diff --git a/README.md b/README.md index 0bd6526..346daf8 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,10 @@ docker exec -i Container_Name \ sh -c 'exec mysql -uetherpad_user -D etherpad -p"Password"' < db.sql ``` +### Discourse + +`cd ansible && ansible-playbook deploy-discourse.yml` + ## Adding SSH fingerprints to known hosts 1. Get an SSH fingerprint from a local `known_hosts` file for a given hostname diff --git a/ansible/deploy-discourse.yml b/ansible/deploy-discourse.yml new file mode 100644 index 0000000..c317fef --- /dev/null +++ b/ansible/deploy-discourse.yml @@ -0,0 +1,12 @@ +--- + +- import_playbook: ansible-version.yml + +- name: "Deploy a Discourse server" + hosts: "{{ target if target is defined else 'discourse' }}" + become: true + + roles: + - docker + - caddy + - discourse diff --git a/ansible/inventory/group_vars/all/vars.yml b/ansible/inventory/group_vars/all/vars.yml index 0751748..889f8e5 100644 --- a/ansible/inventory/group_vars/all/vars.yml +++ b/ansible/inventory/group_vars/all/vars.yml @@ -13,5 +13,12 @@ etherpad_host: pad.hack66.info caddy_ct_name: caddy # Etherpad container hostname etherpad_ct_name: etherpad +# Etherpad container port +etherpad_ct_port: 9001 # Docker network name docker_www_net: www_net +# Discourse +dis_hostname: "{{ inventory_hostname }}" +# Discourse exposed ports host host:container +dis_ports: "['998:80']" +le_email_101cy: admin@101.cy diff --git a/ansible/inventory/host_vars/kafenes.101.cy/vars.yml b/ansible/inventory/host_vars/kafenes.101.cy/vars.yml new file mode 100644 index 0000000..8a05cec --- /dev/null +++ b/ansible/inventory/host_vars/kafenes.101.cy/vars.yml @@ -0,0 +1,16 @@ +$ANSIBLE_VAULT;1.1;AES256 +34323033656133353561636533653563656534336530323333653638346636326232383739356635 +3934303332313134373033386233323230343530313738620a373032303238663065303339346264 +35663162373564653633333436616531333239306661303964666534643135373331636635366631 +3237303436633266360a613462666131353138636564626334656634613534366437616233623632 +66343766646136396231383230613863363533393962376432653337656638363834613062363866 +38623833393435323938616539333031643430373833396530373864666663663433346434373039 +32643334366235653032363431646332323465316239613938323365643730313362646533313932 +34376465316434333133306337356133643836356234353963316630636664653461663633656337 +35376533643162336136646364666666626337353436633865303938303439613032346265633031 +35383533363135363837623535613130396466353365643137313137303739383235336639646435 +65393631343230313863373763356365646530343564633331313230363639663535663466396533 +66393162316234306132653564373533373737616166373534303864336537356136323464303539 +62613661326165373864336563303563646165363134323961336332643838323634373330656465 +63646233323930666561616365373762383131376563356336373966393434373533316432616637 +333436666266623162363364616534356438 diff --git a/ansible/inventory/hosts b/ansible/inventory/hosts index dbac924..b761433 100644 --- a/ansible/inventory/hosts +++ b/ansible/inventory/hosts @@ -6,3 +6,6 @@ hack66.info [etherpad] pad.hack66.info + +[discourse] +kafenes.101.cy diff --git a/ansible/roles/caddy/templates/Caddyfile.j2 b/ansible/roles/caddy/templates/Caddyfile.j2 index 0e6977a..933f8b9 100644 --- a/ansible/roles/caddy/templates/Caddyfile.j2 +++ b/ansible/roles/caddy/templates/Caddyfile.j2 @@ -50,3 +50,14 @@ import default proxy / {{ etherpad_ct_name }}:{{ etherpad_ct_port }} } + +# Discourse Caddy configuration + +{{ dis_hostname }} { + log / stdout { + {{ caddy_log_ipmask }} + } + gzip + tls {{ le_email_101cy }} + proxy / {{ dis_hostname }}:{{ dis_ports.split(':') | first }} +} diff --git a/ansible/roles/discourse/defaults/main.yml b/ansible/roles/discourse/defaults/main.yml new file mode 100644 index 0000000..e08dfe2 --- /dev/null +++ b/ansible/roles/discourse/defaults/main.yml @@ -0,0 +1,33 @@ +--- + +dis_lang: en_US.UTF-8 +dis_locale: en +dis_unicorn_workers: 3 +dis_guest_path: /shared +dis_path: /var/discourse +dis_git: https://github.com/discourse/discourse_docker.git +# Use a stable release - https://github.com/discourse/discourse/releases +dis_version: v2.6.0 +# The domain name this Discourse instance will respond to. +# Required. Discourse will not work with a bare IP number. +dis_hostname: discourse.example.org +# The SMTP mail server used to validate new accounts and send notifications. +# SMTP address, username, and password are required. +# Warning the char '#' in SMTP password can cause problems! +dis_smtp_host: mail.example.org +dis_smtp_port: 587 +dis_smtp_user: mail@example.org +dis_smtp_pass: discourse_email_pass +# LetsEncrypt email. +dis_le_email: le-mail@example.org +# List of emails that will be made admin and developer. +dis_developer_emails: + - discourse@example.org +#dis_plugins: +# - https://github.com/discourse/discourse-bbb.git +# Exposed container ports +dis_ports: "['80:80', '443:443']" +# Enable ssl and letsencrypt templates +dis_tls: True +# Use same dis_hostname as container name +dis_same_host: False diff --git a/ansible/roles/discourse/tasks/main.yml b/ansible/roles/discourse/tasks/main.yml new file mode 100644 index 0000000..11eface --- /dev/null +++ b/ansible/roles/discourse/tasks/main.yml @@ -0,0 +1,41 @@ +--- + +- name: Creates Discourse directory {{ dis_path }} + file: + path: "{{ dis_path }}" + state: directory + +- name: Clones Discourse git repository + git: + repo: "{{ dis_git }}" + dest: "{{ dis_path }}" + +- name: Get Discourse container info + docker_container_info: + name: app + register: discourse_container + +- name: Templates Discourse container configuration + template: + src: standalone.yml.j2 + dest: "{{ dis_path }}/containers/app.yml" + register: dis_template + +- name: Print the status of the Discourse container + debug: + msg: "Container status: {{ discourse_container.container.State.Status }}" + when: + - discourse_container|bool + - discourse_container.exists + +- name: (Re)build Discourse container configuration + command: "{{ dis_path }}/launcher rebuild app" + when: not discourse_container.exists or dis_template.changed + no_log: False + +- name: Start Discourse container if it's already exist but not running + command: "{{ dis_path }}/launcher start app" + when: + - not dis_template.changed + - discourse_container.exists + - discourse_container.container.State.Status != 'running' diff --git a/ansible/roles/discourse/templates/standalone.yml.j2 b/ansible/roles/discourse/templates/standalone.yml.j2 new file mode 100644 index 0000000..9dea980 --- /dev/null +++ b/ansible/roles/discourse/templates/standalone.yml.j2 @@ -0,0 +1,119 @@ +# {{ ansible_managed }} +# git commit 303eb0309c12e2af3da57ee796c5f154c5a9bca7 + +## this is the all-in-one, standalone Discourse Docker container template +## +## After making changes to this file, you MUST rebuild +## /var/discourse/launcher rebuild app +## +## BE *VERY* CAREFUL WHEN EDITING! +## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT! +## visit http://www.yamllint.com/ to validate this file as needed + +templates: + - "templates/postgres.template.yml" + - "templates/redis.template.yml" + - "templates/web.template.yml" + - "templates/web.ratelimited.template.yml" +{% if dis_tls %} + - "templates/web.ssl.template.yml" + - "templates/web.letsencrypt.ssl.template.yml" +{% endif %} + +## which TCP/IP ports should this container expose? +## If you want Discourse to share a port with another webserver like Apache or nginx, +## see https://meta.discourse.org/t/17247 for details +expose: +{% for port in dis_ports %} + - "{{ port }}" +{% endfor %} + +params: + db_default_text_search_config: "pg_catalog.english" + + ## Set db_shared_buffers to a max of 25% of the total memory. + ## will be set