Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3763143
D2597.id7564.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
9 KB
Referenced Files
None
Subscribers
None
D2597.id7564.diff
View Options
diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -17,6 +17,7 @@
paas-docker
5000 Docker registry HTTP
9090 Openfire HTTP
+ 17080 Penpot
19080 Nasqueron API - Datasources
20080 Nasqueron API - Docker registry API
22220 Phabricator Aphlict (client)
diff --git a/pillar/paas/docker/docker-002/penpot.sls b/pillar/paas/docker/docker-002/penpot.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/penpot.sls
@@ -0,0 +1,56 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Penpot
+# -------------------------------------------------------------
+
+docker_networks:
+ penpot:
+ subnet: 172.21.2.0/24
+
+docker_images:
+ - penpotapp/backend
+ - penpotapp/frontend
+ - penpotapp/exporter
+
+docker_containers:
+ postgresql:
+ penpot_db:
+ network: penpot
+ version: 13
+ credential: nasqueron/penpot/postgresql
+ db: penpot
+ initdb_args: --data-checksums
+
+ redis:
+ penpot_redis:
+ version: 6
+
+ penpot_backend:
+ penpot_backend:
+ service: penpot
+ network: penpot
+ host: design.nasqueron.org
+ db:
+ uri: postgresql://penpot_db/penpot
+ credential: nasqueron/penpot/postgresql
+ redis:
+ uri: redis://penpot_redis/0
+ login: &nasqueronPenpotLogin
+ github: nasqueron/penpot/github
+
+ penpot_exporter:
+ penpot_exporter:
+ service: penpot
+ network: penpot
+ frontend: http://penpot_frontend
+
+ penpot_frontend:
+ penpot_frontend:
+ service: penpot
+ network: penpot
+ host: design.nasqueron.org
+ app_port: 17080
+ login: *nasqueronPenpotLogin
diff --git a/roles/paas-docker/containers/penpot_backend.sls b/roles/paas-docker/containers/penpot_backend.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_backend.sls
@@ -0,0 +1,79 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set containers = pillar['docker_containers'] %}
+
+{% for instance, container in containers['penpot-backend'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ container['service'] }}/assets/data:
+ file.directory:
+ - makedirs: True
+
+{% if has_selinux %}
+selinux_context_openfire_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ container['service'] }}
+ - sel_type: container_file_t
+
+selinux_context_openfire_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ container['service'] }}
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/backend
+ - networks:
+ - {{ container['network'] }}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ PENPOT_PUBLIC_URI: https://{{ container['host'] }}
+ PENPOT_HTTP_SERVER_HOST: 0.0.0.0
+
+ PENPOT_DATABASE_URI: {{ container['db']['uri'] }}
+ PENPOT_DATABASE_USERNAME: {{ salt['credentials.get_username'](container['db']['credential']) }}
+ PENPOT_DATABASE_PASSWORD: {{ salt['credentials.get_password'](container['db']['credential']) }}
+
+ PENPOT_REDIS_URI: {{ container['redis']['uri'] }}
+
+ ASSETS_STORAGE_BACKEND: assets-fs
+ PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets
+
+ # Our privacy policy explicitly states we don't transfer data
+ # to third parties.
+ PENPOT_TELEMETRY_ENABLED: "false"
+
+ {% if "smtp" in container %}
+ PENPOT_SMTP_ENABLED: "true"
+ PENPOT_SMTP_HOST: {{ container['smtp']['host'] }}
+ PENPOT_SMTP_PORT: {{ container['smtp']['port'] }}
+ PENPOT_SMTP_USERNAME: {{ salt['credentials.get_username'](container['smtp']['credential']) }}
+ PENPOT_SMTP_PASSWORD: {{ salt['credentials.get_password'](container['smtp']['credential']) }}
+ PENPOT_SMTP_TLS: {{ container['smtp']['tls'] | default("true") }}
+ {% else %}
+ PENPOT_SMTP_ENABLED: "false"
+ {% endif %}
+ PENPOT_SMTP_DEFAULT_FROM: no-reply@{{ container['host'] }}
+ PENPOT_SMTP_DEFAULT_REPLY_TO: no-reply@{{ container['host'] }}
+
+ {% if 'github' in container['login'] %}
+ PENPOT_GITHUB_CLIENT_ID: {{ salt['credentials.get_username'](container['login']['github']) }}
+ PENPOT_GITHUB_CLIENT_SECRET: {{ salt['credentials.get_password'](container['login']['github']) }}
+ {% endif %}
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/penpot_exporter.sls b/roles/paas-docker/containers/penpot_exporter.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_exporter.sls
@@ -0,0 +1,27 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar['docker_containers'] %}
+
+{% for instance, container in containers['penpot-exporter'].items() %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/exporter
+ - networks:
+ - {{ container['network'] }}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ - PENPOT_PUBLIC_URI: {{ container['frontend'] }}
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/penpot_frontend.sls b/roles/paas-docker/containers/penpot_frontend.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot_frontend.sls
@@ -0,0 +1,41 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar['docker_containers'] %}
+
+{% for instance, container in containers['penpot-frontend'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# This is defined in penpot_backend.sls
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/frontend
+ - networks:
+ - {{ container['network'] }}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ {% if 'github' in container['login'] %}
+ PENPOT_GITHUB_CLIENT_ID: {{ salt['credentials.get_username'](container['login']['github']) }}
+ {% endif %}
+ PENPOT_REGISTRATION_ENABLED: "true"
+ PENPOT_FLAGS: enable-registration
+ - ports:
+ - 80
+ - port_bindings:
+ - {{ container['app_port'] }}:80
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/postgresql.sls b/roles/paas-docker/containers/postgresql.sls
--- a/roles/paas-docker/containers/postgresql.sls
+++ b/roles/paas-docker/containers/postgresql.sls
@@ -47,6 +47,15 @@
- environment:
POSTGRES_USER: {{ salt['credentials.get_username'](container['credential']) }}
POSTGRES_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
+
+ {% if 'db' in container %}
+ POSTGRES_DB: {{ container['db'] }}
+ {% endif %}
+
+ {% if 'initdb_args' in container %}
+ POSTGRES_INITDB_ARGS: {{ container['initdb_args'] }}
+ {% endif %}
+
{% if 'network' in container %}
- networks:
- {{ container['network'] }}
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
--- a/roles/paas-docker/nginx/config.sls
+++ b/roles/paas-docker/nginx/config.sls
@@ -64,7 +64,7 @@
{% for service, instances in containers.items() %}
{% for instance, container in instances.items() %}
-{% if 'host' in container %}
+{% if 'host' in container and 'app_port' in container %}
{{ dirs.etc }}/nginx/vhosts/{{ service }}/{{ instance }}.conf:
file.managed:
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Fri, Nov 22, 20:55 (11 h, 13 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2256476
Default Alt Text
D2597.id7564.diff (9 KB)
Attached To
Mode
D2597: Deploy Penpot
Attached
Detach File
Event Timeline
Log In to Comment