Merge branch 'main' into testing

manifests/portal.pp

@@ -0,0 +1,43 @@
+#Class for SUNET-Drive-portal-Server
+class sunetdrive::portal (
+  String $portal_version = '0.0.1-1'
+) {
+
+  $environment = sunetdrive::get_environment()
+  if $environment == 'prod' {
+    $domain = 'drive.sunet.se'
+  } else {
+    $domain = 'drive.test.sunet.se'
+  }
+  sunet::docker_compose { 'portal_compose':
+    content          => template('sunetdrive/portal/docker-compose.erb.yaml'),
+    service_name     => 'portal',
+    compose_dir      => '/opt/',
+    compose_filename => 'docker-compose.yml',
+    description      => 'Portal server',
+  }
+
+  exec { 'workaround_docker_compose_dir':
+    command => 'mkdir -p /opt/portal/nginx',
+    unless  => 'test -d /opt/portal/nginx',
+  }
+
+  $nginx_dirs = ['acme', 'certs', 'conf', 'dhparam', 'html', 'vhost']
+  $nginx_dirs.each | $dir| {
+    file { "/opt/portal/nginx/${dir}":
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0751',
+    }
+  }
+  file { '/opt/portal/config.yaml':
+    ensure  => present,
+    content => template('sunetdrive/portal/config.erb.yaml'),
+    mode    => '0644',
+  }
+  sunet::misc::ufw_allow { 'https':
+    from => '0.0.0.0/0',
+    port => 443,
+  }
+}

templates/portal/config.erb.yaml

@@ -0,0 +1,57 @@
+---
+domain: "<%= @domain %>"
+sites:
+  - antagning
+  - bth
+  - chalmers
+  - du
+  - esh
+  - extern
+  - fhs
+  - gih
+  - gu
+  - hb
+  - hh
+  - hhs
+  - hig
+  - his
+  - hj
+  - hkr
+  - hv
+  - irf
+  - kau
+  - kb
+  - ki
+  - kkh
+  - kmh
+  - konstfack
+  - kth
+  - kva
+  - liu
+  - lnu
+  - ltu
+  - lu
+  - mau
+  - mdu
+  - miun
+  - nordunet
+  - nrm
+  - oru
+  - rkh
+  - scilifelab
+  - shh
+  - sics
+  - slu
+  - smhi
+  - sp
+  - su
+  - sunet
+  - suni
+  - swamid
+  - ths
+  - uhr
+  - umu
+  - uniarts
+  - uu
+  - vinnova
+  - vr

templates/portal/docker-compose.erb.yaml

@@ -0,0 +1,71 @@
+version: "3.7"
+
+services:
+  nginx:
+    image: docker.io/nginxproxy/nginx-proxy:latest
+    container_name: nginx
+    networks:
+      - internal_network
+      - external_network
+    dns:
+      - 89.32.32.32
+    ports:
+      - "80:80"
+      - "443:443"
+    labels:
+      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+    volumes:
+      - /opt/portal/nginx/certs:/etc/nginx/certs:ro
+      - /opt/portal/nginx/conf:/etc/nginx/conf.d
+      - /opt/portal/nginx/dhparam:/etc/nginx/dhparam
+      - /opt/portal/nginx/html:/usr/share/nginx/html
+      - /opt/portal/nginx/vhost:/etc/nginx/vhost.d
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    environment:
+      - ENABLE_IPV6=true
+    restart: unless-stopped
+
+  acme:
+    image: docker.io/nginxproxy/acme-companion:latest
+    container_name: acme
+    networks:
+      - external_network
+    dns:
+      - 89.32.32.32
+    volumes:
+      - /opt/portal/nginx/acme:/etc/acme.sh
+      - /opt/portal/nginx/certs:/etc/nginx/certs:rw
+      - /opt/portal/nginx/conf:/etc/nginx/conf.d
+      - /opt/portal/nginx/dhparam:/etc/nginx/dhparam
+      - /opt/portal/nginx/html:/usr/share/nginx/html
+      - /opt/portal/nginx/vhost:/etc/nginx/vhost.d:rw
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - NGINX_PROXY_CONTAINER=nginx
+      - DEFAULT_EMAIL=noc@sunet.se
+    depends_on:
+      - nginx
+    restart: unless-stopped
+
+  portal:
+    image: docker.sunet.se/drive/portal:<%= @portal_version %>
+    container_name: portal
+    restart: always
+    networks:
+      - internal_network
+    ports:
+      - "127.0.0.1:8080:8080"
+    dns:
+      - 89.32.32.32
+    volumes:
+      - /opt/portal/config.yaml:/app/config.yaml
+    environment:
+      - VIRTUAL_HOST=portal/<%= @domain %>
+      - VIRTUAL_PATH=/
+      - VIRTUAL_PORT=8080
+      - LETSENCRYPT_HOST=portal.<%= @domain %>
+
+networks:
+  external_network:
+  internal_network:
+    internal: true