \ + -e POSTGRES_PASSWORD="{{ services[service_name].database_password }}" \ + -e POSTGRES_DATABASE="{{ services[service_name].database_name }}" \ + -e POSTGRES_USER="{{ services[service_name].database_user }}" \ + -e POSTGRES_PORT="5432" \ + -e POSTGRES_HOST="pod-database" \ + -e STORAGE_DRIVER="Type=Filesystem; Path=/data" \ + --name=pod-notes-joplin \ + docker.io/joplin/server:{{ versions.notes.joplin }} +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-notes-joplin.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-joplin.ctr-id +PIDFile=%t/container-notes-joplin.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-notes/.config/systemd/user/pod-notes.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-notes/.config/systemd/user/pod-notes.service.j2 new file mode 100644 index 0000000..8d3e49f --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-notes/.config/systemd/user/pod-notes.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Podman pod-notes.service +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +Requires=container-notes-joplin.service +Before=container-notes-joplin.service +OnFailure=status-mail@%n.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace +ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > /var/lib/{{ ansible_hostname }}/containers/pod-notes/pidfile' +ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10 +ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id +PIDFile=%t/pod-notes.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target