From f626156c4cd3fafa57a451c8f2a06fa6f1d779bb Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 18 Mar 2024 15:15:38 +0100
Subject: [PATCH] Add jupyter site

---
 manifests/jupyter_site.pp                     | 38 ++++++++++
 .../jupyter_site/docker-compose.erb.yaml      | 69 +++++++++++++++++++
 2 files changed, 107 insertions(+)
 create mode 100644 manifests/jupyter_site.pp
 create mode 100644 templates/jupyter_site/docker-compose.erb.yaml

diff --git a/manifests/jupyter_site.pp b/manifests/jupyter_site.pp
new file mode 100644
index 0000000..e2826b8
--- /dev/null
+++ b/manifests/jupyter_site.pp
@@ -0,0 +1,38 @@
+#Class for SUNET-Drive-portal-Server
+class sunetdrive::jupyter_site (
+  String $site_version = '0.0.1-1'
+) {
+
+  $domain = 'jupyter.sunet.dev'
+  sunet::docker_compose { 'portal_compose':
+    content          => template('sunetdrive/jupyter_site/docker-compose.erb.yaml'),
+    service_name     => 'jupyter_site',
+    compose_dir      => '/opt/',
+    compose_filename => 'docker-compose.yml',
+    description      => 'Web server',
+  }
+
+  exec { 'workaround_docker_compose_dir':
+    command => 'mkdir -p /opt/jupyter_site/nginx',
+    unless  => 'test -d /opt/jupyter_site/nginx',
+  }
+
+  $nginx_dirs = ['acme', 'certs', 'conf', 'dhparam', 'html', 'vhost']
+  $nginx_dirs.each | $dir| {
+    file { "/opt/jupyter_site/nginx/${dir}":
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0751',
+    }
+  }
+  sunet::misc::ufw_allow { 'https':
+    from => '0.0.0.0/0',
+    port => 443,
+  }
+  # For acme and redirect
+  sunet::misc::ufw_allow { 'http':
+    from => '0.0.0.0/0',
+    port => 80,
+  }
+}
diff --git a/templates/jupyter_site/docker-compose.erb.yaml b/templates/jupyter_site/docker-compose.erb.yaml
new file mode 100644
index 0000000..9852c47
--- /dev/null
+++ b/templates/jupyter_site/docker-compose.erb.yaml
@@ -0,0 +1,69 @@
+version: "3.7"
+
+services:
+  nginx:
+    image: docker.io/nginxproxy/nginx-proxy:latest
+    container_name: nginx
+    networks:
+      - internal_network
+      - external_network
+    dns:
+      - 89.32.32.32
+    ports:
+      - "80:80"
+      - "443:443"
+    labels:
+      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+    volumes:
+      - /opt/jupyter_site/nginx/certs:/etc/nginx/certs:ro
+      - /opt/jupyter_site/nginx/conf:/etc/nginx/conf.d
+      - /opt/jupyter_site/nginx/dhparam:/etc/nginx/dhparam
+      - /opt/jupyter_site/nginx/html:/usr/share/nginx/html
+      - /opt/jupyter_site/nginx/vhost:/etc/nginx/vhost.d
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    environment:
+      - ENABLE_IPV6=true
+    restart: unless-stopped
+
+  acme:
+    image: docker.io/nginxproxy/acme-companion:latest
+    container_name: acme
+    networks:
+      - external_network
+    dns:
+      - 89.32.32.32
+    volumes:
+      - /opt/jupyter_site/nginx/acme:/etc/acme.sh
+      - /opt/jupyter_site/nginx/certs:/etc/nginx/certs:rw
+      - /opt/jupyter_site/nginx/conf:/etc/nginx/conf.d
+      - /opt/jupyter_site/nginx/dhparam:/etc/nginx/dhparam
+      - /opt/jupyter_site/nginx/html:/usr/share/nginx/html
+      - /opt/jupyter_site/nginx/vhost:/etc/nginx/vhost.d:rw
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - NGINX_PROXY_CONTAINER=nginx
+      - DEFAULT_EMAIL=drive@sunet.se
+    depends_on:
+      - nginx
+    restart: unless-stopped
+
+  web:
+    image: docker.sunet.se/drive/jupyter-site:<%= @site_version %>
+    container_name: web
+    restart: always
+    networks:
+      - internal_network
+    ports:
+      - "127.0.0.1:3000:3000"
+    dns:
+      - 89.32.32.32
+    environment:
+      - VIRTUAL_HOST=<%= @domain %>
+      - VIRTUAL_PATH=/
+      - VIRTUAL_PORT=3000
+      - LETSENCRYPT_HOST=<%= @domain %>
+
+networks:
+  external_network:
+  internal_network:
+    internal: true