From 4f96e11667921ca982efc8dbe8015d78520a92f6 Mon Sep 17 00:00:00 2001 From: saibotk Date: Thu, 1 Apr 2021 23:43:20 +0200 Subject: [PATCH] Remove unicorns_website role This role is unused and not maintained anymore. --- playbooks/unicorns_website.yml | 38 ------- roles/unicorns_website/README.md | 35 ------- roles/unicorns_website/defaults/main.yml | 68 ------------- roles/unicorns_website/meta/main.yml | 17 ---- roles/unicorns_website/tasks/main.yml | 86 ---------------- .../templates/.env.production | 41 -------- .../templates/docker-compose.yml | 98 ------------------- 7 files changed, 383 deletions(-) delete mode 100644 playbooks/unicorns_website.yml delete mode 100644 roles/unicorns_website/README.md delete mode 100644 roles/unicorns_website/defaults/main.yml delete mode 100644 roles/unicorns_website/meta/main.yml delete mode 100644 roles/unicorns_website/tasks/main.yml delete mode 100644 roles/unicorns_website/templates/.env.production delete mode 100644 roles/unicorns_website/templates/docker-compose.yml diff --git a/playbooks/unicorns_website.yml b/playbooks/unicorns_website.yml deleted file mode 100644 index 4771985..0000000 --- a/playbooks/unicorns_website.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -- hosts: unicorns_website - roles: - - docker - - docker_compose - - docker_cleanup - - traefik - environment: - PYTHONPATH: /opt/ansible-dependencies/lib/python2.7/site-packages - tasks: - - name: Login to docker registry - docker_login: - registry: registry.git.saibotk.de - username: "{{ unicorns_website_registry_username }}" - password: "{{ unicorns_website_registry_password }}" - reauthorize: true - changed_when: false - become: true - - - include_role: - name: unicorns_website diff --git a/roles/unicorns_website/README.md b/roles/unicorns_website/README.md deleted file mode 100644 index b1b45c7..0000000 --- a/roles/unicorns_website/README.md +++ /dev/null @@ -1,35 +0,0 @@ -Unicorns Website -================ - -This will deploy the https://the-rainbow-unicorns.de website using the docker container and traefik as a reverse proxy. - -Requirements ------------- - -You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles. - -**This role assumes that you have setup traefik with an endpoint called `websecure`.** - -Role Variables --------------- - -**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.** - -**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!** - -### Global variables, that are used: - -- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional) -- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional) - -Dependencies ------------- - -- docker -- docker-compose -- traefik - -License -------- - -GPL-3.0-only diff --git a/roles/unicorns_website/defaults/main.yml b/roles/unicorns_website/defaults/main.yml deleted file mode 100644 index 612b7f1..0000000 --- a/roles/unicorns_website/defaults/main.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -# Default variables for the unicorns_website role - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# The install locations -unicorns_website_install_location: /srv/unicorns-website -unicorns_website_env_location: "{{ unicorns_website_install_location }}/env" -unicorns_website_database_location: "{{ unicorns_website_install_location }}/database" -unicorns_website_redis_location: "{{ unicorns_website_install_location }}/redis" -unicorns_website_storage_location: "{{ unicorns_website_install_location }}/storage" - -# The docker image/version -unicorns_website_image: registry.git.saibotk.de/rainbow-unicorns/website -unicorns_website_image_version: "latest" - -# The redis/database image versions/tags -unicorns_website_redis_image_version: "6.0.5" -unicorns_website_database_image_version: "9.6.18" - -# The SELinux levels for the containers/folders -unicorns_website_selinux_level: "{{ omit }}" - -# The domain for traefik to serve this on -unicorns_website_traefik_domain: www.example.com - -# The certresolver for traefik to use on this domain -unicorns_website_traefik_certresolver: letsencrypt_http - -# The database credentials -# ! CHANGE THEM TO INCREASE SECURITY -unicorns_website_database_name: "laravel" -unicorns_website_database_user: "laravel" -unicorns_website_database_password: "laravel" - -# The application encryption key (can be generated with `artisan key:generate`) -unicorns_website_app_key: - -# The JWT secret key (can be generated with `artisan passport:install`) -unicorns_website_jwt_secret: - -# The Steam OAuth credentials -unicorns_website_steam_key: "" -unicorns_website_steam_secret: "" - -# SMTP settings for the application -unicorns_website_mail: - host: "" - port: "" - username: "" - password: "" - encryption: "" - from_name: "" - from_address: "" diff --git a/roles/unicorns_website/meta/main.yml b/roles/unicorns_website/meta/main.yml deleted file mode 100644 index f953927..0000000 --- a/roles/unicorns_website/meta/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -galaxy_info: - author: saibotk - description: Deploys the unicorns website. - license: GPL-3.0-only - min_ansible_version: 2.9 - - platforms: - - name: CentOS - versions: - - 7 - - galaxy_tags: [] - -dependencies: - - docker - - docker_compose - - traefik diff --git a/roles/unicorns_website/tasks/main.yml b/roles/unicorns_website/tasks/main.yml deleted file mode 100644 index 35fd01e..0000000 --- a/roles/unicorns_website/tasks/main.yml +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Tasks file for the unicorns_website role - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -- name: Update default SELinux contexts - sefcontext: - target: '{{ item }}(/.*)?' - setype: "container_file_t" - selevel: "{{ unicorns_website_selinux_level }}" - state: present - with_items: - - "{{ unicorns_website_env_location }}" - - "{{ unicorns_website_storage_location }}" - - "{{ unicorns_website_redis_location }}" - - "{{ unicorns_website_database_location }}" - become: true - -- name: Create install directory - file: - path: "{{ item }}" - state: directory - mode: '0700' - owner: 'root' - group: 'root' - with_items: - - "{{ unicorns_website_install_location }}" - become: true - -- name: Create data directory - file: # noqa risky-file-permissions # Container manages permissions on its own - path: "{{ item }}" - state: directory - setype: "container_file_t" - selevel: "{{ unicorns_website_selinux_level }}" - with_items: - - "{{ unicorns_website_env_location }}" - - "{{ unicorns_website_storage_location }}" - - "{{ unicorns_website_redis_location }}" - - "{{ unicorns_website_database_location }}" - become: true - -- name: Deploy docker-compose.yml - template: - src: docker-compose.yml - dest: "{{ unicorns_website_install_location }}/docker-compose.yml" - mode: '0600' - owner: 'root' - group: 'root' - validate: docker-compose -f %s config -q - tags: - - docker - become: true - -- name: Deploy .env.production - template: - src: .env.production - dest: "{{ unicorns_website_env_location }}/.env" - mode: '0600' - setype: "container_file_t" - selevel: "{{ unicorns_website_selinux_level | default(omit) }}" - become: true - -- name: Compose unicorns website - docker_compose: - state: present - project_src: "{{ unicorns_website_install_location }}" - pull: true - remove_orphans: true - tags: - - docker - become: true diff --git a/roles/unicorns_website/templates/.env.production b/roles/unicorns_website/templates/.env.production deleted file mode 100644 index 452e437..0000000 --- a/roles/unicorns_website/templates/.env.production +++ /dev/null @@ -1,41 +0,0 @@ -APP_NAME="The Rainbow Unicorns" -APP_ENV=production -APP_KEY={{ unicorns_website_app_key }} -APP_DEBUG=false -APP_URL=https://{{ unicorns_website_traefik_domain }} - -TRUSTED_PROXIES='172.16.0.0/12' - -LOG_CHANNEL=stack - -DB_CONNECTION=pgsql -DB_HOST=database -DB_PORT=5432 -DB_DATABASE={{ unicorns_website_database_name }} -DB_USERNAME={{ unicorns_website_database_user }} -DB_PASSWORD={{ unicorns_website_database_password }} - -BROADCAST_DRIVER=log -CACHE_DRIVER=redis -QUEUE_CONNECTION=redis -SESSION_DRIVER=redis -SESSION_LIFETIME=360 - -REDIS_HOST=redis -REDIS_PASSWORD=null -REDIS_PORT=6379 - -MAIL_DRIVER=smtp -MAIL_HOST={{ unicorns_website_mail.host }} -MAIL_PORT={{ unicorns_website_mail.port }} -MAIL_USERNAME={{ unicorns_website_mail.username }} -MAIL_PASSWORD={{ unicorns_website_mail.password }} -MAIL_ENCRYPTION={{ unicorns_website_mail.encryption }} -MAIL_FROM_NAME="{{ unicorns_website_mail.from_name }}" -MAIL_FROM_ADDRESS={{ unicorns_website_mail.from_address }} - -STEAM_KEY={{ unicorns_website_steam_key }} -STEAM_SECRET={{ unicorns_website_steam_secret }} -STEAM_REDIRECT_URI=https://{{ unicorns_website_traefik_domain }}/auth/social/steam/callback - -JWT_SECRET={{ unicorns_website_jwt_secret }} diff --git a/roles/unicorns_website/templates/docker-compose.yml b/roles/unicorns_website/templates/docker-compose.yml deleted file mode 100644 index 885cb25..0000000 --- a/roles/unicorns_website/templates/docker-compose.yml +++ /dev/null @@ -1,98 +0,0 @@ -{{ ansible_managed | comment }} - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -version: '2' -services: - - database: - image: docker.io/library/postgres:{{ unicorns_website_database_image_version }} - mem_limit: 256mb - memswap_limit: 512mb - read_only: true -{% if unicorns_website_selinux_level != omit %} - security_opt: - - label=level:{{ unicorns_website_selinux_level }} -{% endif %} - tmpfs: - - /run/postgresql:size=512K - - /tmp:size=128K - stop_grace_period: 2m - stop_signal: SIGINT - environment: - - POSTGRES_USER={{ unicorns_website_database_user }} - - POSTGRES_PASSWORD={{ unicorns_website_database_password }} - - POSTGRES_DB={{ unicorns_website_database_name }} - volumes: - - {{ unicorns_website_database_location }}:/var/lib/postgresql/data - networks: - backend: - restart: always - - redis: - image: docker.io/library/redis:{{ unicorns_website_redis_image_version }} - mem_limit: 512mb - memswap_limit: 768mb -{% if unicorns_website_selinux_level != omit %} - security_opt: - - label=level:{{ unicorns_website_selinux_level }} -{% endif %} - networks: - backend: - volumes: - - {{ unicorns_website_redis_location }}:/data - restart: always - - web: - image: {{ unicorns_website_image }}:{{ unicorns_website_image_version }} - restart: always - depends_on: - - "database" - - "redis" -{% if unicorns_website_selinux_level != omit %} - security_opt: - - label=level:{{ unicorns_website_selinux_level }} -{% endif %} - networks: - backend: -{% if proxy_network is defined %} - {{ proxy_network }}: -{% endif %} - volumes: - - {{ unicorns_website_env_location }}:/var/www/html/env - - {{ unicorns_website_storage_location }}:/var/www/html/webapp/storage - labels: - - "traefik.http.routers.unicorns-website.rule=Host(`{{ unicorns_website_traefik_domain }}`) && PathPrefix(`/`)" - - "traefik.http.routers.unicorns-website.entrypoints=websecure" - - "traefik.http.routers.unicorns-website.tls=true" - - "traefik.http.routers.unicorns-website.tls.certresolver={{ unicorns_website_traefik_certresolver }}" - - "traefik.http.routers.unicorns-website.middlewares=unicorns-website,compress" - - - "traefik.http.middlewares.unicorns-website.headers.sslredirect=true" - - "traefik.http.middlewares.unicorns-website.headers.stsSeconds=63072000" - - - "traefik.enable=true" -{% if proxy_network is defined %} - - "traefik.docker.network={{ proxy_network }}" -{% endif %} - -networks: - backend: -{% if proxy_network is defined %} - {{ proxy_network }}: - external: true -{% endif %}