From 2dfde555dd8e639373651ced1b18cb800dc45db0 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Wed, 8 Oct 2025 13:09:35 +0200 Subject: [PATCH] sathub fixes Signed-off-by: Menno van Leeuwen --- ansible/tasks/servers/services/sathub/.env.j2 | 47 ++++++ .../services/sathub/docker-compose.yml.j2 | 137 ++++++++++++++---- .../tasks/servers/services/sathub/sathub.yml | 11 +- 3 files changed, 162 insertions(+), 33 deletions(-) create mode 100644 ansible/tasks/servers/services/sathub/.env.j2 diff --git a/ansible/tasks/servers/services/sathub/.env.j2 b/ansible/tasks/servers/services/sathub/.env.j2 new file mode 100644 index 0000000..e4ac420 --- /dev/null +++ b/ansible/tasks/servers/services/sathub/.env.j2 @@ -0,0 +1,47 @@ +# Production Environment Variables +# Copy this to .env and fill in your values + +# Database configuration (PostgreSQL) +DB_TYPE=postgres +DB_HOST=postgres +DB_PORT=5432 +DB_USER=sathub +DB_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }} +DB_NAME=sathub + +# Required: JWT secret for token signing +JWT_SECRET={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='JWT_SECRET') }} + +# Required: Two-factor authentication encryption key +TWO_FA_ENCRYPTION_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='TWO_FA_ENCRYPTION_KEY') }} + +# Email configuration (required for password resets) +SMTP_HOST={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_HOST') }} +SMTP_PORT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PORT') }} +SMTP_USERNAME={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_USERNAME') }} +SMTP_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PASSWORD') }} +SMTP_FROM_EMAIL={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_FROM_EMAIL') }} + +# MinIO Object Storage configuration +MINIO_ROOT_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} +MINIO_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} +# Basically the same as the above +MINIO_ACCESS_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} +MINIO_SECRET_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} + +# GitHub credentials for Watchtower (auto-updates) +GITHUB_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }} +GITHUB_PAT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }} +REPO_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }} +REPO_PASS={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }} + +# Optional: Override defaults if needed +# GIN_MODE=release (set automatically) +FRONTEND_URL=https://sathub.de + +# CORS configuration (optional - additional allowed origins) +CORS_ALLOWED_ORIGINS=https://sathub.de,https://sathub.nl,https://api.sathub.de + +# Frontend configuration (optional - defaults are provided) +VITE_API_BASE_URL=https://api.sathub.de +VITE_ALLOWED_HOSTS=sathub.de,sathub.nl diff --git a/ansible/tasks/servers/services/sathub/docker-compose.yml.j2 b/ansible/tasks/servers/services/sathub/docker-compose.yml.j2 index ecce3c1..0f3c22c 100644 --- a/ansible/tasks/servers/services/sathub/docker-compose.yml.j2 +++ b/ansible/tasks/servers/services/sathub/docker-compose.yml.j2 @@ -1,43 +1,108 @@ services: - backend: + # Migration service - runs once on stack startup + migrate: image: ghcr.io/vleeuwenmenno/sathub/backend:latest - container_name: sathub-backend - restart: unless-stopped + container_name: sathub-migrate + restart: "no" + command: ["./main", "auto-migrate"] environment: - GIN_MODE=release - - FRONTEND_URL=${FRONTEND_URL:-https://sathub.de} - - CORS_ALLOWED_ORIGINS={{ cors_allowed_origins | default('') }} # Database settings - DB_TYPE=postgres - DB_HOST=postgres - DB_PORT=5432 - DB_USER=${DB_USER:-sathub} - - DB_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }} + - DB_PASSWORD=${DB_PASSWORD} - DB_NAME=${DB_NAME:-sathub} - # Security settings - - JWT_SECRET={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='JWT_SECRET') }} - - TWO_FA_ENCRYPTION_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='TWO_FA_ENCRYPTION_KEY') }} - - # SMTP settings - - SMTP_HOST={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_HOST') }} - - SMTP_PORT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PORT') }} - - SMTP_USERNAME={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_USERNAME') }} - - SMTP_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PASSWORD') }} - - SMTP_FROM_EMAIL={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_FROM_EMAIL') }} - # MinIO settings - MINIO_ENDPOINT=http://minio:9000 - - MINIO_BUCKET=sathub-images - - MINIO_ACCESS_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} - - MINIO_SECRET_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} + - MINIO_BUCKET=sathub-images + - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY} + - MINIO_SECRET_KEY=${MINIO_SECRET_KEY} + - MINIO_EXTERNAL_URL=https://obj.sathub.de + networks: + - sathub + depends_on: + - postgres + + backend: + image: ghcr.io/vleeuwenmenno/sathub/backend:latest + container_name: sathub-backend + restart: unless-stopped + command: ["./main", "api"] + environment: + - GIN_MODE=release + - FRONTEND_URL=${FRONTEND_URL:-https://sathub.de} + - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-https://sathub.de} + + # Database settings + - DB_TYPE=postgres + - DB_HOST=postgres + - DB_PORT=5432 + - DB_USER=${DB_USER:-sathub} + - DB_PASSWORD=${DB_PASSWORD} + - DB_NAME=${DB_NAME:-sathub} + + # Security settings + - JWT_SECRET=${JWT_SECRET} + - TWO_FA_ENCRYPTION_KEY=${TWO_FA_ENCRYPTION_KEY} + + # SMTP settings + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT} + - SMTP_USERNAME=${SMTP_USERNAME} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL} + + # MinIO settings + - MINIO_ENDPOINT=http://minio:9000 + - MINIO_BUCKET=sathub-images + - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY} + - MINIO_SECRET_KEY=${MINIO_SECRET_KEY} - MINIO_EXTERNAL_URL=https://obj.sathub.de networks: - sathub - caddy_network depends_on: - - postgres + migration: + condition: service_completed_successfully + + worker: + image: ghcr.io/vleeuwenmenno/sathub/backend:latest + container_name: sathub-worker + restart: unless-stopped + command: ["./main", "worker"] + environment: + - GIN_MODE=release + + # Database settings + - DB_TYPE=postgres + - DB_HOST=postgres + - DB_PORT=5432 + - DB_USER=${DB_USER:-sathub} + - DB_PASSWORD=${DB_PASSWORD} + - DB_NAME=${DB_NAME:-sathub} + + # SMTP settings (needed for notifications) + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT} + - SMTP_USERNAME=${SMTP_USERNAME} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL} + + # MinIO settings + - MINIO_ENDPOINT=http://minio:9000 + - MINIO_BUCKET=sathub-images + - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY} + - MINIO_SECRET_KEY=${MINIO_SECRET_KEY} + - MINIO_EXTERNAL_URL=https://obj.sathub.de + networks: + - sathub + depends_on: + migration: + condition: service_completed_successfully postgres: image: postgres:15-alpine @@ -45,10 +110,10 @@ services: restart: unless-stopped environment: - POSTGRES_USER=${DB_USER:-sathub} - - POSTGRES_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }} + - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=${DB_NAME:-sathub} volumes: - - {{ sathub_data_dir }}/postgres:/var/lib/postgresql/data + - postgres_data:/var/lib/postgresql/data networks: - sathub @@ -57,8 +122,8 @@ services: container_name: sathub-frontend restart: unless-stopped environment: - - VITE_API_BASE_URL={{ frontend_api_base_url | default('https://api.sathub.de') }} - - VITE_ALLOWED_HOSTS={{ frontend_allowed_hosts | default('sathub.de,sathub.nl') }} + - VITE_API_BASE_URL=${VITE_API_BASE_URL:-https://api.sathub.de} + - VITE_ALLOWED_HOSTS=${VITE_ALLOWED_HOSTS:-sathub.de,sathub.nl} networks: - sathub - caddy_network @@ -68,10 +133,10 @@ services: container_name: sathub-minio restart: unless-stopped environment: - - MINIO_ROOT_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} - - MINIO_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} + - MINIO_ROOT_USER=${MINIO_ROOT_USER} + - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} volumes: - - {{ sathub_data_dir }}/minio:/data + - minio_data:/data command: server /data --console-address :9001 networks: - sathub @@ -87,15 +152,25 @@ services: environment: - WATCHTOWER_CLEANUP=true - WATCHTOWER_INCLUDE_STOPPED=false - - REPO_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }} - - REPO_PASS={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }} - command: --interval 30 --cleanup --include-stopped=false sathub-backend sathub-frontend + - REPO_USER=${REPO_USER} + - REPO_PASS=${REPO_PASS} + command: --interval 30 --cleanup --include-stopped=false sathub-backend sathub-worker sathub-frontend networks: - sathub +volumes: + minio_data: + driver: local + postgres_data: + driver: local + networks: sathub: driver: bridge + + # We assume you're running a Caddy instance in a separate compose file with this network + # If not, you can remove this network and the related depends_on in the services above + # But the stack is designed to run behind a Caddy reverse proxy for SSL termination and routing caddy_network: external: true name: caddy_default diff --git a/ansible/tasks/servers/services/sathub/sathub.yml b/ansible/tasks/servers/services/sathub/sathub.yml index 96a38e0..92feae9 100644 --- a/ansible/tasks/servers/services/sathub/sathub.yml +++ b/ansible/tasks/servers/services/sathub/sathub.yml @@ -24,6 +24,13 @@ state: directory mode: "0755" + - name: Deploy SatHub .env + ansible.builtin.template: + src: .env.j2 + dest: "{{ sathub_service_dir }}/.env" + mode: "0644" + register: sathub_env + - name: Deploy SatHub docker-compose.yml ansible.builtin.template: src: docker-compose.yml.j2 @@ -33,11 +40,11 @@ - name: Stop SatHub service ansible.builtin.command: docker compose -f "{{ sathub_service_dir }}/docker-compose.yml" down --remove-orphans - when: sathub_compose.changed + when: sathub_compose.changed or sathub_env.changed - name: Start SatHub service ansible.builtin.command: docker compose -f "{{ sathub_service_dir }}/docker-compose.yml" up -d - when: sathub_compose.changed + when: sathub_compose.changed or sathub_env.changed tags: - services - sathub