ansible/files/calendar.layerze.ro/nginx

@@ -0,0 +1,29 @@
+server {
+    listen 80;
+    server_name calendar.layerze.ro;
+    include /etc/nginx/snippets/letsencrypt.conf;
+    location / {
+        return 301 https://calendar.layerze.ro/;
+    }
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name calendar.layerze.ro;
+  include /etc/nginx/snippets/ssl.conf;
+  ssl_certificate     /etc/ssl/uacme/calendar.layerze.ro/cert.pem;
+  ssl_certificate_key /etc/ssl/uacme/private/calendar.layerze.ro/key.pem;
+
+  keepalive_timeout    70;
+  sendfile             on;
+  client_max_body_size 80m;
+
+  location / {
+    try_files $uri @proxy;
+  }
+
+  location @proxy {
+    proxy_set_header Host $host;
+    proxy_pass http://127.0.0.1:13120;
+  }

ansible/group_vars/gancioservers

@@ -0,0 +1,3 @@
+---
+tls_certs:
+  - calendar.layerze.ro

ansible/hosts

@@ -13,6 +13,9 @@ legion.cyberia.club
 [goatcounterservers]
 elliot.cyberia.club
 
+[gancioservers]
+calendar.layerze.ro
+
 [gitservers]
 paimon.cyberia.club
 

ansible/roles/gancio/files/gancio-backup.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# script to back up postgres and gancio
+
+sudo -u postgres pg_dump -Fc gancio > gancio.dump
+
+tar -czf gancio-$(date +%Y-%m-%d-%H%M%S)-backup.tgz $(ls -d config.json uploads user_locale db.sqlite gancio.dump postgres data db logs 2> /dev/null)
+mv gancio-*-backup.tgz backups/
+cd backups/
+ls -tp | grep -v '/$' | tail -n +15 | xargs -I {} rm -- {}

ansible/roles/gancio/files/gancio.initd

@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+
+name="gancio daemon"
+command="/usr/local/bin/$SVCNAME"
+command_user="gancio"
+pidfile="/var/run/$SVCNAME"
+command_background="yes"
+directory="/opt/gancio"
+
+depend() {
+    need localmount
+    use logger
+}
+
+stop() {
+    kill -9 `cat $pidfile`
+}

ansible/roles/gancio/tasks/main.yml

@@ -0,0 +1,88 @@
+# install tools first
+- name: Install dependencies
+  community.general.apk:
+    update_cache: yes
+    name:  "{{ item }}"
+    state: present
+    with_items:
+      - build-base
+      - postgresql
+      - postgresql-bdr-dev
+      - nodejs
+      - yarn
+      - git
+
+# Create database and user
+- name: start postgres
+  service:
+    name: postgresql
+    enabled: yes
+    started: yes
+    
+- name: Create gancio database
+  community.postgresql.postgresql_db:
+    name: gancio
+
+- name: Create postgres gancio user
+  community.postgresql.postgresql_user:
+    db: gancio
+    name: gancio
+    password: TBD
+
+- name: Grant all privs to ganio on db gancio
+  community.postgresql.postgresql_privs:
+    db: gancio
+    privs: ALL
+    type: database
+    role: gancio
+
+# Add gancio user to system
+- name: Add gancio unix user
+  user:
+    name: gancio
+    system: yes
+    shell: /bin/false
+    home: /opt/gancio
+
+# Install gancio with yarn
+- name: Install gancio
+  community.general.yarn:
+    global: yes
+    repository: 'https://git.cyberia.club/zico/gancio-patched/raw/branch/main/gancio-patched-latest.tgz'
+
+# Download and install gancio service file
+- name: copy gancio service file
+  copy:
+    src: "files/gancio.initd"
+    dest: "/etc/initd/gancio"
+    owner: root
+    group: root
+    mode: '0755'
+
+# Enable and start gancio service
+- name: Start and enable gancio service
+  service:
+    name: gancio
+    enabled: yes
+    state: started
+
+# Copy backup script and enable
+- name: copy over backup script
+  copy:
+    src: "files/gancio-backup.sh"
+    dest: "/usr/local/bin/gancio-backup.sh"
+    owner: root
+    group: root
+    mode: 0755
+
+- name: make backups directory
+  file:
+    path: /opt/gancio/backups
+    state: directory
+
+- name: Set up cron job for gancio-backup
+  cron:
+    name: "gancio backup script"
+    minute: 27
+    hour: */12
+    job: "cd /opt/gancio && /usr/local/bin/gancio-backup.sh"

ansible/site.yml

@@ -80,6 +80,13 @@
     - role: owncast
       tags: owncast
 
+- name: setup gancioservers
+  hosts: gancioservers
+  become: true
+  roles:
+    - role: gancio
+      tags: gancio
+
 - name: alpine save all iptables rules
   hosts: os_Alpine
   become: true