From 0b1f98857551f7f173e82d3bd1143ce73f4c97a8 Mon Sep 17 00:00:00 2001
From: Dan Trickey <git@trickey.io>
Date: Sun, 1 Dec 2024 19:05:50 +0000
Subject: [PATCH] Add docker role for kmicms

---
 config.yml                                    |  2 +
 group_vars/all/docker.yml                     |  2 +-
 host_vars/CONTAINERS-1/kmicms.yml             | 49 +++++++++++++++++++
 .../files/docker-compose.override.yml         | 37 ++++++++++++++
 roles/docker_kmicms/handlers/main.yml         |  4 ++
 roles/docker_kmicms/tasks/main.yml            | 14 ++++++
 6 files changed, 107 insertions(+), 1 deletion(-)
 create mode 100644 host_vars/CONTAINERS-1/kmicms.yml
 create mode 100644 roles/docker_kmicms/files/docker-compose.override.yml
 create mode 100644 roles/docker_kmicms/handlers/main.yml
 create mode 100644 roles/docker_kmicms/tasks/main.yml

diff --git a/config.yml b/config.yml
index 17a0197..16b02cc 100644
--- a/config.yml
+++ b/config.yml
@@ -57,3 +57,5 @@
       tags: docker-ferry
     - role: docker_kmibot
       tags: docker-kmibot
+    - role: docker_kmicms
+      tags: docker-kmicms
diff --git a/group_vars/all/docker.yml b/group_vars/all/docker.yml
index b95f611..d89eabe 100644
--- a/group_vars/all/docker.yml
+++ b/group_vars/all/docker.yml
@@ -9,4 +9,4 @@ docker_compose_directory_mask: "775"
 # Run this task manually, as version comparisons usually fail
 docker_compose_url: https://github.com/docker/compose-switch/releases/latest/download/docker-compose-linux-amd64
 
