Page MenuHomeDevCentral
Files F3716677

D2597.id7567.diff
No OneTemporary
Actions

D2597.id7567.diff
View Options

diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -17,6 +17,7 @@
paas-docker
5000 Docker registry HTTP
9090 Openfire HTTP
+ 17080 Penpot
19080 Nasqueron API - Datasources
20080 Nasqueron API - Docker registry API
22220 Phabricator Aphlict (client)
diff --git a/_modules/convert.py b/_modules/convert.py
--- a/_modules/convert.py
+++ b/_modules/convert.py
@@ -80,3 +80,10 @@
return salt.serializers.yaml.serialize(
_to_dictionary(data, root), default_flow_style=False
)
+
+
+def to_flags(data, enable_prefix="enable-", separator=" "):
+ """
+ A function to convert a list of flags in a string to enable them.
+ """
+ return separator.join([enable_prefix + item for item in data])
diff --git a/_tests/modules/test_convert.py b/_tests/modules/test_convert.py
new file mode 100755
--- /dev/null
+++ b/_tests/modules/test_convert.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+from importlib.machinery import SourceFileLoader
+import unittest
+
+salt_test_case = SourceFileLoader("salt_test_case", "salt_test_case.py").load_module()
+convert = SourceFileLoader("rust", "../_modules/convert.py").load_module()
+
+
+class Testinstance(unittest.TestCase, salt_test_case.SaltTestCase):
+ def setUp(self):
+ self.initialize_mocks()
+ self.instance = convert
+
+ def test_to_flags(self):
+ features = ["foo", "bar"]
+
+ self.assertEqual("enable-foo enable-bar", convert.to_flags(features))
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/pillar/paas/docker/docker-002/penpot.sls b/pillar/paas/docker/docker-002/penpot.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/penpot.sls
@@ -0,0 +1,87 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Penpot
+# -------------------------------------------------------------
+
+docker_networks:
+ penpot:
+ subnet: 172.21.2.0/24
+
+docker_images:
+ - penpotapp/backend
+ - penpotapp/frontend
+ - penpotapp/exporter
+
+docker_containers:
+
+ #
+ # Core services used by Penpot
+ #
+
+ exim:
+ penpot_smtp:
+ mailname: mx.design.nasqueron.org
+ network: penpot
+
+ postgresql:
+ penpot_db:
+ network: penpot
+ version: 15
+ credential: nasqueron/penpot/postgresql
+ db: penpot
+ initdb_args: --data-checksums
+
+ redis:
+ penpot_redis:
+ version: 7
+
+ #
+ # Penpot applications
+ #
+
+ penpot_backend:
+ penpot_backend:
+ realm: penpot
+ network: penpot
+ host: design.nasqueron.org
+ db:
+ uri: postgresql://penpot_db/penpot
+ services:
+ postgresql: penpot_db
+ redis: penpot_redis
+ smtp: penpot_smtp
+ credentials:
+ github: nasqueron/penpot/github
+ postgresql: nasqueron/penpot/postgresql
+ secret_key: nasqueron/penpot/secret_key
+ features: &features
+ # Features relevant for both frontend and backend
+ - registration
+ - login-with-password
+ - login-with-github
+ - secure-session-cookies
+ - webhooks
+
+ # Features specific to the backend
+ - prepl-server
+ - smtp
+
+ penpot_exporter:
+ penpot_exporter:
+ realm: penpot
+ network: penpot
+ frontend: penpot_frontend
+
+ penpot_frontend:
+ penpot_frontend:
+ realm: penpot
+ network: penpot
+ host: design.nasqueron.org
+ services:
+ backend: penpot_backend
+ exporter: penpot_exporter
+ app_port: 17080
+ features: *features
diff --git a/roles/paas-docker/containers/penpot_backend.sls b/roles/paas-docker/containers/penpot_backend.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_backend.sls
@@ -0,0 +1,79 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
+{% set containers = pillar["docker_containers"] %}
+
+{% for instance, container in containers["penpot-backend"].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ container["realm"] }}/assets:
+ file.directory:
+ - makedirs: True
+
+{% if has_selinux %}
+selinux_context_openfire_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ container["realm"] }}
+ - sel_type: container_file_t
+
+selinux_context_openfire_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ container["realm"] }}
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% set flags = salt["convert.to_flags"](container["features"]) %}
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/backend
+ - networks:
+ - {{ container["network"] }}
+ - binds: /srv/{{ container["realm"] }}/assets:/opt/data/assets
+ - environment:
+ PENPOT_FLAGS: {{ flags }}
+ PENPOT_SECRET_KEY: {{ salt["credentials.get_username"](container["credentials"]["secret_key"])
+
+ PENPOT_PREPL_HOST: 0.0.0.0
+ PENPOT_PUBLIC_URI: https://{{ container["host"] }}
+
+ PENPOT_DATABASE_URI: postgresql://{{ container["services"]["postgresql"] }}/penpot
+ PENPOT_DATABASE_USERNAME: {{ salt["credentials.get_username"](container["credentials"]["postgresql"]) }}
+ PENPOT_DATABASE_PASSWORD: {{ salt["credentials.get_password"](container["credentials"]["postgresql"]) }}
+
+ PENPOT_REDIS_URI: redis://{{ container["services"]["redis"] }}/0
+
+ PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
+ PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets
+
+ # Our privacy policy explicitly states we don't transfer data
+ # to third parties.
+ PENPOT_TELEMETRY_ENABLED: "false"
+
+ {% if "smtp" in container["features"] %}
+ PENPOT_SMTP_HOST: {{ container["services"]["smtp"] }}
+ PENPOT_SMTP_PORT: 25
+ PENPOT_SMTP_TLS: "false"
+ {% else %}
+ PENPOT_SMTP_DEFAULT_FROM: no-reply@{{ container["host"] }}
+ PENPOT_SMTP_DEFAULT_REPLY_TO: no-reply@{{ container["host"] }}
+
+ {% if "login-with-github" in container["features"] %}
+ PENPOT_GITHUB_CLIENT_ID: {{ salt["credentials.get_username"](container["credentials"]["github"]) }}
+ PENPOT_GITHUB_CLIENT_SECRET: {{ salt["credentials.get_password"](container["credentials"]["github"]) }}
+ {% endif %}
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/penpot_exporter.sls b/roles/paas-docker/containers/penpot_exporter.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_exporter.sls
@@ -0,0 +1,27 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar["docker_containers"] %}
+
+{% for instance, container in containers["penpot-exporter"].items() %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/exporter
+ - networks:
+ - {{ container["network"] }}
+ - binds: /srv/{{ container["realm"] }}/assets/data:/opt/data
+ - environment:
+ - PENPOT_PUBLIC_URI: http://{{ container["frontend"] }}
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/penpot_frontend.sls b/roles/paas-docker/containers/penpot_frontend.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_frontend.sls
@@ -0,0 +1,41 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar["docker_containers"] %}
+
+{% for instance, container in containers["penpot-frontend"].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# This is defined in penpot_backend.sls
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% set flags = salt["convert.to_flags"](container["features"]) %}
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/frontend
+ - networks:
+ - {{ container["network"] }}
+ - binds: /srv/{{ container["realm"] }}/assets:/opt/data/assets
+ - environment:
+ PENPOT_BACKEND_URI: http://{{ container["services"]["backend"] }}
+ PENPOT_EXPORTER_URI: http://{{ container["services"]["exporter"] }}
+ PENPOT_FLAGS: {{ flags }}
+ - ports:
+ - 80
+ - port_bindings:
+ - {{ container["app_port"] }}:80
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/postgresql.sls b/roles/paas-docker/containers/postgresql.sls
--- a/roles/paas-docker/containers/postgresql.sls
+++ b/roles/paas-docker/containers/postgresql.sls
@@ -47,6 +47,15 @@
- environment:
POSTGRES_USER: {{ salt['credentials.get_username'](container['credential']) }}
POSTGRES_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
+
+ {% if 'db' in container %}
+ POSTGRES_DB: {{ container['db'] }}
+ {% endif %}
+
+ {% if 'initdb_args' in container %}
+ POSTGRES_INITDB_ARGS: {{ container['initdb_args'] }}
+ {% endif %}
+
{% if 'network' in container %}
- networks:
- {{ container['network'] }}
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
--- a/roles/paas-docker/nginx/config.sls
+++ b/roles/paas-docker/nginx/config.sls
@@ -64,7 +64,7 @@
{% for service, instances in containers.items() %}
{% for instance, container in instances.items() %}
-{% if 'host' in container %}
+{% if 'host' in container and 'app_port' in container %}
{{ dirs.etc }}/nginx/vhosts/{{ service }}/{{ instance }}.conf:
file.managed:

File Metadata

Mime Type
text/plain
Expires
Wed, Nov 6, 18:03 (16 h, 29 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2232156
Default Alt Text
D2597.id7567.diff (10 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator