[DEPLOY] Add deployment resources

deploy/deploy-ansible/example.env

@@ -0,0 +1,134 @@
+# REQUIRED=Secret key
+# Used to generate CSRF tokens - must never be made public
+SECRET_KEY=changeme
+
+# REQUIRED=Database password
+# The password for the breccia-mapper user in the postgres database
+DB_PASSWORD=changeme
+
+# Debug
+# Should the server run in debug mode?  Provides information to users which is unsafe in production
+# Default: False
+DEBUG=False
+
+# Project long name
+# The project's full name.
+# Default: Project Network Mapper
+# PROJECT_LONG_NAME=Project Network Mapper
+
+# Project short name
+# The project's short/abbreviated name. This will also be used as the app's name when installed as PWA.
+# Default: Network Mapper
+# PROJECT_SHORT_NAME=Network Mapper
+
+# Project description
+# The project's description. Used when installed as a PWA.
+# Default: Application to map network relationships in the organisation.
+# PROJECT_DESCRIPTION=Application to map network relationships in the organisation.
+
+# Theme color
+# The project's theme color, in hex format (excluding the leading #).
+# Default: 212121
+# THEME_COLOR=212121
+
+# Background color
+# The project's background color, in hex format (excluding the leading #).
+# Default: ffffff
+# BACKGROUND_COLOR=ffffff
+
+# Allowed hosts
+# Accepted values for server header in request - protects against CSRF and CSS attacks
+# Default: * if DEBUG else localhost
+# ALLOWED_HOSTS=127.0.0.1,localhost,localhost.localdomain
+
+# Site URL
+# The URL the site will be deployed on. Do not include http://, https://, or a trailing slash.
+# Default: localhost
+# SITE_URL=localhost
+
+# Site protocol
+# The protocol the site uses. Valid options are http or https.
+# Default: http
+# SITE_PROTOCOL=http
+
+# Trusted origins
+# The trusted origin domains of requests - protects against CSRF and CSS attacks
+# Default: '*' if DEBUG else 'http://127.0.0.1,http://localhost,http://localhost.localdomain'
+# TRUSTED_ORIGINS=http://127.0.0.1,http://localhost,http://localhost.localdomain
+
+# Database backup storage location
+# Directory where database backups should be stored
+# Default: .dbbackup
+# DBBACKUP_STORAGE_LOCATION=.dbbackup
+
+# Default language
+# Default language - used for translation - has not been enabled
+# Default: en-gb
+# LANGUAGE_CODE=en-gb
+
+# Timezone
+# Default timezone
+# Default: UTC
+# TIME_ZONE=UTC
+
+# Logging level
+# Level of messages written to log file
+# Default: INFO
+# LOG_LEVEL=INFO
+
+# Logging filename
+# Path to logfile
+# Default: debug.log
+# LOG_FILENAME=debug.log
+
+# Logging duration
+# Number of days of logs to keep - logfile is rotated out at the end of each day
+# Default: 14
+# LOG_DAYS=14
+
+# STMP host
+# Hostname of SMTP server
+# Default: None
+# EMAIL_HOST=None
+
+# Default from email address
+# Email address from which messages are sent
+# Default: None
+# DEFAULT_FROM_EMAIL=None
+
+# [DEBUG ONLY] Email file path
+# Directory where emails will be stored if not using an SMTP server
+# Default: mail.log
+# EMAIL_FILE_PATH=mail.log
+
+# SMTP username
+# Username to authenticate with SMTP server
+# Default: None
+# EMAIL_HOST_USER=None
+
+# SMTP password
+# Password to authenticate with SMTP server
+# Default: None
+# EMAIL_HOST_PASSWORD=None
+
+# SMTP port
+# Port to access on SMTP server
+# Default: 25
+# EMAIL_PORT=25
+
+# SMTP use TLS
+# Use TLS to communicate with SMTP server?  Usually on port 587
+# Cannot be enabled at the same time as EMAIL_USE_SSL
+# Default: True if EMAIL_PORT == 587 else False
+# EMAIL_USE_TLS=True if EMAIL_PORT == 587 else False
+
+# SMTP use SSL
+# Use SSL to communicate with SMTP server?  Usually on port 465
+# Cannot be enabled at the same time as EMAIL_USE_TLS
+# Default: True if EMAIL_PORT == 465 else False
+# EMAIL_USE_SSL=True if EMAIL_PORT == 465 else False
+
+# Google Maps API key
+# Google Maps API key to display maps of people's locations
+# Default: None
+# GOOGLE_MAPS_API_KEY=None

