diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 45601b8..d466fcd 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -10,8 +10,6 @@ ldap_master_uri: "ldap://{{ ldap_master_ipv4 }}" ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}" ldap_nslcd_bind_dn: "cn=nslcd,ou=service-users,{{ ldap_base }}" ldap_nslcd_passwd: "{{ vault_ldap_nslcd_passwd }}" -ldap_codimd_bind_dn: "cn=codimd,ou=service-users,{{ ldap_base }}" -ldap_codimd_password: "{{ vault_ldap_codimd_password }}" ldap_matrix_bind_dn: "cn=matrix,ou=service-users,{{ ldap_base }}" ldap_matrix_password: "{{ vault_ldap_matrix_password }}" ldap_replica_password: "{{ vault_ldap_replica_password }}" diff --git a/hosts b/hosts index 4c21064..55337e4 100644 --- a/hosts +++ b/hosts @@ -9,9 +9,7 @@ horus.adm.auro.re [ovh-container] -riot.adm.auro.re synapse.adm.auro.re -codimd.adm.auro.re services-bdd.adm.auro.re phabricator.adm.auro.re wiki.adm.auro.re diff --git a/nginx-reverse-proxy.yml b/nginx-reverse-proxy.yml deleted file mode 100644 index 426e66b..0000000 --- a/nginx-reverse-proxy.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Install NGINX with reverse proxy conf -- hosts: proxy.adm.auro.re - vars: - reversed_proxy_subdomains: - - name: re2o - from: re2o.auro.re - to: re2o-server.adm.auro.re - - name: intranet - from: intranet.auro.re - to: re2o-server.adm.auro.re - - name: pad - from: pad.auro.re - to: pad.adm.auro.re:9001 - - name: phabricator - from: phabricator.auro.re - to: phabricator.adm.auro.re - - name: wiki - from: wiki.auro.re - to: wiki.adm.auro.re - - name: www - from: www.auro.re - to: www.adm.auro.re - - name: re2o-test - from: re2o-test.auro.re - to: re2o-test.adm.auro.re - - name: riot - from: riot.auro.re - to: riot.adm.auro.re - - name: codimd - from: codimd.auro.re - to: codimd.adm.auro.re:8080 - roles: - - nginx-reverse-proxy diff --git a/passbolt.yml b/passbolt.yml deleted file mode 100644 index 32f7216..0000000 --- a/passbolt.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# Deploy Passbolt -- hosts: passbolt.adm.auro.re - roles: - - passbolt diff --git a/roles/codimd/defaults/main.yml b/roles/codimd/defaults/main.yml deleted file mode 100644 index b90bf62..0000000 --- a/roles/codimd/defaults/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# service_name is the name of the project on GitHub -service_name: codimd - -# URL to clone -service_repo: https://github.com/hackmdio/codimd.git - -# name of the service user -# It means that you will have to `sudo -u THISUSER zsh` to debug -service_user: "{{ service_name }}" -service_homedir: "/var/local/{{ service_name }}" - -# service_path is where the project is cloned -# It can't be the home directory because of user hidden files. -service_path: "{{ service_homedir }}/{{ service_name }}" diff --git a/roles/codimd/handlers/main.yml b/roles/codimd/handlers/main.yml deleted file mode 100644 index 76f5f7b..0000000 --- a/roles/codimd/handlers/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# Build front-end bundle -# This can take very long and requires > 2GB of RAM -- name: Build front-end for CodiMD - command: yarn run build - args: - chdir: /var/local/codimd/codimd - become: true - become_user: codimd diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml deleted file mode 100644 index c698390..0000000 --- a/roles/codimd/tasks/0_apt_dependencies.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# For HTTPS apt -- name: Install HTTPS apt - apt: - update_cache: true - name: apt-transport-https - state: present - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Configure the apt key - apt_key: - url: https://dl.yarnpkg.com/debian/pubkey.gpg - id: 1646B01B86E50310 - state: present - register: apt_key_result - retries: 3 - until: apt_key_result is succeeded - -- name: Configure Yarn repository - apt_repository: - repo: deb https://dl.yarnpkg.com/debian/ stable main - state: present - -# Install CodiMD dependencies -- name: Install required packages - apt: - update_cache: true - name: yarn - state: present - register: apt_result - retries: 3 - until: apt_result is succeeded diff --git a/roles/codimd/tasks/main.yml b/roles/codimd/tasks/main.yml deleted file mode 100644 index 54bb712..0000000 --- a/roles/codimd/tasks/main.