This repository has been archived by the owner on Oct 29, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add discourse to gitops mangment using tailscale-ssh-deploy
- Loading branch information
Showing
5 changed files
with
320 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
name: deploy-discourse | ||
|
||
on: | ||
push: | ||
paths: | ||
- '.github/workflows/discourse.yml' | ||
- 'discourse/db.yml' | ||
branches: [main] | ||
workflow_dispatch: | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Tailscale | ||
uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd | ||
with: | ||
oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }} | ||
oauth-secret: ${{ secrets.TAILSCALE_SECRET }} | ||
tags: tag:deploy-ci | ||
hostname: Github-actions | ||
version: ${{ vars.TAILSCALE_VERSION }} | ||
|
||
- name: Add secrets to config files | ||
env: | ||
DISCOURSE_SMTP_PASSWORD: ${{ secrets.DISCOURSE_SMTP_PASSWORD }} | ||
DISCOURSE_DB_PASSWORD: ${{ secrets.DISCOURSE_DB_PASSWORD }} | ||
DISCOURSE_MAXMIND_LICENSE_KEY: ${{ secrets.DISCOURSE_MAXMIND_LICENSE_KEY }} | ||
DISCOURSE_S3_ENDPOINT: ${{ secrets.DISCOURSE_S3_ENDPOINT }} | ||
DISCOURSE_S3_SECRET_ACCESS_KEY: ${{ secrets.DISCOURSE_S3_SECRET_ACCESS_KEY }} | ||
DISCOURSE_S3_ACCESS_KEY_ID: ${{ secrets.DISCOURSE_S3_ACCESS_KEY_ID }} | ||
run: | | ||
sed -i "s|(DISCOURSE_SMTP_PASSWORD)|$DISCOURSE_SMTP_PASSWORD|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_DB_PASSWORD)|$DISCOURSE_DB_PASSWORD|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_MAXMIND_LICENSE_KEY)|$DISCOURSE_MAXMIND_LICENSE_KEY|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_S3_ENDPOINT)|$DISCOURSE_S3_ENDPOINT|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_S3_SECRET_ACCESS_KEY)|$DISCOURSE_S3_SECRET_ACCESS_KEY|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_S3_ACCESS_KEY_ID)|$DISCOURSE_S3_ACCESS_KEY_ID|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_DB_PASSWORD)|$DISCOURSE_DB_PASSWORD|g" $GITHUB_WORKSPACE/discourse/db.yml | ||
- name: Start Deployment | ||
uses: FarisZR/Tailscale-ssh-deploy@master | ||
with: | ||
remote_host: ${{ secrets.server_address }} | ||
directory: discourse | ||
args: -p caddy up -d --remove-orphans | ||
post_upload_command: /home/aosus/discourse/launcher rebuild db | ||
remote_destination: /home/aosus/discourse/containers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
name: deploy-discourse | ||
|
||
on: | ||
push: | ||
paths: | ||
- '.github/workflows/discourse.yml' | ||
- 'discourse/app.yml' | ||
branches: [main] | ||
workflow_dispatch: | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Tailscale | ||
uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd | ||
with: | ||
oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }} | ||
oauth-secret: ${{ secrets.TAILSCALE_SECRET }} | ||
tags: tag:deploy-ci | ||
hostname: Github-actions | ||
version: ${{ vars.TAILSCALE_VERSION }} | ||
|
||
- name: Add secrets to config files | ||
env: | ||
DISCOURSE_SMTP_PASSWORD: ${{ secrets.DISCOURSE_SMTP_PASSWORD }} | ||
DISCOURSE_DB_PASSWORD: ${{ secrets.DISCOURSE_DB_PASSWORD }} | ||
DISCOURSE_MAXMIND_LICENSE_KEY: ${{ secrets.DISCOURSE_MAXMIND_LICENSE_KEY }} | ||
DISCOURSE_S3_ENDPOINT: ${{ secrets.DISCOURSE_S3_ENDPOINT }} | ||
