Custom role Notfellchen (#190)

* feat: Add notfellchen

* fix: Restric salt size

* docs: Add notfellchen documentation

* feat(notfellchen): Add sws to serve media files

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

VERSIONS.md

@@ -51,6 +51,8 @@
 * Netbox: v3.7.0-2.8.0
 * Netbox Container Image Customizations Keycloak Sso Expiration Middleware: a2ac39b1c73a50742c6e834e89162f87528c7f73
 * Nextcloud: 28.0.4
+* Notfellchen: 0.1.1
+* Notfellchen Sws: 2
 * Oauth2 Proxy: v7.6.0
 * Outline: 0.74.0-0
 * Owncast: 0.1.2

docs/services/notfellchen.md

@@ -0,0 +1,48 @@
+# ILMO
+
+[Notfellchen](https://codeberg.org/moanos/notfellchen) is a self-hosted tool to list animals available for adoption to increase their chance of finding a forever-home.
+
+
+**Warning**: This service is a custom solution. Feel free to use it but don't expect a solution that works for every use case. Issues with this should be filed in the [project itself](https://codeberg.org/moanos/notfellchen).
+
+## Dependencies
+
+This service requires the following other services:
+
+- a [Postgres](postgres.md) database
+- a [Traefik](traefik.md) reverse-proxy server
+
+
+## Configuration
+
+To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
+
+```yaml
+########################################################################
+#                                                                      #
+# notfellchen                                                          #
+#                                                                      #
+########################################################################
+
+notfellchen_enabled: true
+notfellchen_hostname: notfellchen.example.com
+
+########################################################################
+#                                                                      #
+# /notfellchen                                                         #
+#                                                                      #
+########################################################################
+```
+
+## Setting up the first user
+
+You need to create a first user (unless you import an existing database).
+You can do this conveniently by running
+
+```bash
+just run-tags notfellchen-add-superuser --extra-vars=username=USERNAME --extra-vars=password=PASSWORD --extra-vars=email=EMAIL
+```
+
+## Usage
+
+After installation, you can go to the URL, as defined in `notfellchen_hostname`. Log in with the user credentials from above.

templates/group_vars_mash_servers

@@ -438,6 +438,13 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
     {{ ({'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']} if nextcloud_enabled else omit) }}
   # /role-specific:nextcloud
 
+  # role-specific:notfellchen
+  - |-
+    {{ ({'name': (notfellchen_identifier  + '.service'), 'priority': 2000, 'groups': ['mash', 'notfellchen']} if notfellchen_enabled else omit) }}
+  - |-
+    {{ ({'name': (notfellchen_sws_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'notfellchen', 'notfellchen-sws']} if notfellchen_enabled else omit) }}
+  # /role-specific:notfellchen
+
   # role-specific:mariadb
   - |-
     {{ ({'name': (mariadb_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'mariadb']} if mariadb_enabled else omit) }}
@@ -824,6 +831,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized:
     }}
   # /role-specific:nextcloud
 
+  # role-specific:notfellchen
+  - |-
+    {{
+      ({
+        'name': notfellchen_database_name,
+        'username': notfellchen_database_username,
+        'password': notfellchen_database_password,
+      } if notfellchen_enabled else omit)
+    }}
+  # /role-specific:notfellchen
+
   # role-specific:outline
   - |-
     {{
@@ -3809,6 +3827,64 @@ mariadb_managed_databases_auto: "{{ mash_playbook_mariadb_managed_databases_auto
 # /role-specific:mariadb
 
 
+
+# role-specific:notfellchen
+########################################################################
+#                                                                      #
+# notfellchen                                                          #
+#                                                                      #
+########################################################################
+
+notfellchen_enabled: false
+
+notfellchen_identifier: "{{ mash_playbook_service_identifier_prefix }}notfellchen"
+
+notfellchen_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}notfellchen"
+
+notfellchen_uid: "{{ mash_playbook_uid }}"
+notfellchen_gid: "{{ mash_playbook_gid }}"
+
+notfellchen_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.nf', rounds=655555) | to_uuid }}"
+
+notfellchen_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+notfellchen_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
+notfellchen_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nf', rounds=655555) | to_uuid }}"
+notfellchen_database_username: "notfellchen"
+
+notfellchen_systemd_required_services_list: |
+  {{
+    (['docker.service'])
+    +
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and notfellchen_database_host == devture_postgres_identifier else [])
+  }}
+
+notfellchen_container_additional_networks: |
+  {{
+    ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+    +
+    ([devture_postgres_container_network] if devture_postgres_enabled and notfellchen_database_host == devture_postgres_identifier and notfellchen_container_network != devture_postgres_container_network else [])
+  }}
+
+notfellchen_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
+notfellchen_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
+notfellchen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+notfellchen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
+
+notfellchen_sws_container_labels_traefik_enabled: "{{ notfellchen_container_labels_traefik_enabled }}"
+notfellchen_sws_container_labels_traefik_docker_network: "{{ notfellchen_container_labels_traefik_docker_network }}"
+notfellchen_sws_container_labels_traefik_entrypoints: "{{ notfellchen_container_labels_traefik_entrypoints }}"
+notfellchen_sws_container_labels_traefik_tls_certResolver: "{{ notfellchen_container_labels_traefik_tls_certResolver }}"
+
+
+########################################################################
+#                                                                      #
+# /notfellchen                                                         #
+#                                                                      #
+########################################################################
+# /role-specific:notfellchen
+
+
+
 # role-specific:outline
 ########################################################################
 #                                                                      #

templates/requirements.yml

@@ -212,6 +212,10 @@
   version: v28.0.4-0
   name: nextcloud
   activation_prefix: nextcloud_
+- src: git+https://codeberg.org/moanos/ansible-role-notfellchen.git
+  version: v0.1.0-2
+  name: notfellchen
+  activation_prefix: notfellchen_
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-oauth2-proxy.git
   version: v7.6.0-1
   name: oauth2_proxy