decomission node-01.do-ams3.nextcloud.office host
The service is not being used by anyone: https://github.com/status-im/infra-office/issues/17 Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
parent
c3fb333df6
commit
def294e9bf
|
|
@ -6,7 +6,6 @@ This repo configures infrastructure for cloud office services.
|
|||
|
||||
| Description | Address |
|
||||
|--------------------------|-----------------------------------|
|
||||
| NextCloud | https://cloud.status.im/ |
|
||||
| Gitea Git Frontend | https://repos.status.im/ |
|
||||
| HackMD Notes | https://notes.status.im/ |
|
||||
| Octobox GitHub Inbox | https://gh.status.im/ |
|
||||
|
|
@ -22,7 +21,6 @@ This repo configures infrastructure for cloud office services.
|
|||
* [gitea](ansible/roles/gitea) - [Gitea](https://gitea.io/) Git Web Frontent
|
||||
* [hackmd](ansible/roles/hackmd) - HackMD instance for our use
|
||||
* [keycloak](ansible/roles/keycloak) - Identity and Access Management
|
||||
* [nextcloud](ansible/roles/nextcloud) - Productivity platform
|
||||
* [octobox](ansible/roles/octobox) - Octobox GitHub notifications helper
|
||||
* [shlink](ansible/roles/shlink) - Shlink URL shortener service
|
||||
* [wekan](ansible/roles/wekan) - Wekan board instance for task management
|
||||
|
|
|
|||
|
|
@ -1,125 +0,0 @@
|
|||
---
|
||||
# Just in case
|
||||
swap_file_size_mb: 4096
|
||||
|
||||
# NextCloud
|
||||
nextcloud_domain: 'cloud.status.im'
|
||||
nextcloud_docs_domain: 'onlyoffice.status.im'
|
||||
# Admin
|
||||
nextcloud_admin_email: 'devops@status.im'
|
||||
nextcloud_admin_password: '{{lookup("bitwarden", "nextcloud/admin")}}'
|
||||
# Secrets
|
||||
nextcloud_instance_id: '{{lookup("bitwarden", "nextcloud/secrets", field="instance-id")}}'
|
||||
nextcloud_password_salt: '{{lookup("bitwarden", "nextcloud/secrets", field="password-salt")}}'
|
||||
nextcloud_encryption_key: '{{lookup("bitwarden", "nextcloud/secrets", field="encryption-key")}}'
|
||||
# Apps
|
||||
nextcloud_enabled_apps:
|
||||
- appointments
|
||||
- calendar
|
||||
- contacts
|
||||
- encryption
|
||||
- forms
|
||||
- mail
|
||||
- richdocuments
|
||||
- sociallogin
|
||||
- spreed
|
||||
- twofactor_totp
|
||||
- twofactor_webauthn
|
||||
nextcloud_disabled_apps:
