From a45cec012abe2702ff3fee548ff76c6eeb823e3d Mon Sep 17 00:00:00 2001
From: SilasPeters <69711739+SilasPeters@users.noreply.github.com>
Date: Sat, 20 Jul 2024 19:52:55 +0200
Subject: [PATCH] amend! draft!: feat: host outline with Docker compose

draft!: feat: host outline with Docker compose
---
 ansible/group_vars/production/vars.yml                | 1 +
 ansible/group_vars/staging/vars.yml                   | 1 +
 ansible/roles/outline/handlers/main.yml               | 9 ---------
 ansible/roles/outline/tasks/main.yml                  | 6 +-----
 ansible/roles/outline/templates/docker-compose.yml.j2 | 2 +-
 ansible/roles/outline/templates/docker.env.j2         | 4 ++--
 ansible/roles/outline/templates/outline.conf.j2       | 2 +-
 7 files changed, 7 insertions(+), 18 deletions(-)
 delete mode 100644 ansible/roles/outline/handlers/main.yml

diff --git a/ansible/group_vars/production/vars.yml b/ansible/group_vars/production/vars.yml
index aa3f84642..3c6a06a44 100644
--- a/ansible/group_vars/production/vars.yml
+++ b/ansible/group_vars/production/vars.yml
@@ -140,6 +140,7 @@ secret_outline:
   s3_secret_access_key: "{{ vault_secret_outline.s3_secret_access_key }}"
   s3_bucket: "outline-wiki-prod"
   mailgun_password: "{{ vault_secret_outline.mailgun_password }}"
+  postgresql_password: "{{ vault_secret_outline.postgresql_password }}"
 
 secret_koala_manual:
   password: "{{ vault_secret_koala_manual.password }}"
diff --git a/ansible/group_vars/staging/vars.yml b/ansible/group_vars/staging/vars.yml
index 8dc1e3c8a..4f31f615c 100644
--- a/ansible/group_vars/staging/vars.yml
+++ b/ansible/group_vars/staging/vars.yml
@@ -131,6 +131,7 @@ secret_outline:
   s3_secret_access_key: "{{ vault_secret_outline.s3_secret_access_key }}"
   s3_bucket: "outline-wiki-staging"
   mailgun_password: "{{ vault_secret_outline.mailgun_password }}"
+  postgresql_password: "{{ vault_secret_outline.postgresql_password }}"
 
 secret_koala_manual:
   password: "{{ vault_secret_koala_manual.password }}"
diff --git a/ansible/roles/outline/handlers/main.yml b/ansible/roles/outline/handlers/main.yml
deleted file mode 100644
index 7c2a7f83d..000000000
--- a/ansible/roles/outline/handlers/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- name: "restart outline"
-  # when: "_outline_checkout is changed
-  #     or _outline_service_file is changed
-  #     or _outline_env_file is changed"
-  systemd:
-    name: "outline.service"
-    state: "restarted"
-    daemon_reload: true
diff --git a/ansible/roles/outline/tasks/main.yml b/ansible/roles/outline/tasks/main.yml
index 7860b1890..db1132855 100644
--- a/ansible/roles/outline/tasks/main.yml
+++ b/ansible/roles/outline/tasks/main.yml
@@ -22,6 +22,7 @@
   - name: "Ensure Postgres role exists"
     community.postgresql.postgresql_user:
       name: "outline"
+      password: "{{ secret_outline.postgresql_password }}" # Sadly seems required to make authentication over localhost work, for peer authentication fails somehow
       state: "present"
 
   - name: "Ensure database exists"
@@ -57,8 +58,3 @@
     dest: "/etc/nginx/sites-enabled/outline.conf"
   notify: "reload nginx"
 
-# TODO test creating and restoring backup
-# TODO is het erg dat outline:outline in templates staat?
-# TODO AWS_S3 accelration URL?
-# TODO FILE_STORAGE niet local maar s3?
-# TODO compose-up.yml moet misschien andere naam krijgen?
diff --git a/ansible/roles/outline/templates/docker-compose.yml.j2 b/ansible/roles/outline/templates/docker-compose.yml.j2
index 65c71a4ea..a96a5fc40 100644
--- a/ansible/roles/outline/templates/docker-compose.yml.j2
+++ b/ansible/roles/outline/templates/docker-compose.yml.j2
@@ -5,7 +5,7 @@ services:
     env_file: ./docker.env
     #    ports:
     #      - "4568:3000"
-    network_mode: host
+    network_mode: host # TODO replace this
     volumes:
       - storage-data:/var/lib/outline/data
         #    depends_on:
diff --git a/ansible/roles/outline/templates/docker.env.j2 b/ansible/roles/outline/templates/docker.env.j2
index 3e2f162c8..906d9bae4 100644
--- a/ansible/roles/outline/templates/docker.env.j2
+++ b/ansible/roles/outline/templates/docker.env.j2
@@ -12,7 +12,7 @@ UTILS_SECRET={{ secret_outline.utils_key }}
 
 # For production point these at your databases, in development the default
 # should work out of the box.
-DATABASE_URL=postgres://outline:outline@localhost/outline?dbname=outline #?dbname=outline&user=outline&host=/run/postgresql
+DATABASE_URL=postgres://outline:{{ secret_outline.postgresql_password }}@localhost/outline
 DATABASE_CONNECTION_POOL_MIN=
 DATABASE_CONNECTION_POOL_MAX=
 # Uncomment this to disable SSL for connecting to Postgres
@@ -61,7 +61,7 @@ FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE=
 AWS_ACCESS_KEY_ID={{ secret_outline.s3_access_key_id }}
 AWS_SECRET_ACCESS_KEY={{ secret_outline.s3_secret_access_key }}
 AWS_REGION=eu-west-1
-#AWS_S3_ACCELERATE_URL=
+#AWS_S3_ACCELERATE_URL= (this costs money, bleh)
 AWS_S3_UPLOAD_BUCKET_URL=https://{{ secret_outline.s3_bucket }}.s3.eu-west-1.amazonaws.com
 AWS_S3_UPLOAD_BUCKET_NAME={{ secret_outline.s3_bucket }}
 AWS_S3_FORCE_PATH_STYLE=true
diff --git a/ansible/roles/outline/templates/outline.conf.j2 b/ansible/roles/outline/templates/outline.conf.j2
index d06a6b2a4..136f71230 100644
--- a/ansible/roles/outline/templates/outline.conf.j2
+++ b/ansible/roles/outline/templates/outline.conf.j2
@@ -1,7 +1,7 @@
 server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
-  server_name ~^(compendium|stickypedia|wiki)\.{{ canonical_hostname }};
+  server_name ~^(compendium|stickypedia|wiki|stickywiki)\.{{ canonical_hostname }};
 
   ssl_certificate /etc/letsencrypt/live/compendium.{{ canonical_hostname }}/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/compendium.{{ canonical_hostname }}/privkey.pem;