From 0beee2770dd74bfbb28be17a304e0b596d924b0b Mon Sep 17 00:00:00 2001
From: Leo Puvilland <leo@craftcat.dev>
Date: Wed, 29 Nov 2023 13:37:44 -0800
Subject: [PATCH] Add Flatpak Cache as a OpenStack app

---
 playbooks/openshift-apps/flatpak-cache.yml    | 61 +++++++++++++++++++
 .../flatpak-cache/files/imagestream.yml       | 10 +++
 .../flatpak-cache/files/service.yml           | 15 +++++
 .../flatpak-cache/files/storage.yml           | 11 ++++
 .../flatpak-cache/templates/buildconfig.yml   | 41 +++++++++++++
 .../flatpak-cache/templates/configmap.yml     | 17 ++++++
 .../flatpak-cache/templates/deployment.yml    | 55 +++++++++++++++++
 .../flatpak-cache/templates/flatpak-cache.vcl | 35 +++++++++++
 .../flatpak-cache/templates/start.sh          |  6 ++
 9 files changed, 251 insertions(+)
 create mode 100644 playbooks/openshift-apps/flatpak-cache.yml
 create mode 100644 roles/openshift-apps/flatpak-cache/files/imagestream.yml
 create mode 100644 roles/openshift-apps/flatpak-cache/files/service.yml
 create mode 100644 roles/openshift-apps/flatpak-cache/files/storage.yml
 create mode 100644 roles/openshift-apps/flatpak-cache/templates/buildconfig.yml
 create mode 100644 roles/openshift-apps/flatpak-cache/templates/configmap.yml
 create mode 100644 roles/openshift-apps/flatpak-cache/templates/deployment.yml
 create mode 100644 roles/openshift-apps/flatpak-cache/templates/flatpak-cache.vcl
 create mode 100644 roles/openshift-apps/flatpak-cache/templates/start.sh

diff --git a/playbooks/openshift-apps/flatpak-cache.yml b/playbooks/openshift-apps/flatpak-cache.yml
new file mode 100644
index 0000000000..06263ac0f2
--- /dev/null
+++ b/playbooks/openshift-apps/flatpak-cache.yml
@@ -0,0 +1,61 @@
+- name: make the app be real
+  # hosts: os_control_stg[0]:os_control[0]
+  hosts: os_control_stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - /srv/private/ansible/vars.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  vars:
+
+  roles:
+    - role: openshift/project
+      app: flatpak-cache
+      description: "Flatpak Cache"
+      appowners:
+        - leo
+      tags:
+        - apply-appowners
+
+    - role: openshift/object
+      app: flatpak-cache
+      file: imagestream.yml
+      objectname: imagestream.yml
+
+    - role: openshift/object
+      app: flatpak-cache
+      template: buildconfig.yml
+      objectname: buildconfig.yml
+
+    - role: openshift/object
+      app: flatpak-cache
+      file: storage.yml
+      objectname: storage.yml
+
+    - role: openshift/object
+      app: flatpak-cache
+      template: configmap.yml
+      objectname: configmap.yml
+
+    - role: openshift/object
+      app: flatpak-cache
+      file: service.yml
+      objectname: service.yml
+
+    # Routes
+    - role: openshift/route
+      app: flatpak-cache
+      routename: web
+      host: "flatpak-cache.apps.ocp{{ env_suffix }}.fedoraproject.org"
+      servicename: web
+      serviceport: web
+      annotations:
+        haproxy.router.openshift.io/timeout: 5m
+
+    - role: openshift/object
+      app: flatpak-cache
+      template: deployment.yml
+      objectname: deployment.yml
diff --git a/roles/openshift-apps/flatpak-cache/files/imagestream.yml b/roles/openshift-apps/flatpak-cache/files/imagestream.yml
new file mode 100644
index 0000000000..4f131f77bd
--- /dev/null
+++ b/roles/openshift-apps/flatpak-cache/files/imagestream.yml
@@ -0,0 +1,10 @@
+apiVersion: image.openshift.io/v1
+items:
+- apiVersion: image.openshift.io/v1
+  kind: ImageStream
+  metadata:
+    name: flatpak-cache
+    labels:
+      build: flatpak-cache
+kind: List
+metadata: {}
diff --git a/roles/openshift-apps/flatpak-cache/files/service.yml b/roles/openshift-apps/flatpak-cache/files/service.yml
new file mode 100644
index 0000000000..a759db3ed0
--- /dev/null
+++ b/roles/openshift-apps/flatpak-cache/files/service.yml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: flatpak-cache
+  labels:
+    app: flatpak-cache
+    service: flatpak-cache
+  namespace: flatpak-cache
+spec:
+  ports:
+    - name: web
+      port: 80
+      targetPort: 8080
+  selector:
+    deploymentconfig: flatpak-cache
diff --git a/roles/openshift-apps/flatpak-cache/files/storage.yml b/roles/openshift-apps/flatpak-cache/files/storage.yml
new file mode 100644
index 0000000000..9285caa099
--- /dev/null
+++ b/roles/openshift-apps/flatpak-cache/files/storage.yml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 20Gi
+  storageClassName: ocs-storagecluster-cephfs
diff --git a/roles/openshift-apps/flatpak-cache/templates/buildconfig.yml b/roles/openshift-apps/flatpak-cache/templates/buildconfig.yml
new file mode 100644
index 0000000000..e4b9930961
--- /dev/null
+++ b/roles/openshift-apps/flatpak-cache/templates/buildconfig.yml
