Updates

hoarder.tf

@@ -0,0 +1,132 @@
+data "docker_registry_image" "hoarder" {
+  name = "ghcr.io/hoarder-app/hoarder"
+}
+
+resource "docker_image" "hoarder" {
+  name = data.docker_registry_image.hoarder.name
+  pull_triggers = [data.docker_registry_image.hoarder.sha256_digest]
+}
+
+data "docker_registry_image" "hoarder-chrome" {
+  name = "gcr.io/zenika-hub/alpine-chrome:123"
+}
+
+resource "docker_image" "hoarder-chrome" {
+  name = data.docker_registry_image.hoarder-chrome.name
+  pull_triggers = [data.docker_registry_image.hoarder-chrome.sha256_digest]
+}
+
+data "docker_registry_image" "hoarder-meilisearch" {
+  name = "getmeili/meilisearch:v1.6"
+}
+
+resource "docker_image" "hoarder-meilisearch" {
+  name = data.docker_registry_image.hoarder-meilisearch.name
+  pull_triggers = [data.docker_registry_image.hoarder-meilisearch.sha256_digest]
+}
+
+resource "docker_network" "hoarder" {
+  name = "hoarder"
+}
+
+resource "docker_container" "hoarder" {
+  image = docker_image.hoarder.image_id
+  name = "hoarder"
+  hostname = "hoarder"
+
+  env = [
+    "MEILI_ADDR=http://meilisearch:7700",
+    "BROWSER_WEB_URL=http://chrome:9222",
+    "HOARDER_VERSION=release",
+    "NEXTAUTH_SECRET=j&natTM8L8u$&z",
+    "MEILI_MASTER_KEY=GM4ysMegcCoZUOrVxglbWzGJeN9O7CMWnZIaG9c_MSQ",
+    "NEXTAUTH_URL=https://hoarder.rescla.me",
+    "DATA_DIR=/data",
+    "DISABLE_SIGNUPS=true",
+    "OPENAI_API_KEY=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"
+  ]
+
+  mounts {
+    target = "/data"
+    source = "/share/appdata/hoarder"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.145"
+  }
+
+  networks_advanced {
+    name = docker_network.hoarder.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+resource "docker_container" "hoarder-chrome" {
+  image = docker_image.hoarder-chrome.image_id
+  name = "hoarder-chrome"
+  hostname = "chrome"
+
+  command = [
+    "--no-sandbox",
+    "--disable-gpu",
+    "--disable-dev-shm-usage",
+    "--remote-debugging-address=0.0.0.0",
+    "--remote-debugging-port=9222",
+    "--hide-scrollbars"
+  ]
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.hoarder.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+resource "docker_container" "hoarder-meilisearch" {
+  image = docker_image.hoarder-meilisearch.image_id
+  name = "hoarder-meilisearch"
+  hostname = "meilisearch"
+
+  env = [
+    "MEILI_ADDR=http://meilisearch:7700",
+    "HOARDER_VERSION=release",
+    "NEXTAUTH_SECRET=j&natTM8L8u$&z",
+    "MEILI_MASTER_KEY=GM4ysMegcCoZUOrVxglbWzGJeN9O7CMWnZIaG9c_MSQ",
+    "NEXTAUTH_URL=https://hoarder.rescla.me",
+    "MEILI_NO_ANALYTICS=true"
+  ]
+
+  restart = "always"
+
+  mounts {
+    target = "/meili_data"
+    source = "/share/appdata/hoarder-meilisearch"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.hoarder.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

playbook.yml

@@ -0,0 +1,40 @@
+- hosts: localhost
+  vars:
+    external_host: "hoarder.rescla.me"
+    internal_url: "192.168.2.145:3000"
+    tmp_path: ".tmp"
+    ftp_server: "192.168.2.64"
+    ftp_username: "ansible"
+    ftp_password: "3YffU5iTGQMyx87Vesu"
+    remote_file_path: "/appdata/nginx-lb/user_conf.d/{{ external_host }}.conf"
+
+  tasks:
+    - name: Ensures the {{ tmp_path }} folder exists
+      file:
+        path: "{{ tmp_path }}"
+        state: directory
+
+    - name: Generate nginx configuration from template
+      template:
+        src: templates/nginx-site.conf.j2
+        dest: "{{ tmp_path }}/nginx.conf"
+
+    - name: Upload nginx config file via FTP
+      ansible.builtin.command:
+        cmd: curl -k -T "{{ tmp_path }}/nginx.conf" "ftp://{{ ftp_username }}:{{ ftp_password }}@{{ ftp_server }}{{ remote_file_path }}"
+
+    - name: Clean up generated config
+      file:
+        path: "{{ tmp_path }}/nginx.conf"
+        state: absent
+
+    - name: Reload nginx config
+      ansible.builtin.command:
+        argv:
+        - docker
+        - --tlsverify
+        - -H=192.168.2.64:2376
+        - --tlscacert=.docker\ca.pem
+        - --tlscert=.docker\cert.pem
+        - --tlskey=.docker\key.pem
+        - kill --signal=HUP nginx-lb

templates/nginx-site.conf.j2

@@ -0,0 +1,27 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name {{ external_host }};
+
+    ssl_certificate         /etc/letsencrypt/live/{{ external_host }}/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/{{ external_host }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ external_host }}/fullchain.pem;
+
+    include /etc/nginx/config/tls.conf;
+    include /etc/nginx/config/local.conf;
+
+    location / {
+        proxy_set_header X-Real-IP         $remote_addr;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Host  $http_host;
+        proxy_set_header Host              $http_host;
+        proxy_max_temp_file_size           0;
+        proxy_pass                         http://{{ internal_url }};
+        proxy_redirect                     http:// https://;
+
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+}