Skip to content
Snippets Groups Projects
Commit 9cb708ad authored by void's avatar void
Browse files

Hackmd, alerta und keycloak

parent 35080300
No related branches found
No related tags found
No related merge requests found
Showing
with 309 additions and 0 deletions
...@@ -21,6 +21,8 @@ letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df ...@@ -21,6 +21,8 @@ letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df
letsencrypt_mail: verwaltung@warpzone.ms letsencrypt_mail: verwaltung@warpzone.ms
webserver_domains: webserver_domains:
- "auth"
- "alerta"
- "gitlab" - "gitlab"
- "infra" - "infra"
- "infra-test" - "infra-test"
...@@ -32,6 +34,7 @@ webserver_domains: ...@@ -32,6 +34,7 @@ webserver_domains:
- "proxy.jabber-test" - "proxy.jabber-test"
- "ldap" - "ldap"
- "mattermost" - "mattermost"
- "md"
- "pad" - "pad"
- "wiki" - "wiki"
- "www" - "www"
......
---
- name: restart alerta docker
docker_service:
project_src: /srv/alerta/
state: present
restarted: yes
---
- include: ../functions/get_secret.yml
with_items:
- { path: /srv/alerta/alerta_secret_key, length: 24 }
- { path: /srv/alerta/alerta_oauth_client_secret, length: -1 }
- { path: /srv/alerta/telegram_token, length: -1 }
- { path: /srv/alerta/telegram_chatid, length: -1 }
- name: create folder struct for alerta
file:
path: "{{ item }}"
state: "directory"
with_items:
- /srv/alerta/
- /srv/alerta/db/
- name: Konfig-Dateien erstellen
template:
src: "{{ item }}"
dest: "/srv/alerta/{{ item }}"
with_items:
- docker-compose.yml
- alertad.conf
- config.js
notify: restart alerta docker
- name: start alerta docker
docker_service:
project_src: /srv/alerta/
state: present
DEBUG = False
PLUGINS = [ 'blackout','normalise','reject','telegram' ]
SENDER_API_ALLOW = 'ON'
BLACKOUT_DURATION = 43200
ALLOWED_ENVIRONMENTS = [ 'warpzone' ]
KEYCLOAK_URL = 'https://auth.warpzone.ms'
KEYCLOAK_REALM = 'master'
OAUTH2_CLIENT_ID = 'alerta-ui'
OAUTH2_CLIENT_SECRET = '{{ alerta_oauth_client_secret }}'
ALLOWED_KEYCLOAK_ROLES = [ '*' ]
SECRET_KEY = '{{ alerta_secret_key }}'
DATABASE_URL = 'postgres://alerta:alerta@db:5432/alerta'
AUTH_REQUIRED = True
ADMIN_USERS = [ '' ]
CUSTOMER_VIEWS = False
TELEGRAM_TOKEN = '{{ telegram_token }}'
TELEGRAM_CHAT_ID = '{{ telegram_chatid }}'
TELEGRAM_WEBHOOK_URL = 'https://alerta.warpzone.ms/api/webhooks/telegram'
'use strict';
angular.module('config', [])
.constant('config', {
'endpoint' : "https://"+window.location.hostname+"/api",
'provider' : "keycloak", // google, github, gitlab, saml2 or basic
'client_id' : "alerta-ui",
'keycloak_url': "https://auth.warpzone.ms",
'keycloak_realm': "master",
'dates': {
'shortTime' : 'HH:MM',
'mediumDate': 'd.MM.yyyy',
'longDate' : 'EEEE, MMMM d, yyyy HH:MM ss.sss (Z)' // Tuesday, April 26, 2016 13:39:43.987 (+0100)
},
'refresh_interval': 30000 // Auto-refresh interval set to 30 seconds
});
version: "3"
services:
app:
image: alerta/alerta-web:5.2.4
restart: always
ports:
- 0.0.0.0:42008:8080
volumes:
- /srv/alerta/alertad.conf:/app/alertad.conf
- /srv/alerta/config.js:/web/config.js
depends_on:
- db
environment:
INSTALL_PLUGINS: "normalise,telegram"
db:
image: postgres
restart: always
volumes:
- /srv/alerta/db:/var/lib/postgresql/data
environment:
POSTGRES_DB: alerta
POSTGRES_USER: alerta
POSTGRES_PASSWORD: alerta
---
- include: ../functions/get_secret.yml
with_items:
- { path: /srv/hackmd/mysql_root_pass, length: 24 }
