Add discourse ansible role, config kafenes.101.cy

README.md

@@ -29,6 +29,10 @@ docker exec -i Container_Name \
 sh -c 'exec mysql -uetherpad_user -D etherpad -p"Password"' < db.sql
 ```
 
+### Discourse
+
+`cd ansible && ansible-playbook deploy-discourse.yml`
+
 ## Adding SSH fingerprints to known hosts
 
 1. Get an SSH fingerprint from a local `known_hosts` file for a given hostname

ansible/deploy-discourse.yml

@@ -0,0 +1,12 @@
+---
+
+- import_playbook: ansible-version.yml
+
+- name: "Deploy a Discourse server"
+  hosts: "{{ target if target is defined else 'discourse' }}"
+  become: true
+
+  roles:
+    - docker
+    - caddy
+    - discourse

ansible/inventory/group_vars/all/vars.yml

@@ -13,5 +13,12 @@ etherpad_host: pad.hack66.info
 caddy_ct_name: caddy
 # Etherpad container hostname
 etherpad_ct_name: etherpad
+# Etherpad container port
+etherpad_ct_port: 9001
 # Docker network name
 docker_www_net: www_net
+# Discourse
+dis_hostname: "{{ inventory_hostname }}"
+# Discourse exposed ports host host:container
+dis_ports: "['998:80']"
+le_email_101cy: [email protected]

ansible/inventory/host_vars/kafenes.101.cy/vars.yml

@@ -0,0 +1,16 @@
+$ANSIBLE_VAULT;1.1;AES256
+34323033656133353561636533653563656534336530323333653638346636326232383739356635
+3934303332313134373033386233323230343530313738620a373032303238663065303339346264
+35663162373564653633333436616531333239306661303964666534643135373331636635366631
+3237303436633266360a613462666131353138636564626334656634613534366437616233623632
+66343766646136396231383230613863363533393962376432653337656638363834613062363866
+38623833393435323938616539333031643430373833396530373864666663663433346434373039
+32643334366235653032363431646332323465316239613938323365643730313362646533313932
+34376465316434333133306337356133643836356234353963316630636664653461663633656337
+35376533643162336136646364666666626337353436633865303938303439613032346265633031
+35383533363135363837623535613130396466353365643137313137303739383235336639646435
+65393631343230313863373763356365646530343564633331313230363639663535663466396533
+66393162316234306132653564373533373737616166373534303864336537356136323464303539
+62613661326165373864336563303563646165363134323961336332643838323634373330656465
+63646233323930666561616365373762383131376563356336373966393434373533316432616637
+333436666266623162363364616534356438

ansible/inventory/hosts

@@ -6,3 +6,6 @@ hack66.info
 
 [etherpad]
 pad.hack66.info
+
+[discourse]
+kafenes.101.cy

ansible/roles/caddy/templates/Caddyfile.j2

@@ -50,3 +50,14 @@
     import default
     proxy / {{ etherpad_ct_name }}:{{ etherpad_ct_port }}
 }
+
+# Discourse Caddy configuration
+
+{{ dis_hostname }} {
+    log / stdout {
+        {{ caddy_log_ipmask }}
+    }
+    gzip
+    tls {{ le_email_101cy }}
+    proxy / {{ dis_hostname }}:{{ dis_ports.split(':') | first }}
+}

ansible/roles/discourse/defaults/main.yml

@@ -0,0 +1,33 @@
+---
+
+dis_lang: en_US.UTF-8
+dis_locale: en
+dis_unicorn_workers: 3
+dis_guest_path: /shared
+dis_path: /var/discourse
+dis_git: https://github.com/discourse/discourse_docker.git
+# Use a stable release - https://github.com/discourse/discourse/releases
+dis_version: v2.6.0
+# The domain name this Discourse instance will respond to.
+# Required. Discourse will not work with a bare IP number.
+dis_hostname: discourse.example.org
+# The SMTP mail server used to validate new accounts and send notifications.