deploy/deploy-ansible/inventory.example.yml

@@ -0,0 +1,4 @@
+all:
+  hosts:
+    example.com:
+    

deploy/deploy-ansible/playbook.yml

@@ -0,0 +1,104 @@
+---
+- hosts: all
+  become_user: root
+  become_method: sudo
+  become: yes
+
+  pre_tasks:
+    - name: Check if running under Vagrant
+      stat:
+        path: /vagrant
+      register: vagrant_dir
+
+  vars:
+    project_name: network-mapper
+    project_dir: /srv/{{ project_name }}
+    project_src_dir: "{{ project_dir }}/src"
+    provision_superuser: false
+    superuser_username: admin
+    superuser_password: admin
+    superuser_email: email@example.com
+
+  tasks:
+    - name: Vagrant specific tasks
+      block:
+      - name: Add Docker repository
+        get_url:
+          url: https://download.docker.com/linux/centos/docker-ce.repo
+          dest: '/etc/yum.repos.d/docker-ce.repo'
+      when: deploy_environment is defined and deploy_environment == "vagrant"
+
+    - name: Install system dependencies
+      ansible.builtin.yum:
+        name:
+          - git
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-compose-plugin
+        state: present
+
+    # - name: Update system packages
+    #   ansible.builtin.yum:
+    #     name: '*'
+    #     state: latest
+
+    - name: Clone / update from source repos
+      ansible.builtin.git:
+        repo: 'https://github.com/Southampton-RSG/breccia-mapper.git'
+        dest: '{{ project_src_dir }}'
+        version: dev # master
+        accept_hostkey: yes
+
+    - name: Copy template files
+      ansible.builtin.template:
+        src: '{{ item }}.j2'
+        dest: '{{ project_dir }}/{{ item }}'
+        mode: 0600
+      loop:
+        - Caddyfile
+        - docker-compose.yml
+
+    - name: Copy settings file
+      ansible.builtin.copy:
+        src: '.env'
+        dest: '{{ project_dir }}/.env'
+        mode: 0600
+
+    - name: Copy site icon
+      ansible.builtin.copy:
+        src: 'icon-192x192.png'
+        dest: '{{ project_dir }}/icon-192x192.png'
+        mode: 0600
+
+    - name: Start Docker
+      ansible.builtin.systemd:
+        name: docker
+        state: started
+        enabled: yes
+
+    - name: Pull latest docker images
+      ansible.builtin.command:
+        chdir: "{{ project_dir }}"
+        cmd: docker compose pull {{ item }}
+      loop:
+        - caddy
+        - server
+        - db
+
+    - name: Start containers
+      ansible.builtin.command:
+        chdir: "{{ project_dir }}"
+        cmd: docker compose up -d
+    
+    - name: Provision superuser
+      ansible.builtin.command:
+        chdir: "{{ project_dir }}"
+        cmd: sudo docker compose exec -it server /bin/bash -c "DJANGO_SUPERUSER_USERNAME='{{ superuser_username }}' DJANGO_SUPERUSER_PASSWORD='{{ superuser_password }}' DJANGO_SUPERUSER_EMAIL='{{ superuser_email }}' /app/manage.py createsuperuser --no-input"
+      when: provision_superuser
+
+    - name: Display warning about new superuser
+      debug:
+        msg:
+          - "[WARNING] A superuser has been provisioned with the username \"{{ superuser_username }}\" and the password that was provided. This user has unlimited access to the network mapper."
+      when: provision_superuser

deploy/deploy-ansible/templates/Caddyfile.j2

@@ -0,0 +1,16 @@
+:80 :443 {
+    root * /srv
+    file_server
+
+    @proxy_paths {
+        not path /static/*
+        not path /media/*
+    }
+
+    reverse_proxy @proxy_paths http://server:8000
+
+    log {
+        output stderr
+        format console
+    }
+}

deploy/deploy-ansible/templates/docker-compose.yml.j2

@@ -0,0 +1,57 @@
+version: '3.1'
+
+services:
+  server:
+    image: mgrove36/breccia-mapper:latest
+    build: {{ project_src_dir }}
+    ports:
+      - 8000:8000
+    environment:
+      DJANGO_DEBUG: ${DEBUG}
+    env_file:
+      - .env
+    volumes:
+      - static_files:/app/static
+      - media_files:/app/media
+    depends_on:
+      db:
+        condition: service_healthy
+
+  caddy:
+    image: caddy:2
+    restart: unless-stopped
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:z
+      # Caddy serves static files collected by Django
+      - static_files:/srv/static:ro
+      - media_files:/srv/media
+      - {{ project_dir }}/icon-192x192.png:/srv/media/icon-192x192.png:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    depends_on:
+      - server
+
+  db:
+    image: postgres:15.2-alpine
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: 'breccia-mapper'
+      POSTGRES_USER: 'breccia-mapper'
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+    volumes:
+      - postgres_data:/var/lib/postgresql/data/
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U breccia-mapper"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  caddy_data:
+  caddy_config:
+  static_files:
+  media_files:
+  postgres_data: