diff --git a/inventories/production/group_vars/all.yml b/inventories/production/group_vars/all.yml index b5b2981..54f435c 100644 --- a/inventories/production/group_vars/all.yml +++ b/inventories/production/group_vars/all.yml @@ -82,6 +82,23 @@ secret_ara_secret_key: !vault | 31346465336361316433383865613233373836643366346538633330616232386132636662643963 303938396531623561653335646231616239 +# For Firefly III +secret_firefly_app_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36326365626537313464373434303833373261303835643035666431326335633634376364376233 + 3664323235383337313266316466363734643331313862630a636164616462623965353331373266 + 65653363353039653231316464653366303938656363333239313165313662636163323366303433 + 6432633664666339660a383938333531333536666361633762633831363132366563396237346330 + 32323266346363656336396264626231653331343862636632646466353236393438363037623466 + 6535373866616238323339326338316330383064336138646663 +secret_firefly_db_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31386133326239313637393462633930626634653562303361326634323633363037303862313361 + 3133356362333833653636623761386163646435633239370a613632646461303534353134346431 + 36613930393235653862376639626238326561633064333565383564626330636639633136643365 + 3565316233663262360a353631323762313130326361643532626334363263636539313233646362 + 37633961633162353936386366623136633436306235336235363566616563366563 + # For GVM secret_gvm_db_pass: !vault | $ANSIBLE_VAULT;1.1;AES256 diff --git a/playbooks/local_dns.yml b/playbooks/local_dns.yml index c7e94cc..e3057e4 100755 --- a/playbooks/local_dns.yml +++ b/playbooks/local_dns.yml @@ -93,6 +93,8 @@ # Public - record: ara.desu.ltd value: vm-general-1.ashburn.mgmt.desu.ltd + - record: firefly.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd - record: git.desu.ltd value: vm-general-1.ashburn.mgmt.desu.ltd - record: gitlab.desu.ltd diff --git a/playbooks/prod_db.yml b/playbooks/prod_db.yml index 8dba06a..cbb8445 100755 --- a/playbooks/prod_db.yml +++ b/playbooks/prod_db.yml @@ -25,6 +25,8 @@ postgresql_users: - name: ara-desultd password: "{{ secret_ara_db_pass }}" + - name: firefly-desultd + password: "{{ secret_firefly_db_pass }}" - name: gitea-desultd password: "{{ secret_gitea_db_pass }}" - name: gitlab-desultd @@ -48,6 +50,8 @@ postgresql_databases: - name: ara-desultd owner: ara-desultd + - name: firefly-desultd + owner: firefly-desultd - name: gitea-desultd owner: gitea-desultd - name: gitlab-desultd diff --git a/playbooks/prod_web.yml b/playbooks/prod_web.yml index fe55774..6bebb56 100755 --- a/playbooks/prod_web.yml +++ b/playbooks/prod_web.yml @@ -23,6 +23,7 @@ - web/ara.yml - web/desultd.yml - web/element-web.yml + - web/firefly-iii.yml - web/gitea.yml - web/netbox.yml - web/nextcloud.yml @@ -222,6 +223,8 @@ contents: | default_type application/json; return 200 '{"m.homeserver":{"base_url":"https://matrix.desu.ltd"}}'; + - name: firefly.desu.ltd + proxy_pass: http://firefly:8080 - name: git.desu.ltd proxy_pass: http://gitea:3000 - name: matrix.desu.ltd diff --git a/playbooks/tasks/web/firefly-iii.yml b/playbooks/tasks/web/firefly-iii.yml new file mode 100644 index 0000000..63d852f --- /dev/null +++ b/playbooks/tasks/web/firefly-iii.yml @@ -0,0 +1,24 @@ +# vim:ft=ansible: +- name: docker deploy firefly + docker_container: + name: firefly + image: fireflyiii/core:latest + env: + APP_KEY: "{{ secret_firefly_app_key }}" + APP_URL: "https://firefly.desu.ltd" + # We set TRUSTED_PROXIES to * here, which allows any app in the docker + # network to proxy this. I'm considering this a fine security concession + # since we can't guarantee the IP of the ingress container + TRUSTED_PROXIES: "*" + DB_HOST: "10.0.0.2" + DB_PORT: "5432" + DB_CONNECTION: pgsql + DB_DATABASE: "firefly-desultd" + DB_USERNAME: "firefly-desultd" + DB_PASSWORD: "{{ secret_firefly_db_pass }}" + networks: + - name: web + aliases: [ "firefly" ] + volumes: + - /data/firefly/upload:/var/www/html/storage/upload + tags: [ docker, firefly ]