+# SMTP address, username, and password are required.
+# Warning the char '#' in SMTP password can cause problems!
+dis_smtp_host: mail.example.org
+dis_smtp_port: 587
+dis_smtp_user: [email protected]
+dis_smtp_pass: discourse_email_pass
+# LetsEncrypt email.
+dis_le_email: [email protected]
+# List of emails that will be made admin and developer.
+dis_developer_emails:
+  - [email protected]
+#dis_plugins:
+#  - https://github.com/discourse/discourse-bbb.git
+# Exposed container ports
+dis_ports: "['80:80', '443:443']"
+# Enable ssl and letsencrypt templates
+dis_tls: True
+# Use same dis_hostname as container name
+dis_same_host: False

ansible/roles/discourse/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+
+- name: Creates Discourse directory {{ dis_path }}
+  file:
+    path: "{{ dis_path }}"
+    state: directory
+
+- name: Clones Discourse git repository
+  git:
+    repo: "{{ dis_git }}"
+    dest: "{{ dis_path }}"
+
+- name: Get Discourse container info
+  docker_container_info:
+    name: app
+  register: discourse_container
+
+- name: Templates Discourse container configuration
+  template:
+    src: standalone.yml.j2
+    dest: "{{ dis_path }}/containers/app.yml"
+  register: dis_template
+
+- name: Print the status of the Discourse container
+  debug:
+    msg: "Container status: {{ discourse_container.container.State.Status }}"
+  when:
+    - discourse_container|bool
+    - discourse_container.exists
+
+- name: (Re)build Discourse container configuration
+  command: "{{ dis_path }}/launcher rebuild app"
+  when: not discourse_container.exists or dis_template.changed
+  no_log: False
+
+- name: Start Discourse container if it's already exist but not running
+  command: "{{ dis_path }}/launcher start app"
+  when:
+    - not dis_template.changed
+    - discourse_container.exists
+    - discourse_container.container.State.Status != 'running'

ansible/roles/discourse/templates/standalone.yml.j2

@@ -0,0 +1,119 @@
+# {{ ansible_managed }}
+# git commit 303eb0309c12e2af3da57ee796c5f154c5a9bca7
+
+## this is the all-in-one, standalone Discourse Docker container template
+##
+## After making changes to this file, you MUST rebuild
+## /var/discourse/launcher rebuild app
+##
+## BE *VERY* CAREFUL WHEN EDITING!
+## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
+## visit http://www.yamllint.com/ to validate this file as needed
+
+templates:
+  - "templates/postgres.template.yml"
+  - "templates/redis.template.yml"
+  - "templates/web.template.yml"
+  - "templates/web.ratelimited.template.yml"
+{% if dis_tls %}
+  - "templates/web.ssl.template.yml"
+  - "templates/web.letsencrypt.ssl.template.yml"
+{% endif %}
+
+## which TCP/IP ports should this container expose?
+## If you want Discourse to share a port with another webserver like Apache or nginx,
+## see https://meta.discourse.org/t/17247 for details
+expose:
+{% for port in dis_ports %}
+  - "{{ port }}"
+{% endfor %}
+
+params:
+  db_default_text_search_config: "pg_catalog.english"
+
+  ## Set db_shared_buffers to a max of 25% of the total memory.
+  ## will be set automatically by bootstrap based on detected RAM, or you can override
+  #db_shared_buffers: "256MB"
+
+  ## can improve sorting performance, but adds memory usage per-connection
+  #db_work_mem: "40MB"
+
+  # BUG: This may not have the advertised effect
+  # See: https://github.com/discourse/discourse_docker/pull/499
+  ## Which Git revision should this container use? (default: tests-passed)
+  #version: {{ dis_version }}
+
+env:
+  LANG: {{ dis_lang }}
+  DISCOURSE_DEFAULT_LOCALE: {{ dis_locale }}
+
+  ## How many concurrent web requests are supported? Depends on memory and CPU cores.
