5 files changed, 138 insertions, 1 deletions

diff --git a/files/chaos-at-home/bind-zones/db.elev8.at b/files/chaos-at-home/bind-zones/db.elev8.at
index 8d342a15..8af5efaa 100644
--- a/files/chaos-at-home/bind-zones/db.elev8.at
+++ b/files/chaos-at-home/bind-zones/db.elev8.at
@@ -1,7 +1,7 @@
 $TTL 1h
 
 @                     SOA     ns0.chaos-at-home.org. hostmaster (
-                                2022111100
+                                2023012000
                                 1h
                                 5m
                                 30d
@@ -16,6 +16,8 @@ $TTL 1h
 wolke                 CNAME   cloudio.skillz.biz.
 office                CNAME   cloudio.skillz.biz.
 
+bs                    CNAME   cloudio.skillz.biz.
+
 stun                  A       162.55.59.151
 _stun._udp            SRV     10 0 3478 stun.elev8.at.
 _stun._tcp            SRV     10 0 3478 stun.elev8.at.
diff --git a/inventory/host_vars/sk-cloudio/bluespice.yml b/inventory/host_vars/sk-cloudio/bluespice.yml
new file mode 100644
index 00000000..30b3f330
--- /dev/null
+++ b/inventory/host_vars/sk-cloudio/bluespice.yml
@@ -0,0 +1,20 @@
+---
+## bluespice role does not work yet...
+
+# bluespice_zfs:
+#   pool: storage
+#   name: bluespice
+#   properties:
+#     compression: lz4
+#     quota: 20G
+
+# bluespice_instances:
+#   example:
+#     version: 4.2.4
+#     port: 8000
+#     hostname: bs.elev8.at
+#     language: en
+#     admin:
+#       username: admin
+#       password: test
+#     db_password: secretgeheim
diff --git a/roles/apps/bluespice/defaults/main.yml b/roles/apps/bluespice/defaults/main.yml
new file mode 100644
index 00000000..23d18724
--- /dev/null
+++ b/roles/apps/bluespice/defaults/main.yml
@@ -0,0 +1,19 @@
+---
+# bluespice_base_path: /srv/bluespice
+
+# bluespice_zfs:
+#   pool: storage
+#   name: bluespice
+#   properties:
+#     compression: lz4
+
+# bluespice_instances:
+#   example:
+#     version: 4.2.4
+#     port: 8000
+#     hostname: bs.example.com
+#     language: en
+#     admin:
+#       username: admin
+#       password: very-secure-password
+#     db_password: super-secret
diff --git a/roles/apps/bluespice/tasks/main.yml b/roles/apps/bluespice/tasks/main.yml
new file mode 100644
index 00000000..899d1e1d
--- /dev/null
+++ b/roles/apps/bluespice/tasks/main.yml
@@ -0,0 +1,61 @@
+---
+- name: create zfs datasets
+  when: bluespice_zfs is defined
+  block:
+  - name: create zfs base dataset
+    zfs:
+      name: "{{ bluespice_zfs.pool }}/{{ bluespice_zfs.name }}"
+      state: present
+      extra_zfs_properties: "{{ bluespice_zfs.properties | dehumanize_zfs_properties | default(omit) }}"
+
+  - name: create zfs volumes for instances
+    loop: "{{ bluespice_instances | dict2items }}"
+    loop_control:
+      label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})"
+    zfs:
+      name: "{{ bluespice_zfs.pool }}/{{ bluespice_zfs.name }}/{{ item.key }}"
+      state: present
+      extra_zfs_properties: "{{ item.value.zfs_properties | dehumanize_zfs_properties | default(omit) }}"
+
+  - name: configure bluespice base bath
+    set_fact:
+      bluespice_base_path: "{{ (zfs_pools[bluespice_zfs.pool].mountpoint, bluespice_zfs.name) | path_join }}"
+
+
+- name: create instance subdirectories
+  loop: "{{ bluespice_instances | list }}"
+  file:
+    path: "{{ bluespice_base_path }}/{{ item }}/data"
+    state: directory
+
+
+- name: install pod manifest
+  loop: "{{ bluespice_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  vars:
+    kubernetes_standalone_pod:
+      name: "bluespice-{{ item.key }}"
+      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+      mode: "0600"
+  include_role:
+    name: kubernetes/standalone/pod
+
+- name: configure nginx vhost
+  loop: "{{ bluespice_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  vars:
+    nginx_vhost:
+      name: "bluespice-{{ item.key }}"
+      template: generic
+      acme: true
+      hostnames:
+      - "{{ item.value.hostname }}"
+      locations:
+        '/':
+          proxy_pass: "http://127.0.0.1:{{ item.value.port }}"
+          extra_directives: |-
+            client_max_body_size 0;
+  include_role:
+    name: nginx/vhost
diff --git a/roles/apps/bluespice/templates/pod-spec.yml.j2 b/roles/apps/bluespice/templates/pod-spec.yml.j2
new file mode 100644
index 00000000..67493dc0
--- /dev/null
+++ b/roles/apps/bluespice/templates/pod-spec.yml.j2
@@ -0,0 +1,35 @@
+terminationGracePeriodSeconds: 120
+containers:
+- name: bluespice
+  image: "bluespice/bluespice-free:{{ item.value.version }}"
+  resources:
+    limits:
+      memory: "4Gi"
+  env:
+  - name: "BS_NAME"
+    value: "{{ item.key }}"
+  - name: "BS_URL"
+    value: "https://{{ item.value.hostname }}"
+  - name: "BS_LANG"
+    value: "{{ item.value.language }}"
+  - name: "BS_USER"
+    value: "{{ item.value.admin.username }}"
+  - name: "BS_PASSWORD"
+    value: "{{ item.value.admin.password }}"
+  - name: "BS_DB_PASSWORD"
+    value: "{{ item.value.db_password }}"
+  - name: "DISABLE_PINGBACK"
+    value: "yes"
+  volumeMounts:
+  - name: data
+    mountPath: /data
+  ports:
+  - containerPort: 80
+    hostPort: {{ item.value.port }}
+    hostIP: 127.0.0.1
+
+volumes:
+- name: data
+  hostPath:
+    path: "{{ bluespice_base_path }}/{{ item.key }}/data"
+    type: Directory