From 807493e2dd53ddb718c70d5ae9684768667ac82a Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Mon, 15 Oct 2018 14:22:36 +0100
Subject: [PATCH] Discourse code removed
---
.gitattributes | 2 -
README.md | 121 +----------
discourse.yml | 22 --
discourse_api.yml | 11 -
discourse_upgrade.yml | 6 -
docker_upgrade.yml | 6 -
roles/api/tasks/main.yml | 18 --
.../mail-receiver-environment.json.j2 | 1 -
roles/apt/tasks/main.yml | 44 ----
roles/chrony/tasks/main.yml | 16 --
roles/discourse-upgrade/tasks/main.yml | 15 --
roles/discourse/tasks/main.yml | 190 ------------------
roles/discourse/templates/standalone.yml.j2 | 98 ---------
roles/docker-upgrade/tasks/main.yml | 64 ------
roles/docker/tasks/main.yml | 34 ----
.../email/files/discourse-smtp-fast-rejection | 118 -----------
roles/email/files/discourse-smtp-rcpt-acl | 102 ----------
roles/email/files/receive-mail | 81 --------
roles/email/tasks/main.yml | 148 --------------
roles/email/templates/forward.j2 | 1 -
roles/email/templates/transport.j2 | 1 -
roles/iptables/tasks/main.yml | 25 ---
roles/iptables/templates/rules.v4.j2 | 51 -----
roles/locale/tasks/main.yml | 6 -
roles/munin-node/files/docker | 2 -
roles/munin-node/files/docker_cpu | 120 -----------
roles/munin-node/files/docker_memory | 98 ---------
roles/munin-node/files/munin-node.conf | 68 -------
roles/munin-node/tasks/main.yml | 68 -------
roles/sshd/tasks/main.yml | 32 ---
roles/vim/files/selected_editor | 2 -
roles/vim/files/vimrc | 19 --
roles/vim/tasks/main.yml | 53 -----
33 files changed, 1 insertion(+), 1642 deletions(-)
delete mode 100644 discourse.yml
delete mode 100644 discourse_api.yml
delete mode 100644 discourse_upgrade.yml
delete mode 100644 docker_upgrade.yml
delete mode 100644 roles/api/tasks/main.yml
delete mode 100644 roles/api/templates/mail-receiver-environment.json.j2
delete mode 100644 roles/apt/tasks/main.yml
delete mode 100644 roles/chrony/tasks/main.yml
delete mode 100644 roles/discourse-upgrade/tasks/main.yml
delete mode 100644 roles/discourse/tasks/main.yml
delete mode 100644 roles/discourse/templates/standalone.yml.j2
delete mode 100644 roles/docker-upgrade/tasks/main.yml
delete mode 100644 roles/docker/tasks/main.yml
delete mode 100644 roles/email/files/discourse-smtp-fast-rejection
delete mode 100644 roles/email/files/discourse-smtp-rcpt-acl
delete mode 100644 roles/email/files/receive-mail
delete mode 100644 roles/email/tasks/main.yml
delete mode 100644 roles/email/templates/forward.j2
delete mode 100644 roles/email/templates/transport.j2
delete mode 100644 roles/iptables/tasks/main.yml
delete mode 100644 roles/iptables/templates/rules.v4.j2
delete mode 100644 roles/locale/tasks/main.yml
delete mode 100644 roles/munin-node/files/docker
delete mode 100644 roles/munin-node/files/docker_cpu
delete mode 100644 roles/munin-node/files/docker_memory
delete mode 100644 roles/munin-node/files/munin-node.conf
delete mode 100644 roles/munin-node/tasks/main.yml
delete mode 100644 roles/sshd/tasks/main.yml
delete mode 100644 roles/vim/files/selected_editor
delete mode 100644 roles/vim/files/vimrc
delete mode 100644 roles/vim/tasks/main.yml
diff --git a/.gitattributes b/.gitattributes
index 8ee089d..17c6aa3 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1 @@
-/roles/discourse/templates/standalone.yml.j2 gitlab-language=yml
-/roles/api/templates/mail-receiver-environment.json.j2 gitlab-language=json
/roles/live2dev/files/htaccess gitlab-language=apache
diff --git a/README.md b/README.md
index 709fe4f..413f9b1 100644
--- a/README.md
+++ b/README.md
@@ -14,125 +14,6 @@ ansible-playbook live2dev.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"
See also [the wiki documentation](https://wiki.coops.tech/wiki/CoTech_WordPress)
and the [GitHub project](https://github.com/cotech/website).
-## Discourse Upgrade
-
-To [upgrade Discourse](https://meta.discourse.org/t/how-do-i-manually-update-discourse-and-docker-image-to-latest/23325)
-you can use this Playbook:
-
-```bash
-export SERVERNAME="community.coops.tech"
-ansible-playbook -u root discourse_upgrade.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"
-```
-
-## Docker Upgrade
-
-At least every 3 months there is a new version of `docker-ce` released, see the
-[release notes](https://docs.docker.com/release-notes/docker-ce/), to upgrade
-Docker CE use this playbook:
-
-```bash
-export SERVERNAME="community.coops.tech"
-ansible-playbook -u root docker_upgrade.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"
-```
-
## Discourse Install
-**NOTE:** There is a more generic version of these Playbooks at
-[git.coop/webarch.discourse](https://git.coop/webarch.discourse) — if you
-want to copy this repo and amend to suit your need best start there.
-
-Ansible Playbooks to install
-[Docker](https://store.docker.com/editions/community/docker-ce-server-debian)
-and [Discourse](https://github.com/discourse/discourse_docker) on a Debian
-Stretch virtual server and to configure the virtual server to use Postfix for
-incoming and outgoing emails (there is also a not-quite-working and, for now,
-abandoned [exim branch](https://git.coop/cotech/ansible/tree/exim)).
-
-The email setup is based on the [mail-reciever Docker
-container](https://github.com/discourse/mail-receiver) plus [this pull
-request](https://github.com/discourse/mail-receiver/pull/2) (which is now
-merged) and the [Postfix notes for using the host for outgoing
-email](https://meta.discourse.org/t/emails-with-local-smtp/23645/28), with an
-additional [Ruby
-script](https://git.coop/cotech/ansible/blob/master/roles/email/files/discourse-smtp-rcpt-acl).
-
-Before running these Playbooks, create a virtual server, runnng Debian Stretch
-then login to the virtual server's console, install `python`, enable root ssh
-access using keys by adding your keys to `/root/.ssh/authorized_keys`, edit
-`/etc/sshd/sshd_config` to set `PermitRootLogin prohibit-password`, run
-`service ssh restart` and then run the first Playbook:
-
-```bash
-export SERVERNAME="community.coops.tech"
-ansible-playbook -u root discourse.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"
-```
-
-Then login to the site, get the API key from
-`https://$SERVERNAME/admin/api/keys` and run the second Playbook, adding the
-API key when prompted:
-
-```bash
-export SERVERNAME="community.coops.tech"
-ansible-playbook -u root discourse_api.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"
-```
-
-Then check these settings for email:
-
-* **Required : notification email** set this to `discourse@$SERVERNAME` (use the actual domain name not $SERVERNAME)
-* **Email : reply by email enabled** tick *"Enable replying to topics via email."*
-* **Email : reply by email address** set this to `discourse+%{reply_key}@$SERVERNAME` (use the actual domain name not $SERVERNAME)
-* **Email : manual polling enabled** tick *"Push emails using the API for email replies."*
-
-Then tighten some security settings:
-
-* **Security : force https** tick *"Force your site to use HTTPS only. WARNING: do NOT enable this until you verify HTTPS is fully set up and working absolutely everywhere! Did you check your CDN, all social logins, and any external logos / dependencies to make sure they are all HTTPS compatible, too?"*
-
-If you are using this Playbook somewhere other than on a
-[Webarchitects](https://www.webarchitects.coop/) virtual server in Sheffield
-then the `iptables` and `munin-node` roles will, as a minimum, need editing and
-might be best omitted. Also note that these Playbooks are based on using
-`mx.webarch.net` for incoming email -- this is an anti-spam gateway, if this
-wasn't used then SpamAssassin should probably be added to the mix.
