Draft role for Heriverse/Stratigraph

2026-03-29 18:58:17 +02:00
parent 37d4e70d40
commit 73275530da
5 changed files with 112 additions and 0 deletions
--- a/roles/heriverse/defaults/main.yml
+++ b/roles/heriverse/defaults/main.yml
@@ -0,0 +1,3 @@
+heriverse_repo_url: "https://git.3dresearch.it/stratigraph/docker-heriverse"
+# Note: replace with the domain name for Caddy config
+#server_name: "heriverse.stratigraph"
--- a/roles/heriverse/handlers/main.yml
+++ b/roles/heriverse/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart Caddy
+  ansible.builtin.service:
+    name: caddy
+    state: restarted
--- a/roles/heriverse/tasks/main.yml
+++ b/roles/heriverse/tasks/main.yml
@@ -0,0 +1,68 @@
+---
+- name: Ensure ACL is installed
+  ansible.builtin.package:
+    name:
+      - acl
+    state: present
+    update_cache: yes
+
+- name: Ensure git is installed
+  ansible.builtin.package:
+    name:
+      - git
+    state: present
+    update_cache: yes
+
+- name: Ensure Caddy is installed
+  ansible.builtin.package:
+    name:
+      - caddy
+    state: present
+    update_cache: yes
+
+- name: Create Heriverse user
+  ansible.builtin.user:
+    name: heriverse
+    shell: /usr/sbin/nologin
+    home: /opt/heriverse
+    create_home: true
+    password: '*'
+
+- name: Ensure Heriverse directory exists
+  ansible.builtin.file:
+    path: /opt/heriverse/docker-herivese
+    state: directory
+    owner: heriverse
+    group: heriverse
+    mode: "0755"
+
+- name: Clone Heriverse repo
+  ansible.builtin.git:
+    repo: "{{ heriverse_repo_url }}"
+    dest: /opt/heriverse/docker-heriverse
+    clone: true
+  become: true
+  become_user: heriverse
+
+- name: Create and start all Heriverse services
+  community.docker.docker_compose_v2:
+    project_src: /opt/heriverse/docker-heriverse
+    pull: missing
+  register: output
+
+- name: Execute entrypoint script
+  ansible.builtin.command:
+    chdir: /opt/heriverse/docker-heriverse
+    cmd: './entrypoint.sh'
+  become: true
+  become_user: heriverse
+  
+- name: Copy Caddy config file
+  ansible.builtin.template:
+    src: Caddyfile.j2
+    dest: "/etc/caddy/Caddyfile"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart Caddy
+  
--- a/roles/heriverse/templates/Caddyfile.j2
+++ b/roles/heriverse/templates/Caddyfile.j2
@@ -0,0 +1,25 @@
+{{ server_name }} {
+    # Don't show ATON's frontend home page
+    redir / /a/heriverse 302
+
+    request_body {
+        max_size 2GB # This can be made configurable
+    }
+
+    # `handle_path` is required where URIs must be rewritten
+    handle_path /server/* {
+        reverse_proxy localhost:3000
+    }
+
+    handle /auth* {
+        reverse_proxy localhost:8080
+    }
+
+    handle_path /couchdb/* {
+        reverse_proxy localhost:5984
+    }
+
+    handle /* {
+        reverse_proxy localhost:8081
+    }
+}