-docker_update_command: docker-compose pull && docker-compose down && docker-compose rm && docker-compose up -d --build
+docker_update_command: docker-compose pull && docker-compose down && docker-compose rm && docker-compose up --detach --build
diff --git a/host_vars/CONTAINERS-1/kmicms.yml b/host_vars/CONTAINERS-1/kmicms.yml
new file mode 100644
index 0000000..83e6c1c
--- /dev/null
+++ b/host_vars/CONTAINERS-1/kmicms.yml
@@ -0,0 +1,49 @@
+docker_kmicms_hostname: sown-staging.containers-dev.sown.org.uk
+docker_kmicms_sso_oidc_app_name: kmicms-staging
+
+docker_kmicms_sso_staff_group_name: staging:kmicms:staff
+docker_kmicms_sso_superuser_group_name: staging:kmicms:superuser
+
+docker_kmicms_recaptcha_public_key: a
+docker_kmicms_recaptcha_private_key: a
+
+docker_kmicms_django_secret_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  31663365333163323361386566363636643339656265663139346262323037393935343635313265
+  3834633333366131303665626264393766366537323238610a623738373761663136313034623762
+  37396663396266393066363530386161333332323561613538346564303265303262346261653334
+  3731386561346437310a333332646239363463393364396134653038346634336338653665313433
+  64323661333635303836393766646536356462636137613065666437333138323337373264656465
+  31373865376466363561373962306265336537353431653263333533663765363736316433646630
+  34623831313738366365316465336263393835306466323165393462323231353365623236383764
+  39333962643836616166643064383063353132336636613333353866363339613639366338363132
+  3939
+docker_kmicms_sso_oidc_client_id: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34643039653133323939336364613566313730636535363262333365306632383932663536346133
+  6365623662663161393937336264396663383363306665360a376164663431363632303737616465
+  37653566623636323036333565333161646464663933633039303535386564656530383435396365
+  6135306663373536650a343265326536333837666662626233393161373566333664613337303535
+  61363964613765633362373762396138366239613863396131656430396165326137626438393237
+  3761383539383462613432633665656534373863346662343232
+docker_kmicms_sso_oidc_client_secret: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  63323463313062356132396336336638656535663133333234363736376331653262626134333337
+  3530396562386232636434653265313633373461626264340a333030643030343239643830633532
+  62313131656332663864646130313431336662653731393931393932363665386536303863613663
+  3037306331656338330a646538323533393238646665613239646438336262313732653961386238
+  39313439306162656264383666333638653434356438643637393633316530363435313330346435
+  63313630633663336364353564366539356565323430653433373063306365323764383334316635
+  63366436313339303039383139646666323131646164386131613134333930326139323866396538
+  62346632316234636535383665346430306262383664353837373961386464396361393536623963
+  61373435636632653238353234353233646437653564303432616232383931613432323133656664
+  35653261663731336637633136343766386365663265663262396263643863646130653930616564
+  373065633931366535373534373035633136
+docker_kmi_cms_netbox_api_token: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  33393437663133386434323631633830346630383436363765653434376461373364333839383936
+  3135316164303638623336653631363636663462626133640a373034303436626561616637666665
+  39613063656230323638653831353937613861613533343862643661303661343839323432323733
+  3761313862323264390a663433353038353930323962373764663561386233363937396163393663
+  30653735663534303431643236303537616565643763613463656162343233396339626637663366
+  3631616232353935373666633630303236663731323564363339
diff --git a/roles/docker_kmicms/files/docker-compose.override.yml b/roles/docker_kmicms/files/docker-compose.override.yml
new file mode 100644
index 0000000..c034c07
--- /dev/null
+++ b/roles/docker_kmicms/files/docker-compose.override.yml
@@ -0,0 +1,37 @@
+services:
+  nginx:
+    restart: always
+    networks:
+      - traefik
+      - default
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.kmicms-staging.rule=Host(`{{ docker_kmicms_hostname }}`)
+      - traefik.http.services.kmicms-staging.loadbalancer.server.port=80
+      - traefik.http.routers.kmicms-staging.tls.certresolver=le
+
+  web:
+    restart: always
+    environment:
+      - REDIS_URL=redis://cache:6379
+      - SQL_DATABASE=wagtail
+      - SQL_USER=wagtail
+      - SQL_PASSWORD=wagtail
+      - SQL_HOST=db
+      - SQL_PORT=5432
+      - SECRET_KEY={{ docker_kmicms_django_secret_key }}
+      - SSO_OIDC_CONFIGURATION_URL=https://sso.sown.org.uk/application/o/{{ docker_kmicms_sso_oidc_app_name }}/.well-known/openid-configuration
+      - SSO_OIDC_CLIENT_ID={{ docker_kmicms_sso_oidc_client_id }}
+      - SSO_OIDC_CLIENT_SECRET={{ docker_kmicms_sso_oidc_client_secret }}
+      - SSO_STAFF_GROUP_NAME={{ docker_kmicms_sso_staff_group_name }}
+      - SSO_SUPERUSER_GROUP_NAME={{ docker_kmicms_sso_superuser_group_name }}
+      - NETBOX_API_TOKEN={{ docker_kmi_cms_netbox_api_token }}
+      - RECAPTCHA_PUBLIC_KEY={{ docker_kmicms_recaptcha_public_key }}
+      - RECAPTCHA_PRIVATE_KEY={{ docker_kmicms_recaptcha_private_key }}
+
+  db:
+    restart: always
+
+networks:
+  traefik:
+    external: true
diff --git a/roles/docker_kmicms/handlers/main.yml b/roles/docker_kmicms/handlers/main.yml
new file mode 100644
index 0000000..23cc73a
--- /dev/null
+++ b/roles/docker_kmicms/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart kmicms  # noqa: no-changed-when
+  command:
+    chdir: /opt/kmicms
+    cmd: "{{ docker_update_command }}"
diff --git a/roles/docker_kmicms/tasks/main.yml b/roles/docker_kmicms/tasks/main.yml
new file mode 100644
index 0000000..4fc71cc
--- /dev/null
+++ b/roles/docker_kmicms/tasks/main.yml
@@ -0,0 +1,14 @@
+- name: Checkout kmicms into /opt/kmicms
+  git:
+    repo: https://github.com/sown/kmicms.git
+    dest: /opt/kmicms
+    version: 2e97d64038b8ca783f624a6caae83d3b7b9c8e71
+  notify: Restart kmicms
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.override.yml
+    dest: /opt/kmicms/docker-compose.override.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  notify: Restart kmicms