From 71b167a4bcc1512f874cf8f2accd82047d4997b6 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 23 Jan 2024 15:08:31 +0200
Subject: [PATCH] Add support for APISIX Dashboard

---
 docs/services/apisix-dashboard.md | 63 +++++++++++++++++++++++++++++++
 docs/supported-services.md        |  1 +
 templates/group_vars_mash_servers | 60 +++++++++++++++++++++++++++++
 templates/requirements.yml        |  4 ++
 templates/setup.yml               |  4 ++
 5 files changed, 132 insertions(+)
 create mode 100644 docs/services/apisix-dashboard.md

diff --git a/docs/services/apisix-dashboard.md b/docs/services/apisix-dashboard.md
new file mode 100644
index 0000000..06aa3c8
--- /dev/null
+++ b/docs/services/apisix-dashboard.md
@@ -0,0 +1,63 @@
+# APISIX Dashboard
+
+[APISIX Dashboard](https://apisix.apache.org/docs/dashboard/USER_GUIDE/) is a web UI for [APISIX Gateway](./apisix-gateway.md).
+
+It works by directly editing the [etcd](./etcd.md) database that APISIX Gateway stores its data in.
+
+
+## Dependencies
+
+This service requires the following other services:
+
+- a [Traefik](traefik.md) reverse-proxy server
+- an [etcd](etcd.md) key-value store
+- (optional) [APISIX Gateway](./apisix-gateway.md) - there's no point in administrating APISIX Gateway configuration stored in etcd without having an APISIX Gateway instance to initialize and consume it
+
+
+## Configuration
+
+To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
+
+```yaml
+########################################################################
+#                                                                      #
+# apisix_dashboard                                                     #
+#                                                                      #
+########################################################################
+
+apisix_dashboard_enabled: true
+
+apisix_dashboard_hostname: dashboard.api.example.com
+
+# A strong secret for JWT authentication
+apisix_dashboard_config_authentication_secret: ''
+
+apisix_dashboard_config_authentication_users:
+  - username: admin
+    password: password-here
+
+########################################################################
+#                                                                      #
+# /apisix_dashboard                                                    #
+#                                                                      #
+########################################################################
+```
+
+If you'd like to do something more advanced, the [`ansible-role-apisix-dashboard` Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-apisix-dashboard) is very configurable and should not get in your way of exposing ports or configuring arbitrary settings.
+
+Take a look at [its `default/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-apisix-dashboard/blob/main/defaults/main.yml) for available Ansible variables you can use in your own `vars.yml` configuration file.
+
+### URL
+
+In the example configuration above, we configure APISIX Dashboard to expose itself at: `https://dashboard.api.example.com`
+
+### Authentication
+
+The example above uses the built-in login page of APISIX Dashboard with a list of users is defined via `apisix_dashboard_config_authentication_users`.
+
+APISIX Dashboard also supports OpenID Connect providers. It can be enabled and configured via various `apisix_dashboard_config_oidc_*` Ansible variables.
+
+
+## Usage
+
+After installation, you can visit the APISIX Dashboard URL and authenticate with a credential as specified in `apisix_dashboard_config_authentication_users`. If you've enabled OpenID Connect, you may also be able to authenticate with that.
diff --git a/docs/supported-services.md b/docs/supported-services.md
index 7e4054c..c745cfd 100644
--- a/docs/supported-services.md
+++ b/docs/supported-services.md
@@ -4,6 +4,7 @@
 | ------------------------------ | ------------------------------------- | ------------- |
 | [AUX](https://github.com/mother-of-all-self-hosting/ansible-role-aux) | Auxiliary file/directory management on your server via Ansible | [Link](services/auxiliary.md) |
 | [AdGuard Home](https://adguard.com/en/adguard-home/overview.html/) | A network-wide DNS software for blocking ads & tracking | [Link](services/adguard-home.md) |
+| [APISIX Dashboard](https://apisix.apache.org/docs/dashboard/USER_GUIDE/) | A web UI for [APISIX Gateway](services/apisix-gateway.md) | [Link](services/apisix-dashboard.md) |
 | [APISIX Gateway](https://apisix.apache.org/docs/apisix/getting-started/README/) | An API Gateway, Ingress Controller, etc | [Link](services/apisix-gateway.md) |
 | [Appsmith](https://www.appsmith.com/) | Platform for building and deploying custom internal tools and applications without writing code | [Link](services/appsmith.md) |
 | [Authelia](https://www.authelia.com/) | An open-source authentication and authorization server that can work as a companion to [common reverse proxies](https://www.authelia.com/overview/prologue/supported-proxies/) (like [Traefik](traefik.md) frequently used by this playbook) | [Link](services/authelia.md) |
diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers
index 107a94d..f1b311b 100644
--- a/templates/group_vars_mash_servers
+++ b/templates/group_vars_mash_servers
@@ -159,6 +159,11 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
     {{ ({'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']} if adguard_home_enabled else omit) }}
   # /role-specific:adguard_home
 
