feat: add Caddy service configuration and enable for hoarder service

2025-03-12 12:14:29 +01:00 · 2025-03-12 12:14:29 +01:00 · d8aeda7fe0
commit d8aeda7fe0
parent 645d3234d7
8 changed files with 97 additions and 1 deletions
--- a/config/ansible/tasks/servers/server.yml
+++ b/config/ansible/tasks/servers/server.yml
@ -22,6 +22,7 @@
    - name: Include services tasks
      ansible.builtin.include_tasks: services/services.yml
      vars:
+        caddy_enabled: true
        hoarder_enabled: true
        golink_enabled: true
        immich_enabled: false
--- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
+++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
@ -0,0 +1,4 @@
+hoarder.mvl.sh {
+    reverse_proxy hoarder:{{ hoarder_port }}
+    tls {{ caddy_email }}
+}
--- a/config/ansible/tasks/servers/services/caddy/caddy.yml
+++ b/config/ansible/tasks/servers/services/caddy/caddy.yml
@ -0,0 +1,40 @@
+- name: Deploy Caddy service
+  block:
+    - name: Set Caddy directories
+      ansible.builtin.set_fact:
+        caddy_service_dir: "{{ ansible_env.HOME }}/services/caddy"
+        caddy_data_dir: "/mnt/services/caddy"
+        caddy_email: "{{ lookup('community.general.onepassword', 'qwvcr4cuumhqh3mschv57xdqka', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='email') }}"
+        hoarder_port: 3500
+
+    - name: Create Caddy directory
+      ansible.builtin.file:
+        path: "{{ caddy_service_dir }}"
+        state: directory
+        mode: "0755"
+
+    - name: Create Caddy network
+      ansible.builtin.command: docker network create caddy_default
+      register: create_caddy_network
+      failed_when:
+        - create_caddy_network.rc != 0
+        - "'already exists' not in create_caddy_network.stderr"
+      changed_when: create_caddy_network.rc == 0
+
+    - name: Deploy Caddy docker-compose.yml
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ caddy_service_dir }}/docker-compose.yml"
+        mode: "0644"
+      register: caddy_compose
+
+    - name: Deploy Caddy Caddyfile
+      ansible.builtin.template:
+        src: Caddyfile.j2
+        dest: "{{ caddy_service_dir }}/Caddyfile"
+        mode: "0644"
+      register: caddy_file
+
+    - name: Start Caddy service
+      ansible.builtin.command: docker compose -f "{{ caddy_service_dir }}/docker-compose.yml" up -d
+      when: caddy_compose.changed or caddy_file.changed
--- a/config/ansible/tasks/servers/services/caddy/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/caddy/docker-compose.yml.j2
@ -0,0 +1,16 @@
+services:
+  caddy:
+    image: caddy:2.9.1-alpine
+    container_name: caddy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - {{caddy_data_dir}}/data:/data
+      - {{caddy_data_dir}}/config:/config
+    environment:
+      - TZ=Europe/Amsterdam
+      - PUID=1000
+      - PGID=100
--- a/config/ansible/tasks/servers/services/hoarder/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/hoarder/docker-compose.yml.j2
@ -8,6 +8,9 @@ services:
      - 3500:3000
    env_file:
      - .env
+    networks:
+      - hoarder
+      - caddy_network

  chrome:
    image: zenika/alpine-chrome:124
@ -19,6 +22,8 @@ services:
      - --remote-debugging-address=0.0.0.0
      - --remote-debugging-port=9222
      - --hide-scrollbars
+    networks:
+      - hoarder

  meilisearch:
    image: getmeili/meilisearch:v1.11.1
@ -27,4 +32,11 @@ services:
      - .env
    volumes:
      - {{ hoarder_data_dir }}/meilisearch:/meili_data
+    networks:
+      - hoarder

+networks:
+  hoarder:
+  caddy_network:
+    external: true
+    name: caddy_default
--- a/config/ansible/tasks/servers/services/hoarder/dotenv.j2
+++ b/config/ansible/tasks/servers/services/hoarder/dotenv.j2
@ -7,6 +7,10 @@ NEXTAUTH_URL=http://localhost:3000

 DATA_DIR=/data

+TZ=Europe/Amsterdam
+PUID=1000
+PGID=100
+
 NEXTAUTH_SECRET="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='NEXTAUTH_SECRET') }}"
 MEILI_MASTER_KEY="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MEILI_MASTER_KEY') }}"
 OPENAI_API_KEY="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='OPENAI_API_KEY') }}"
--- a/config/ansible/tasks/servers/services/immich/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/immich/docker-compose.yml.j2
@ -13,11 +13,15 @@ services:
      - redis
      - database
    environment:
+      - TZ=Europe/Amsterdam
      - PUID=1000
-      - PGID=1000
+      - PGID=100
    restart: unless-stopped
    healthcheck:
      disable: false
+    networks:
+      - immich
+      - caddy_network

  machine-learning:
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
@ -28,6 +32,8 @@ services:
    restart: unless-stopped
    healthcheck:
      disable: false
+    networks:
+      - immich

  redis:
    container_name: immich_redis
@ -35,6 +41,8 @@ services:
    healthcheck:
      test: redis-cli ping || exit 1
    restart: unless-stopped
+    networks:
+      - immich

  database:
    container_name: immich_postgres
@ -71,6 +79,14 @@ services:
        'wal_compression=on',
      ]
    restart: unless-stopped
+    networks:
+      - immich

 volumes:
  model-cache:
+
+networks:
+  immich:
+  caddy_network:
+    external: true
+    name: caddy_default
--- a/config/ansible/tasks/servers/services/services.yml
+++ b/config/ansible/tasks/servers/services/services.yml
@ -1,5 +1,8 @@
 - name: Deploy docker services
  block:
+    - name: Include caddy tasks
+      ansible.builtin.include_tasks: caddy/caddy.yml
+      when: caddy_enabled|bool
    - name: Include golink tasks
      ansible.builtin.include_tasks: golink/golink.yml
      when: golink_enabled|bool