|
||||
- tasks
|
||||
- integration_whiteboard
|
||||
- twofactor_u2f
|
||||
# This allows for passwordless login.
|
||||
nextcloud_webauthn_native_enaled: false
|
||||
# OAuth
|
||||
nextcloud_oauth_enabled: true
|
||||
nextcloud_oauth_name: 'Keycloak'
|
||||
nextcloud_oauth_style: 'keycloak'
|
||||
nextcloud_oauth_url: 'https://auth.status.im/auth/realms/status-im/protocol/openid-connect'
|
||||
nextcloud_oauth_id: '{{ lookup("bitwarden", "nextcloud/oauth/keycloak", field="client-id") }}'
|
||||
nextcloud_oauth_secret: '{{ lookup("bitwarden", "nextcloud/oauth/keycloak", field="secret") }}'
|
||||
nextcloud_oauth_scope: 'openid'
|
||||
# OnlyOffice
|
||||
nextcloud_docs_cont_port: 9980
|
||||
nextcloud_docs_secret_key: '{{lookup("bitwarden", "nextcloud/docs/jwt-secret")}}'
|
||||
# SMTP
|
||||
nextcloud_smtp_enabled: true
|
||||
nextcloud_smtp_port: 587
|
||||
nextcloud_smtp_host: 'smtp.mailgun.org'
|
||||
nextcloud_smtp_user: '{{lookup("bitwarden", "MailGun", field="smtp-user")}}'
|
||||
nextcloud_smtp_pass: '{{lookup("bitwarden", "MailGun", field="smtp-pass")}}'
|
||||
nextcloud_smtp_method: 'tls'
|
||||
nextcloud_smtp_domain: 'mgun.status.im'
|
||||
nextcloud_smtp_from: 'nextcloud'
|
||||
|
||||
# Restic Backups
|
||||
restic_user_groups: ['docker', 'dockremap', 'nextcloud']
|
||||
restic_backups:
|
||||
- name: 'nextcloud-db'
|
||||
tags: ['pgdumpdir']
|
||||
path: '/docker/nextcloud/db/backup'
|
||||
after: 'dump-nextcloud-db.service'
|
||||
frequency: 'daily'
|
||||
timeout: 300
|
||||
|
||||
- name: 'nextcloud-data'
|
||||
tags: ['files']
|
||||
path: '/docker/nextcloud/app/data'
|
||||
excludes: ['spacedeck.nexe.bin']
|
||||
frequency: 'daily'
|
||||
timeout: 1800
|
||||
|
||||
# Open Nginx Ports
|
||||
open_ports_default_comment: 'NextCloud'
|
||||
open_ports_default_chain: 'SERVICES'
|
||||
open_ports_list:
|
||||
- { port: 80 }
|
||||
- { port: 443 }
|
||||
|
||||
# Nginx proxy
|
||||
nginx_sites:
|
||||
nextcloud_app_http:
|
||||
- listen 80
|
||||
- server_name {{ nextcloud_domain }}
|
||||
- return 302 https://$server_name$request_uri
|
||||
nextcloud_app_https:
|
||||
- listen 443 ssl
|
||||
- server_name {{ nextcloud_domain }}
|
||||
|
||||
- ssl_certificate /certs/status.im/origin.crt
|
||||
- ssl_certificate_key /certs/status.im/origin.key
|
||||
|
||||
- | # config to enable HSTS(HTTP Strict Transport Security)
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
|
||||
|
||||
- | # Increase file upload limits to 20 MB
|
||||
client_max_body_size 20m
|
||||
|
||||
- location / {
|
||||
proxy_pass http://localhost:{{ nextcloud_app_cont_port }}/;
|
||||
include /etc/nginx/proxy_params;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
nextcloud_docs_http:
|
||||
- listen 80
|
||||
- server_name {{ nextcloud_docs_domain }}
|
||||
- return 302 https://$server_name$request_uri
|
||||
nextcloud_docs_https:
|
||||
- listen 443 ssl
|
||||
- server_name {{ nextcloud_docs_domain }}
|
||||
|
||||
- ssl_certificate /certs/status.im/origin.crt
|
||||
- ssl_certificate_key /certs/status.im/origin.key
|
||||
|
||||
# Not necessary, avoid crawlers.
|
||||
- location = / {
|
||||
return 418;
|
||||
}
|
||||
|
||||
- location / {
|
||||
proxy_pass http://localhost:{{ nextcloud_docs_cont_port }};
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
|
|
@ -3,14 +3,12 @@
|
|||
[all]
|
||||
node-01.do-ams3.gitea.office hostname=node-01.do-ams3.gitea.office ansible_host=167.99.19.46 env=gitea stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.gitea.office.statusim.net
|
||||
node-01.do-ams3.keycloak.office hostname=node-01.do-ams3.keycloak.office ansible_host=206.189.241.168 env=keycloak stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.keycloak.office.statusim.net
|
||||
node-01.do-ams3.nextcloud.office hostname=node-01.do-ams3.nextcloud.office ansible_host=64.225.82.112 env=nextcloud stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.nextcloud.office.statusim.net
|
||||
node-01.do-ams3.todo.office hostname=node-01.do-ams3.todo.office ansible_host=178.128.140.226 env=todo stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.todo.office.statusim.net
|
||||
node-01.do-ams3.wekan.office hostname=node-01.do-ams3.wekan.office ansible_host=174.138.107.118 env=wekan stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.wekan.office.statusim.net
|
||||
|
||||
[do-ams3]
|
||||
node-01.do-ams3.gitea.office
|
||||
node-01.do-ams3.keycloak.office
|
||||
node-01.do-ams3.nextcloud.office
|
||||
node-01.do-ams3.todo.office
|
||||
node-01.do-ams3.wekan.office
|
||||
|
||||
|
|
@ -26,12 +24,6 @@ node-01.do-ams3.keycloak.office
|
|||
[keycloak.office]
|
||||
node-01.do-ams3.keycloak.office
|
||||
|
||||
[nextcloud]
|
||||
node-01.do-ams3.nextcloud.office
|
||||
|
||||
[nextcloud.office]
|
||||
node-01.do-ams3.nextcloud.office
|
||||
|
||||
[todo]
|
||||
node-01.do-ams3.todo.office
|
||||
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
- name: Verify Ansible versions
|
||||
hosts: all
|
||||
tags: always
|
||||
become: false
|
||||
run_once: true
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- local_action: command ./versioncheck.py
|
||||
changed_when: false
|
||||
|
||||
- name: Configure NextCloud
|
||||
hosts: nextcloud
|
||||
roles:
|
||||
- { role: swap-file, tags: swap-file }
|
||||
- { role: open-ports, tags: open-ports }
|
||||
- { role: origin-certs, tags: origin-certs }
|
||||
- { role: nextcloud, tags: nextcloud }
|
||||
- { role: restic-backups, tags: restic-backups }
|
||||
- { role: nginx, tags: nginx }
|
||||
- { role: threatstack, tags: threatstack }
|
||||
|
|
@ -50,11 +50,6 @@
|
|||
version: 581bf6f1bd8b0d4873a77166b9ceb48a417565eb
|
||||
scm: git
|
||||
|
||||
- name: nextcloud
|
||||
src: git@github.com:status-im/infra-role-nextcloud.git
|
||||
version: 4dfadb58e06a2116b750994c14fe5cc122ae2ecb
|
||||
scm: git
|
||||
|
||||
- name: infra-role-keycloak
|
||||
src: git@github.com:status-im/infra-role-keycloak.git
|
||||
version: 1e0ac0dd0cae95ae5c736eb19e0bff2aea089491
|
||||
|
|
|
|||
26
nextcloud.tf
26
nextcloud.tf
|
|
@ -1,26 +0,0 @@
|
|||
module "nextcloud" {
|
||||
source = "github.com/status-im/infra-tf-digital-ocean"
|
||||
|
||||
env = "nextcloud"
|
||||
group = "nextcloud"
|
||||
type = "s-4vcpu-8gb"
|
||||
domain = var.domain
|
||||
|
||||
open_tcp_ports = ["80", "443"]
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "nextcloud" {
|
||||
zone_id = local.zones["status.im"]
|
||||
value = module.nextcloud.public_ips[0]
|
||||
name = "cloud"
|
||||
type = "A"
|
||||
proxied = true
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "onlyoffice" {
|
||||
zone_id = local.zones["status.im"]
|
||||
value = module.nextcloud.public_ips[0]
|
||||
name = "onlyoffice"
|
||||
type = "A"
|
||||
proxied = true
|
||||
}
|
||||
|
|
@ -2,7 +2,6 @@ output "hosts" {
|
|||
value = merge(
|
||||
module.gitea.hosts,
|
||||
module.keycloak.hosts,
|
||||
module.nextcloud.hosts,
|
||||
module.todo.hosts,
|
||||
module.wekan.hosts,
|
||||
)
|
||||
|
|
|
|||
Loading…
Reference in New Issue