From 54789a53deb9d2db10cd6f128a8b9f82569bc3e2 Mon Sep 17 00:00:00 2001
From: FarisZR <35614734+FarisZR@users.noreply.github.com>
Date: Mon, 21 Oct 2024 22:37:47 +0200
Subject: [PATCH] add gnulinuxsa.org

---
 .github/workflows/gnulinuxsa-wordpress.yml   | 48 ++++++++++++++++++++
 caddy/configs/gnulinuxsa-wordpress.caddyfile | 14 ++++++
 gnulinuxsa-wordpress/custom.ini              |  5 ++
 gnulinuxsa-wordpress/docker-compose.yml      | 42 +++++++++++++++++
 4 files changed, 109 insertions(+)
 create mode 100644 .github/workflows/gnulinuxsa-wordpress.yml
 create mode 100644 caddy/configs/gnulinuxsa-wordpress.caddyfile
 create mode 100644 gnulinuxsa-wordpress/custom.ini
 create mode 100644 gnulinuxsa-wordpress/docker-compose.yml

diff --git a/.github/workflows/gnulinuxsa-wordpress.yml b/.github/workflows/gnulinuxsa-wordpress.yml
new file mode 100644
index 0000000..6d61314
--- /dev/null
+++ b/.github/workflows/gnulinuxsa-wordpress.yml
@@ -0,0 +1,48 @@
+name: deploy-gnulinuxsa-wordpress
+
+on:
+  push:
+    paths:
+      - '.github/workflows/gnulinuxsa-wordpress.yml'
+      - 'gnulinuxsa-wordpress/**'
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: gnulinuxsa.org
+      url: https://gnulinuxsa.org
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Tailscale
+        uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd
+        with:
+          oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TAILSCALE_SECRET }}
+          tags: tag:deploy-ci
+          hostname: Github-actions
+          version: ${{ vars.TAILSCALE_VERSION }}
+
+      - name: Add secrets to compose
+        env:
+          MARIADB_PASSWORD: ${{ secrets.gnulinuxsa_wordpress_mariadb_password }}
+        run: |
+          sed -i "s|(gnulinuxsa_wordpress_mariadb_password)|$MARIADB_PASSWORD|g" $GITHUB_WORKSPACE/gnulinuxsa-wordpress/docker-compose.yml
+
+      - name: Start Deployment
+        uses: FarisZR/docker-compose-gitops-action@v1.0.1
+        env:
+          MARIADB_PASSWORD: ${{ secrets.gnulinuxsa_wordpress_mariadb_password }}
+        with:
+          remote_docker_host: ${{ secrets.server_address }}
+          tailscale_ssh: true # no need for manual private and public keys
+          compose_file_path: gnulinuxsa-wordpress/docker-compose.yml
+          args: -p gnulinuxsa-wordpress up -d --remove-orphans
+          upload_directory: true
+          docker_compose_directory: gnulinuxsa-wordpress
\ No newline at end of file
diff --git a/caddy/configs/gnulinuxsa-wordpress.caddyfile b/caddy/configs/gnulinuxsa-wordpress.caddyfile
new file mode 100644
index 0000000..3d33e6d
--- /dev/null
+++ b/caddy/configs/gnulinuxsa-wordpress.caddyfile
@@ -0,0 +1,14 @@
+gnulinuxsa.org {
+	header {
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	}
+	handle_errors {
+		# handle_errors is only triggerd on erros from Caddy and not the proxy, that's why we don't specifiy any errors here.
+		rewrite * /proxy_error_page.html
+		file_server {
+			root /srv/
+		}
+	}
+	reverse_proxy gnulinuxsa-wordpress:80
+	encode zstd gzip
+}
diff --git a/gnulinuxsa-wordpress/custom.ini b/gnulinuxsa-wordpress/custom.ini
new file mode 100644
index 0000000..5f31c50
--- /dev/null
+++ b/gnulinuxsa-wordpress/custom.ini
@@ -0,0 +1,5 @@
+file_uploads = On
+memory_limit = 256M
+upload_max_filesize = 64M
+post_max_size = 64M
+max_execution_time = 600
\ No newline at end of file
diff --git a/gnulinuxsa-wordpress/docker-compose.yml b/gnulinuxsa-wordpress/docker-compose.yml
new file mode 100644
index 0000000..c7764ab
--- /dev/null
+++ b/gnulinuxsa-wordpress/docker-compose.yml
@@ -0,0 +1,42 @@
+version: '3.1'
+
+networks: 
+  default:
+    enable_ipv6: true
+  web:
+    external: true
+
+services:
+  wordpress:
+    image: wordpress:php7.4@sha256:7e46cf3373751b6d62b7a0fc3a7d6686f641a34a2a0eb18947da5375c55fd009
+    container_name: gnulinuxsa-wordpress
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: mariadb
+      WORDPRESS_DB_USER: wordpress
+      WORDPRESS_DB_NAME: wordpress
+      WORDPRESS_DB_PASSWORD: (gnulinuxsa_wordpress_mariadb_password)
+    networks: 
+      default:
+      web:
+    volumes:
+      - /home/aosus/gnulinuxsa-wordpress/html:/var/www/html:rw
+    configs:
+      - source: custom-ini
+        target: /usr/local/etc/php/conf.d/custom.ini
+
+  mariadb:
+    image: mariadb:11.5.2@sha256:4a1de8fa2a929944373d7421105500ff6f889ce90dcb883fbb2fdb070e4d427e
+    restart: always
+    environment:
+      MARIADB_USER: wordpress
+      MARIADB_DATABASE: wordpress
+      MARIADB_PASSWORD: (gnulinuxsa_wordpress_mariadb_password)
+      MARIADB_RANDOM_ROOT_PASSWORD: '1'
+      MARIADB_AUTO_UPGRADE: true
+    volumes:
+      - /home/aosus/gnulinuxsa-wordpress/mariadb:/var/lib/mysql:rw
+
+configs:
+  custom-ini:
+    file: /home/aosus/gnulinuxsa-wordpress/custom.ini