iac/heyform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
heyform/cloud-init.yaml

140 lines
5.4 KiB
YAML
Raw Blame History

#cloud-config
users:
- default
package_update: true
packages:
- ca-certificates
- cron
- docker.io
- jq
- restic
- syslog-ng
- watchdog
write_files:
- content: |
{
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
sondages.cours-de-latin.com {
reverse_proxy heyform:9157 {
flush_interval -1
}
}
path: /etc/caddy/Caddyfile
- content: |
#!/bin/sh
export AWS_ACCESS_KEY_ID=$(cloud-init query ds.metadata.RESTIC_AWS_ACCESS_KEY_ID)
export AWS_SECRET_ACCESS_KEY=$(cloud-init query ds.metadata.RESTIC_AWS_SECRET_ACCESS_KEY)
export RESTIC_REPOSITORY=$(cloud-init query ds.metadata.RESTIC_REPOSITORY)
export RESTIC_PASSWORD=$(cloud-init query ds.metadata.RESTIC_PASSWORD)
export RESTIC_COMPRESSION=max
export $(docker exec mongo env | grep MONGO_INIT)
mkdir -p /var/backups/mongodb
docker exec mongo mongodump --username root --password "$MONGO_INITDB_ROOT_PASSWORD" --out /var/backups/mongodb/
restic backup /var/backups/mongodb /var/lib/heyform
path: /etc/cron.daily/backup_mongodb
permissions: 0o755
- content: |
#!/bin/sh
docker inspect caddy > /dev/null && {
docker pull caddy:latest
docker stop caddy
docker rm caddy
}
docker run -d --restart unless-stopped --network local \
-v /etc/caddy:/etc/caddy \
-v /var/lib/caddy:/data/caddy \
-p 80:80 -p 443:443 \
--log-driver syslog --log-opt "syslog-address=unixgram:///dev/log" --log-opt syslog-facility=daemon --log-opt tag=caddy \
--name caddy \
caddy:latest
path: /root/launch_caddy.sh
permissions: 0o755
- content: |
#!/bin/sh
export SMTP_USER=$(cloud-init query ds.metadata.SMTP_USER)
export SMTP_PASSWORD=$(cloud-init query ds.metadata.SMTP_PASSWORD)
export SESSION_KEY=$(cloud-init query ds.metadata.SESSION_KEY)
export FORM_ENCRYPTION_KEY=$(cloud-init query ds.metadata.FORM_ENCRYPTION_KEY)
export OPENAI_API_KEY=$(cloud-init query ds.metadata.SENSUS_API_KEY)
docker inspect heyform > /dev/null && {
MONGO_PASSWORD=$(docker inspect -f "{{ json .Config.Env }}" heyform | jq -r '.[] | select(startswith("MONGO_PASSWORD="))' | cut -d = -f 2-)
docker pull heyform/community-edition:latest
docker stop heyform
docker rm heyform
}
docker run -d --restart unless-stopped --network local \
-v /var/lib/heyform/upload:/app/static/upload \
-e APP_HOMEPAGE_URL=https://sondages.cours-de-latin.com \
-e SESSION_KEY -e FORM_ENCRYPTION_KEY \
-e MONGO_URI="mongodb://mongo:27017/heyform?authSource=admin" \
-e MONGO_USER=root -e MONGO_PASSWORD \
-e REDIS_HOST=keydb -e REDIS_PORT=6379 \
-e OPENAI_BASE_URL=https://sensus.p0m.fr/v1 -e OPENAI_API_KEY -e OPENAI_GPT_MODEL=ibm-granite_granite-4.0-h-micro \
-e SMTP_HOST=djehouty.pomail.fr -e SMTP_PORT=465 -e SMTP_SECURE=true -e SMTP_FROM="Heyform <contact+heyform@cours-de-latin.com>" -e SMTP_USER -e SMTP_PASSWORD \
-e GENERIC_TIMEZONE="Europe/Paris" -e TZ="Europe/Paris" \
--log-driver syslog --log-opt "syslog-address=unixgram:///dev/log" --log-opt syslog-facility=daemon --log-opt tag=heyform \
--name heyform --pull always \
heyform/community-edition:latest
path: /root/launch_heyform.sh
permissions: 0o755
runcmd:
# Allow traffic in IPv4
- sed -i '/-A INPUT -j REJECT/i-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT' /etc/iptables/rules.v4
- iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
- iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# Retrieve last backups
- export AWS_ACCESS_KEY_ID=$(cloud-init query ds.metadata.RESTIC_AWS_ACCESS_KEY_ID)
- export AWS_SECRET_ACCESS_KEY=$(cloud-init query ds.metadata.RESTIC_AWS_SECRET_ACCESS_KEY)
- export RESTIC_REPOSITORY=$(cloud-init query ds.metadata.RESTIC_REPOSITORY)
- export RESTIC_PASSWORD=$(cloud-init query ds.metadata.RESTIC_PASSWORD)
- mkdir -p /var/backups/mongodb /var/lib/heyform
- restic restore latest --target / --include /var/backups/mongodb
- restic restore latest --target / --include /var/lib/heyform
# Create docker network
- docker network create local
# Launch database
# Generate database password
- export MONGO_PASSWORD=$(openssl rand -base64 30)
# Launch database
- docker run -d --restart always --network local \
-v /var/backups/mongodb/:/var/backups/mongodb/ -v /var/lib/mongodb:/data/db \
-e MONGO_INITDB_ROOT_USERNAME=root \
-e MONGO_INITDB_ROOT_PASSWORD="${MONGO_PASSWORD}" \
--log-driver syslog --log-opt "syslog-address=unixgram:///dev/log" --log-opt syslog-facility=daemon --log-opt tag=mongo \
--pull always --name mongo \
mongo:4.4
- docker run -d --restart always --network local \
-v /var/backups/keydb/:/var/backups/keydb/ \
-v /var/lib/keydb:/data \
--log-driver syslog --log-opt "syslog-address=unixgram:///dev/log" --log-opt syslog-facility=daemon --log-opt tag=keydb \
--pull always --name keydb \
eqalpha/keydb:latest keydb-server --appendonly yes
# Launch web server
- /root/launch_caddy.sh
# Restore database
- sleep 10
- docker exec mongo mongorestore --username root --password "$MONGO_PASSWORD" /var/backups/mongodb/
# Launch main container
- /root/launch_heyform.sh
Reference in a new issue View git blame Copy permalink