From c60e378f8130d6180a798d8dfca107dfc6b50c94 Mon Sep 17 00:00:00 2001
From: Lino Silva <lino.silva@farfetch.com>
Date: Wed, 19 Apr 2023 15:50:07 +0100
Subject: [PATCH] feat: Change detection

---
 .../my-cluster/host_vars/changedetection      |  6 +++++
 inventory/my-cluster/hosts.ini                |  1 +
 playbook-changedetection.yml                  | 23 ++++++++++++++++
 .../changedetection/enable-ssh/tasks/main.yml |  8 ++++++
 .../install-app/tasks/main.yml                | 20 ++++++++++++++
 .../install-app/templates/docker-compose.yml  | 11 ++++++++
 .../install-docker/tasks/main.yml             | 27 +++++++++++++++++++
 .../provision/create/tasks/main.yml           | 27 +++++++++++++++++++
 .../provision/delete/tasks/main.yml           | 26 ++++++++++++++++++
 .../provision/start/tasks/main.yml            |  8 ++++++
 roles/changedetection/update/tasks/main.yml   |  6 +++++
 .../templates/changedetection.subdomain.conf  |  2 +-
 12 files changed, 164 insertions(+), 1 deletion(-)
 create mode 100644 inventory/my-cluster/host_vars/changedetection
 create mode 100644 playbook-changedetection.yml
 create mode 100644 roles/changedetection/enable-ssh/tasks/main.yml
 create mode 100644 roles/changedetection/install-app/tasks/main.yml
 create mode 100644 roles/changedetection/install-app/templates/docker-compose.yml
 create mode 100644 roles/changedetection/install-docker/tasks/main.yml
 create mode 100644 roles/changedetection/provision/create/tasks/main.yml
 create mode 100644 roles/changedetection/provision/delete/tasks/main.yml
 create mode 100644 roles/changedetection/provision/start/tasks/main.yml
 create mode 100644 roles/changedetection/update/tasks/main.yml

diff --git a/inventory/my-cluster/host_vars/changedetection b/inventory/my-cluster/host_vars/changedetection
new file mode 100644
index 0000000..fec129f
--- /dev/null
+++ b/inventory/my-cluster/host_vars/changedetection
@@ -0,0 +1,6 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.2.24
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+vmid: 615
diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini
index cac65d4..a42dfbe 100644
--- a/inventory/my-cluster/hosts.ini
+++ b/inventory/my-cluster/hosts.ini
@@ -9,6 +9,7 @@ mastodon
 tautulli
 openvpn
 youtube-downloader
+changedetection
 
 [baremetal]
 mipha
diff --git a/playbook-changedetection.yml b/playbook-changedetection.yml
new file mode 100644
index 0000000..26828ca
--- /dev/null
+++ b/playbook-changedetection.yml
@@ -0,0 +1,23 @@
+---
+- hosts: localhost
+  become: yes
+  roles:
+    - role: changedetection/provision/delete
+    - role: changedetection/provision/create
+    - role: changedetection/provision/start
+      vars:
+        vmid: 615
+
+- hosts: impa
+  become: yes
+  roles:
+    - role: changedetection/enable-ssh
+      vars:
+        vmid: 615
+
+- hosts: changedetection
+  become: yes
+  roles:
+    - role: changedetection/update
+    - role: changedetection/install-docker
+    - role: changedetection/install-app
diff --git a/roles/changedetection/enable-ssh/tasks/main.yml b/roles/changedetection/enable-ssh/tasks/main.yml
new file mode 100644
index 0000000..2ff63a3
--- /dev/null
+++ b/roles/changedetection/enable-ssh/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
+
+- name: Allow SSH into LXC
+  ansible.builtin.command: lxc-attach -n 615 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
+
+- name: Restart SSH Service
+  ansible.builtin.command: lxc-attach -n 615 service ssh restart
diff --git a/roles/changedetection/install-app/tasks/main.yml b/roles/changedetection/install-app/tasks/main.yml
new file mode 100644
index 0000000..3aa3110
--- /dev/null
+++ b/roles/changedetection/install-app/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: Create directory for docker-compose
+  ansible.builtin.file:
+    path: /root/docker/
+    state: directory
+    mode: "0755"
+
+- name: Copy docker-compose file
+  template:
+    src: "docker-compose.yml"
+    dest: /root/docker/docker-compose.yml
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Run docker-compose
+  ansible.builtin.shell:
+  args:
+    cmd: docker compose up -d
+    chdir: /root/docker/
diff --git a/roles/changedetection/install-app/templates/docker-compose.yml b/roles/changedetection/install-app/templates/docker-compose.yml
new file mode 100644
index 0000000..47e9e82
--- /dev/null
+++ b/roles/changedetection/install-app/templates/docker-compose.yml
@@ -0,0 +1,11 @@
+version: "3.1"
+
+services:
+  app:
+    image: dgtlmoon/changedetection.io
+    container_name: changedetection
+    restart: always
+    environment:
+      TZ: Europe/Lisbon
+    ports:
+      - 5000:5000
diff --git a/roles/changedetection/install-docker/tasks/main.yml b/roles/changedetection/install-docker/tasks/main.yml
new file mode 100644
index 0000000..d5baba9
--- /dev/null
+++ b/roles/changedetection/install-docker/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Get convenience script
+  uri:
+    url: "https://get.docker.com"
+    method: GET
+    dest: /tmp/get-docker.sh
+    mode: a+x
+    creates: /tmp/get-docker.sh
+
+- name: Execute script
+  ansible.builtin.shell: /tmp/get-docker.sh
+
+- name: Ensure group "docker" exists
+  ansible.builtin.group:
+    name: docker
+    state: present
+
+- name: Add root user to docker group
+  ansible.builtin.user:
+    name: root
+    groups: docker
+    append: yes
+
+- name: Enable docker on startup
+  ansible.builtin.shell: |
+    systemctl enable docker.service
+    systemctl enable containerd.service
diff --git a/roles/changedetection/provision/create/tasks/main.yml b/roles/changedetection/provision/create/tasks/main.yml
new file mode 100644
index 0000000..704a586
--- /dev/null
+++ b/roles/changedetection/provision/create/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Create container
+  community.general.proxmox:
+    vmid: 615
+    node: impa
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    password: "{{ lxc_password }}"
+    hostname: changedetection
+    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+    netif: "{'net0':'name=eth0,\
+      gw=10.0.0.1,\
+      ip=10.0.2.24/21,\
+      hwaddr=cc:c6:cf:de:17:84,\
+      bridge=vmbr0'}"
+    cores: 1
+    memory: 1024
+    unprivileged: no
+    swap: 0
+    searchdomain: "home"
+    onboot: 1
+    features:
+      - nesting=1
+      - keyctl=1
+    disk: ssd250:10
+    force: yes
diff --git a/roles/changedetection/provision/delete/tasks/main.yml b/roles/changedetection/provision/delete/tasks/main.yml
new file mode 100644
index 0000000..5c341ca
--- /dev/null
+++ b/roles/changedetection/provision/delete/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: Stop container
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: stopped
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove containers
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: absent
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove .ssh/known_hosts lines
+  ansible.builtin.lineinfile:
+    path: /Users/lino.silva/.ssh/known_hosts
+    state: absent
+    regexp: "^10.0.2.24"
diff --git a/roles/changedetection/provision/start/tasks/main.yml b/roles/changedetection/provision/start/tasks/main.yml
new file mode 100644
index 0000000..de86b9b
--- /dev/null
+++ b/roles/changedetection/provision/start/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: Start deployments
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: started
diff --git a/roles/changedetection/update/tasks/main.yml b/roles/changedetection/update/tasks/main.yml
new file mode 100644
index 0000000..8227bf4
--- /dev/null
+++ b/roles/changedetection/update/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Update all packages to their latest version
+  become: true
+  ansible.builtin.apt:
+    update_cache: yes
+    upgrade: full
diff --git a/roles/swag/install-app/templates/changedetection.subdomain.conf b/roles/swag/install-app/templates/changedetection.subdomain.conf
index cfc5c27..e15d762 100644
--- a/roles/swag/install-app/templates/changedetection.subdomain.conf
+++ b/roles/swag/install-app/templates/changedetection.subdomain.conf
@@ -37,7 +37,7 @@ server {
 
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
-        set $upstream_app 10.0.2.1;
+        set $upstream_app 10.0.2.24;
         set $upstream_port 5000;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;