From e87263d962ca189e9eaef3a0f437c1dc604d1b06 Mon Sep 17 00:00:00 2001
From: Alpha Chen <alpha@kejadlen.dev>
Date: Sat, 1 Apr 2023 18:53:58 -0700
Subject: [PATCH] reverse proxy w/caddy

---
 lotus-land-story/.gitignore          |  1 -
 lotus-land-story/main.tf             | 56 ++++++++++++++---
 lotus-land-story/main.yml            | 92 +++++++++++++++++++++++-----
 lotus-land-story/templates/Caddyfile |  2 +
 4 files changed, 127 insertions(+), 24 deletions(-)
 delete mode 100644 lotus-land-story/.gitignore
 create mode 100644 lotus-land-story/templates/Caddyfile

diff --git a/lotus-land-story/.gitignore b/lotus-land-story/.gitignore
deleted file mode 100644
index 3a58880..0000000
--- a/lotus-land-story/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-private.tf
diff --git a/lotus-land-story/main.tf b/lotus-land-story/main.tf
index 6243435..1ca06e5 100644
--- a/lotus-land-story/main.tf
+++ b/lotus-land-story/main.tf
@@ -1,29 +1,71 @@
 terraform {
   required_providers {
     linode = {
-      source = "linode/linode"
+      source  = "linode/linode"
       version = "1.30.0"
     }
 
     http = {
-      source = "hashicorp/http"
+      source  = "hashicorp/http"
       version = "3.2.1"
     }
   }
 }
 
+variable "domain" {
+  type     = string
+  nullable = false
+}
+
 data "http" "github_keys" {
   url = "https://github.com/kejadlen.keys"
 }
 
 resource "linode_instance" "lotus_land_story" {
-    label = "lotus-land-story"
-    image = "linode/debian11"
-    region = "us-west"
-    type = "g6-nanode-1"
-    authorized_keys = split("\n", chomp(data.http.github_keys.response_body))
+  label           = "lotus-land-story"
+  image           = "linode/debian11"
+  region          = "us-west"
+  type            = "g6-nanode-1"
+  authorized_keys = split("\n", chomp(data.http.github_keys.response_body))
+}
+
+resource "linode_volume" "lotus_land_story" {
+  # count = 0
+
+  label     = "lotus-land-story"
+  region    = "us-west"
+  linode_id = linode_instance.lotus_land_story.id
+  size      = 10
+
+  connection {
+    host = resource.linode_instance.lotus_land_story.ip_address
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "mkfs.ext4 '${self.filesystem_path}'",
+      "mkdir '/mnt/lotus-land-story'",
+      "mount '${self.filesystem_path}' '/mnt/lotus-land-story'",
+    ]
+  }
+}
+
+data "linode_domain" "domain" {
+  domain = var.domain
+}
+
+resource "linode_domain_record" "rww" {
+    domain_id = data.linode_domain.domain.id
+    name = "rss"
+    record_type = "A"
+    target = resource.linode_instance.lotus_land_story.ip_address
 }
 
+
 output "lotus_land_story_ip" {
   value = resource.linode_instance.lotus_land_story.ip_address
 }
+
+output "lotus_land_story_volume" {
+  value = resource.linode_volume.lotus_land_story.filesystem_path
+}
diff --git a/lotus-land-story/main.yml b/lotus-land-story/main.yml
index 229baba..f43ec6f 100644
--- a/lotus-land-story/main.yml
+++ b/lotus-land-story/main.yml
@@ -2,6 +2,11 @@
   hosts: lotus-land-story
   tasks:
 
+    - name: Set facts from environment variables
+      ansible.builtin.set_fact:
+        domain: "{{ lookup('ansible.builtin.env', 'TF_VAR_domain') }}"
+        miniflux_password: "{{ lookup('ansible.builtin.env', 'MINIFLUX_PASSWORD') }}"
+
     # https://wiki.debian.org/PostgreSql
     - name: Install postgres
       ansible.builtin.apt:
@@ -10,6 +15,24 @@
           - postgresql-client
         state: present
 