-
-### CoTech Community Discourse Settings
-
-Initial settings used for `community.coops.tech` when it was created:
-
-* title: Cooperative Technologists Community
-* site description: The intersection of co-operation and digtal technology, the CoTech community forum.
-* contact email: `community@coops.tech`
-* contact url: `https://www.coops.tech/`
-* notification email: `discourse@community.coops.tech`
-* site contact username: `system`
-* logo url: https://wiki.coops.tech/wiki/File:Cotech-blue.png
-* logo small url: https://wiki.coops.tech/wiki/File:Cotech-blue-text.png
-* company short name: CoTech
-* company full name: Cooperative Technologists
-* company domain: coops.tech
-
-On the Email settings admin page:
-
-* email subject:`[cotech-community] %{optional_pm}%{optional_cat}%{topic_title}`
-* reply by email enabled
-* reply by email address: `discourse+%{reply_key}@community.coops.tech`
-* manual polling enabled
-* email prefix: `cotech-community`
-* email site title: CoTech Community
-
-On the Security page:
-
-* force https
-
-On the User Preferences page:
-
-* default email digest frequency: every hour
-* default include tl0 in digests
-* default email mailing list mode
-* default email mailing list mode frequency: Send an email for every new post
-* default email always
-
-The first post text:
-
-Welcome to the **Cooperative Technologists Community**, we are a network of technology focused digital cooperatives, [CoTech](https://www.coops.tech/), who are *"building a tech industry that's better for its workers and customers through co-operation, democracy and worker ownership."* This is our open community discussion forum, you don't have to be a member of a coop to join this community but you do need to support [the cooperative values and principles](http://ica.coop/en/whats-co-op/co-operative-identity-values-principles) and have an interest in technology, you can find out more [about us](https://www.coops.tech/about), read [our manifesto](https://www.coops.tech/manifesto), see who we are and who we have worked for and watch [a video made at our first gathering](https://vimeo.com/196080655) on [www.coops.tech](https://www.coops.tech/). We also have [a wiki](https://wiki.coops.tech/) and a decision making group on [Loomio](https://www.loomio.org/g/oVwtKDOn/digital-co-ops), [Slack channels](https://tech-coops.slack.com/) and (for now, we might close it and use Discourse) a public [email list](https://www.email-lists.org/mailman/listinfo/tech-coops).
-
-*Please read [our community guidelines](https://community.coops.tech/guidelines) before signing up for an account here.*
+The Discourse code has been moved to the [Webarchitects Discourse repo](https://git.coop/webarch/discourse) and the notes to the [CoTech wiki](https://wiki.coops.tech/wiki/Community_\(Discourse_site\)].
diff --git a/discourse.yml b/discourse.yml
deleted file mode 100644
index a342951..0000000
--- a/discourse.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-- name: Install Discourse
- hosts: "{{ hostname }}"
-
- roles:
- - docker
- - discourse
- - sshd
- - apt
- - locale
- - vim
- - email
- - chrony
- - iptables
- - munin-node
-
- vars:
- distro: stretch
- email: chris@webarchitects.co.uk
- root_email_forward: "{{ email }}" # this could be multiple, comma seperated addresses
- discourse_developer_emails: "{{ email }}" # this could be multiple, comma seperated addresses
- letsencrypt_account_email: "{{ email }}" # this needs to be a single address
diff --git a/discourse_api.yml b/discourse_api.yml
deleted file mode 100644
index 16f9e73..0000000
--- a/discourse_api.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Add the API key for mail-receiver
- hosts: "{{ hostname }}"
-
- roles:
- - api
-
- vars_prompt:
- name: "discourse_api_key"
- prompt: "The API key from /admin/api/keys"
-
diff --git a/discourse_upgrade.yml b/discourse_upgrade.yml
deleted file mode 100644
index 6d2f280..0000000
--- a/discourse_upgrade.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Upgrade Discourse
- hosts: "{{ hostname }}"
-
- roles:
- - discourse-upgrade
diff --git a/docker_upgrade.yml b/docker_upgrade.yml
deleted file mode 100644
index a354472..0000000
--- a/docker_upgrade.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Upgrade Docker CE
- hosts: "{{ hostname }}"
-
- roles:
- - docker-upgrade
diff --git a/roles/api/tasks/main.yml b/roles/api/tasks/main.yml
deleted file mode 100644
index 8c3c1e9..0000000
--- a/roles/api/tasks/main.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- name: Stat "/etc/postfix/mail-receiver-environment.json"
- stat:
- path: "/etc/postfix/mail-receiver-environment.json"
- register: mail_receiver_environment
-
-- block:
-
- - name: Discourse scripts environmental variables file in place
- template:
- src: templates/mail-receiver-environment.json.j2
- dest: /etc/postfix/mail-receiver-environment.json
- mode: 0644
- group: root
- owner: root
-
- when: mail_receiver_environment.stat.exists == False
-
diff --git a/roles/api/templates/mail-receiver-environment.json.j2 b/roles/api/templates/mail-receiver-environment.json.j2
deleted file mode 100644
index 188cbe3..0000000
--- a/roles/api/templates/mail-receiver-environment.json.j2
+++ /dev/null
@@ -1 +0,0 @@
-{"MAIL_DOMAIN ":"{{ hostname }}","DISCOURSE_BASE_URL":"https://{{ hostname }}","DISCOURSE_API_KEY":"{{ discourse_api_key }}","DISCOURSE_API_USERNAME":"system"}
diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml
deleted file mode 100644
index b41e6ab..0000000
--- a/roles/apt/tasks/main.yml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-- name: Packages installed
- apt:
- pkg: "{{ item }}"
- state: latest
- update_cache: yes
- with_items:
- - apt-transport-https
- - apticron
- - aptitude
- - apt-listchanges
- - apt-show-versions
- - git
-
-- block:
-
- - name: Use HTTPS mirror for {{ distro }} apt packages
- lineinfile:
- backup: yes
- backrefs: yes
- state: present
- dest: "/etc/apt/sources.list"
- regexp: '^deb\s+http://httpredir.debian.org/debian'
- line: "deb https://www.mirrorservice.org/sites/ftp.debian.org/debian/ {{ distro }} main contrib non-free"
-
- - name: Use HTTPS mirror for {{ distro }} apt source packages
- lineinfile:
- backup: yes
- backrefs: yes
- state: present
- dest: "/etc/apt/sources.list"
- regexp: "^deb-src+http://httpredir.debian.org/debian"
- line: "deb-src https://www.mirrorservice.org/sites/ftp.debian.org/debian/ {{ distro }} main contrib non-free"
-
- when: ( distro == 'jessie' ) or ( distro == 'stretch' )
-
-- name: Checkout Webarchitects scripts
- git:
- repo: https://git.coop/webarch/scripts.git
- dest: /usr/local/src/scripts
-
-- name: Install Webarchitects scripts
- command: /usr/local/src/scripts/install.sh
-
diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml
deleted file mode 100644
index 224d955..0000000
--- a/roles/chrony/tasks/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- name: Time related packages installed
- apt:
- pkg: "{{ item }}"
- state: latest
- update_cache: yes
- with_items:
- - chrony
- - rdate
-
-- name: Set the date after a reboot crontab in place
- cron:
- name: Check the date following reboots
- special_time: reboot
- job: "rdate -s ntp.demon.co.uk"
-
diff --git a/roles/discourse-upgrade/tasks/main.yml b/roles/discourse-upgrade/tasks/main.yml
deleted file mode 100644
index a88853b..0000000
--- a/roles/discourse-upgrade/tasks/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Discourse code updated
- git:
- repo: https://github.com/discourse/discourse_docker.git
- dest: /var/discourse
- update: yes
- become: yes
- become_user: 'discourse'
-
-- name: Discourse rebuild app
- command: ./launcher rebuild app
- args:
- chdir: /var/discourse
- become: yes
- become_user: 'discourse'
diff --git a/roles/discourse/tasks/main.yml b/roles/discourse/tasks/main.yml
deleted file mode 100644
index 76f4396..0000000
--- a/roles/discourse/tasks/main.yml
+++ /dev/null
@@ -1,190 +0,0 @@
----
-- name: Group for Discourse present
- group:
- name: discourse
- system: yes
- state: present
- gid: 1000
-
-- name: User for Discourse present
- user:
- name: discourse
- system: yes
- state: present
- shell: /bin/bash
- home: /home/discourse
- createhome: true
- groups: discourse,docker
- uid: 1000
-
-- name: Stat /var/discourse/lost+found
- stat:
- path: "/var/discourse/lost+found"
- register: var_discourse_partition
-
-- block:
-
- - name: Delete lost+found directory if /var/discourse is a partition
- file:
- dest: /var/discourse/lost+found
- state: absent
-
- when: var_discourse_partition.stat.exists == True
-
-- name: Directory for Discourse present
- file:
- dest: /var/discourse
- state: directory
- owner: discourse
- group: discourse
-
-- name: ssl-cert group present for UID mappings
- group:
- name: ssl-cert
- system: yes
- state: present
- gid: 111
-
-- name: postgres group present for UID mappings
- group:
- name: postgres
- system: yes
- state: present
- gid: 112
-
-- name: postgres user persent for GID mappings
- user:
- name: postgres
- system: yes
- group: postgres
- createhome: false
- shell: /bin/false
- uid: 107
-
-- name: haproxy group present for UID mappings
- group:
- name: haproxy
- system: yes
- state: present
- gid: 113
-
-- name: haproxy user persent for GID mappings
- user:
- name: haproxy
- system: yes
- group: haproxy
- createhome: false
- shell: /bin/false
- uid: 108
-
-- name: redis group present for UID mappings
- group:
- name: redis
- system: yes
- state: present
- gid: 114
-
-- name: redis user persent for GID mappings
- user:
- name: redis
- system: yes
- group: redis
- createhome: false
- shell: /bin/false
- uid: 110
-
-- name: Discourse checked out
- git:
- repo: https://github.com/discourse/discourse_docker.git
- dest: /var/discourse
- update: yes
- become: yes
- become_user: 'discourse'
-
-- block:
-
- - name: Create lost+found directory
- command: mklost+found
- args:
- chdir: /var/discourse
- creates: /var/discourse/lost+found
-
- when: var_discourse_partition.stat.exists == True
-
-- name: Count how much swap is available
- shell: "free -g --si | awk '/^Swap:/{print $2}'"
- args:
- executable: /bin/bash
- register: swap_space
-
-- debug:
- msg: "There is {{ swap_space.stdout }}GB of swap space"
-
-- name: Fail if less than 2GB of swap is available
- fail:
- msg: "Please ensure that the server has at least 2G of swap available"
- when: swap_space < 2
-
-- name: 25% of physical memory calculated
- shell: "echo $(( $(free -m | awk '/^Mem:/{print $2}') / 4 ))"
- args:
- executable: /bin/bash
- register: db_shared_buffers
-
-- debug:
- msg: "db_shared_buffers to be set {{ db_shared_buffers.stdout }}MB, which is 25% of physical memory"
-
-- name: Count the CPUs
- command: nproc --all
- register: cpus
-
-- debug:
- msg: "There are {{ cpus.stdout }} CPUs available"
-
-- name: Count the memory in GB
- shell: "free -g --si | awk '/^Mem:/{print $2}'"
- args:
- executable: /bin/bash
- register: memory
-
-- debug:
- msg: "There is {{ memory.stdout }}GB of RAM available"
-
-- block:
-
- - name: Number of Unicorn Workers set to 2 times RAM in GB
- shell: "echo $(( 2 * {{ memory.stdout }} ))"
- args:
- executable: /bin/bash
- register: unicorn_workers
-
- when: memory < 2
-
-- block:
-
- - name: Number of Unicorn Workers set to 2 times the number of CPUs
- shell: "echo $(( 2 * {{ cpus.stdout }} ))"
- args:
- executable: /bin/bash
- register: unicorn_workers
-
- when: memory >= 2
-
-- debug:
- msg: "Unicorn Workers set to {{ unicorn_workers.stdout }}"
-
-- name: Get the IP address of the server
- command: hostname -i
- register: host_ip
-
-- name: Generate app.yml
- template:
- src: templates/standalone.yml.j2
- dest: /var/discourse/containers/app.yml
- become: yes
- become_user: discourse
-
-- name: Rebuild Discourse app
- command: /var/discourse/launcher rebuild app
- become: yes
- become_user: discourse
diff --git a/roles/discourse/templates/standalone.yml.j2 b/roles/discourse/templates/standalone.yml.j2
deleted file mode 100644
index 5b4d36a..0000000
--- a/roles/discourse/templates/standalone.yml.j2
+++ /dev/null
@@ -1,98 +0,0 @@
-## this is the all-in-one, standalone Discourse Docker container template
-##
-## After making changes to this file, you MUST rebuild
-## /var/discourse/launcher rebuild app
-##
-## BE *VERY* CAREFUL WHEN EDITING!
-## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
-## visit http://www.yamllint.com/ to validate this file as needed
-
-templates:
- - "templates/postgres.template.yml"
- - "templates/redis.template.yml"
- - "templates/web.template.yml"
- - "templates/web.ratelimited.template.yml"
-## Uncomment these two lines if you wish to add Lets Encrypt (https)
- - "templates/web.ssl.template.yml"
- - "templates/web.letsencrypt.ssl.template.yml"
-
-## which TCP/IP ports should this container expose?
-## If you want Discourse to share a port with another webserver like Apache or nginx,
-## see https://meta.discourse.org/t/17247 for details
-expose:
- - "80:80" # http
- - "443:443" # https
-
-params:
- db_default_text_search_config: "pg_catalog.english"
-
- ## Set db_shared_buffers to a max of 25% of the total memory.
- ## will be set automatically by bootstrap based on detected RAM, or you can override
- db_shared_buffers: "{{ db_shared_buffers.stdout }}MB"
-
- ## can improve sorting performance, but adds memory usage per-connection
- #db_work_mem: "40MB"
-
- ## Which Git revision should this container use? (default: tests-passed)
- #version: tests-passed
-
-env:
- LANG: en_GB.UTF-8
- # DISCOURSE_DEFAULT_LOCALE: en
-
- ## How many concurrent web requests are supported? Depends on memory and CPU cores.
- ## will be set automatically by bootstrap based on detected CPUs, or you can override
- UNICORN_WORKERS: {{ unicorn_workers.stdout }}
-
- ## TODO: The domain name this Discourse instance will respond to
- DISCOURSE_HOSTNAME: '{{ hostname }}'
-
- ## Uncomment if you want the container to be started with the same
- ## hostname (-h option) as specified above (default "$hostname-$config")
- #DOCKER_USE_HOSTNAME: true
-
- ## TODO: List of comma delimited emails that will be made admin and developer
- ## on initial signup example 'user1@example.com,user2@example.com'
- DISCOURSE_DEVELOPER_EMAILS: '{{ discourse_developer_emails }}'
-
- ## TODO: The SMTP mail server used to validate new accounts and send notifications
- #DISCOURSE_SMTP_ADDRESS: {{ host_ip.stdout }} # required
- DISCOURSE_SMTP_ADDRESS: '{{ hostname }}' # required
- #DISCOURSE_SMTP_ADDRESS: # required
- #DISCOURSE_SMTP_PORT: # (optional, default 587)
- #DISCOURSE_SMTP_USER_NAME: # required
- #DISCOURSE_SMTP_PASSWORD: # required, WARNING the char '#' in pw can cause problems!
- #DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true)
-
- ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
- LETSENCRYPT_ACCOUNT_EMAIL: {{ letsencrypt_account_email }}
-
- ## The CDN address for this Discourse instance (configured to pull)
- ## see https://meta.discourse.org/t/14857 for details
- #DISCOURSE_CDN_URL: //discourse-cdn.example.com
-
-## The Docker container is stateless; all data is stored in /shared
-volumes:
- - volume:
- host: /var/discourse/shared/standalone
- guest: /shared
- - volume:
- host: /var/discourse/shared/standalone/log/var-log
- guest: /var/log
-
-## Plugins go here
-## see https://meta.discourse.org/t/19157 for details
-hooks:
- after_code:
- - exec:
- cd: $home/plugins
- cmd:
- - git clone https://github.com/discourse/docker_manager.git
-
-## Any custom commands to run after building
-run:
- - exec: echo "Beginning of custom commands"
- ## If you want to set the 'From' email address for your first registration, uncomment and change:
- ## After getting the first signup email, re-comment the line. It only needs to run once.
- #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
- - exec: echo "End of custom commands"
diff --git a/roles/docker-upgrade/tasks/main.yml b/roles/docker-upgrade/tasks/main.yml
deleted file mode 100644
index e33bc52..0000000
--- a/roles/docker-upgrade/tasks/main.yml
+++ /dev/null
@@ -1,64 +0,0 @@
----
-- name: Stop the Discourse container
- command: bash launcher stop app
- args:
- chdir: "/var/discourse"
- become: yes
- become_user: discourse
-
-- name: Update apt package list
- apt:
- update_cache: yes
-
-- name: Check if the Webarchitects logchange script is installed
- command: which logchange
- register: logchange
-
-- block:
-
- - name: Get a list of the updates
- shell: "apt-show-versions -b -u | xargs"
- register: apt_updates
-
- - name: Record the updates in the /root/Changelog
- command: 'logchange "{{ apt_updates.stdout }} : updated"'
- when: apt_updates.stdout != ""
-
- when: logchange.stdout != ""
-
-- name: Update all packages
- apt:
- upgrade: dist
- autoclean: yes
-
-- name: Check if the Munin apt state file exists
- stat:
- path: "/var/lib/munin-node/plugin-state/nobody/plugin-apt.state"
- register: munin_apt_state
-
-- block:
-
- - name: Delete the Munin apt state file
- file:
- dest: "/var/lib/munin-node/plugin-state/nobody/plugin-apt.state"
- state: absent
-
- - name: Update the Munin apt state file
- command: munin-run apt_all
-
- when: munin_apt_state.stat.exists == True
-
-- name: Restart Docker CE
- service:
- name: docker
- state: restarted
-
-- name: Start the Discourse container
- command: bash launcher start app
- args:
- chdir: "/var/discourse"
- become: yes
- become_user: discourse
-
-
-
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
deleted file mode 100644
index f5f6664..0000000
--- a/roles/docker/tasks/main.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-- name: Git and APT HTTPS packages installed
- apt:
- pkg: "{{ item }}"
- state: latest
- update_cache: yes
- with_items:
- - apt-transport-https
- - ca-certificates
- - curl
- - git
- - software-properties-common
-
-- name: Docker GPG key present
- apt_key:
- id: 0EBFCD88
- url: https://download.docker.com/linux/debian/gpg
- state: present
-
-- name: Docker APT repo available
- apt_repository:
- repo: deb https://download.docker.com/linux/debian stretch stable
- state: present
-
-- name: Docker CE installed
- apt:
- name: docker-ce
- state: present
- update_cache: yes
-
-- name: Docker started
- service:
- name: docker
- state: started
diff --git a/roles/email/files/discourse-smtp-fast-rejection b/roles/email/files/discourse-smtp-fast-rejection
deleted file mode 100644
index b01f56d..0000000
--- a/roles/email/files/discourse-smtp-fast-rejection
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'syslog'
-require 'json'
-require 'uri'
-require 'cgi'
-require 'net/http'
-
-ENV_FILE = "/etc/postfix/mail-receiver-environment.json"
-
-def logger
- @logger ||= Syslog.open("smtp-reject", Syslog::LOG_PID, Syslog::LOG_MAIL)
-end
-
-def fatal(*args)
- logger.crit *args
- exit 1
-end
-
-def main
- unless File.exists?(ENV_FILE)
- fatal "Config file %s does not exist. Aborting.", ENV_FILE
- end
-
- real_env = JSON.parse(File.read(ENV_FILE))
-
- %w{DISCOURSE_BASE_URL DISCOURSE_API_KEY DISCOURSE_API_USERNAME}.each do |kw|
- fatal "env var %s is required", kw unless real_env[kw]
- end
-
- process_requests(real_env)
-end
-
-def process_requests(env)
- $stdout.sync = true # unbuffered output
-
- args = {}
- while line = gets
- # Fill up args with the request details.
- # logger.err "KDDEBUG line %s", line
- line = line.chomp
- if line.empty?
- process_single_request(args, env)
- args = {} # reset for next request.
- else
- k,v = line.chomp.split('=', 2)
- args[k] = v
- end
- end
-end
-
-def process_single_request(args, env)
- # logger.err "KDDEBUG args %s", args
- action = 'dunno'
- if args['request'] != 'smtpd_access_policy'
- action = 'defer_if_permit Internal error, Request type invalid'
- elsif args['protocol_state'] != 'RCPT'
- action = 'dunno'
- elsif args['sender'].nil?
- action = 'defer_if_permit No sender specified'
- elsif args['recipient'].nil?
- action = 'defer_if_permit No recipient specified'
- else
- action = maybe_reject_email(args['sender'], args['recipient'], env)
- end
-
- puts "action=#{action}"
- puts ''
-end
-
-def maybe_reject_email(from, to, env)
- endpoint = "#{env['DISCOURSE_BASE_URL']}/admin/email/smtp_should_reject.json"
- key = env["DISCOURSE_API_KEY"]
- username = env["DISCOURSE_API_USERNAME"]
- # just maker sure we have something in the from field
- # so we can test for addresses remotely
- if from == ''
- from = 'test@example.org'
- end
- uri = URI.parse(endpoint)
- fromarg = CGI::escape(from)
- toarg = CGI::escape(to)
-
- api_qs = "api_key=#{key}&api_username=#{username}&from=#{fromarg}&to=#{toarg}"
- if uri.query and !uri.query.empty?
- uri.query += "&#{api_qs}"
- else
- uri.query = api_qs
- end
-
- begin
- http = Net::HTTP.new(uri.host, uri.port)
- http.use_ssl = uri.scheme == "https"
- # logger.err "KDDEBUG request_uri %s", uri.request_uri
- get = Net::HTTP::Get.new(uri.request_uri)
- response = http.request(get)
- rescue StandardError => ex
- logger.err "Failed to GET smtp_should_reject answer from %s: %s (%s)", endpoint, ex.message, ex.class
- logger.err ex.backtrace.map { |l| " #{l}" }.join("\n")
- return "defer_if_permit Internal error, API request preparation failed"
- ensure
- http.finish if http && http.started?
- end
-
- if Net::HTTPSuccess === response
- reply = JSON.parse(response.body)
- if reply['reject']
- return "reject #{reply['reason']}"
- end
- else
- logger.err "Failed to GET smtp_should_reject answer from %s: %s", endpoint, response.code
- return "defer_if_permit Internal error, API request failed"
- end
-
- return "dunno" # let future tests also be allowed to reject this one.
-end
-
-main if __FILE__ == $0
diff --git a/roles/email/files/discourse-smtp-rcpt-acl b/roles/email/files/discourse-smtp-rcpt-acl
deleted file mode 100644
index f4df582..0000000
--- a/roles/email/files/discourse-smtp-rcpt-acl
+++ /dev/null
@@ -1,102 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'syslog'
-require 'json'
-require 'uri'
-require 'cgi'
-require 'net/http'
-
-# Returns 0 for accept
-# Returns 1 for defer
-# Returns 2 for reject
-
-ENV_FILE = "/etc/postfix/mail-receiver-environment.json"
-
-def logger
- @logger ||= Syslog.open("smtp-reject", Syslog::LOG_PID, Syslog::LOG_MAIL)
-end
-
-def fatal(*args)
- logger.crit *args
- exit 1
-end
-
-def main
- unless File.exists?(ENV_FILE)
- fatal "Config file %s does not exist. Aborting.", ENV_FILE
- end
-
- real_env = JSON.parse(File.read(ENV_FILE))
-
- %w{DISCOURSE_BASE_URL DISCOURSE_API_KEY DISCOURSE_API_USERNAME}.each do |kw|
- fatal "env var %s is required", kw unless real_env[kw]
- end
-
- logger.err "KDDEBUG ARGV.lenght %s", ARGV.length
- if ARGV.length != 2
- sender = 'test@example.com'
- recipient = ARGV[0]
- else
- sender = ARGV[0]
- recipient = ARGV[1]
- end
- process_single_request(sender, recipient, real_env)
-end
-
-def process_single_request(sender,recipient, env)
- action = 0
- if sender.nil?
- action = 1
- elsif recipient.nil?
- action = 1
- else
- action = maybe_reject_email( sender, recipient, env)
- end
-
- exit(action)
-end
-
-def maybe_reject_email(from, to, env)
- endpoint = "#{env['DISCOURSE_BASE_URL']}/admin/email/smtp_should_reject.json"
- key = env["DISCOURSE_API_KEY"]
- username = env["DISCOURSE_API_USERNAME"]
-
- uri = URI.parse(endpoint)
- fromarg = CGI::escape(from)
- toarg = CGI::escape(to)
-
- api_qs = "api_key=#{key}&api_username=#{username}&from=#{fromarg}&to=#{toarg}"
- if uri.query and !uri.query.empty?
- uri.query += "&#{api_qs}"
- else
- uri.query = api_qs
- end
-
- begin
- http = Net::HTTP.new(uri.host, uri.port)
- http.use_ssl = uri.scheme == "https"
- logger.err "KDDEBUG request_uri %s", uri.request_uri
- get = Net::HTTP::Get.new(uri.request_uri)
- response = http.request(get)
- rescue StandardError => ex
- logger.err "Failed to GET smtp_should_reject answer from %s: %s (%s)", endpoint, ex.message, ex.class
- logger.err ex.backtrace.map { |l| " #{l}" }.join("\n")
- return 1
- ensure
- http.finish if http && http.started?
- end
-
- if Net::HTTPSuccess === response
- reply = JSON.parse(response.body)
- if reply['reject']
- return 2
- end
- else
- logger.err "Failed to GET smtp_should_reject answer from %s: %s", endpoint, response.code
- return 1
- end
-
- return 0 # let future tests also be allowed to reject this one.
-end
-
-main if __FILE__ == $0
diff --git a/roles/email/files/receive-mail b/roles/email/files/receive-mail
deleted file mode 100644
index 5164af9..0000000
--- a/roles/email/files/receive-mail
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/usr/bin/env ruby
-
-ENV_FILE = "/etc/postfix/mail-receiver-environment.json"
-EX_TEMPFAIL = 75
-EX_SUCCESS = 0
-
-require 'syslog'
-require 'json'
-require "uri"
-require "net/http"
-
-def logger
- @logger ||= Syslog.open("receive-mail", Syslog::LOG_PID, Syslog::LOG_MAIL)
-end
-
-def fatal(*args)
- logger.crit *args
- exit EX_TEMPFAIL
-end
-
-def main
- unless File.exists?(ENV_FILE)
- fatal "Config file %s does not exist. Aborting.", ENV_FILE
- end
-
- real_env = JSON.parse(File.read(ENV_FILE))
-
- %w{DISCOURSE_BASE_URL DISCOURSE_API_KEY DISCOURSE_API_USERNAME}.each do |kw|
- fatal "env var %s is required", kw unless real_env[kw]
- end
-
- recipient = ARGV.first
- mail = $stdin.read
-
- logger.debug "Recipient: #{recipient}"
- fatal "No recipient passed on command line." unless recipient
- fatal "No message passed on stdin." if mail.nil? || mail.empty?
-
- post_email(recipient, mail, real_env)
-rescue StandardError => ex
- logger.err "Unexpected error while invoking mail processor: %s (%s)", ex.message, ex.class
- logger.err ex.backtrace.map { |l| " #{l}" }.join("\n")
-
- exit EX_TEMPFAIL
-end
-
-def post_email(_recipient, mail, env)
- endpoint = "#{env['DISCOURSE_BASE_URL']}/admin/email/handle_mail"
- key = env["DISCOURSE_API_KEY"]
- username = env["DISCOURSE_API_USERNAME"]
-
- uri = URI.parse(endpoint)
- api_qs = "api_key=#{key}&api_username=#{username}"
- if uri.query and !uri.query.empty?
- uri.query += "&#{api_qs}"
- else
- uri.query = api_qs
- end
-
- begin
- http = Net::HTTP.new(uri.host, uri.port)
- http.use_ssl = uri.scheme == "https"
- post = Net::HTTP::Post.new(uri.request_uri)
- post.set_form_data(email: mail)
-
- response = http.request(post)
- rescue StandardError => ex
- logger.err "Failed to POST the e-mail to %s: %s (%s)", endpoint, ex.message, ex.class
- logger.err ex.backtrace.map { |l| " #{l}" }.join("\n")
- exit EX_TEMPFAIL
- ensure
- http.finish if http && http.started?
- end
-
- exit EX_SUCCESS if Net::HTTPSuccess === response
-
- logger.err "Failed to POST the e-mail to %s: %s", endpoint, response.code
- exit EX_TEMPFAIL
-end
-
-main if __FILE__ == $0
diff --git a/roles/email/tasks/main.yml b/roles/email/tasks/main.yml
deleted file mode 100644
index 683df05..0000000
--- a/roles/email/tasks/main.yml
+++ /dev/null
@@ -1,148 +0,0 @@
----
-- name: Ruby packages installed
- apt:
- pkg: "{{ item }}"
- state: latest
- update_cache: yes
- with_items:
- - ruby2.3
- - ruby-addressable
- - ruby-json
- - ruby-net-http-persistent
- - ruby-syslog-logger
-
-- name: Ruby script receive-mail in place
- copy:
- src: files/receive-mail
- dest: /usr/local/bin/receive-mail
- mode: 0755
-
-- name: Ruby script discourse-smtp-fast-rejection in place
- copy:
- src: files/discourse-smtp-fast-rejection
- dest: /usr/local/bin/discourse-smtp-fast-rejection
- mode: 0755
-
-- name: Ruby script discourse-smtp-rcpt-acl in place
- copy:
- src: files/discourse-smtp-rcpt-acl
- dest: /usr/local/bin/discourse-smtp-rcpt-acl
- mode: 0755
-
-- name: debconf-utils installed for Ansible
- apt:
- name: debconf-utils
- state: present
-
-- name: Debconf Postfix hostname set
- debconf:
- name: postfix
- question: "postfix/mailname"
- value: "{{ hostname }}"
- vtype: string
-
-- name: Debconf Postfix set to be a internet server
- debconf:
- name: postfix
- question: "postfix/main_mailer_type"
- value: "Internet Site"
- vtype: string
-
-- name: Postfix and related email packages installed
- apt:
- pkg: "{{ item }}"
- state: latest
- with_items:
- - ca-certificates
- - curl
- - debian-archive-keyring
- - dnsutils
- - mailutils
- - mutt
- - postfix
- - pwgen
- - whois
-
-- name: Postfix smtpd_relay_restrictions set
- command: postconf -e "smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination"
-
-- name: Postfix set not to use /etc/aliases
- command: postconf -e "alias_maps = "
-
-- name: Postfix mydestination set to localhost
- command: postconf -e "mydestination = localhost"
-
-- name: Get the app container IP address
- command: "docker inspect --format '{''{ .NetworkSettings.IPAddress }''}' app"
- register: app_ip_address
-
-- debug:
- msg: "The Discourse app Docker container has the IP address {{ app_ip_address.stdout }}"
-
-- name: Postfix my networks set to include {{ app_ip_address.stdout }}
- command: postconf -e "mynetworks = 127.0.0.0/8, {{ app_ip_address.stdout }}"
-
-- name: Postfix relay domains set to {{ hostname }}
- command: postconf -e "relay_domains = {{ hostname }}"
-
-- name: Postfix smtpd_recipient_restrictions set
- command: postconf -e "smtpd_recipient_restrictions = permit_mynetworks, check_policy_service unix:private/policy"
-
-- name: Postfix opportunistic TLS enabled
- command: postconf -e "smtp_tls_security_level = may"
-
-- name: Postfix set to use sub-addresing
- command: postconf -e "recipient_delimiter = +"
-
-- name: Postfix disable UTF-8 SMTP input
- command: postconf -e "smtputf8_enable=no"
-
-- name: Postfix Time Zone and Lang set
- command: postconf -e "export_environment='TZ LANG'"
-
-- name: Postfix set for ipv4 only
- command: postconf -e "inet_protocols = ipv4"
-
-- name: Postfix set to use /usr/local/bin/receive-mail
- command: postconf -M -e "discourse/unix=discourse unix - n n - - pipe user=nobody:nogroup argv=/usr/local/bin/receive-mail ${recipient}"
-
-- name: Postfix transport in place
- template:
- src: templates/transport.j2
- dest: /etc/postfix/transport
- mode: 0644
-
-- name: Postfix Transport Maps file set
- command: postconf -e "transport_maps=hash:/etc/postfix/transport"
-
-- name: Postmap run with Transport Maps file
- command: postmap /etc/postfix/transport
-
-- name: Postfix set to reject incorrect email addresses
- command: postconf -M -e "policy/unix=policy unix - n n - - spawn user=nobody argv=/usr/local/bin/discourse-smtp-fast-rejection"
-
-- name: Stat "/var/discourse/shared/standalone/letsencrypt/{{ hostname }}/{{ hostname }}.cer"
- stat:
- path: "/var/discourse/shared/standalone/letsencrypt/{{ hostname }}/{{ hostname }}.cer"
- register: le_cert
-
-- block:
-
- - name: Postfix configured to use Let's Encrypt RSA cert for incoming email
- command: postconf -e "smtpd_tls_cert_file = /var/discourse/shared/standalone/letsencrypt/{{ hostname }}/{{ hostname }}.cer"
-
- - name: Postfix configured to use Let's Encrypt RSA key for incoming email
- command: postconf -e "smtpd_tls_key_file = /var/discourse/shared/standalone/letsencrypt/{{ hostname }}/{{ hostname }}.key"
-
- when: le_cert.stat.exists == True
-
-- name: Postfix stopped
- command: postfix stop
-
-- name: Postfix started
- command: postfix start
-
-- name: Root .forward in place
- template:
- src: templates/forward.j2
- dest: /root/.forward
diff --git a/roles/email/templates/forward.j2 b/roles/email/templates/forward.j2
deleted file mode 100644
index cba0f38..0000000
--- a/roles/email/templates/forward.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ root_email_forward }}
diff --git a/roles/email/templates/transport.j2 b/roles/email/templates/transport.j2
deleted file mode 100644
index e4f9e67..0000000
--- a/roles/email/templates/transport.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ hostname }} discourse:
diff --git a/roles/iptables/tasks/main.yml b/roles/iptables/tasks/main.yml
deleted file mode 100644
index b32d0c0..0000000
--- a/roles/iptables/tasks/main.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-- name: Packages installed
- apt:
- pkg: "{{ item }}"
- state: latest
- update_cache: yes
- with_items:
- - iptables-persistent
- - fail2ban
-
-- name: Get the app container IP address
- command: "docker inspect --format '{''{ .NetworkSettings.IPAddress }''}' app"
- register: app_ip_address
-
-- debug:
- msg: "The Discourse app Docker container has the IP address {{ app_ip_address.stdout }}"
-
-- name: Ipv4 iptables rules in place
- template:
- src: templates/rules.v4.j2
- dest: /etc/iptables/rules.v4
-
-- name: Firewall reloaded
- command: iptables-restore /etc/iptables/rules.v4
-
diff --git a/roles/iptables/templates/rules.v4.j2 b/roles/iptables/templates/rules.v4.j2
deleted file mode 100644
index b7b0042..0000000
--- a/roles/iptables/templates/rules.v4.j2
+++ /dev/null
@@ -1,51 +0,0 @@
-# Ansible Generated
-*nat
-:PREROUTING ACCEPT [1480:146319]
-:INPUT ACCEPT [935:55070]
-:OUTPUT ACCEPT [882:64367]
-:POSTROUTING ACCEPT [932:67303]
-:DOCKER - [0:0]
--A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
--A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
--A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
--A POSTROUTING -s {{ app_ip_address.stdout }}/32 -d {{ app_ip_address.stdout }}/32 -p tcp -m tcp --dport 443 -j MASQUERADE
--A POSTROUTING -s {{ app_ip_address.stdout }}/32 -d {{ app_ip_address.stdout }}/32 -p tcp -m tcp --dport 80 -j MASQUERADE
--A DOCKER -i docker0 -j RETURN
--A DOCKER ! -i docker0 -p tcp -m tcp --dport 443 -j DNAT --to-destination {{ app_ip_address.stdout }}:443
--A DOCKER ! -i docker0 -p tcp -m tcp --dport 80 -j DNAT --to-destination {{ app_ip_address.stdout }}:80
-COMMIT
-#
-*filter
-:INPUT ACCEPT [17670:3342836]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [16386:2417598]
-:DOCKER - [0:0]
-:DOCKER-ISOLATION - [0:0]
-:f2b-sshd - [0:0]
--A FORWARD -j DOCKER-ISOLATION
--A FORWARD -o docker0 -j DOCKER
--A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A FORWARD -i docker0 ! -o docker0 -j ACCEPT
--A FORWARD -i docker0 -o docker0 -j ACCEPT
--A DOCKER -d {{ app_ip_address.stdout }}/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
--A DOCKER -d {{ app_ip_address.stdout }}/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
--A DOCKER-ISOLATION -j RETURN
--A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
--A f2b-sshd -j RETURN
--A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-# The following rule is for munin.webarch.net
--A INPUT -m state --state NEW -m tcp -p tcp -s 81.95.52.102 --dport 4949 -j ACCEPT
-# The following rule is for mx.webarch.net
--A INPUT -m state --state NEW -m tcp -p tcp -s 81.95.52.71 --dport 25 -j ACCEPT
--A INPUT -m state --state NEW -m tcp -p tcp -s {{ app_ip_address.stdout }} --dport 25 -j ACCEPT
--A INPUT -m state --state NEW -m tcp -p tcp -s 127.0.0.1/8 --dport 25 -j ACCEPT
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
--A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
--A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -j REJECT --reject-with icmp-port-unreachable
--A FORWARD -j REJECT --reject-with icmp-port-unreachable
--A OUTPUT -j ACCEPT
-COMMIT
-#
diff --git a/roles/locale/tasks/main.yml b/roles/locale/tasks/main.yml
deleted file mode 100644
index bdd8281..0000000
--- a/roles/locale/tasks/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: en_GB.UTF-8 locale generated
- command: locale-gen en_GB.UTF-8
-
-- name: en_GB.UTF-8 locale updated
- command: update-locale en_GB.UTF-8
diff --git a/roles/munin-node/files/docker b/roles/munin-node/files/docker
deleted file mode 100644
index 3b72c2e..0000000
--- a/roles/munin-node/files/docker
+++ /dev/null
@@ -1,2 +0,0 @@
-[docker_*]
-user root
diff --git a/roles/munin-node/files/docker_cpu b/roles/munin-node/files/docker_cpu
deleted file mode 100644
index 63165a1..0000000
--- a/roles/munin-node/files/docker_cpu
+++ /dev/null
@@ -1,120 +0,0 @@
-#!/usr/bin/perl -w
-# -*- perl -*-
-
-=head1 NAME
-
-docker_cpu - Munin plugin to monitor docker container CPU usage.
-
-=head1 APPLICABLE SYSTEMS
-
-Should work on any Linux system that has docker support.
-
-=head1 CONFIGURATION
-
-Root privilege required to execute docker command.
-
-1. Create a new file named "docker" inside the folder /etc/munin/plugin-conf.d/
-2. Docker file content:
-
-[docker_cpu]
-user root
-
-=head1 MAGIC MARKERS
-
- #%# family=auto
- #%# capabilities=autoconf
-
-=head1 VERSION
-
- v.0.1
-
-=head1 AUTHOR
-
-Copyright (C) 2015 Samuel Cantero.
-Email: scanterog at gmail dot com
-
-=head1 LICENSE
-
-GPLv3
-
-=cut
-
-my $docker=`which docker`;
-
-if ( defined $ARGV[0] and $ARGV[0] eq "autoconf" ) {
- if ($docker) {
- print "yes\n";
- exit 0;
- }
- else{
- print "no (Docker has not been found)\n";
- exit 0;
- }
-}
-
-$docker =~ s/\s+$//;
-
-my @containers = split "\n" , `$docker ps --no-trunc=true`;
-my $result;
-
-for my $i (1 .. $#containers)
-{
- my @fields = split / +/, $containers[$i];
- my $id = $fields[0];
- my $name = $fields[$#fields];
- # manage container name containing arithmetic operators and dots. E.g, my-container.
- $name =~ s/[-\+*\/\.]/_/g;
- # truncate container name with "," character.
- $name =~ s/,.*//g;
- if (open(my $file, '<', "/sys/fs/cgroup/cpuacct/docker/$id/cpuacct.usage"))
- {
- my $total_cpu_ns = <$file>;
- $total_cpu_ns =~ s/\s+$//;
- close $file;
- if (open($file, '<', "/sys/fs/cgroup/cpuacct/docker/$id/cpuacct.usage_percpu"))
- {
- my @ncpu = split / /, <$file>;
- close $file;
- push @result, {'name'=>$name, 'total_cpu_ns'=>$total_cpu_ns, 'ncpu'=>$#ncpu};
- }
- }
-}
-
-if (defined $ARGV[0] and $ARGV[0] eq "config")
-{
- my $nanoSecondsInSecond=1000000000;
- my $graphlimit = $result[0]{'ncpu'};
- foreach(@result){
- if ($$_{'ncpu'} > $graphlimit){
- $graphlimit = $$_{'ncpu'};
- }
- }
- $graphlimit = $graphlimit * 100;
- print "graph_title Docker container CPU usage\n";
- print "graph_args --base 1000 -r --lower-limit 0 --upper-limit $graphlimit\n";
- print "graph_vlabel %\n";
- print "graph_scale no\n";
- print "graph_period second\n";
- print "graph_category Docker\n";
- print "graph_info This graph shows docker container CPU usage.\n";
-
- foreach(@result)
- {
- print "$$_{'name'}.label $$_{'name'}\n";
- print "$$_{'name'}.draw LINE2\n";
- print "$$_{'name'}.min 0\n";
- print "$$_{'name'}.type DERIVE\n";
- print "$$_{'name'}.cdef $$_{'name'},$nanoSecondsInSecond,/\n";
- }
- exit 0;
-}
-
-# Note: Counters/derive need to report integer values.
-
-foreach(@result)
-{
- $tcpu = ($$_{'total_cpu_ns'}*100); #to percentage
- print "$$_{'name'}.value $tcpu\n";
-}
-
-# vim:syntax=perl
diff --git a/roles/munin-node/files/docker_memory b/roles/munin-node/files/docker_memory
deleted file mode 100644
index 1d84804..0000000
--- a/roles/munin-node/files/docker_memory
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/usr/bin/perl -w
-# -*- perl -*-
-
-=head1 NAME
-
-docker_memory - Munin plugin to monitor docker container memory usage.
-
-=head1 APPLICABLE SYSTEMS
-
-Should work on any Linux system that has docker support.
-
-=head1 CONFIGURATION
-
-Root privilege required to execute docker command.
-
-1. Create a new file named "docker" inside the folder /etc/munin/plugin-conf.d/
-2. Docker file content:
-
-[docker_memory]
-user root
-
-=head1 MAGIC MARKERS
-
- #%# family=auto
- #%# capabilities=autoconf
-
-=head1 VERSION
-
- v.0.1
-
-=head1 AUTHOR
-
-Copyright (C) 2015 Samuel Cantero.
-Email: scanterog at gmail dot com
-
-=head1 LICENSE
-
-GPLv3
-
-=cut
-
-my $docker=`which docker`;
-
-if ( defined $ARGV[0] and $ARGV[0] eq "autoconf" ) {
- if ($docker) {
- print "yes\n";
- exit 0;
- }
- else{
- print "no (Docker has not been found)\n";
- exit 0;
- }
-}
-
-$docker =~ s/\s+$//;
-
-my @containers = split "\n" , `$docker ps --no-trunc=true`;
-my $result;
-
-for my $i (1 .. $#containers)
-{
- my @fields = split / +/, $containers[$i];
- my $id = $fields[0];
- my $name = $fields[$#fields];
- # manage container name containing arithmetic operators and dots. E.g, my-container.
- $name =~ s/[-\+*\/\.]/_/g;
- # truncate container name with "," character.
- $name =~ s/,.*//g;
- if (open(my $file, '<', "/sys/fs/cgroup/memory/docker/$id/memory.usage_in_bytes"))
- {
- my $memory_bytes = <$file>;
- $memory_bytes =~ s/\s+$//;
- push @result, {'name'=>$name, 'memory_bytes'=>$memory_bytes};
- }
-}
-
-if (defined $ARGV[0] and $ARGV[0] eq "config")
-{
- print "graph_title Docker container memory usage\n";
- print "graph_args --base 1024 -l 0\n";
- print "graph_vlabel Bytes\n";
- print "graph_category Docker\n";
- print "graph_info This graph shows docker container memory usage.\n";
-
- foreach(@result)
- {
- print "$$_{'name'}.label $$_{'name'}\n";
- print "$$_{'name'}.draw LINE2\n";
- }
- exit 0;
-}
-
-foreach(@result)
-{
- print "$$_{'name'}.value $$_{'memory_bytes'}\n";
-}
-
-# vim:syntax=perl
diff --git a/roles/munin-node/files/munin-node.conf b/roles/munin-node/files/munin-node.conf
deleted file mode 100644
index 8a9bfe4..0000000
--- a/roles/munin-node/files/munin-node.conf
+++ /dev/null
@@ -1,68 +0,0 @@
-#
-# Example config-file for munin-node
-#
-
-log_level 4
-log_file /var/log/munin/munin-node.log
-pid_file /var/run/munin/munin-node.pid
-
-background 1
-setsid 1
-
-user root
-group root
-
-# This is the timeout for the whole transaction.
-# Units are in sec. Default is 15 min
-#
-# global_timeout 900
-
-# This is the timeout for each plugin.
-# Units are in sec. Default is 1 min
-#
-# timeout 60
-
-# Regexps for files to ignore
-ignore_file [\#~]$
-ignore_file DEADJOE$
-ignore_file \.bak$
-ignore_file %$
-ignore_file \.dpkg-(tmp|new|old|dist)$
-ignore_file \.rpm(save|new)$
-ignore_file \.pod$
-
-# Set this if the client doesn't report the correct hostname when
-# telnetting to localhost, port 4949
-#
-#host_name localhost.localdomain
-
-# A list of addresses that are allowed to connect. This must be a
-# regular expression, since Net::Server does not understand CIDR-style
-# network notation unless the perl module Net::CIDR is installed. You
-# may repeat the allow line as many times as you'd like
-
-allow ^127\.0\.0\.1$
-allow ^::1$
-
-# https://ecodissident.net/munin/
-allow ^93\.95\.226\.170$
-# https://munin.webarch.net/
-allow ^81\.95\.52\.102$
-
-# If you have installed the Net::CIDR perl module, you can use one or more
-# cidr_allow and cidr_deny address/mask patterns. A connecting client must
-# match any cidr_allow, and not match any cidr_deny. Note that a netmask
-# *must* be provided, even if it's /32
-#
-# Example:
-#
-# cidr_allow 127.0.0.1/32
-# cidr_allow 192.0.2.0/24
-# cidr_deny 192.0.2.42/32
-
-# Which address to bind to;
-host *
-# host 127.0.0.1
-
-# And which port
-port 4949
diff --git a/roles/munin-node/tasks/main.yml b/roles/munin-node/tasks/main.yml
deleted file mode 100644
index e32a9de..0000000
--- a/roles/munin-node/tasks/main.yml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-- name: Munin node packages installed
- apt:
- pkg: "{{ item }}"
- state: latest
- update_cache: yes
- with_items:
- - munin-node
- - munin-plugins-core
- - munin-plugins-extra
- - libwww-perl
- - time
- - libcache-cache-perl
-
-- name: Munin docker_cpu plugin in place
- copy:
- src: files/docker_cpu
- dest: /usr/share/munin/plugins/docker_cpu
- mode: 0755
-
-- name: Munin docker_cpu plugin enabled
- file:
- src: /usr/share/munin/plugins/docker_cpu
- dest: /etc/munin/plugins/docker_cpu
- state: link
-
-- name: Munin docker_memory plugin in place
- copy:
- src: files/docker_memory
- dest: /usr/share/munin/plugins/docker_memory
- mode: 0755
-
-- name: Munin docker_memory plugin enabled
- file:
- src: /usr/share/munin/plugins/docker_memory
- dest: /etc/munin/plugins/docker_memory
- state: link
-
-- name: Munin Docker plugins enabled
- copy:
- src: files/docker
- dest: /etc/munin/plugin-conf.d/docker
- mode: 0644
-
-- name: Munin client node conf in place
- copy:
- src: files/munin-node.conf
- dest: /etc/munin/munin-node.conf
- backup: yes
-
-- name: Distro set to {{ distro }} in munin apt_all plugin
- lineinfile:
- state: present
- line: "my @releases = ('{{ distro }}');"
- regexp: "^my @releases"
- dest: "/usr/share/munin/plugins/apt_all"
-
-- name: Munin apt_all plugin symlinked
- file:
- src: /usr/share/munin/plugins/apt_all
- dest: /etc/munin/plugins/apt_all
- state: link
-
-- name: Munin node restarted
- service:
- name: munin-node
- state: restarted
-
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
deleted file mode 100644
index 5d6daf8..0000000
--- a/roles/sshd/tasks/main.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-- name: Ssh root login keys only
- lineinfile:
- backup: yes
- backrefs: yes
- state: present
- line: "PermitRootLogin prohibit-password"
- regexp: "^PermitRootLogin"
- dest: "/etc/ssh/sshd_config"
-
-- name: Tunneled clear text passwords disabled
- lineinfile:
- backup: yes
- backrefs: yes
- state: present
- line: "PasswordAuthentication no"
- regexp: "^#?PasswordAuthentication"
- dest: "/etc/ssh/sshd_config"
-
-- name: Public key based logins only
- lineinfile:
- backup: yes
- state: present
- line: "AuthenticationMethods publickey"
- regexp: "^AuthenticationMethods"
- insertafter: "^#?PubkeyAuthentication"
- dest: "/etc/ssh/sshd_config"
-
-- name: Sshd restarted
- service:
- name: ssh
- state: restarted
diff --git a/roles/vim/files/selected_editor b/roles/vim/files/selected_editor
deleted file mode 100644
index c85d073..0000000
--- a/roles/vim/files/selected_editor
+++ /dev/null
@@ -1,2 +0,0 @@
-# Generated by /usr/bin/select-editor
-SELECTED_EDITOR="/usr/bin/vim.basic"
diff --git a/roles/vim/files/vimrc b/roles/vim/files/vimrc
deleted file mode 100644
index 9b03434..0000000
--- a/roles/vim/files/vimrc
+++ /dev/null
@@ -1,19 +0,0 @@
-" {{ ansible_managed }}
-"
-" UTF-8
-" set encoding=utf-8
-set encoding& " terminal charset: follows current locale
-set termencoding=
-set fileencodings= " charset auto-sensing: disabled
-set fileencoding& " auto-sensed charset of current buffer
-
-" enable syntax highlighting
-syntax on
-set background=dark
-
-"Â http://vim.wikia.com/wiki/256_colors_in_vim
-set t_Co=256
-
-" use F9 and F10 to switch between insert / paste whitespace modes
-map <F10> gqap
-:set pastetoggle=<F9>
diff --git a/roles/vim/tasks/main.yml b/roles/vim/tasks/main.yml
deleted file mode 100644
index 44ebb2b..0000000
--- a/roles/vim/tasks/main.yml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-- name: Full version of vim installed
- apt:
- name: vim
- state: present
- update_cache: yes
-
-- name: Remove nano
- apt:
- name: nano
- state: absent
-
-- name: Vim set as the default editor via update-alternatives
- command: update-alternatives --set editor /usr/bin/vim.basic
-
-- name: Vim set as the default editor via select-editor
- copy:
- src: files/selected_editor
- dest: /root/.selected_editor
-
-- name: ~/.vimrc in place
- copy:
- src: files/vimrc
- dest: /root/.vimrc
-
-- name: /root/.vim/syntax exists
- file:
- path: /root/.vim/syntax
- state: directory
-
-# The following should probably simply copy ~/.vim/ into place
-- name: Check if filetype.vim exists
- stat:
- path: "/root/.vim/filetype.vim"
- register: vim_filetype_exists
-
-- name: Create filetype.vim, if it doesn't exist already
- file:
- path: "/root/.vim/filetype.vim"
- state: touch
- when: vim_filetype_exists.stat.exists == False
-
-- name: Nginx syntax highlighting file installed
- get_url:
- url: https://raw.githubusercontent.com/vim-scripts/nginx.vim/master/syntax/nginx.vim
- dest: /root/.vim/syntax/nginx.vim
- mode: 0644
-
-- name: Nginx syntax highlighting enabled
- lineinfile:
- dest: "/root/.vim/filetype.vim"
- regexp: "^au BufRead,BufNewFile /etc/nginx"
- line: "au BufRead,BufNewFile /etc/nginx/* set ft=nginx"
--
GitLab