From f511383a7a45e8c6ebb2046f0a43fd1bd74aed32 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 27 Feb 2024 11:59:32 +0100 Subject: [PATCH] Add portal --- manifests/portal.pp | 43 ++++++++++++++ templates/portal/config.erb.yaml | 57 +++++++++++++++++++ templates/portal/docker-compose.erb.yaml | 71 ++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 manifests/portal.pp create mode 100644 templates/portal/config.erb.yaml create mode 100644 templates/portal/docker-compose.erb.yaml diff --git a/manifests/portal.pp b/manifests/portal.pp new file mode 100644 index 0000000..cd77f2b --- /dev/null +++ b/manifests/portal.pp @@ -0,0 +1,43 @@ +#Class for SUNET-Drive-portal-Server +class sunetdrive::portal ( + String $portal_version = '0.0.1-1' +) { + + $environment = sunetdrive::get_environment() + if $environment == 'prod' { + $domain = 'drive.sunet.se' + } else { + $domain = 'drive.test.sunet.se' + } + sunet::docker_compose { 'portal_compose': + content => template('sunetdrive/portal/docker-compose.erb.yaml'), + service_name => 'portal', + compose_dir => '/opt/', + compose_filename => 'docker-compose.yml', + description => 'Portal server', + } + + exec { 'workaround_docker_compose_dir': + command => 'mkdir -p /opt/portal/nginx', + unless => 'test -d /opt/portal/nginx', + } + + $nginx_dirs = ['acme', 'certs', 'conf', 'dhparam', 'html', 'vhost'] + $nginx_dirs.each | $dir| { + file { "/opt/portal/nginx/${dir}": + ensure => directory, + owner => 'root', + group => 'root', + mode => '0751', + } + } + file { '/opt/portal/config.yaml': + ensure => present, + content => template('sunetdrive/portal/config.erb.yaml'), + mode => '0644', + } + sunet::misc::ufw_allow { 'https': + from => '0.0.0.0/0', + port => 443, + } +} diff --git a/templates/portal/config.erb.yaml b/templates/portal/config.erb.yaml new file mode 100644 index 0000000..de37ca4 --- /dev/null +++ b/templates/portal/config.erb.yaml @@ -0,0 +1,57 @@ +--- +domain: "<%= @domain %>" +sites: + - antagning + - bth + - chalmers + - du + - esh + - extern + - fhs + - gih + - gu + - hb + - hh + - hhs + - hig + - his + - hj + - hkr + - hv + - irf + - kau + - kb + - ki + - kkh + - kmh + - konstfack + - kth + - kva + - liu + - lnu + - ltu + - lu + - mau + - mdu + - miun + - nordunet + - nrm + - oru + - rkh + - scilifelab + - shh + - sics + - slu + - smhi + - sp + - su + - sunet + - suni + - swamid + - ths + - uhr + - umu + - uniarts + - uu + - vinnova + - vr diff --git a/templates/portal/docker-compose.erb.yaml b/templates/portal/docker-compose.erb.yaml new file mode 100644 index 0000000..9d47ed7 --- /dev/null +++ b/templates/portal/docker-compose.erb.yaml @@ -0,0 +1,71 @@ +version: "3.7" + +services: + nginx: + image: docker.io/nginxproxy/nginx-proxy:latest + container_name: nginx + networks: + - internal_network + - external_network + dns: + - 89.32.32.32 + ports: + - "80:80" + - "443:443" + labels: + com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" + volumes: + - /opt/portal/nginx/certs:/etc/nginx/certs:ro + - /opt/portal/nginx/conf:/etc/nginx/conf.d + - /opt/portal/nginx/dhparam:/etc/nginx/dhparam + - /opt/portal/nginx/html:/usr/share/nginx/html + - /opt/portal/nginx/vhost:/etc/nginx/vhost.d + - /var/run/docker.sock:/tmp/docker.sock:ro + environment: + - ENABLE_IPV6=true + restart: unless-stopped + + acme: + image: docker.io/nginxproxy/acme-companion:latest + container_name: acme + networks: + - external_network + dns: + - 89.32.32.32 + volumes: + - /opt/portal/nginx/acme:/etc/acme.sh + - /opt/portal/nginx/certs:/etc/nginx/certs:rw + - /opt/portal/nginx/conf:/etc/nginx/conf.d + - /opt/portal/nginx/dhparam:/etc/nginx/dhparam + - /opt/portal/nginx/html:/usr/share/nginx/html + - /opt/portal/nginx/vhost:/etc/nginx/vhost.d:rw + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - NGINX_PROXY_CONTAINER=nginx + - DEFAULT_EMAIL=noc@sunet.se + depends_on: + - nginx + restart: unless-stopped + + portal: + image: docker.sunet.se/drive/portal:<%= @portal_version %> + container_name: portal + restart: always + networks: + - internal_network + ports: + - "127.0.0.1:8080:8080" + dns: + - 89.32.32.32 + volumes: + - /opt/portal/config.yaml:/app/config.yaml + environment: + - VIRTUAL_HOST=portal/<%= @domain %> + - VIRTUAL_PATH=/ + - VIRTUAL_PORT=8080 + - LETSENCRYPT_HOST=portal.<%= @domain %> + +networks: + external_network: + internal_network: + internal: true