+  # role-specific:apisix_dashboard
+  - |-
+    {{ ({'name': (apisix_dashboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-dashboard']} if apisix_dashboard_enabled else omit) }}
+  # /role-specific:apisix_dashboard
+
   # role-specific:apisix_gateway
   - |-
     {{ ({'name': (apisix_gateway_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-gateway']} if apisix_gateway_enabled else omit) }}
@@ -1101,6 +1106,61 @@ adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_cert
 
 
 
+# role-specific:apisix_dashboard
+########################################################################
+#                                                                      #
+# apisix_dashboard                                                       #
+#                                                                      #
+########################################################################
+
+apisix_dashboard_enabled: false
+
+apisix_dashboard_identifier: "{{ mash_playbook_service_identifier_prefix }}apisix-dashboard"
+
+apisix_dashboard_uid: "{{ mash_playbook_uid }}"
+apisix_dashboard_gid: "{{ mash_playbook_gid }}"
+
+apisix_dashboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}apisix-dashboard"
+
+apisix_dashboard_container_additional_networks_auto: |
+  {{
+    ([mash_playbook_reverse_proxyable_services_additional_network] if (mash_playbook_reverse_proxyable_services_additional_network and apisix_dashboard_container_labels_traefik_enabled) else [])
+  }}
+
+apisix_dashboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
+apisix_dashboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
+apisix_dashboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+apisix_dashboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
+
+# role-specific:etcd
+apisix_dashboard_config_conf_etcd_endpoints: |
+  {{
+    ([(etcd_identifier + ':2379')] if etcd_enabled else [])
+  }}
+
+apisix_dashboard_config_conf_etcd_username: "{{ ('root' if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}"
+apisix_dashboard_config_conf_etcd_password: "{{ (etcd_environment_variable_etcd_root_password if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}"
+
+apisix_dashboard_container_additional_networks_custom: |
+  {{
+    ([etcd_container_network] if etcd_enabled else [])
+  }}
+
+apisix_dashboard_systemd_required_systemd_services_list_auto: |
+  {{
+    ([(etcd_identifier + '.service')] if etcd_enabled else [])
+  }}
+# /role-specific:etcd
+
+########################################################################
+#                                                                      #
+# /apisix_dashboard                                                      #
+#                                                                      #
+########################################################################
+# /role-specific:apisix_dashboard
+
+
+
 # role-specific:apisix_gateway
 ########################################################################
 #                                                                      #
diff --git a/templates/requirements.yml b/templates/requirements.yml
index 2eb3d6c..15a1ffc 100644
--- a/templates/requirements.yml
+++ b/templates/requirements.yml
@@ -8,6 +8,10 @@
   version: v1.9.50-0
   name: appsmith
   activation_prefix: appsmith_
+- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-apisix-dashboard.git
+  version: v3.0.1-0
+  name: apisix_dashboard
+  activation_prefix: apisix_dashboard_
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-apisix-gateway.git
   version: v3.8.0-0
   name: apisix_gateway
diff --git a/templates/setup.yml b/templates/setup.yml
index f54e1d3..6966811 100644
--- a/templates/setup.yml
+++ b/templates/setup.yml
@@ -98,6 +98,10 @@
     - role: galaxy/appsmith
     # /role-specific:appsmith
 
+    # role-specific:apisix_dashboard
+    - role: galaxy/apisix_dashboard
+    # /role-specific:apisix_dashboard
+
     # role-specific:apisix_gateway
     - role: galaxy/apisix_gateway
     # /role-specific:apisix_gateway