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Install APT dependencies -- include_tasks: 0_apt_dependencies.yml - -# Create service user -- include_tasks: service_user.yml - -- name: "Clone {{ service_name }} project" - git: - repo: "{{ service_repo }}" - dest: "{{ service_path }}" - version: 1.3.0 - become: true - become_user: "{{ service_user }}" - notify: Build front-end for CodiMD - -# Setup dependencies -- name: "Install {{ service_name }} dependencies" - yarn: - path: "{{ service_path }}" - production: true - become: true - become_user: "{{ service_user }}" - register: yarn_result - retries: 3 - until: yarn_result is succeeded - -# Connection to database -- name: Connect CodiMD to PostgreSQL db - template: - src: sequelizerc.j2 - dest: "{{ service_path }}/.sequelizerc" - owner: "{{ service_user }}" - group: nogroup - mode: 0600 - -- name: "Configure {{ service_name }}" - template: - src: config.json.j2 - dest: "{{ service_path }}/config.json" - owner: "{{ service_user }}" - group: nogroup - mode: 0600 - -# Service file -- name: "Install {{ service_name }} systemd unit" - template: - src: systemd/codimd.service.j2 - dest: "/etc/systemd/system/{{ service_name }}.service" - owner: root - group: root - mode: 0644 - -# Run -- name: "Ensure that {{ service_name }} is started" - systemd: - name: "{{ service_name }}" - state: started - enabled: true - daemon_reload: true diff --git a/roles/codimd/tasks/service_user.yml b/roles/codimd/tasks/service_user.yml deleted file mode 100644 index 0818676..0000000 --- a/roles/codimd/tasks/service_user.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Having a custom group is useless so use nogroup -- name: "Create {{ service_user }} user" - user: - name: "{{ service_user }}" - group: nogroup - home: "{{ service_homedir }}" - system: true - shell: /bin/false - state: present - -# Only service user should be able to go there -- name: "Secure {{ service_user }} home directory" - file: - path: "{{ service_homedir }}" - state: directory - owner: "{{ service_user }}" - group: nogroup - mode: 0700 diff --git a/roles/codimd/templates/apt/nodejs.j2 b/roles/codimd/templates/apt/nodejs.j2 deleted file mode 100644 index 65e5110..0000000 --- a/roles/codimd/templates/apt/nodejs.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -Package: node* libuv1* -Pin: release a=stretch-backports -Pin-Priority: 600 diff --git a/roles/codimd/templates/config.json.j2 b/roles/codimd/templates/config.json.j2 deleted file mode 100644 index fc02978..0000000 --- a/roles/codimd/templates/config.json.j2 +++ /dev/null @@ -1,39 +0,0 @@ -{ - "production": { - "domain": "codimd.auro.re", - "debug": false, - "port": 8080, - "useSSL": false, - "protocolUseSSL": true, - "useCDN": false, - "csp": { - "enable": true, - "directives": { - }, - "upgradeInsecureRequests": "auto", - "addDefaults": true - }, - "db": { - "username": "codimd", - "password": "{{ postgresql_codimd_passwd }}", - "database": "codimd", - "host": "{{ postgresql_services_url }}", - "port": "5432", - "dialect": "postgres" - }, - "email": false, - "ldap": { - "url": "{{ ldap_master_uri }}", - "bindDn": "{{ ldap_codimd_bind_dn }}", - "bindCredentials": "{{ ldap_codimd_password }}", - "searchBase": "cn=Utilisateurs,dc=auro,dc=re", - "searchFilter": "(uid={% raw %}{{username}}{% endraw %})", - "searchAttributes": ["uid", "givenName", "mail"], - "usernameField": "uid", - "useridField": "uid", - "providerName": "Compte Aurore" - }, - "allowFreeURL": true - } -} - diff --git a/roles/codimd/templates/sequelizerc.j2 b/roles/codimd/templates/sequelizerc.j2 deleted file mode 100644 index e497bf6..0000000 --- a/roles/codimd/templates/sequelizerc.j2 +++ /dev/null @@ -1,8 +0,0 @@ -var path = require('path'); - -module.exports = { - 'config': path.resolve('config.json'), - 'migrations-path': path.resolve('lib', 'migrations'), - 'models-path': path.resolve('lib', 'models'), - 'url': 'postgres://codimd:{{ postgresql_codimd_passwd }}@{{ postgresql_services_url }}:5432/codimd' -} diff --git a/roles/codimd/templates/systemd/codimd.service.j2 b/roles/codimd/templates/systemd/codimd.service.j2 deleted file mode 100644 index 4b80a5b..0000000 --- a/roles/codimd/templates/systemd/codimd.service.j2 +++ /dev/null @@ -1,18 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Description=CodiMD -After=syslog.target network-online.target mysql.service postgresql.service -Conflicts=shutdown.target - -[Service] -Type=simple -User={{ service_user }} -WorkingDirectory={{ service_path }} -Environment="NODE_ENV=production" -ExecStart=/usr/bin/nodejs ./app.js -Restart=always -RestartSec=3 - -[Install] -WantedBy=multi-user.target diff --git a/services_web.yml b/services_web.yml index 024a3c4..ee9e4d1 100644 --- a/services_web.yml +++ b/services_web.yml @@ -3,3 +3,45 @@ - hosts: docker-ovh.adm.auro.re roles: - docker + +# Deploy Passbolt +- hosts: passbolt.adm.auro.re + roles: + - passbolt + +# Install NGINX with reverse proxy conf +- hosts: proxy.adm.auro.re + vars: + reversed_proxy_subdomains: + - name: re2o + from: re2o.auro.re + to: re2o-server.adm.auro.re + - name: intranet + from: intranet.auro.re + to: re2o-server.adm.auro.re + - name: pad + from: pad.auro.re + to: pad.adm.auro.re:9001 + - name: phabricator + from: phabricator.auro.re + to: phabricator.adm.auro.re + - name: wiki + from: wiki.auro.re + to: wiki.adm.auro.re + - name: www + from: www.auro.re + to: www.adm.auro.re + - name: re2o-test + from: re2o-test.auro.re + to: re2o-test.adm.auro.re + - name: riot + from: riot.auro.re + to: docker-ovh.adm.auro.re:8080 + - name: codimd + from: codimd.auro.re + to: docker-ovh.adm.auro.re:8081 + - name: grafana + from: grafana.auro.re + to: docker-ovh.adm.auro.re:8082 + roles: + - nginx-reverse-proxy