feat: add metabase role

2026-06-03 10:01:00 +02:00
parent d976a9d701
commit 2f3eebd422
8 changed files with 296 additions and 0 deletions
@@ -0,0 +1,15 @@
+[Unit]
+Description=Metabase BI Server
+
+[Service]
+Type=notify
+NotifyAccess=all
+WorkingDirectory={{ podman_projects_dir }}/metabase
+ExecStart=/usr/bin/podman kube play --replace --service-container=true --network=pasta:--map-host-loopback={{ podman_gw_gateway }} metabase.yaml
+ExecStop=/usr/bin/podman kube down metabase.yaml
+Restart=on-failure
+RestartSec=10
+TimeoutStartSec=180
+
+[Install]
+WantedBy=default.target
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: metabase
+spec:
+  containers:
+    - name: server
+      image: {{ metabase_image }}:{{ metabase_version }}
+      ports:
+        - containerPort: 3000
+          hostPort: {{ metabase_port }}
+      env:
+        - name: MB_DB_TYPE
+          value: postgres
+        - name: MB_DB_DBNAME
+          value: "{{ metabase_postgres_db_name }}"
+        - name: MB_DB_PORT
+          value: "{{ metabase_postgres_port }}"
+        - name: MB_DB_USER
+          value: "{{ metabase_postgres_user }}"
+        - name: MB_DB_PASS
+          value: "{{ metabase_postgres_password }}"
+        - name: MB_DB_HOST
+          value: "{{ metabase_postgres_host }}"
+        - name: JAVA_TIMEZONE
+          value: "{{ metabase_timezone }}"
+      volumeMounts:
+        - name: localtime
+          mountPath: /etc/localtime
+          readOnly: true
+      livenessProbe:
+        httpGet:
+          path: /api/health
+          port: 3000
+        initialDelaySeconds: 90
+        periodSeconds: 30
+        timeoutSeconds: 10
+        failureThreshold: 3
+      restartPolicy: Never
+  volumes:
+    - name: localtime
+      hostPath: { path: /etc/localtime, type: File }
@@ -0,0 +1,49 @@
+# Metabase vhost
+# Managed by Ansible - DO NOT EDIT MANUALLY
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ metabase_nginx_hostname }};
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    server_name {{ metabase_nginx_hostname }};
+
+    ssl_certificate     /etc/letsencrypt/live/{{ metabase_nginx_hostname }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ metabase_nginx_hostname }}/privkey.pem;
+    ssl_protocols {{ nginx_ssl_protocols | default('TLSv1.3') }};
+    ssl_prefer_server_ciphers on;
+
+{% if nginx_log_backend | default('journald') == 'journald' %}
+    access_log syslog:server=unix:/dev/log,nohostname,tag=nginx_metabase;
+    error_log  syslog:server=unix:/dev/log,nohostname,tag=nginx_metabase;
+{% else %}
+    access_log /var/log/nginx/{{ metabase_nginx_hostname }}_access.log main;
+    error_log  /var/log/nginx/{{ metabase_nginx_hostname }}_error.log;
+{% endif %}
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ metabase_port }};
+        proxy_set_header Host              $http_host;
+        proxy_set_header X-Real-IP         $remote_addr;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade    $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 60s;
+        proxy_read_timeout    600s;
+        proxy_send_timeout    600s;
+    }
+}