WIP verwaltung jameica testserver

site.yml

@@ -99,7 +99,12 @@
         basedir: "/srv/{{ servicename }}",
         domain: "www.test-warpzone.de" 
       }
-
+    - { 
+        role: testserver/docker_jameica, tags: [ test_jameicavnc, docker_services ],
+        servicename: "jameicavnc",
+        domain: "verwaltung-jameica.test-warpzone.de",
+        basedir: "/srv/{{servicename}}"
+      }
 
 ##################################################
 # Produktive Server

testserver/docker_jameica/tasks/main.yml

+---
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+    - { path: "{{ basedir }}/secrets/forward_auth_secret", length: 64 }
+    - { path: "{{ basedir }}/secrets/oauth_client_secret", length: 64 }
+  
+- name: "create folder struct for {{ servicename }}"
+  file: 
+    path: "{{item}}" 
+    state: "directory"
+  with_items:
+    - "{{basedir}}/"
+    - "{{basedir}}/work"
+    - "{{basedir}}/secrets"
+
+- name: Konfig-Dateien erstellen
+  template: 
+    src: "{{item}}" 
+    dest: "{{basedir}}/{{item}}"
+  with_items:
+    - "docker-compose.yml"
+    - "Dockerfile"
+    - "jameica.conf"
+    - "jameica.sh"
+  register: config_files
+
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config_files.changed 
+
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present
+    

testserver/docker_jameica/templates/Dockerfile

+FROM theasp/novnc:latest
+
+# Install java
+RUN set -ex; \
+    apt-get update; \
+    apt-get install -y \
+      openjdk-17-jre \
+      libswt-gtk-4-java
+
+COPY jameica.conf /app/conf.d/
+COPY jameica.sh  /app/
+
+# Add User Vorstand
+RUN groupadd --gid 1000 vorstand \
+ && useradd --uid 1000 --gid 1000 -m vorstand 
+
+RUN set -ex; \
+  mkdir /jameica/; \
+  mkdir /jameica-data/; \
+  mkdir /jameica-work/; \
+  usermod -U -s /bin/bash -d /jameica-work/ -G root www-data; \
+  chown vorstand:vorstand /app/jameica.sh; \
+  chown vorstand:vorstand /jameica-work/; \
+  chmod +x /app/jameica.sh; 

testserver/docker_jameica/templates/docker-compose.yml

+services:
+    
+  vnc:
+    build: .
+    restart: always
+    environment:
+      DISPLAY_WIDTH: 1440
+      DISPLAY_HEIGHT: 900
+      RUN_XTERM: "no"
+    volumes:
+      - /srv/jameica:/jameica/
+      - /srv/data-jameica:/jameica-data/
+      - {{basedir}}/work:/jameica-work/
+    networks:
+      - default
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-auth
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
+
+
+  auth:
+    image: thomseddon/traefik-forward-auth:2.2
+    restart: always
+    environment: 
+      LOG_LEVEL: info
+      DEFAULT_ACTION: auth
+      DEFAULT_PROVIDER: generic-oauth
+      SECRET: {{ forward_auth_secret }}
+      PROVIDERS_GENERIC_OAUTH_AUTH_URL: {{ oauth_global.authorize_url }}
+      PROVIDERS_GENERIC_OAUTH_TOKEN_URL: {{ oauth_global.token_url }}
+      PROVIDERS_GENERIC_OAUTH_USER_URL: {{ oauth_global.userinfo_url }}
+      PROVIDERS_GENERIC_OAUTH_CLIENT_ID: {{ servicename }}
+      PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET: {{ oauth_client_secret }}
+      PROVIDERS_GENERIC_OAUTH_SCOPE: profile
+      PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE: header
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
+      - traefik.enable=true
+      - traefik.http.middlewares.{{ servicename }}-auth.forwardauth.address=http://auth:4181
+      - traefik.http.middlewares.{{ servicename }}-auth.forwardauth.authResponseHeaders=X-Forwarded-User
+      - traefik.http.services.{{ servicename }}-auth.loadbalancer.server.port=4181
+    networks:
+      - default
+      - web
+
+networks:
+  web:
+    external: true    
\ No newline at end of file

testserver/docker_jameica/templates/jameica.conf

+[program:jameica]
+command=/app/jameica.sh
+autorestart=true
+user=vorstand

testserver/docker_jameica/templates/jameica.sh

+#!/bin/sh
+
+# Linux Start-Script fuer regulaeren Standalone-Betrieb.
+# Jameica wird hierbei mit GUI gestartet.
+
+# Das Datenverzeichnis wird hierbei ohne Passwort geladen
+
+cd "/jameica/"
+archsuffix="64"
+
+LIBOVERLAY_SCROLLBAR=0 GDK_NATIVE_WINDOWS=1 SWT_GTK3=1 exec java -Djava.net.preferIPv4Stack=true -Xmx512m $_JCONSOLE -jar jameica-linux${archsuffix}.jar -f /jameica-data/ -p nopassword $@