Page MenuHomeDevCentral

D2597.id7564.diff
No OneTemporary

D2597.id7564.diff

diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -17,6 +17,7 @@
paas-docker
5000 Docker registry HTTP
9090 Openfire HTTP
+ 17080 Penpot
19080 Nasqueron API - Datasources
20080 Nasqueron API - Docker registry API
22220 Phabricator Aphlict (client)
diff --git a/pillar/paas/docker/docker-002/penpot.sls b/pillar/paas/docker/docker-002/penpot.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/penpot.sls
@@ -0,0 +1,56 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Penpot
+# -------------------------------------------------------------
+
+docker_networks:
+ penpot:
+ subnet: 172.21.2.0/24
+
+docker_images:
+ - penpotapp/backend
+ - penpotapp/frontend
+ - penpotapp/exporter
+
+docker_containers:
+ postgresql:
+ penpot_db:
+ network: penpot
+ version: 13
+ credential: nasqueron/penpot/postgresql
+ db: penpot
+ initdb_args: --data-checksums
+
+ redis:
+ penpot_redis:
+ version: 6
+
+ penpot_backend:
+ penpot_backend:
+ service: penpot
+ network: penpot
+ host: design.nasqueron.org
+ db:
+ uri: postgresql://penpot_db/penpot
+ credential: nasqueron/penpot/postgresql
+ redis:
+ uri: redis://penpot_redis/0
+ login: &nasqueronPenpotLogin
+ github: nasqueron/penpot/github
+
+ penpot_exporter:
+ penpot_exporter:
+ service: penpot
+ network: penpot
+ frontend: http://penpot_frontend
+
+ penpot_frontend:
+ penpot_frontend:
+ service: penpot
+ network: penpot
+ host: design.nasqueron.org
+ app_port: 17080
+ login: *nasqueronPenpotLogin
diff --git a/roles/paas-docker/containers/penpot_backend.sls b/roles/paas-docker/containers/penpot_backend.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_backend.sls
@@ -0,0 +1,79 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set containers = pillar['docker_containers'] %}
+
+{% for instance, container in containers['penpot-backend'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ container['service'] }}/assets/data:
+ file.directory:
+ - makedirs: True
+
+{% if has_selinux %}
+selinux_context_openfire_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ container['service'] }}
+ - sel_type: container_file_t
+
+selinux_context_openfire_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ container['service'] }}
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/backend
+ - networks:
+ - {{ container['network'] }}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ PENPOT_PUBLIC_URI: https://{{ container['host'] }}
+ PENPOT_HTTP_SERVER_HOST: 0.0.0.0
+
+ PENPOT_DATABASE_URI: {{ container['db']['uri'] }}
+ PENPOT_DATABASE_USERNAME: {{ salt['credentials.get_username'](container['db']['credential']) }}
+ PENPOT_DATABASE_PASSWORD: {{ salt['credentials.get_password'](container['db']['credential']) }}
+
+ PENPOT_REDIS_URI: {{ container['redis']['uri'] }}
+
+ ASSETS_STORAGE_BACKEND: assets-fs
+ PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets
+
+ # Our privacy policy explicitly states we don't transfer data
+ # to third parties.
+ PENPOT_TELEMETRY_ENABLED: "false"
+
+ {% if "smtp" in container %}
+ PENPOT_SMTP_ENABLED: "true"
+ PENPOT_SMTP_HOST: {{ container['smtp']['host'] }}
+ PENPOT_SMTP_PORT: {{ container['smtp']['port'] }}
+ PENPOT_SMTP_USERNAME: {{ salt['credentials.get_username'](container['smtp']['credential']) }}
+ PENPOT_SMTP_PASSWORD: {{ salt['credentials.get_password'](container['smtp']['credential']) }}
+ PENPOT_SMTP_TLS: {{ container['smtp']['tls'] | default("true") }}
+ {% else %}
+ PENPOT_SMTP_ENABLED: "false"
+ {% endif %}
+ PENPOT_SMTP_DEFAULT_FROM: no-reply@{{ container['host'] }}
+ PENPOT_SMTP_DEFAULT_REPLY_TO: no-reply@{{ container['host'] }}
+
+ {% if 'github' in container['login'] %}
+ PENPOT_GITHUB_CLIENT_ID: {{ salt['credentials.get_username'](container['login']['github']) }}
+ PENPOT_GITHUB_CLIENT_SECRET: {{ salt['credentials.get_password'](container['login']['github']) }}
+ {% endif %}
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/penpot_exporter.sls b/roles/paas-docker/containers/penpot_exporter.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_exporter.sls
@@ -0,0 +1,27 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar['docker_containers'] %}
+
+{% for instance, container in containers['penpot-exporter'].items() %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/exporter
+ - networks:
+ - {{ container['network'] }}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ - PENPOT_PUBLIC_URI: {{ container['frontend'] }}
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/penpot_frontend.sls b/roles/paas-docker/containers/penpot_frontend.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_frontend.sls
@@ -0,0 +1,41 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar['docker_containers'] %}
+
+{% for instance, container in containers['penpot-frontend'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# This is defined in penpot_backend.sls
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/frontend
+ - networks:
+ - {{ container['network'] }}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ {% if 'github' in container['login'] %}
+ PENPOT_GITHUB_CLIENT_ID: {{ salt['credentials.get_username'](container['login']['github']) }}
+ {% endif %}
+ PENPOT_REGISTRATION_ENABLED: "true"
+ PENPOT_FLAGS: enable-registration
+ - ports:
+ - 80
+ - port_bindings:
+ - {{ container['app_port'] }}:80
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/postgresql.sls b/roles/paas-docker/containers/postgresql.sls
--- a/roles/paas-docker/containers/postgresql.sls
+++ b/roles/paas-docker/containers/postgresql.sls
@@ -47,6 +47,15 @@
- environment:
POSTGRES_USER: {{ salt['credentials.get_username'](container['credential']) }}
POSTGRES_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
+
+ {% if 'db' in container %}
+ POSTGRES_DB: {{ container['db'] }}
+ {% endif %}
+
+ {% if 'initdb_args' in container %}
+ POSTGRES_INITDB_ARGS: {{ container['initdb_args'] }}
+ {% endif %}
+
{% if 'network' in container %}
- networks:
- {{ container['network'] }}
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
--- a/roles/paas-docker/nginx/config.sls
+++ b/roles/paas-docker/nginx/config.sls
@@ -64,7 +64,7 @@
{% for service, instances in containers.items() %}
{% for instance, container in instances.items() %}
-{% if 'host' in container %}
+{% if 'host' in container and 'app_port' in container %}
{{ dirs.etc }}/nginx/vhosts/{{ service }}/{{ instance }}.conf:
file.managed:

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 22, 20:55 (11 h, 13 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2256476
Default Alt Text
D2597.id7564.diff (9 KB)

Event Timeline