Page MenuHomeDevCentral
Files F7641567

D2597.id6553.diff
No OneTemporary
Actions

D2597.id6553.diff
View Options

diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -40,4 +40,5 @@
43080 Hauk
44080 Hound
# 45080 should be reserved for OpenGrok to compare with Hound
+ 46080 Penpot
50000 Jenkins master's port for JNLP-based Jenkins agents - CD
diff --git a/pillar/credentials/zr.sls b/pillar/credentials/zr.sls
--- a/pillar/credentials/zr.sls
+++ b/pillar/credentials/zr.sls
@@ -47,6 +47,11 @@
admin: 163
dashboards: 164
+ # design.nasqueron.org
+ penpot:
+ github: 175
+ postgresql: 176
+
# photos.nasqueron.org
pixelfed:
mysql: 142
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -27,6 +27,11 @@
# Core services
- nasqueron/mysql:5.7
+ # Penpot
+ - penpotapp/backend
+ - penpotapp/frontend
+ - penpotapp/exporter
+
docker-001:
# Core services
- library/postgres
@@ -80,6 +85,8 @@
dwellers:
bugzilla:
subnet: 172.21.3.0/24
+ penpot:
+ subnet: 172.21.4.0/24
docker-001:
cd:
subnet: 172.18.1.0/24
@@ -146,6 +153,18 @@
network: bugzilla
version: 5.7
+ postgresql:
+ penpot-db:
+ network: penpot
+ version: 13
+ credential: nasqueron.penpot.postgresql
+ db: penpot
+ initdb_args: --data-checksums
+
+ redis:
+ penpot-redis:
+ version: 6
+
#
# Bugzilla
#
@@ -160,6 +179,35 @@
db: EspaceWin_Bugs
credential: espacewin.bugzilla.mysql
+ #
+ # Penpot
+ #
+
+ penpot-backend:
+ penpot-backend:
+ service: penpot
+ network: penpot
+ db:
+ uri: postgresql://penpot-db/penpot
+ credential: nasqueron.penpot.postgresql
+ redis:
+ uri: redis://penpot-redis/0
+ login: &nasqueronPenpotLogin
+ github: nasqueron.penpot.github
+
+ penpot-exporter:
+ penpot-exporter:
+ service: penpot
+ network: penpot
+ frontend: http://penpot-frontend
+
+ penpot-frontend:
+ penpot-frontend:
+ service: penpot
+ network: penpot
+ app_port: 46080
+ login: *nasqueronPenpotLogin
+
#
# Mastodon
#
diff --git a/roles/paas-docker/containers/penpot-backend.sls b/roles/paas-docker/containers/penpot-backend.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot-backend.sls
@@ -0,0 +1,79 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set containers = pillar['docker_containers'][grains['id']] %}
+
+{% for instance, container in containers['penpot-backend'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ container['service'] }}/assets/data:
+ file.directory:
+ - makedirs: True
+
+{% if has_selinux %}
+selinux_context_openfire_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ container['service'] }}
+ - sel_type: container_file_t
+
+selinux_context_openfire_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ container['service'] }}
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/backend
+ - networks:
+ - {{ container['network']}}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ PENPOT_PUBLIC_URI=https://{{ container['host'] }}
+ PENPOT_HTTP_SERVER_HOST: 0.0.0.0
+
+ PENPOT_DATABASE_URI: {{ container['db']['uri'] }}
+ PENPOT_DATABASE_USERNAME: {{ salt['zr.get_username'](container['db']['credential']) }}
+ PENPOT_DATABASE_PASSWORD: {{ salt['zr.get_password'](container['db']['credential']) }}
+
+ PENPOT_REDIS_URI: {{ container['redis']['uri'] }}
+
+ ASSETS_STORAGE_BACKEND: assets-fs
+ PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets
+
+ # Our privacy policy explicitly states we don't transfer data
+ # to third parties.
+ PENPOT_TELEMETRY_ENABLED: "false"
+
+ {% if "smtp" in container %}
+ PENPOT_SMTP_ENABLED: "true"
+ PENPOT_SMTP_HOST: {{ container['smtp']['host'] }}
+ PENPOT_SMTP_PORT: {{ container['smtp']['port'] }}
+ PENPOT_SMTP_USERNAME: {{ salt['zr.get_username'](container['smtp']['credential']) }}
+ PENPOT_SMTP_PASSWORD: {{ salt['zr.get_password'](container['smtp']['credential']) }}
+ PENPOT_SMTP_TLS: {{ container['smtp']['tls'] | default("true") }}
+ {% else %}
+ PENPOT_SMTP_ENABLED: "false"
+ {% endif %}
+ PENPOT_SMTP_DEFAULT_FROM: no-reply@{{ container['host'] }}
+ PENPOT_SMTP_DEFAULT_REPLY_TO: no-reply@{{ container['host'] }}
+
+ {% if 'github' in container['login'] %}
+ PENPOT_GITHUB_CLIENT_ID: {{ salt['zr.get_username'](container['login']['github']) }}
+ PENPOT_GITHUB_CLIENT_SECRET: {{ salt['zr.get_password'](container['login']['github']) }}
+ {% endif %}
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/penpot-exporter.sls b/roles/paas-docker/containers/penpot-exporter.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot-exporter.sls
@@ -0,0 +1,27 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar['docker_containers'][grains['id']] %}
+
+{% for instance, container in containers['penpot-exporter'].items() %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/exporter
+ - networks:
+ - {{ container['network']}}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ - PENPOT_PUBLIC_URI: {{ instance["frontend"] }}
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/penpot-frontend.sls b/roles/paas-docker/containers/penpot-frontend.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/penpot-frontend.sls
@@ -0,0 +1,41 @@
+# -------------------------------------------------------------
+# Salt — Provision Penpot
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar['docker_containers'][grains['id']] %}
+
+{% for instance, container in containers['penpot-frontend'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# This is defined in penpot-backend.sls
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: penpotapp/frontend
+ - networks:
+ - {{ container['network']}}
+ - binds: /srv/{{ container['service'] }}/assets/data:/opt/data
+ - environment:
+ {% if 'github' in container['login'] %}
+ PENPOT_GITHUB_CLIENT_ID: {{ salt['zr.get_username'](container['login']['github']) }}
+ {% endif %}
+ PENPOT_REGISTRATION_ENABLED: "true"
+ PENPOT_FLAGS: "enable-registration"
+ - ports:
+ - 80
+ - port_bindings:
+ - {{ container['app_port'] }}:80
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/postgresql.sls b/roles/paas-docker/containers/postgresql.sls
--- a/roles/paas-docker/containers/postgresql.sls
+++ b/roles/paas-docker/containers/postgresql.sls
@@ -48,6 +48,13 @@
- environment:
POSTGRES_USER: {{ salt['zr.get_username'](container['credential']) }}
POSTGRES_PASSWORD: {{ salt['zr.get_password'](container['credential']) }}
+ {% if 'db' in container %}
+ POSTGRES_DB: {{ container['db'] }}
+ {% endif %}
+ {% if 'initdb_args' in container %}
+ POSTGRES_INITDB_ARGS: {{ container['initdb_args'] }}
+ {% endif %}
+
{% if 'network' in container %}
- networks:
- {{ container['network'] }}

File Metadata

Mime Type
text/plain
Expires
Thu, May 1, 06:11 (14 h, 41 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2620705
Default Alt Text
D2597.id6553.diff (8 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator