From e328d1bb0fe0f08b2f993a5a933307b77ad95c29 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 25 Mar 2020 20:55:53 +0100 Subject: move some roles to app/ --- roles/etherpad-lite/defaults/main.yml | 29 ----- roles/etherpad-lite/tasks/main.yml | 117 --------------------- roles/etherpad-lite/templates/nginx-vhost.conf.j2 | 57 ---------- .../templates/pod-with-mariadb.yml.j2 | 53 ---------- 4 files changed, 256 deletions(-) delete mode 100644 roles/etherpad-lite/defaults/main.yml delete mode 100644 roles/etherpad-lite/tasks/main.yml delete mode 100644 roles/etherpad-lite/templates/nginx-vhost.conf.j2 delete mode 100644 roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 (limited to 'roles/etherpad-lite') diff --git a/roles/etherpad-lite/defaults/main.yml b/roles/etherpad-lite/defaults/main.yml deleted file mode 100644 index 5281c739..00000000 --- a/roles/etherpad-lite/defaults/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -etherpad_lite_app_uid: "940" -etherpad_lite_app_gid: "940" - -etherpad_lite_db_uid: "941" -etherpad_lite_db_gid: "941" - -# etherpad_lite_base_path: /srv/etherpad_lite - -# etherpad_lite_zfs: -# pool: storage -# name: etherpad_lite -# size: 20G - -# etherpad_lite_instances: -# example: -# version: 1.7.5 -# port: 8300 -# hostnames: -# - pad.example.com -# quota: 40G -# settings: -# .... -# credentials: -# .... -# database: -# type: mariadb -# version: 10.4.8 -# password: "{{ vault_etherpad_lite_database_passwords['example'] }}" diff --git a/roles/etherpad-lite/tasks/main.yml b/roles/etherpad-lite/tasks/main.yml deleted file mode 100644 index 6d4551db..00000000 --- a/roles/etherpad-lite/tasks/main.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -- name: create zfs datasets - when: etherpad_lite_zfs is defined - block: - - name: create zfs base dataset - zfs: - name: "{{ etherpad_lite_zfs.pool }}/{{ etherpad_lite_zfs.name }}" - state: present - extra_zfs_properties: - quota: "{{ etherpad_lite_zfs.size }}" - - - name: create zfs volumes for instances - loop: "{{ etherpad_lite_instances | dict2items }}" - loop_control: - label: "{{ item.key }} ({{ item.value.quota }})" - zfs: - name: "{{ etherpad_lite_zfs.pool }}/{{ etherpad_lite_zfs.name }}/{{ item.key }}" - state: present - extra_zfs_properties: - quota: "{{ item.value.quota }}" - - - name: configure etherpad_lite base bath - set_fact: - etherpad_lite_base_path: "{{ zfs_zpools[etherpad_lite_zfs.pool].mountpoint }}/{{ etherpad_lite_zfs.name }}" - - -- name: create instance subdirectories - when: etherpad_lite_zfs is not defined - loop: "{{ etherpad_lite_instances | list }}" - file: - path: "{{ etherpad_lite_base_path }}/{{ item }}" - state: directory - - - -- name: add group for etherpad-lite app - group: - name: epl-app - gid: "{{ etherpad_lite_app_gid }}" - -- name: add user for etherpad-lite app - user: - name: epl-app - uid: "{{ etherpad_lite_app_uid }}" - group: epl-app - password: "!" - -- name: create etherpad_lite app subdirectory - loop: "{{ etherpad_lite_instances | list }}" - file: - path: "{{ etherpad_lite_base_path }}/{{ item }}/etherpad-lite" - owner: "{{ etherpad_lite_app_uid }}" - group: "{{ etherpad_lite_app_gid }}" - state: directory - - -- name: add group for etherpad-lite db - group: - name: epl-db - gid: "{{ etherpad_lite_db_gid }}" - -- name: add user for etherpad-lite db - user: - name: epl-db - uid: "{{ etherpad_lite_db_uid }}" - group: epl-db - password: "!" - -- name: create etherpad-lite database subdirectory - loop: "{{ etherpad_lite_instances | dict2items}}" - loop_control: - label: "{{ item.key }} ({{ item.value.database.type }})" - file: - path: "{{ etherpad_lite_base_path }}/{{ item.key }}/{{ item.value.database.type }}" - owner: "{{ etherpad_lite_db_uid }}" - group: "{{ etherpad_lite_db_gid }}" - state: directory - - -- name: create etherpad-lite config directory - loop: "{{ etherpad_lite_instances | list }}" - file: - path: "{{ etherpad_lite_base_path }}/{{ item }}/config" - state: directory - -- name: create settings json - loop: "{{ etherpad_lite_instances | dict2items }}" - loop_control: - label: "{{ item.key }}" - copy: - content: "{{ item.value.settings | combine({'ip': '0.0.0.0', 'port': 9001}) | to_nice_json }}" - dest: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/settings.json" - mode: 0600 - owner: "{{ etherpad_lite_app_uid }}" - group: "{{ etherpad_lite_app_gid }}" - - -- name: generate pod manifests - loop: "{{ etherpad_lite_instances | dict2items }}" - loop_control: - label: "{{ item.key }}" - template: - src: "pod-with-{{ item.value.database.type }}.yml.j2" - dest: "/etc/kubernetes/manifests/etherpad-lite-{{ item.key }}.yml" - mode: 0600 - - -- name: configure nginx vhost - loop: "{{ etherpad_lite_instances | dict2items }}" - include_role: - name: nginx/vhost - vars: - nginx_vhost: - name: "etherpad-lite-{{ item.key }}" - content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" - acme: true - hostnames: "{{ item.value.hostnames }}" diff --git a/roles/etherpad-lite/templates/nginx-vhost.conf.j2 b/roles/etherpad-lite/templates/nginx-vhost.conf.j2 deleted file mode 100644 index b59701fc..00000000 --- a/roles/etherpad-lite/templates/nginx-vhost.conf.j2 +++ /dev/null @@ -1,57 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name {{ item.value.hostnames | join(' ') }}; - - include snippets/acmetool.conf; - - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name {{ item.value.hostnames | join(' ') }}; - - include snippets/acmetool.conf; - include snippets/tls.conf; - ssl_certificate /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain; - ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey; - include snippets/hsts.conf; - - location / { - rewrite ^/$ / break; - rewrite ^/locales/(.*) /locales/$1 break; - rewrite ^/locales.json /locales.json break; - rewrite ^/admin(.*) /admin$1 break; - rewrite ^/p/(.*) /p/$1 break; - rewrite ^/static/(.*) /static/$1 break; - rewrite ^/pluginfw/(.*) /pluginfw/$1 break; - rewrite ^/javascripts/(.*) /javascripts/$1 break; - rewrite ^/socket.io/(.*) /socket.io/$1 break; - rewrite ^/ep/(.*) /ep/$1 break; - rewrite ^/minified/(.*) /minified/$1 break; - rewrite ^/api/(.*) /api/$1 break; - rewrite ^/ro/(.*) /ro/$1 break; - rewrite ^/error/(.*) /error/$1 break; - rewrite ^/jserror(.*) /jserror$1 break; - rewrite ^/redirect(.*) /redirect$1 break; - rewrite /favicon.ico /favicon.ico break; - rewrite /robots.txt /robots.txt break; - rewrite /(.*) /p/$1; - - include snippets/proxy-nobuff.conf; - - proxy_set_header Host $host; - include snippets/proxy-forward-headers.conf; - proxy_pass_header Server; - - # for websockets - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_pass http://127.0.0.1:{{ item.value.port }}; - } -} diff --git a/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 b/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 deleted file mode 100644 index a4acdd21..00000000 --- a/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "etherpad-lite-{{ item.key }}" -spec: - securityContext: - allowPrivilegeEscalation: false - containers: - - name: etherpad-lite - image: spreadspace/etherpad-lite:{{ item.value.version }} - # securityContext: - # runAsUser: {{ etherpad_lite_app_uid }} - # runAsGroup: {{ etherpad_lite_app_gid }} - resources: - limits: - memory: "4Gi" - volumeMounts: - - name: config - mountPath: /opt/etherpad-lite/settings.json - subPath: settings.json - readOnly: true - ports: - - containerPort: 9001 - hostPort: {{ item.value.port }} - - name: database - image: "mariadb:{{ item.value.database.version }}" - securityContext: - runAsUser: {{ etherpad_lite_db_uid }} - runAsGroup: {{ etherpad_lite_db_gid }} - resources: - limits: - memory: "4Gi" - env: - - name: MYSQL_RANDOM_ROOT_PASSWORD - value: "true" - - name: MYSQL_DATABASE - value: etherpad-lite - - name: MYSQL_USER - value: etherpad-lite - - name: MYSQL_PASSWORD - value: "{{ item.value.database.password }}" - volumeMounts: - - name: database - mountPath: /var/lib/mysql - volumes: - - name: config - hostPath: - path: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/" - type: Directory - - name: database - hostPath: - path: "{{ etherpad_lite_base_path }}/{{ item.key }}/{{ item.value.database.type }}" - type: Directory -- cgit v1.2.3