DISCOURSE_S3_SECRET_ACCESS_KEY: ${{ secrets.DISCOURSE_S3_SECRET_ACCESS_KEY }} | ||
DISCOURSE_S3_ACCESS_KEY_ID: ${{ secrets.DISCOURSE_S3_ACCESS_KEY_ID }} | ||
run: | | ||
sed -i "s|(DISCOURSE_SMTP_PASSWORD)|$DISCOURSE_SMTP_PASSWORD|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_DB_PASSWORD)|$DISCOURSE_DB_PASSWORD|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_MAXMIND_LICENSE_KEY)|$DISCOURSE_MAXMIND_LICENSE_KEY|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_S3_ENDPOINT)|$DISCOURSE_S3_ENDPOINT|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_S3_SECRET_ACCESS_KEY)|$DISCOURSE_S3_SECRET_ACCESS_KEY|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_S3_ACCESS_KEY_ID)|$DISCOURSE_S3_ACCESS_KEY_ID|g" $GITHUB_WORKSPACE/discourse/app.yml | ||
sed -i "s|(DISCOURSE_DB_PASSWORD)|$DISCOURSE_DB_PASSWORD|g" $GITHUB_WORKSPACE/discourse/db.yml | ||
- name: Start Deployment | ||
uses: FarisZR/Tailscale-ssh-deploy@master | ||
with: | ||
remote_host: ${{ secrets.server_address }} | ||
directory: discourse | ||
args: -p caddy up -d --remove-orphans | ||
post_upload_command: /home/aosus/discourse/launcher rebuild app | ||
remote_destination: /home/aosus/discourse/containers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
discourse.aosus.org { | ||
header { | ||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" | ||
} | ||
handle_errors { | ||
# handle_errors is only triggerd on erros from Caddy and not the proxy, that's why we don't specifiy any errors here. | ||
rewrite * /proxy_error_page.html | ||
file_server { | ||
root /srv/ | ||
} | ||
} | ||
reverse_proxy app:80 | ||
encode zstd gzip | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
# IMPORTANT: SET A SECRET PASSWORD in Postgres for the Discourse User | ||
# TODO: change SOME_SECRET in this template | ||
|
||
templates: | ||
- "templates/web.template.yml" | ||
- "templates/web.ratelimited.template.yml" | ||
- "templates/web.ipv6.template.yml" | ||
## Uncomment these two lines if you wish to add Lets Encrypt (https) | ||
#- "templates/web.ssl.template.yml" | ||
#- "templates/web.letsencrypt.ssl.template.yml" | ||
|
||
## which TCP/IP ports should this container expose? | ||
## If you want Discourse to share a port with another webserver like Apache or nginx, | ||
## see https://meta.discourse.org/t/17247 for details | ||
expose: | ||
# - "8000:80" # http | ||
# - "443:443" # https | ||
|
||
# Use 'links' key to link containers together, aka use Docker --link flag. | ||
# links: | ||
# - link: | ||
# name: data | ||
# alias: data | ||
# - link: | ||
# name: nginx | ||
# alias: nginx | ||
|
||
# any extra arguments for Docker? | ||
docker_args: | ||
- '--network discourse' | ||
# - '--label com.centurylinklabs.watchtower.enable=false' | ||
params: | ||
## Which Git revision should this container use? (default: tests-passed) | ||
#version: stable | ||
|
||
env: | ||
LC_ALL: en_US.UTF-8 | ||
LANG: en_US.UTF-8 | ||
LANGUAGE: en_US.UTF-8 | ||
DISCOURSE_DEFAULT_LOCALE: ar | ||
|
||
## How many concurrent web requests are supported? Depends on memory and CPU cores. | ||
## will be set automatically by bootstrap based on detected CPUs, or you can override | ||
UNICORN_WORKERS: 12 | ||
|
||
## TODO: The domain name this Discourse instance will respond to | ||
DISCOURSE_HOSTNAME: 'discourse.aosus.org' | ||