+  ## will be set automatically by bootstrap based on detected CPUs, or you can override
+  UNICORN_WORKERS: {{ dis_unicorn_workers }}
+
+  ## TODO: The domain name this Discourse instance will respond to
+  ## Required. Discourse will not work with a bare IP number.
+  DISCOURSE_HOSTNAME: '{{ dis_hostname }}'
+
+  ## Uncomment if you want the container to be started with the same
+  ## hostname (-h option) as specified above (default "$hostname-$config")
+  DOCKER_USE_HOSTNAME: {{ dis_same_host | ternary(true, false) }}
+
+  ## TODO: List of comma delimited emails that will be made admin and developer
+  ## on initial signup example '[email protected],[email protected]'
+  DISCOURSE_DEVELOPER_EMAILS: '{{ dis_developer_emails|join(',') }}'
+
+  ## TODO: The SMTP mail server used to validate new accounts and send notifications
+  # SMTP ADDRESS, username, and password are required
+  # WARNING the char '#' in SMTP password can cause problems!
+  DISCOURSE_SMTP_ADDRESS: {{ dis_smtp_host }}
+  DISCOURSE_SMTP_PORT: {{ dis_smtp_port }}
+  DISCOURSE_SMTP_USER_NAME: {{ dis_smtp_user }}
+  DISCOURSE_SMTP_PASSWORD: {{ dis_smtp_pass }}
+  DISCOURSE_SMTP_ENABLE_START_TLS: true
+
+{% if dis_tls %}
+  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
+  LETSENCRYPT_ACCOUNT_EMAIL: {{ dis_le_email }}
+{% endif %}
+
+  ## The http or https CDN address for this Discourse instance (configured to pull)
+  ## see https://meta.discourse.org/t/14857 for details
+  #DISCOURSE_CDN_URL: https://discourse-cdn.example.com
+
+## The Docker container is stateless; all data is stored in /shared
+volumes:
+  - volume:
+      host: {{ dis_path }}/shared/standalone
+      guest: {{ dis_guest_path }}
+  #- volume:
+  #    host: /var/discourse/shared/standalone/log/var-log
+  #    guest: /var/log
+
+## Plugins go here
+## see https://meta.discourse.org/t/19157 for details
+hooks:
+  after_code:
+    - exec:
+        cd: $home/plugins
+        cmd:
+          - git clone https://github.com/discourse/docker_manager.git
+{% for plugin in dis_plugins | default([]) %}
+          - git clone {{ plugin }}
+{% endfor %}
+    - exec:
+        cd: $home
+        cmd:
+          - git fetch --depth=1 origin tag {{ dis_version }} --no-tags
+          - git checkout {{ dis_version }}
+
+## Any custom commands to run after building
+run:
+  - exec: echo "Beginning of custom commands"
+  ## If you want to set the 'From' email address for your first registration, uncomment and change:
+  ## After getting the first signup email, re-comment the line. It only needs to run once.
+{% if discourse_container.exists is defined %}
+{% else %}
+  - exec: rails r "SiteSetting.notification_email='{{ dis_smtp_user }}'"
+{% endif %}
+  - exec: echo "End of custom commands"

ansible/ssh/known_hosts

@@ -1 +1 @@
-snf-869535.vm.okeanos.grnet.gr,83.212.110.37,mumble.hack66.info,hack66.info,pad.hack66.info ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPsmQjrW5k7Cn4k3WBV/pcb2sBS8K/zRn2C0gCb5qkc3RycIZYtStxiRTETzxVnTX06SRDa1cr0x1UqlzIZOAhQ=
+snf-869535.vm.okeanos.grnet.gr,83.212.110.37,mumble.hack66.info,hack66.info,pad.hack66.info,kafenes.101.cy ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPsmQjrW5k7Cn4k3WBV/pcb2sBS8K/zRn2C0gCb5qkc3RycIZYtStxiRTETzxVnTX06SRDa1cr0x1UqlzIZOAhQ=