rx300: add bundle:jugendhackt_tools

PORT_MAP.md

@@ -45,6 +45,7 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
 | 22060       | pretalx              | gunicorn |
 | 22070       | paperless-ng         | gunicorn |
 | 22080       | netbox               | gunicorn |
+| 22090       | jugendhackt_tools    | gunicorn |
 | 22999       | nginx                | stub_status |
 | 22100       | ntfy                 | http |
 

bundles/jugendhackt_tools/files/config.toml

@@ -0,0 +1,4 @@
+<%
+    from tomlkit import dumps as toml_dumps
+    from bundlewrap.utils.text import toml_clean
+%>${toml_clean(toml_dumps(repo.libs.faults.resolve_faults(node.metadata.get('jugendhackt_tools')), sort_keys=True))}

bundles/jugendhackt_tools/files/jugendhackt_tools.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=jugendhackt_tools web service
+After=network.target
+Requires=postgresql.service
+
+[Service]
+User=jugendhackt_tools
+Group=jugendhackt_tools
+Environment=CONFIG_PATH=/opt/jugendhackt_tools/config.toml
+WorkingDirectory=/opt/jugendhackt_tools/src
+ExecStart=/opt/jugendhackt_tools/venv/bin/gunicorn jugendhackt_tools.wsgi --name jugendhackt_tools --workers 4 --max-requests 1200  --max-requests-jitter 50 --log-level=info --bind=127.0.0.1:22090
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target

bundles/jugendhackt_tools/items.py

@@ -0,0 +1,76 @@
+directories['/opt/jugendhackt_tools/src'] = {}
+directories['/opt/jugendhackt_tools/static'] = {}
+
+git_deploy['/opt/jugendhackt_tools/src'] = {
+    'repo': 'https://github.com/kunsi/jugendhackt_schedule.git',
+    'rev': 'main',
+    'triggers': {
+        'action:jugendhackt_tools_install',
+        'action:jugendhackt_tools_migrate',
+        'svc_systemd:jugendhackt_tools:restart',
+    },
+}
+
+actions['jugendhackt_tools_create_virtualenv'] = {
+    'command': '/usr/bin/python3 -m virtualenv -p python3 /opt/jugendhackt_tools/venv/',
+    'unless': 'test -d /opt/jugendhackt_tools/venv/',
+    'needs': {
+        # actually /opt/jugendhackt_tools, but we don't create that
+        'directory:/opt/jugendhackt_tools/src',
+    },
+}
+
+actions['jugendhackt_tools_install'] = {
+    'command': ' && '.join([
+        'cd /opt/jugendhackt_tools/src',
+        '/opt/jugendhackt_tools/venv/bin/pip install --upgrade pip wheel gunicorn psycopg2-binary',
+        '/opt/jugendhackt_tools/venv/bin/pip install --upgrade -r requirements.txt',
+    ]),
+    'needs': {
+        'action:jugendhackt_tools_create_virtualenv',
+    },
+    'triggered': True,
+}
+
+actions['jugendhackt_tools_migrate'] = {
+    'command': ' && '.join([
+        'cd /opt/jugendhackt_tools/src',
+        'CONFIG_PATH=/opt/jugendhackt_tools/config.toml /opt/jugendhackt_tools/venv/bin/python manage.py migrate',
+        'CONFIG_PATH=/opt/jugendhackt_tools/config.toml /opt/jugendhackt_tools/venv/bin/python manage.py collectstatic --noinput',
+    ]),
+    'needs': {
+        'action:jugendhackt_tools_install',
+        'file:/opt/jugendhackt_tools/config.toml',
+        'postgres_db:jugendhackt_tools',
+        'postgres_role:jugendhackt_tools',
+    },
+    'triggered': True,
+}
+
+files['/opt/jugendhackt_tools/config.toml'] = {
+    'content_type': 'mako',
+    'triggers': {
+        'svc_systemd:jugendhackt_tools:restart',
+    },
+}
+
+files['/usr/local/lib/systemd/system/jugendhackt_tools.service'] = {
+    'triggers': {
+        'action:systemd-reload',
+        'svc_systemd:jugendhackt_tools:restart',
+    },
+}
+
+svc_systemd['jugendhackt_tools'] = {
+    'needs': {
+        'action:jugendhackt_tools_migrate',
+        'file:/opt/jugendhackt_tools/config.toml',
+        'file:/usr/local/lib/systemd/system/jugendhackt_tools.service',
+        'git_deploy:/opt/jugendhackt_tools/src',
+        'user:jugendhackt_tools',
+    },
+}
+
+users['jugendhackt_tools'] = {
+    'home': '/opt/jugendhackt_tools/src',
+}

bundles/jugendhackt_tools/metadata.py

@@ -0,0 +1,28 @@
+defaults = {
+    'jugendhackt_tools': {
+        'django_secret': repo.vault.random_bytes_as_base64_for(f'{node.name} jugendhackt_tools django_secret'),
+        'django_debug': False,
+        'static_root': '/opt/jugendhackt_tools/static/',
+        'database': {
+            'ENGINE': 'django.db.backends.postgresql',
+            'NAME': 'jugendhackt_tools',
+            'USER': 'jugendhackt_tools',
+            'PASSWORD': repo.vault.password_for(f'{node.name} postgresql jugendhackt_tools'),
+            'HOST': 'localhost',
+            'PORT': '5432'
+        },
+    },
+    'postgresql': {
+        'roles': {
+            'jugendhackt_tools': {
+                'password': repo.vault.password_for(f'{node.name} postgresql jugendhackt_tools'),
+            },
+        },
+        'databases': {
+            'jugendhackt_tools': {
+                'owner': 'jugendhackt_tools',
+            },
+        },
+    },
+}
+

nodes/rx300.py

@@ -13,6 +13,7 @@ nodes['rx300'] = {
         'gitea',
         'ipmitool',
         'jenkins-ci',
+        'jugendhackt_tools',
         'lm-sensors',
         'matrix-dimension',
         'matrix-media-repo',
@@ -180,6 +181,10 @@ nodes['rx300'] = {
                 '/var/www/franzi.business', # for deployment task
             },
         },
+        'jugendhackt_tools': {
+            'allowed_hosts': ['jh.franzi.business'],
+            'timezone': 'Europe/Berlin',
+        },
         'letsencrypt': {
             'concat_and_deploy': {
                 'kunsi-weechat': {
@@ -358,6 +363,18 @@ nodes['rx300'] = {
                         },
                     },
                 },
+                'jugendhackt_tools': {
+                    'domain': 'jh.franzi.business',
+                    'ssl': '_.franzi.business',
+                    'locations': {
+                        '/': {
+                            'target': 'http://127.0.0.1:22090/',
+                        },
+                        '/static/': {
+                            'alias': '/opt/jugendhackt_tools/static/',
+                        },
+                    },
+                },
                 'kunbox.net': {},
                 'kunsmann.eu': {
                     'locations': {