|
||
## Uncomment if you want the container to be started with the same | ||
## hostname (-h option) as specified above (default "$hostname-$config") | ||
#DOCKER_USE_HOSTNAME: true | ||
|
||
## TODO: List of comma delimited emails that will be made admin and developer | ||
## on initial signup example '[email protected],[email protected]' | ||
DISCOURSE_DEVELOPER_EMAILS: '[email protected]' | ||
|
||
## TODO: The SMTP mail server used to validate new accounts and send notifications | ||
# SMTP ADDRESS, username, and password are required | ||
# WARNING the char '#' in SMTP password can cause problems! | ||
# DISCOURSE_SMTP_ADDRESS: smtp.email.me-jeddah-1.oci.oraclecloud.com | ||
# DISCOURSE_SMTP_PORT: 587 | ||
# DISCOURSE_SMTP_USER_NAME: "ocid1.user.oc1..aaaaaaaawotk2inxqyojzscjifrty4d27mjxuoxq3wwhnl5s76xubp7g4rja@ocid1.tenancy.oc1..aaaaaaaamsnkmv7r7ge76cjtcyusdpfyl77loyjfw7epb6rkmqdyz5vlknkq.rf.com" | ||
# DISCOURSE_SMTP_PASSWORD: "(Xxk$786>Yj;vZA(xeNP" | ||
# DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true) | ||
# DISCOURSE_SMTP_DOMAIN: discourse.aosus.org # (required by some providers) | ||
# DISCOURSE_NOTIFICATION_EMAIL: [email protected] # (address to send notifications from) | ||
|
||
DISCOURSE_SMTP_ADDRESS: mail.cups-1.aosus.org | ||
DISCOURSE_SMTP_PORT: 587 | ||
DISCOURSE_SMTP_USER_NAME: "[email protected]" | ||
DISCOURSE_SMTP_PASSWORD: "(DISCOURSE_SMTP_PASSWORD)" | ||
DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true) | ||
DISCOURSE_SMTP_DOMAIN: discourse.aosus.org # (required by some providers) | ||
DISCOURSE_NOTIFICATION_EMAIL: [email protected] # (address to send notifications from) | ||
## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate | ||
#LETSENCRYPT_ACCOUNT_EMAIL: [email protected] | ||
|
||
## TODO: configure connectivity to the databases | ||
DISCOURSE_DB_SOCKET: '5432' | ||
DISCOURSE_DB_USERNAME: discourse | ||
DISCOURSE_DB_PASSWORD: (DISCOURSE_DB_PASSWORD) | ||
DISCOURSE_DB_HOST: db | ||
DISCOURSE_REDIS_HOST: db | ||
|
||
## The http or https CDN address for this Discourse instance (configured to pull) | ||
## see https://meta.discourse.org/t/14857 for details | ||
#DISCOURSE_CDN_URL: https://discourse-cdn.example.com | ||
|
||
## The maxmind geolocation IP address key for IP address lookup | ||
## see https://meta.discourse.org/t/-/137387/23 for details | ||
DISCOURSE_MAXMIND_LICENSE_KEY: (DISCOURSE_MAXMIND_LICENSE_KEY) | ||
|
||
DISCOURSE_USE_S3: true | ||
DISCOURSE_S3_REGION: "us-east-1" | ||
DISCOURSE_S3_INSTALL_CORS_RULE: true | ||
#DISCOURSE_S3_CONFIGURE_TOMBSTONE_POLICY: false | ||
DISCOURSE_S3_ENDPOINT: (DISCOURSE_S3_ENDPOINT) | ||
DISCOURSE_S3_ACCESS_KEY_ID: (DISCOURSE_S3_ACCESS_KEY_ID) | ||
DISCOURSE_S3_SECRET_ACCESS_KEY: (DISCOURSE_S3_SECRET_ACCESS_KEY) | ||
DISCOURSE_S3_CDN_URL: https://cdn-cf-discourse.aosus.org | ||
DISCOURSE_S3_BUCKET: discourse-cdn | ||
DISCOURSE_S3_BACKUP_BUCKET: discourse-backups | ||
DISCOURSE_BACKUP_LOCATION: s3 | ||
|
||
|
||
volumes: | ||
- volume: | ||
host: /home/aosus/discourse-data/app | ||
guest: /shared | ||
- volume: | ||
host: /home/aosus/discourse-data/app/log/var-log | ||
guest: /var/log | ||
|
||
## Plugins go here | ||
## see https://meta.discourse.org/t/19157 for details | ||
hooks: | ||