+    - name: Always mount the lotus-land-story volume
+      ansible.builtin.lineinfile:
+        dest: /etc/fstab
+        line: /dev/disk/by-id/scsi-0Linode_Volume_lotus-land-story /mnt/lotus-land-story ext4 defaults,noatime,nofail 0 2
+        state: present
+    - name: Make /mnt/lotus-land-story/postgresql
+      file:
+        path: /mnt/lotus-land-story/postgresql
+        state: directory
+        owner: postgres
+    - name: Set data directory to volume
+      ansible.builtin.lineinfile:
+        dest: "/etc/postgresql/13/main/postgresql.conf"
+        regexp: '^#?data_directory ='
+        line: "data_directory = '/mnt/lotus-land-story/postgresql'"
+        state: present
+      notify: Restart postgres
+
     - name: Install ansible requirements
       ansible.builtin.apt:
         pkg:
@@ -60,17 +83,6 @@
       become_user: postgres
       block:
 
-        # https://miniflux.app/docs/installation.html#docker
-        - name: Create a miniflux db
-          community.postgresql.postgresql_db:
-            name: miniflux
-          notify: Restart postgres
-        - name: Create a miniflux db user
-          community.postgresql.postgresql_user:
-            db: miniflux
-            name: miniflux
-            password: miniflux
-          notify: Restart postgres
         - name: Get docker0 IP address
           ansible.builtin.shell: ip -4 -o addr show docker0 | awk '{print $4}'
           register: docker_ip
@@ -82,6 +94,23 @@
             state: present
             create: true
           notify: Restart postgres
+
+    - name: Set up postgres for miniflux
+      become: true
+      become_user: postgres
+      block:
+
+        # https://miniflux.app/docs/installation.html#docker
+        - name: Create a miniflux db
+          community.postgresql.postgresql_db:
+            name: miniflux
+          notify: Restart postgres
+        - name: Create a miniflux db user
+          community.postgresql.postgresql_user:
+            db: miniflux
+            name: miniflux
+            password: miniflux
+          notify: Restart postgres
         - name: Grant miniflux access
           community.postgresql.postgresql_pg_hba:
             dest: /etc/postgresql/13/main/pg_hba.conf
@@ -91,8 +120,7 @@
             databases: miniflux
             create: true
           notify: Restart postgres
-
-        - name: Install extensions
+        - name: Install hstore
           community.postgresql.postgresql_ext:
             name: hstore
             db: miniflux
@@ -107,13 +135,45 @@
             miniflux:
               image: miniflux/miniflux:latest
               ports:
-                - "80:8080"
+                - "8080:8080"
               environment:
                 - DATABASE_URL=postgres://miniflux:miniflux@host.docker.internal/miniflux
                 - RUN_MIGRATIONS=1
                 - CREATE_ADMIN=1
-                - ADMIN_USERNAME=admin
-                - ADMIN_PASSWORD=test123
+                - ADMIN_USERNAME=alpha
+                - ADMIN_PASSWORD={{ miniflux_password }}
+                - BASE_URL=https://rss.{{ domain }}
+              extra_hosts:
+                - "host.docker.internal:host-gateway"
+
+    - name: Make /mnt/lotus-land-story/caddy
+      file:
+        path: /mnt/lotus-land-story/{{ item }}
+        state: directory
+      loop:
+         - caddy
+         - caddy/data
+         - caddy/config
+    - name: Set up Caddyfile
+      ansible.builtin.template:
+        src: templates/Caddyfile
+        dest: /mnt/lotus-land-story/caddy/Caddyfile
+    - name: Run caddy
+      community.docker.docker_compose:
+        project_name: caddy
+        definition:
+          version: "3.3"
+          services:
+            caddy:
+              image: caddy:2
+              container_name: caddy
+              ports:
+                - "80:80"
+                - "443:443"
+              volumes:
+                - /mnt/lotus-land-story/caddy/Caddyfile:/etc/caddy/Caddyfile
+                - /mnt/lotus-land-story/caddy/data:/data
+                - /mnt/lotus-land-story/caddy/config:/config
               extra_hosts:
                 - "host.docker.internal:host-gateway"
 
diff --git a/lotus-land-story/templates/Caddyfile b/lotus-land-story/templates/Caddyfile
new file mode 100644
index 0000000..f36e473
--- /dev/null
+++ b/lotus-land-story/templates/Caddyfile
@@ -0,0 +1,2 @@
+rss.{{ domain }}
+reverse_proxy host.docker.internal:8080