@@ -0,0 +1,41 @@
+---
+apiVersion: build.openshift.io/v1
+items:
+- apiVersion: build.openshift.io/v1
+  kind: BuildConfig
+  metadata:
+    labels:
+      build: flatpak-cache-build
+    name: flatpak-cache-build
+  spec:
+    runPolicy: Serial
+    source:
+      dockerfile: |-
+        FROM fedora:39
+        LABEL \
+          name="flatpak-cache" \
+          vendor="Fedora Infrastructure" \
+          license="MIT"
+        RUN dnf install -y \
+                gettext \
+                hostname \
+                nss_wrapper \
+                bind-utils \
+                varnish && \
+            dnf autoremove -y && \
+            dnf clean all -y
+        EXPOSE 80
+      type: Dockerfile
+    strategy:
+      type: Docker
+      dockerStrategy:
+        noCache: true
+    output:
+      to:
+        kind: ImageStreamTag
+        name: flatpak-cache:latest
+    triggers:
+    - type: ImageChange
+    - type: ConfigChange
+kind: List
+metadata: {}
diff --git a/roles/openshift-apps/flatpak-cache/templates/configmap.yml b/roles/openshift-apps/flatpak-cache/templates/configmap.yml
new file mode 100644
index 0000000000..c03aad7b06
--- /dev/null
+++ b/roles/openshift-apps/flatpak-cache/templates/configmap.yml
@@ -0,0 +1,17 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: List
+metadata: {}
+items:
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: flatpak-cache-configmap
+    labels:
+      app: flatpak-cache
+  data:
+    flatpak-cache.vcl: |-
+      {{ load_file('flatpak-cache.vcl') | indent(6) }}
+    start.sh: |-
+      {{ load_file('start.sh') | indent(6) }}
diff --git a/roles/openshift-apps/flatpak-cache/templates/deployment.yml b/roles/openshift-apps/flatpak-cache/templates/deployment.yml
new file mode 100644
index 0000000000..440cfb16d4
--- /dev/null
+++ b/roles/openshift-apps/flatpak-cache/templates/deployment.yml
@@ -0,0 +1,55 @@
+- apiVersion: apps/v1
+  kind: Deployment
+  metadata:
+    labels:
+      app: flatpak-cache
+      app.kubernetes.io/component: flatpak-cache
+      app.kubernetes.io/instance: flatpak-cache
+      app.kubernetes.io/name: flatpak-cache
+      app.kubernetes.io/part-of: flatpak-cache-app
+    name: flatpak-cache
+  spec:
+    progressDeadlineSeconds: 600
+    replicas: 1
+    revisionHistoryLimit: 10
+    selector:
+      matchLabels:
+        app: flatpak-cache
+    strategy:
+      type: Recreate
+    template:
+      metadata:
+        creationTimestamp: null
+        labels:
+          app: flatpak-cache
+          deployment: flatpak-cache
+      spec:
+        containers:
+        - env:
+          volumeMounts:
+          - name: config-volume
+            mountPath: /etc/varnish
+            readOnly: true
+          - name: data
+            mountPath: /srv
+          imagePullPolicy: Always
+          name: flatpak-cache
+          command:
+            - bash
+          args:
+            - /etc/varnish/start.sh
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+        dnsPolicy: ClusterFirst
+        restartPolicy: Always
+        schedulerName: default-scheduler
+        securityContext: {}
+        terminationGracePeriodSeconds: 30
+        volumes:
+        - name: config-volume
+          configMap:
+            name: flatpak-cache-configmap
+        - name: data
+          persistentVolumeClaim:
+            claimName: data
diff --git a/roles/openshift-apps/flatpak-cache/templates/flatpak-cache.vcl b/roles/openshift-apps/flatpak-cache/templates/flatpak-cache.vcl
new file mode 100644
index 0000000000..c41328f81f
--- /dev/null
+++ b/roles/openshift-apps/flatpak-cache/templates/flatpak-cache.vcl
@@ -0,0 +1,35 @@
+vcl 4.1;
+
+import std;
+
+acl whitelist {
+    "localhost";
+    "10.3.174.52";
+    "10.3.174.61";
+    "10.3.174.62";
+    "10.3.174.63";
+    "10.3.174.64";
+    "10.3.174.57";
+    "10.3.174.42";
+    "10.3.174.43";
+    "10.3.174.21";
+    "10.3.174.22";
+    "10.3.174.23";
+    "10.3.174.24";
+    "10.3.174.25";
+    "10.3.174.26";
+}
+
+backend default {
+    .host = "dl.flathub.org";
+    .port = "80";
+}
+
+sub vcl_recv {
+    set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", "");
+    if (std.ip(req.http.X-Actual-IP, "0.0.0.0") !~ whitelist && client.ip !~ whitelist) {
+        return (pass);
+        # return(synth(403, "Access denied."));
+    }
+    set req.http.Host = "dl.flathub.org";
+}
diff --git a/roles/openshift-apps/flatpak-cache/templates/start.sh b/roles/openshift-apps/flatpak-cache/templates/start.sh
new file mode 100644
index 0000000000..27dbd809a8
--- /dev/null
+++ b/roles/openshift-apps/flatpak-cache/templates/start.sh
@@ -0,0 +1,6 @@
+exec varnishd \
+  -F \
+  -f /etc/varnish/flatpak-cache.vcl
+  -a :8080
+  -t 120
+  -s file,/srv/varnish_storage.bin,20G