# required for S3 | ||
after_assets_precompile: | ||
- exec: | ||
cd: $home | ||
cmd: | ||
- sudo -E -u discourse bundle exec rake s3:upload_assets | ||
- sudo -E -u discourse bundle exec rake s3:expire_missing_assets | ||
after_code: | ||
- exec: | ||
cd: $home/plugins | ||
cmd: | ||
- git clone https://github.com/discourse/docker_manager.git | ||
- git clone https://github.com/discourse/discourse-reactions | ||
- git clone https://github.com/discourse/discourse-category-experts | ||
- git clone https://github.com/discourse/discourse-solved | ||
#- git clone https://github.com/davidtaylorhq/discourse-telegram-notifications | ||
- git clone https://github.com/discourse/discourse-chat-integration | ||
- git clone https://github.com/discourse/discourse-math | ||
- git clone https://github.com/discourse/discourse-linkedin-auth # Linkedin Auth | ||
- git clone https://github.com/discourse/discourse-gamification # Gamification | ||
- git clone https://github.com/discourse/discourse-yearly-review # yearly review | ||
- git clone https://github.com/paviliondev/discourse-legal-tools # GDPR data export and so on | ||
# - git clone https://github.com/discourse/discourse-google-one-tap # Google one tap login | ||
|
||
## Remember, this is YAML syntax - you can only have one block with a name | ||
run: | ||
- exec: echo "Beginning of custom commands" | ||
|
||
## If you want to configure password login for root, uncomment and change: | ||
## Use only one of the following lines: | ||
#- exec: /usr/sbin/usermod -p 'PASSWORD_HASH' root | ||
#- exec: /usr/sbin/usermod -p "$(mkpasswd -m sha-256 'RAW_PASSWORD')" root | ||
|
||
## If you want to authorized additional users, uncomment and change: | ||
#- exec: ssh-import-id username | ||
#- exec: ssh-import-id anotherusername | ||
|
||
- exec: echo "End of custom commands" | ||
- exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
# A container for all things Data, be sure to set a secret password for | ||
# discourse account, SOME_SECRET is just an example | ||
# | ||
|
||
templates: | ||
- "templates/postgres.template.yml" | ||
- "templates/redis.template.yml" | ||
|
||
# any extra arguments for Docker? | ||
docker_args: | ||
- '--network discourse' | ||
|
||
params: | ||
db_default_text_search_config: "pg_catalog.arabic" | ||
|
||
## Set db_shared_buffers to a max of 25% of the total memory. | ||
## will be set automatically by bootstrap based on detected RAM, or you can override | ||
#db_shared_buffers: "8GB" | ||
|
||
## can improve sorting performance, but adds memory usage per-connection | ||
db_work_mem: "80MB" | ||
|
||
env: | ||
# ensure locale exists in container, you may need to install it | ||
LC_ALL: en_US.UTF-8 | ||
LANG: en_US.UTF-8 | ||
LANGUAGE: en_US.UTF-8 | ||
|
||
volumes: | ||
- volume: | ||
host: /home/aosus/discourse-data/postgresql | ||
guest: /shared | ||
- volume: | ||
host: /home/aosus/discourse-data/postgresql/log/var-log | ||
guest: /var/log | ||
|
||
# TODO: SOME_SECRET to a password for the discourse user | ||
hooks: | ||
after_postgres: | ||
- exec: | ||
stdin: | | ||
alter user discourse with password '(DISCOURSE_DB_PASSWORD)'; | ||
cmd: su - postgres -c 'psql discourse' | ||
|
||
raise_on_fail: false |