Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add reportinator_server files #90

Merged
merged 6 commits into from
Apr 15, 2024
Merged

Add reportinator_server files #90

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a0fd569
Add reportinator_server files
dcadenas Apr 10, 2024
d4db333
Rename variable
dcadenas Apr 11, 2024
f0aad4c
Add reportinator vault
dcadenas Apr 11, 2024
642689a
Working reportinator setup
dcadenas Apr 11, 2024
b0839c1
Update email and remove loop
dcadenas Apr 12, 2024
fe83760
Fix syntax
dcadenas Apr 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions inventories/reportinator_server/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# reportinator_server Inventory
13 changes: 13 additions & 0 deletions inventories/reportinator_server/group_vars/all/vault.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
$ANSIBLE_VAULT;1.1;AES256
61383663353236366531616531663866383736633837373338316437346235396662666439326262
3030623564636564383264333365666435386435383266340a333830373630313534623761396464
39366164643032646233373065346663653862303262376231663662656135376637373231303832
6566393664623730640a633261383932343539623730666166333138616132633330353335393737
31613332323939393339616535343563353930663235666166303833643638393733383038333234
38613038316530333361323837393562346365363666366466313536396438313662626366623664
62653534373538343030373830386630316161613035643337383561336538343335653834343563
61643965643035666163376530636335363331373661383430643962646466313636393739326465
66613633623862313665643932623965373364376361343261663161356161643764653665656333
63303238373636633730646639653561646634623331363339656130653263663832633839653833
65353333633531353230656464386666363834643437376664613361646465363362663662656131
65363862383437306565
22 changes: 22 additions & 0 deletions inventories/reportinator_server/inventory.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
reportinator_server:
hosts:
reportinator.nos.social:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think reportinator.ansible.fun should be listed here too? At least if we want to absorb the vars below? Maybe we don't want that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed this because of the issue with nos.social subdomains

vars:
admin_username: admin
homedir: /home/{{ admin_username }}
cert_email: [email protected]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you change this to [email protected]?

domain: '{{ inventory_hostname }}'
reportinator_server_image: ghcr.io/planetary-social/reportinator_server
reportinator_server_image_tag: latest
google_application_credentials: /app/data/gcloud/application_default_credentials.json
relay_addresses_csv: wss://relay.nos.social
reportinator_server_health_endpoint: https://{{ inventory_hostname }}/
reportinator_secret: '{{ vault_reportinator_secret }}'
slack_signing_secret: '{{ vault_slack_signing_secret }}'
prod:
hosts:
reportinator.nos.social:
dev:
hosts:
reportinator.ansible.fun:
20 changes: 20 additions & 0 deletions new-server-vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,3 +180,23 @@
# - prod
# additional_roles:
# - posthog

#-----------------------------
# Reportinator Service example
#-----------------------------
domain: reportinator.ansible.fun
do_droplet_size: s-1vcpu-1gb
do_droplet_image: ubuntu-22-04-x64
do_droplet_region: NYC3
do_droplet_project: Nos
do_droplet_tags:
- dev
gh_user_keys_to_add:
- mplorentz
- dcadenas
inv: reportinator_server
inv_groups:
- reportinator_server
- dev
additional_roles:
- reportinator_server
7 changes: 7 additions & 0 deletions playbooks/reportinator_server.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
- name: Install new server for reportinator_server
hosts: reportinator_server:&prod
vars:
ansible_user: admin
domain: "{{ inventory_hostname }}"
roles:
- reportinator_server
17 changes: 17 additions & 0 deletions roles/reportinator_server/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# reportinator_server role

This role sets up the reportinator.nos.social server to handle encrypted DMs for moderation requests.

## Variables

| Variable | Example | Purpose |
|----------------------------------- |--------------------------------------------------------------|--------------------------------------------------------------|
| domain | reportinator.nos.social | The fqdn of the service |
| cert_email | [email protected] | The email used for the LetsEncrypt certificate |
| reportinator_server_image | ghcr.io/planetary-social/reportinator_server | The Docker image name |
| reportinator_server_image_tag | latest | The Docker image tag |
| google_application_credentials | /app/data/gcloud/application_default_credentials.json | Google Cloud credentials location |
| relay_addresses_csv | wss://relay.nos.social | Relay to listen to DMs |
| reportinator_server_health_endpoint | https://{{ inventory_hostname }}/ | Health check endpoint |
| reportinator_secret | some nostr hex secret | The secret for the Reportinator account, held in vault |
| slack_signing_secret | some long string | The secret to interact with Slack, held in vault |
Empty file added roles/reportinator_server/defaults/main.yml
View file
Open in desktop
Empty file.
Empty file added roles/reportinator_server/meta/main.yml
View file
Open in desktop
Empty file.
64 changes: 64 additions & 0 deletions roles/reportinator_server/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
- name: Set reportinator_server dir
ansible.builtin.set_fact:
reportinator_server_dir: "{{ homedir }}/services/reportinator_server"

- name: Ensure services/reportinator_server exists
ansible.builtin.file:
path: "{{ reportinator_server_dir }}"
state: directory
mode: '0755'


- name: Copy necessary template files to reportinator_server dir
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ reportinator_server_dir }}/{{ item.dest }}"
mode: 0644
loop:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you like you can omit the loop and just set the src and dest above. It's more readable but this is more convenient if we add more template files in the future.

- src: docker-compose.yml.tpl
dest: docker-compose.yml


- name: UFW - Allow http/https connections
become: true
community.general.ufw:
rule: allow
port: "{{ item }}"
proto: tcp
loop:
- "80"
- "443"


- name: ensure docker is running
ansible.builtin.service:
name: docker
state: started


- name: Start up docker services
ansible.builtin.shell: "docker compose down && docker compose up -d"
args:
chdir: "{{ reportinator_server_dir }}"
register: service_started
retries: 5
until: service_started is success


- name: Setup the image updater
ansible.builtin.include_role:
name: image-update-service
vars:
service_name: reportinator_server
service_image: "{{ reportinator_server_image }}"
service_image_tag: "{{ reportinator_server_image_tag }}"
frequency: 3m
working_dir: "{{ reportinator_server_dir }}"


- name: Setup the health check
ansible.builtin.include_role:
name: health-check
vars:
health_endpoint: "{{ reportinator_server_health_endpoint }}"
23 changes: 23 additions & 0 deletions roles/reportinator_server/templates/docker-compose.yml.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
version: "3.3"

services:
reportinator_server:
image: "{{ reportinator_server_image }}:{{ reportinator_server_image_tag }}"
container_name: "reportinator_server"
restart: always
volumes:
- data:/app/data
labels:
- "traefik.enable=true"
Copy link
Member

@mplorentz mplorentz Apr 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe I'm missing it but I don't see the reportinator_server role depending on the traefik role anywhere. Maybe we don't need traefik at all for this app at this time? In which case we could remove these labels.

Also do we need an SSL cert? If so we might need certbot_cloudflare too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's using traefik, but now the traefik service is coming from the traefik role and it connects to this docker-compose through the network proxy: https://github.com/planetary-social/ansible-scripts/blob/main/roles/traefik/templates/docker-compose.yml.tpl

- "traefik.http.routers.reportinator_server.rule=Host(`{{ domain }}`)"
- "traefik.http.routers.reportinator_server.entrypoints=websecure"
- "traefik.http.routers.reportinator_server.tls.certresolver=nosresolver"


volumes:
data:

networks:
proxy:
external: true