Add ara and its related secrets

inventories/production/group_vars/all.yml

@@ -66,6 +66,24 @@ zerotier_management_network_id: !vault |
           3430303130303766610a633131656431396332626336653562616363666433366664373635613934
           30316335396166633361666466346232323630396534386332613937366232613965
 
+# For ara
+secret_ara_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63353066316533303030366138323937313163366363303836633330616464623166343739373436
+          3562613639613966613365666462666633643336383034390a383239383335623735613135386532
+          34383135313436383963383133336237343566303665633337626361613164303264393736616461
+          6133663463333033610a636463393833306539666538626361313062396666363130393334316137
+          34363064613232336238336630616530313661346264323537393434303264653930
+secret_ara_secret_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          38653361623431376163613762646262363734623239383330326331663434333031313137353561
+          3936316562623537363164626561333139633664643264340a336334333265663530663765376534
+          30356564353461343232343634383739373262643834313035396131303066666639383639376536
+          3638623035363939640a363332653234666630346166356537623735656639356137643833333939
+          65316437326137666461646366633731333639326139666333366133633836383931356564393131
+          31346465336361316433383865613233373836643366346538633330616232386132636662643963
+          303938396531623561653335646231616239
+
 # For GVM
 secret_gvm_db_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256

playbooks/local_dns.yml

@@ -113,6 +113,8 @@
           value: web1.dallas.mgmt.desu.ltd
         - record: netbox.desu.ltd
           value: web3.dallas.mgmt.desu.ltd
+        - record: ara.desu.ltd
+          value: web3.dallas.mgmt.desu.ltd
         # Local
         - record: homeauto.local.desu.ltd
           value: pi-homeauto-1.home.mgmt.desu.ltd

playbooks/prod_db.yml

@@ -23,6 +23,8 @@
             # Used for internal access from other nodes
           - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
         postgresql_users:
+          - name: ara-desultd
+            password: "{{ secret_ara_db_pass }}"
           - name: gitea-desultd
             password: "{{ secret_gitea_db_pass }}"
           - name: gulagbot-test
@@ -40,6 +42,8 @@
           - name: synapse-desultd
             password: "{{ secret_synapse_db_pass }}"
         postgresql_databases:
+          - name: ara-desultd
+            owner: ara-desultd
           - name: gitea-desultd
             owner: gitea-desultd
           - name: gulagbot-test

playbooks/prod_web.yml

@@ -145,6 +145,7 @@
         - app/redis.yml
         - web/movienight.yml
         - web/netbox.yml
+        - web/ara.yml
       tags: [ always ]
   roles:
     - role: backup
@@ -318,6 +319,8 @@
     - role: ingress
       vars:
         ingress_servers:
+          - name: ara.desu.ltd
+            proxy_pass: http://ara:8000
           - name: netbox.desu.ltd
             proxy_pass: http://netbox:8080
           - name: nagios.desu.ltd

playbooks/tasks/web/ara.yml

@@ -0,0 +1,19 @@
+# vim:ft=ansible:
+- name: docker deploy ara
+  docker_container:
+    name: ara
+    image: recordsansible/ara-api:centos8-stream-pypi-latest
+    env:
+      ARA_DATABASE_ENGINE: django.db.backends.postgresql
+      ARA_DATABASE_NAME: ara-desultd
+      ARA_DATABASE_USER: ara-desultd
+      ARA_DATABASE_PASSWORD: "{{ secret_ara_db_pass }}"
+      ARA_DATABASE_HOST: 192.168.164.156
+    networks:
+      - name: web
+        aliases: [ "ara" ]
+    volumes:
+      - /data/ara/server:/opt/ara:z
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+  tags: [ docker, ara ]