From c0a182350c1f99ce8152cfa3f778bcf7fe99ecbe Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth@simponic.xyz>
Date: Wed, 7 Aug 2024 21:32:21 -0700
Subject: [PATCH] add kennel

---
 deploy.yml                                    |  3 +++
 inventory                                     |  3 +++
 playbooks/deploy-kennel.yml                   |  6 +++++
 playbooks/roles/kennel/tasks/main.yml         | 23 ++++++++++++++++++
 .../kennel/templates/docker-compose.yml.j2    | 12 ++++++++++
 .../http.kennel.hatecomputers.club.conf       |  8 +++++++
 .../https.kennel.hatecomputers.club.conf      | 24 +++++++++++++++++++
 7 files changed, 79 insertions(+)
 create mode 100644 playbooks/deploy-kennel.yml
 create mode 100644 playbooks/roles/kennel/tasks/main.yml
 create mode 100644 playbooks/roles/kennel/templates/docker-compose.yml.j2
 create mode 100644 playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/http.kennel.hatecomputers.club.conf
 create mode 100644 playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/https.kennel.hatecomputers.club.conf

diff --git a/deploy.yml b/deploy.yml
index 9228ec9..f4c930c 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -30,5 +30,8 @@
 - name: Website for hatecomputers.club
   ansible.builtin.import_playbook: playbooks/deploy-hatecomputers-club.yml
 
+- name: Deploy kennel
+  ansible.builtin.import_playbook: playbooks/deploy-kennel.yml
+
 - name: Deploy borg
   ansible.builtin.import_playbook: playbooks/deploy-borg.yml
diff --git a/inventory b/inventory
index f14410d..8f48c85 100644
--- a/inventory
+++ b/inventory
@@ -39,3 +39,6 @@ himmel.int.infra.hatecomputers.club  ansible_user=root ansible_connection=ssh
 [borg]
 himmel.int.infra.hatecomputers.club  ansible_user=root ansible_connection=ssh
 fern.int.infra.hatecomputers.club  ansible_user=root ansible_connection=ssh
+
+[kennel]
+himmel.int.infra.hatecomputers.club  ansible_user=root ansible_connection=ssh
diff --git a/playbooks/deploy-kennel.yml b/playbooks/deploy-kennel.yml
new file mode 100644
index 0000000..7656012
--- /dev/null
+++ b/playbooks/deploy-kennel.yml
@@ -0,0 +1,6 @@
+---
+
+- name: kennel.hatecomputers.club setup
+  hosts: kennel
+  roles:
+    - kennel
diff --git a/playbooks/roles/kennel/tasks/main.yml b/playbooks/roles/kennel/tasks/main.yml
new file mode 100644
index 0000000..edc4836
--- /dev/null
+++ b/playbooks/roles/kennel/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: Ensure kennel docker/compose exist
+  ansible.builtin.file:
+    path: /etc/docker/compose/kennel
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Build kennel docker-compose.yml.j2
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: /etc/docker/compose/kennel/docker-compose.yml
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Enable kennel
+  ansible.builtin.systemd_service:
+    state: restarted
+    enabled: true
+    name: docker-compose@kennel
diff --git a/playbooks/roles/kennel/templates/docker-compose.yml.j2 b/playbooks/roles/kennel/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..cfdfc7a
--- /dev/null
+++ b/playbooks/roles/kennel/templates/docker-compose.yml.j2
@@ -0,0 +1,12 @@
+version: '3'
+
+services:
+  server:
+    image: git.hatecomputers.club/hatecomputers/kennel:latest
+    restart: always
+    ports:
+      - 127.0.0.1:60613:8000
+    environment:
+      - TEST_ENV=value
+    volumes:
+      - ./data:/app/data
diff --git a/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/http.kennel.hatecomputers.club.conf b/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/http.kennel.hatecomputers.club.conf
new file mode 100644
index 0000000..a2c3e98
--- /dev/null
+++ b/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/http.kennel.hatecomputers.club.conf
@@ -0,0 +1,8 @@
+server {
+  listen 80;
+  server_name kennel.hatecomputers.club;
+
+  location / {
+    rewrite ^ https://kennel.hatecomputers.club$request_uri? permanent;
+  }
+}
diff --git a/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/https.kennel.hatecomputers.club.conf b/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/https.kennel.hatecomputers.club.conf
new file mode 100644
index 0000000..7f36233
--- /dev/null
+++ b/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/https.kennel.hatecomputers.club.conf
@@ -0,0 +1,24 @@
+server {
+  server_name kennel.hatecomputers.club;
+  listen 443 ssl;
+
+  ssl_dhparam /etc/nginx/dhparams.pem;
+  
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+  ssl_prefer_server_ciphers off;
+
+  ssl_certificate /etc/letsencrypt/live/kennel.hatecomputers.club/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/kennel.hatecomputers.club/privkey.pem;
+
+  location / {
+    proxy_pass       http://127.0.0.1:60613;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header Host $host;
+  }
+}