Remove unicorns_website role

This role is unused and not maintained anymore.
2021-04-01 23:43:20 +02:00 · 2021-04-01 23:43:20 +02:00 · 4f96e11667
commit 4f96e11667
parent 768bd5eed2
7 changed files with 0 additions and 383 deletions
--- a/playbooks/unicorns_website.yml
+++ b/playbooks/unicorns_website.yml
@ -1,38 +0,0 @@
 ---
 # Infrastructure
 # Ansible instructions to deploy the infrastructure
 # Copyright (C) 2020       Saibotk
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, version 3 of the License.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 - hosts: unicorns_website
  roles:
    - docker
    - docker_compose
    - docker_cleanup
    - traefik
  environment:
    PYTHONPATH: /opt/ansible-dependencies/lib/python2.7/site-packages
  tasks:
    - name: Login to docker registry
      docker_login:
        registry: registry.git.saibotk.de
        username: "{{ unicorns_website_registry_username }}"
        password: "{{ unicorns_website_registry_password }}"
        reauthorize: true
      changed_when: false
      become: true
    - include_role:
        name: unicorns_website
--- a/roles/unicorns_website/README.md
+++ b/roles/unicorns_website/README.md
@ -1,35 +0,0 @@
 Unicorns Website
 ================
 This will deploy the https://the-rainbow-unicorns.de website using the docker container and traefik as a reverse proxy.
 Requirements
 ------------
 You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles.
 **This role assumes that you have setup traefik with an endpoint called `websecure`.**
 Role Variables
 --------------
 **Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
 **Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**  
 ### Global variables, that are used:
 - `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional)
 - `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional)
 Dependencies
 ------------
 - docker
 - docker-compose
 - traefik
 License
 -------
 GPL-3.0-only
--- a/roles/unicorns_website/defaults/main.yml
+++ b/roles/unicorns_website/defaults/main.yml
@ -1,68 +0,0 @@
 ---
 # Default variables for the unicorns_website role
 # Infrastructure
 # Ansible instructions to deploy the infrastructure
 # Copyright (C) 2020       Saibotk
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, version 3 of the License.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 # The install locations
 unicorns_website_install_location: /srv/unicorns-website
 unicorns_website_env_location: "{{ unicorns_website_install_location }}/env"
 unicorns_website_database_location: "{{ unicorns_website_install_location }}/database"
 unicorns_website_redis_location: "{{ unicorns_website_install_location }}/redis"
 unicorns_website_storage_location: "{{ unicorns_website_install_location }}/storage"
 # The docker image/version
 unicorns_website_image: registry.git.saibotk.de/rainbow-unicorns/website
 unicorns_website_image_version: "latest"
 # The redis/database image versions/tags
 unicorns_website_redis_image_version: "6.0.5"
 unicorns_website_database_image_version: "9.6.18"
 # The SELinux levels for the containers/folders
 unicorns_website_selinux_level: "{{ omit }}"
 # The domain for traefik to serve this on
 unicorns_website_traefik_domain: www.example.com
 # The certresolver for traefik to use on this domain
 unicorns_website_traefik_certresolver: letsencrypt_http
 # The database credentials
 # ! CHANGE THEM TO INCREASE SECURITY
 unicorns_website_database_name: "laravel"
 unicorns_website_database_user: "laravel"
 unicorns_website_database_password: "laravel"
 # The application encryption key (can be generated with `artisan key:generate`)
 unicorns_website_app_key:
 # The JWT secret key (can be generated with `artisan passport:install`)
 unicorns_website_jwt_secret:
 # The Steam OAuth credentials
 unicorns_website_steam_key: ""
 unicorns_website_steam_secret: ""
 # SMTP settings for the application
 unicorns_website_mail:
  host: ""
  port: ""
  username: ""
  password: ""
  encryption: ""
  from_name: ""
  from_address: ""
--- a/roles/unicorns_website/meta/main.yml
+++ b/roles/unicorns_website/meta/main.yml
@ -1,17 +0,0 @@
 galaxy_info:
  author: saibotk
  description: Deploys the unicorns website.
  license: GPL-3.0-only
  min_ansible_version: 2.9
  platforms:
    - name: CentOS
      versions:
        - 7
  galaxy_tags: []
 dependencies:
  - docker
  - docker_compose
  - traefik
--- a/roles/unicorns_website/tasks/main.yml
+++ b/roles/unicorns_website/tasks/main.yml
@ -1,86 +0,0 @@
 ---
 # Tasks file for the unicorns_website role
 # Infrastructure
 # Ansible instructions to deploy the infrastructure
 # Copyright (C) 2020       Saibotk
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, version 3 of the License.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 - name: Update default SELinux contexts
  sefcontext:
    target: '{{ item }}(/.*)?'
    setype: "container_file_t"
    selevel: "{{ unicorns_website_selinux_level }}"
    state: present
  with_items:
    - "{{ unicorns_website_env_location }}"
    - "{{ unicorns_website_storage_location }}"
    - "{{ unicorns_website_redis_location }}"
    - "{{ unicorns_website_database_location }}"
  become: true
 - name: Create install directory
  file:
    path: "{{ item }}"
    state: directory
    mode: '0700'
    owner: 'root'
    group: 'root'
  with_items:
    - "{{ unicorns_website_install_location }}"
  become: true
 - name: Create data directory
  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
    selevel: "{{ unicorns_website_selinux_level }}"
  with_items:
    - "{{ unicorns_website_env_location }}"
    - "{{ unicorns_website_storage_location }}"
    - "{{ unicorns_website_redis_location }}"
    - "{{ unicorns_website_database_location }}"
  become: true
 - name: Deploy docker-compose.yml
  template:
    src: docker-compose.yml
    dest: "{{ unicorns_website_install_location }}/docker-compose.yml"
    mode: '0600'
    owner: 'root'
    group: 'root'
    validate: docker-compose -f %s config -q
  tags:
    - docker
  become: true
 - name: Deploy .env.production
  template:
    src: .env.production
    dest: "{{ unicorns_website_env_location }}/.env"
    mode: '0600'
    setype: "container_file_t"
    selevel: "{{ unicorns_website_selinux_level | default(omit) }}"
  become: true
 - name: Compose unicorns website
  docker_compose:
    state: present
    project_src: "{{ unicorns_website_install_location }}"
    pull: true
    remove_orphans: true
  tags:
    - docker
  become: true
--- a/roles/unicorns_website/templates/.env.production
+++ b/roles/unicorns_website/templates/.env.production
@ -1,41 +0,0 @@
 APP_NAME="The Rainbow Unicorns"
 APP_ENV=production
 APP_KEY={{ unicorns_website_app_key }}
 APP_DEBUG=false
 APP_URL=https://{{ unicorns_website_traefik_domain }}
 TRUSTED_PROXIES='172.16.0.0/12'
 LOG_CHANNEL=stack
 DB_CONNECTION=pgsql
 DB_HOST=database
 DB_PORT=5432
 DB_DATABASE={{ unicorns_website_database_name }}
 DB_USERNAME={{ unicorns_website_database_user }}
 DB_PASSWORD={{ unicorns_website_database_password }}
 BROADCAST_DRIVER=log
 CACHE_DRIVER=redis
 QUEUE_CONNECTION=redis
 SESSION_DRIVER=redis
 SESSION_LIFETIME=360
 REDIS_HOST=redis
 REDIS_PASSWORD=null
 REDIS_PORT=6379
 MAIL_DRIVER=smtp
 MAIL_HOST={{ unicorns_website_mail.host }}
 MAIL_PORT={{ unicorns_website_mail.port }}
 MAIL_USERNAME={{ unicorns_website_mail.username }}
 MAIL_PASSWORD={{ unicorns_website_mail.password }}
 MAIL_ENCRYPTION={{ unicorns_website_mail.encryption }}
 MAIL_FROM_NAME="{{ unicorns_website_mail.from_name }}"
 MAIL_FROM_ADDRESS={{ unicorns_website_mail.from_address }}
 STEAM_KEY={{ unicorns_website_steam_key }}
 STEAM_SECRET={{ unicorns_website_steam_secret }}
 STEAM_REDIRECT_URI=https://{{ unicorns_website_traefik_domain }}/auth/social/steam/callback
 JWT_SECRET={{ unicorns_website_jwt_secret }}
--- a/roles/unicorns_website/templates/docker-compose.yml
+++ b/roles/unicorns_website/templates/docker-compose.yml
@ -1,98 +0,0 @@
 {{ ansible_managed | comment }}
 # Infrastructure
 # Ansible instructions to deploy the infrastructure
 # Copyright (C) 2020       Saibotk
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, version 3 of the License.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 version: '2'
 services:
  database:
    image: docker.io/library/postgres:{{ unicorns_website_database_image_version }}
    mem_limit: 256mb
    memswap_limit: 512mb
    read_only: true
 {% if unicorns_website_selinux_level != omit %}
    security_opt:
      - label=level:{{ unicorns_website_selinux_level }}
 {% endif %}
    tmpfs:
      - /run/postgresql:size=512K
      - /tmp:size=128K
    stop_grace_period: 2m
    stop_signal: SIGINT
    environment:
      - POSTGRES_USER={{ unicorns_website_database_user }}
      - POSTGRES_PASSWORD={{ unicorns_website_database_password }}
      - POSTGRES_DB={{ unicorns_website_database_name }}
    volumes:
      - {{ unicorns_website_database_location }}:/var/lib/postgresql/data
    networks:
      backend:
    restart: always
  redis:
    image: docker.io/library/redis:{{ unicorns_website_redis_image_version }}
    mem_limit: 512mb
    memswap_limit: 768mb
 {% if unicorns_website_selinux_level != omit %}
    security_opt:
      - label=level:{{ unicorns_website_selinux_level }}
 {% endif %}
    networks:
      backend:
    volumes:
      - {{ unicorns_website_redis_location }}:/data
    restart: always
  web:
    image: {{ unicorns_website_image }}:{{ unicorns_website_image_version }}
    restart: always
    depends_on:
      - "database"
      - "redis"
 {% if unicorns_website_selinux_level != omit %}
    security_opt:
      - label=level:{{ unicorns_website_selinux_level }}
 {% endif %}
    networks:
      backend:
 {% if proxy_network is defined %}
      {{ proxy_network }}:
 {% endif %}
    volumes:
      - {{ unicorns_website_env_location }}:/var/www/html/env
      - {{ unicorns_website_storage_location }}:/var/www/html/webapp/storage
    labels:
      - "traefik.http.routers.unicorns-website.rule=Host(`{{ unicorns_website_traefik_domain }}`) && PathPrefix(`/`)"
      - "traefik.http.routers.unicorns-website.entrypoints=websecure"
      - "traefik.http.routers.unicorns-website.tls=true"
      - "traefik.http.routers.unicorns-website.tls.certresolver={{ unicorns_website_traefik_certresolver }}"
      - "traefik.http.routers.unicorns-website.middlewares=unicorns-website,compress"
      - "traefik.http.middlewares.unicorns-website.headers.sslredirect=true"
      - "traefik.http.middlewares.unicorns-website.headers.stsSeconds=63072000"
      - "traefik.enable=true"
 {% if proxy_network is defined %}
      - "traefik.docker.network={{ proxy_network }}"
 {% endif %}
 networks:
  backend:
 {% if proxy_network is defined %}
  {{ proxy_network }}:
    external: true
 {% endif %}