automatically by bootstrap based on detected RAM, or you can override + #db_shared_buffers: "256MB" + + ## can improve sorting performance, but adds memory usage per-connection + #db_work_mem: "40MB" + + # BUG: This may not have the advertised effect + # See: https://github.com/discourse/discourse_docker/pull/499 + ## Which Git revision should this container use? (default: tests-passed) + #version: {{ dis_version }} + +env: + LANG: {{ dis_lang }} + DISCOURSE_DEFAULT_LOCALE: {{ dis_locale }} + + ## How many concurrent web requests are supported? Depends on memory and CPU cores. + ## will be set automatically by bootstrap based on detected CPUs, or you can override + UNICORN_WORKERS: {{ dis_unicorn_workers }} + + ## TODO: The domain name this Discourse instance will respond to + ## Required. Discourse will not work with a bare IP number. + DISCOURSE_HOSTNAME: '{{ dis_hostname }}' + + ## Uncomment if you want the container to be started with the same + ## hostname (-h option) as specified above (default "$hostname-$config") + DOCKER_USE_HOSTNAME: {{ dis_same_host | ternary(true, false) }} + + ## TODO: List of comma delimited emails that will be made admin and developer + ## on initial signup example 'user1@example.com,user2@example.com' + DISCOURSE_DEVELOPER_EMAILS: '{{ dis_developer_emails|join(',') }}' + + ## TODO: The SMTP mail server used to validate new accounts and send notifications + # SMTP ADDRESS, username, and password are required + # WARNING the char '#' in SMTP password can cause problems! + DISCOURSE_SMTP_ADDRESS: {{ dis_smtp_host }} + DISCOURSE_SMTP_PORT: {{ dis_smtp_port }} + DISCOURSE_SMTP_USER_NAME: {{ dis_smtp_user }} + DISCOURSE_SMTP_PASSWORD: {{ dis_smtp_pass }} + DISCOURSE_SMTP_ENABLE_START_TLS: true + +{% if dis_tls %} + ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate + LETSENCRYPT_ACCOUNT_EMAIL: {{ dis_le_email }} +{% endif %} + + ## The http or https CDN address for this Discourse instance (configured to pull) + ## see https://meta.discourse.org/t/14857 for details + #DISCOURSE_CDN_URL: https://discourse-cdn.example.com + +## The Docker container is stateless; all data is stored in /shared +volumes: + - volume: + host: {{ dis_path }}/shared/standalone + guest: {{ dis_guest_path }} + #- volume: + # host: /var/discourse/shared/standalone/log/var-log + # guest: /var/log + +## Plugins go here +## see https://meta.discourse.org/t/19157 for details +hooks: + after_code: + - exec: + cd: $home/plugins + cmd: + - git clone https://github.com/discourse/docker_manager.git +{% for plugin in dis_plugins | default([]) %} + - git clone {{ plugin }} +{% endfor %} + - exec: + cd: $home + cmd: + - git fetch --depth=1 origin tag {{ dis_version }} --no-tags + - git checkout {{ dis_version }} + +## Any custom commands to run after building +run: + - exec: echo "Beginning of custom commands" + ## If you want to set the 'From' email address for your first registration, uncomment and change: + ## After getting the first signup email, re-comment the line. It only needs to run once. +{% if discourse_container.exists is defined %} +{% else %} + - exec: rails r "SiteSetting.notification_email='{{ dis_smtp_user }}'" +{% endif %} + - exec: echo "End of custom commands" diff --git a/ansible/ssh/known_hosts b/ansible/ssh/known_hosts index 8a255df..fcea74f 100644 --- a/ansible/ssh/known_hosts +++ b/ansible/ssh/known_hosts @@ -1 +1 @@ -snf-869535.vm.okeanos.grnet.gr,83.212.110.37,mumble.hack66.info,hack66.info,pad.hack66.info ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPsmQjrW5k7Cn4k3WBV/pcb2sBS8K/zRn2C0gCb5qkc3RycIZYtStxiRTETzxVnTX06SRDa1cr0x1UqlzIZOAhQ= +snf-869535.vm.okeanos.grnet.gr,83.212.110.37,mumble.hack66.info,hack66.info,pad.hack66.info,kafenes.101.cy ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPsmQjrW5k7Cn4k3WBV/pcb2sBS8K/zRn2C0gCb5qkc3RycIZYtStxiRTETzxVnTX06SRDa1cr0x1UqlzIZOAhQ=