Move CodiMD to Docker

This commit is contained in:
Alexandre Iooss 2019-07-22 19:14:43 +02:00
parent 9a35650166
commit a45ca1a890
No known key found for this signature in database
GPG key ID: 6C79278F3FCDCC02
14 changed files with 42 additions and 250 deletions

View file

@ -10,8 +10,6 @@ ldap_master_uri: "ldap://{{ ldap_master_ipv4 }}"
ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}" ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}"
ldap_nslcd_bind_dn: "cn=nslcd,ou=service-users,{{ ldap_base }}" ldap_nslcd_bind_dn: "cn=nslcd,ou=service-users,{{ ldap_base }}"
ldap_nslcd_passwd: "{{ vault_ldap_nslcd_passwd }}" ldap_nslcd_passwd: "{{ vault_ldap_nslcd_passwd }}"
ldap_codimd_bind_dn: "cn=codimd,ou=service-users,{{ ldap_base }}"
ldap_codimd_password: "{{ vault_ldap_codimd_password }}"
ldap_matrix_bind_dn: "cn=matrix,ou=service-users,{{ ldap_base }}" ldap_matrix_bind_dn: "cn=matrix,ou=service-users,{{ ldap_base }}"
ldap_matrix_password: "{{ vault_ldap_matrix_password }}" ldap_matrix_password: "{{ vault_ldap_matrix_password }}"
ldap_replica_password: "{{ vault_ldap_replica_password }}" ldap_replica_password: "{{ vault_ldap_replica_password }}"

2
hosts
View file

@ -9,9 +9,7 @@
horus.adm.auro.re horus.adm.auro.re
[ovh-container] [ovh-container]
riot.adm.auro.re
synapse.adm.auro.re synapse.adm.auro.re
codimd.adm.auro.re
services-bdd.adm.auro.re services-bdd.adm.auro.re
phabricator.adm.auro.re phabricator.adm.auro.re
wiki.adm.auro.re wiki.adm.auro.re

View file

@ -1,34 +0,0 @@
---
# Install NGINX with reverse proxy conf
- hosts: proxy.adm.auro.re
vars:
reversed_proxy_subdomains:
- name: re2o
from: re2o.auro.re
to: re2o-server.adm.auro.re
- name: intranet
from: intranet.auro.re
to: re2o-server.adm.auro.re
- name: pad
from: pad.auro.re
to: pad.adm.auro.re:9001
- name: phabricator
from: phabricator.auro.re
to: phabricator.adm.auro.re
- name: wiki
from: wiki.auro.re
to: wiki.adm.auro.re
- name: www
from: www.auro.re
to: www.adm.auro.re
- name: re2o-test
from: re2o-test.auro.re
to: re2o-test.adm.auro.re
- name: riot
from: riot.auro.re
to: riot.adm.auro.re
- name: codimd
from: codimd.auro.re
to: codimd.adm.auro.re:8080
roles:
- nginx-reverse-proxy

View file

@ -1,5 +0,0 @@
---
# Deploy Passbolt
- hosts: passbolt.adm.auro.re
roles:
- passbolt

View file

@ -1,15 +0,0 @@
---
# service_name is the name of the project on GitHub
service_name: codimd
# URL to clone
service_repo: https://github.com/hackmdio/codimd.git
# name of the service user
# It means that you will have to `sudo -u THISUSER zsh` to debug
service_user: "{{ service_name }}"
service_homedir: "/var/local/{{ service_name }}"
# service_path is where the project is cloned
# It can't be the home directory because of user hidden files.
service_path: "{{ service_homedir }}/{{ service_name }}"

View file

@ -1,9 +0,0 @@
---
# Build front-end bundle
# This can take very long and requires > 2GB of RAM
- name: Build front-end for CodiMD
command: yarn run build
args:
chdir: /var/local/codimd/codimd
become: true
become_user: codimd

View file

@ -1,34 +0,0 @@
---
# For HTTPS apt
- name: Install HTTPS apt
apt:
update_cache: true
name: apt-transport-https
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Configure the apt key
apt_key:
url: https://dl.yarnpkg.com/debian/pubkey.gpg
id: 1646B01B86E50310
state: present
register: apt_key_result
retries: 3
until: apt_key_result is succeeded
- name: Configure Yarn repository
apt_repository:
repo: deb https://dl.yarnpkg.com/debian/ stable main
state: present
# Install CodiMD dependencies
- name: Install required packages
apt:
update_cache: true
name: yarn
state: present
register: apt_result
retries: 3
until: apt_result is succeeded

View file

@ -1,60 +0,0 @@
---
# Install APT dependencies
- include_tasks: 0_apt_dependencies.yml
# Create service user
- include_tasks: service_user.yml
- name: "Clone {{ service_name }} project"
git:
repo: "{{ service_repo }}"
dest: "{{ service_path }}"
version: 1.3.0
become: true
become_user: "{{ service_user }}"
notify: Build front-end for CodiMD
# Setup dependencies
- name: "Install {{ service_name }} dependencies"
yarn:
path: "{{ service_path }}"
production: true
become: true
become_user: "{{ service_user }}"
register: yarn_result
retries: 3
until: yarn_result is succeeded
# Connection to database
- name: Connect CodiMD to PostgreSQL db
template:
src: sequelizerc.j2
dest: "{{ service_path }}/.sequelizerc"
owner: "{{ service_user }}"
group: nogroup
mode: 0600
- name: "Configure {{ service_name }}"
template:
src: config.json.j2
dest: "{{ service_path }}/config.json"
owner: "{{ service_user }}"
group: nogroup
mode: 0600
# Service file
- name: "Install {{ service_name }} systemd unit"
template:
src: systemd/codimd.service.j2
dest: "/etc/systemd/system/{{ service_name }}.service"
owner: root
group: root
mode: 0644
# Run
- name: "Ensure that {{ service_name }} is started"
systemd:
name: "{{ service_name }}"
state: started
enabled: true
daemon_reload: true

View file

@ -1,19 +0,0 @@
---
# Having a custom group is useless so use nogroup
- name: "Create {{ service_user }} user"
user:
name: "{{ service_user }}"
group: nogroup
home: "{{ service_homedir }}"
system: true
shell: /bin/false
state: present
# Only service user should be able to go there
- name: "Secure {{ service_user }} home directory"
file:
path: "{{ service_homedir }}"
state: directory
owner: "{{ service_user }}"
group: nogroup
mode: 0700

View file

@ -1,5 +0,0 @@
# {{ ansible_managed }}
Package: node* libuv1*
Pin: release a=stretch-backports
Pin-Priority: 600

View file

@ -1,39 +0,0 @@
{
"production": {
"domain": "codimd.auro.re",
"debug": false,
"port": 8080,
"useSSL": false,
"protocolUseSSL": true,
"useCDN": false,
"csp": {
"enable": true,
"directives": {
},
"upgradeInsecureRequests": "auto",
"addDefaults": true
},
"db": {
"username": "codimd",
"password": "{{ postgresql_codimd_passwd }}",
"database": "codimd",
"host": "{{ postgresql_services_url }}",
"port": "5432",
"dialect": "postgres"
},
"email": false,
"ldap": {
"url": "{{ ldap_master_uri }}",
"bindDn": "{{ ldap_codimd_bind_dn }}",
"bindCredentials": "{{ ldap_codimd_password }}",
"searchBase": "cn=Utilisateurs,dc=auro,dc=re",
"searchFilter": "(uid={% raw %}{{username}}{% endraw %})",
"searchAttributes": ["uid", "givenName", "mail"],
"usernameField": "uid",
"useridField": "uid",
"providerName": "Compte Aurore"
},
"allowFreeURL": true
}
}

View file

@ -1,8 +0,0 @@
var path = require('path');
module.exports = {
'config': path.resolve('config.json'),
'migrations-path': path.resolve('lib', 'migrations'),
'models-path': path.resolve('lib', 'models'),
'url': 'postgres://codimd:{{ postgresql_codimd_passwd }}@{{ postgresql_services_url }}:5432/codimd'
}

View file

@ -1,18 +0,0 @@
# {{ ansible_managed }}
[Unit]
Description=CodiMD
After=syslog.target network-online.target mysql.service postgresql.service
Conflicts=shutdown.target
[Service]
Type=simple
User={{ service_user }}
WorkingDirectory={{ service_path }}
Environment="NODE_ENV=production"
ExecStart=/usr/bin/nodejs ./app.js
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target

View file

@ -3,3 +3,45 @@
- hosts: docker-ovh.adm.auro.re - hosts: docker-ovh.adm.auro.re
roles: roles:
- docker - docker
# Deploy Passbolt
- hosts: passbolt.adm.auro.re
roles:
- passbolt
# Install NGINX with reverse proxy conf
- hosts: proxy.adm.auro.re
vars:
reversed_proxy_subdomains:
- name: re2o
from: re2o.auro.re
to: re2o-server.adm.auro.re
- name: intranet
from: intranet.auro.re
to: re2o-server.adm.auro.re
- name: pad
from: pad.auro.re
to: pad.adm.auro.re:9001
- name: phabricator
from: phabricator.auro.re
to: phabricator.adm.auro.re
- name: wiki
from: wiki.auro.re
to: wiki.adm.auro.re
- name: www
from: www.auro.re
to: www.adm.auro.re
- name: re2o-test
from: re2o-test.auro.re
to: re2o-test.adm.auro.re
- name: riot
from: riot.auro.re
to: docker-ovh.adm.auro.re:8080
- name: codimd
from: codimd.auro.re
to: docker-ovh.adm.auro.re:8081
- name: grafana
from: grafana.auro.re
to: docker-ovh.adm.auro.re:8082
roles:
- nginx-reverse-proxy