diff --git a/PORT_MAP.md b/PORT_MAP.md index a1725cb..1f13d47 100644 --- a/PORT_MAP.md +++ b/PORT_MAP.md @@ -45,6 +45,7 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports. | 22060 | pretalx | gunicorn | | 22070 | paperless-ng | gunicorn | | 22080 | netbox | gunicorn | +| 22090 | jugendhackt_tools | gunicorn | | 22999 | nginx | stub_status | | 22100 | ntfy | http | diff --git a/bundles/jugendhackt_tools/files/config.toml b/bundles/jugendhackt_tools/files/config.toml new file mode 100644 index 0000000..7c4131d --- /dev/null +++ b/bundles/jugendhackt_tools/files/config.toml @@ -0,0 +1,4 @@ +<% + from tomlkit import dumps as toml_dumps + from bundlewrap.utils.text import toml_clean +%>${toml_clean(toml_dumps(repo.libs.faults.resolve_faults(node.metadata.get('jugendhackt_tools')), sort_keys=True))} diff --git a/bundles/jugendhackt_tools/files/jugendhackt_tools.service b/bundles/jugendhackt_tools/files/jugendhackt_tools.service new file mode 100644 index 0000000..2d0a36c --- /dev/null +++ b/bundles/jugendhackt_tools/files/jugendhackt_tools.service @@ -0,0 +1,16 @@ +[Unit] +Description=jugendhackt_tools web service +After=network.target +Requires=postgresql.service + +[Service] +User=jugendhackt_tools +Group=jugendhackt_tools +Environment=CONFIG_PATH=/opt/jugendhackt_tools/config.toml +WorkingDirectory=/opt/jugendhackt_tools/src +ExecStart=/opt/jugendhackt_tools/venv/bin/gunicorn jugendhackt_tools.wsgi --name jugendhackt_tools --workers 4 --max-requests 1200 --max-requests-jitter 50 --log-level=info --bind=127.0.0.1:22090 +Restart=always +RestartSec=5 + +[Install] +WantedBy=multi-user.target diff --git a/bundles/jugendhackt_tools/items.py b/bundles/jugendhackt_tools/items.py new file mode 100644 index 0000000..3c9bf28 --- /dev/null +++ b/bundles/jugendhackt_tools/items.py @@ -0,0 +1,76 @@ +directories['/opt/jugendhackt_tools/src'] = {} +directories['/opt/jugendhackt_tools/static'] = {} + +git_deploy['/opt/jugendhackt_tools/src'] = { + 'repo': 'https://github.com/kunsi/jugendhackt_schedule.git', + 'rev': 'main', + 'triggers': { + 'action:jugendhackt_tools_install', + 'action:jugendhackt_tools_migrate', + 'svc_systemd:jugendhackt_tools:restart', + }, +} + +actions['jugendhackt_tools_create_virtualenv'] = { + 'command': '/usr/bin/python3 -m virtualenv -p python3 /opt/jugendhackt_tools/venv/', + 'unless': 'test -d /opt/jugendhackt_tools/venv/', + 'needs': { + # actually /opt/jugendhackt_tools, but we don't create that + 'directory:/opt/jugendhackt_tools/src', + }, +} + +actions['jugendhackt_tools_install'] = { + 'command': ' && '.join([ + 'cd /opt/jugendhackt_tools/src', + '/opt/jugendhackt_tools/venv/bin/pip install --upgrade pip wheel gunicorn psycopg2-binary', + '/opt/jugendhackt_tools/venv/bin/pip install --upgrade -r requirements.txt', + ]), + 'needs': { + 'action:jugendhackt_tools_create_virtualenv', + }, + 'triggered': True, +} + +actions['jugendhackt_tools_migrate'] = { + 'command': ' && '.join([ + 'cd /opt/jugendhackt_tools/src', + 'CONFIG_PATH=/opt/jugendhackt_tools/config.toml /opt/jugendhackt_tools/venv/bin/python manage.py migrate', + 'CONFIG_PATH=/opt/jugendhackt_tools/config.toml /opt/jugendhackt_tools/venv/bin/python manage.py collectstatic --noinput', + ]), + 'needs': { + 'action:jugendhackt_tools_install', + 'file:/opt/jugendhackt_tools/config.toml', + 'postgres_db:jugendhackt_tools', + 'postgres_role:jugendhackt_tools', + }, + 'triggered': True, +} + +files['/opt/jugendhackt_tools/config.toml'] = { + 'content_type': 'mako', + 'triggers': { + 'svc_systemd:jugendhackt_tools:restart', + }, +} + +files['/usr/local/lib/systemd/system/jugendhackt_tools.service'] = { + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:jugendhackt_tools:restart', + }, +} + +svc_systemd['jugendhackt_tools'] = { + 'needs': { + 'action:jugendhackt_tools_migrate', + 'file:/opt/jugendhackt_tools/config.toml', + 'file:/usr/local/lib/systemd/system/jugendhackt_tools.service', + 'git_deploy:/opt/jugendhackt_tools/src', + 'user:jugendhackt_tools', + }, +} + +users['jugendhackt_tools'] = { + 'home': '/opt/jugendhackt_tools/src', +} diff --git a/bundles/jugendhackt_tools/metadata.py b/bundles/jugendhackt_tools/metadata.py new file mode 100644 index 0000000..beb7385 --- /dev/null +++ b/bundles/jugendhackt_tools/metadata.py @@ -0,0 +1,28 @@ +defaults = { + 'jugendhackt_tools': { + 'django_secret': repo.vault.random_bytes_as_base64_for(f'{node.name} jugendhackt_tools django_secret'), + 'django_debug': False, + 'static_root': '/opt/jugendhackt_tools/static/', + 'database': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': 'jugendhackt_tools', + 'USER': 'jugendhackt_tools', + 'PASSWORD': repo.vault.password_for(f'{node.name} postgresql jugendhackt_tools'), + 'HOST': 'localhost', + 'PORT': '5432' + }, + }, + 'postgresql': { + 'roles': { + 'jugendhackt_tools': { + 'password': repo.vault.password_for(f'{node.name} postgresql jugendhackt_tools'), + }, + }, + 'databases': { + 'jugendhackt_tools': { + 'owner': 'jugendhackt_tools', + }, + }, + }, +} + diff --git a/nodes/rx300.py b/nodes/rx300.py index 45cd228..0c20bad 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -13,6 +13,7 @@ nodes['rx300'] = { 'gitea', 'ipmitool', 'jenkins-ci', + 'jugendhackt_tools', 'lm-sensors', 'matrix-dimension', 'matrix-media-repo', @@ -180,6 +181,10 @@ nodes['rx300'] = { '/var/www/franzi.business', # for deployment task }, }, + 'jugendhackt_tools': { + 'allowed_hosts': ['jh.franzi.business'], + 'timezone': 'Europe/Berlin', + }, 'letsencrypt': { 'concat_and_deploy': { 'kunsi-weechat': { @@ -358,6 +363,18 @@ nodes['rx300'] = { }, }, }, + 'jugendhackt_tools': { + 'domain': 'jh.franzi.business', + 'ssl': '_.franzi.business', + 'locations': { + '/': { + 'target': 'http://127.0.0.1:22090/', + }, + '/static/': { + 'alias': '/opt/jugendhackt_tools/static/', + }, + }, + }, 'kunbox.net': {}, 'kunsmann.eu': { 'locations': {