- { path: /srv/hackmd/mysql_user_pass, length: 12 }
- { path: /srv/hackmd/hackmd_session_secret, length: 32 }
- { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 }
- name: create folder struct for hackmd
file:
path: "{{ item }}"
state: "directory"
with_items:
- /srv/hackmd/
- /srv/hackmd/db/
- name: Konfig-Dateien erstellen
template:
src: "{{ item }}"
dest: "/srv/hackmd/{{ item }}"
with_items:
- docker-compose.yml
- mysql-utf8.cnf
- name: start hackmd docker
docker_service:
project_src: /srv/hackmd/
state: present
version: "3"
services:
app:
image: hackmdio/hackmd:1.2.0
restart: always
depends_on:
- db
ports:
- 127.0.0.1:42007:3000
environment:
HMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd"
CMD_SESSION_SECRET: "{{ hackmd_session_secret }}"
CMD_ALLOW_ANONYMOUS: "true"
CMD_ALLOW_ANONYMOUS_EDITS: "true"
CMD_DEFAULT_PERMISSION: "freely"
CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
CMD_LDAP_BINDDN: "cn=readonly,dc=warpzone,dc=ms"
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
CMD_LDAP_SEARCHBASE: "dc=warpzone,dc=ms"
CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
CMD_LDAP_SEARCHATTRIBUTES: "uid"
CMD_LDAP_USERIDFIELD: "uid"
CMD_LDAP_USERNAMEFIELD: "uid"
CMD_EMAIL: "false"
db:
image: mariadb:10
volumes:
- /srv/hackmd/db:/var/lib/mysql
- /srv/hackmd/mysql-utf8.cnf:/etc/mysql/conf.d/utf8.cnf
environment:
MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}"
MYSQL_PASSWORD: "{{ mysql_user_pass }}"
MYSQL_DATABASE: "hackmd"
MYSQL_USER: "hackmd"
\ No newline at end of file
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
[mysqld]
collation-server = utf8_unicode_ci
init-connect='SET NAMES utf8'
character-set-server = utf8
---
- include: ../functions/get_secret.yml
with_items:
- { path: /srv/keycloak/keycloak_admin_pass, length: 24 }
- { path: /srv/keycloak/postgres_user_pass, length: 12 }
- name: create folder struct for keycloak
file:
path: "{{ item }}"
state: "directory"
with_items:
- /srv/keycloak/
- /srv/keycloak/db/
- name: Konfig-Dateien erstellen
template:
src: "{{ item }}"
dest: "/srv/keycloak/{{ item }}"
with_items:
- docker-compose.yml
notify: restart keycloak docker
- name: start keycloak docker
docker_service:
project_src: /srv/keycloak/
state: present
version: "3"
services:
app:
image: jboss/keycloak:4.0.0.Final
restart: always
ports:
- 127.0.0.1:42009:8080
depends_on:
- db
environment:
KEYCLOAK_USER: "admin"
KEYCLOAK_PASSWORD: "{{ keycloak_admin_pass }}"
DB_VENDOR: "POSTGRES"
DB_ADDR: "db"
DB_DATABASE: "keycloak"
DB_USER: "keycloak"
DB_PASSWORD: "{{ postgres_user_pass }}"
PROXY_ADDRESS_FORWARDING: "true"
db:
image: postgres
restart: always
volumes:
- /srv/keycloak/db:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: "{{ postgres_user_pass }}"
...@@ -7,12 +7,15 @@ ...@@ -7,12 +7,15 @@
- { role: ../common/docker, tags: docker } - { role: ../common/docker, tags: docker }
- { role: nginx, tags: nginx } - { role: nginx, tags: nginx }
- { role: openvpn, tags: openvpn } - { role: openvpn, tags: openvpn }
- { role: docker_alerta, tags: alerta }
- { role: docker_dokuwiki, tags: dokuwiki } - { role: docker_dokuwiki, tags: dokuwiki }
- { role: docker_etherpad, tags: etherpad } - { role: docker_etherpad, tags: etherpad }
- { role: docker_gitlab, tags: gitlab } - { role: docker_gitlab, tags: gitlab }
- { role: docker_hackmd, tags: hackmd }
- { role: docker_jabber, tags: jabber } - { role: docker_jabber, tags: jabber }
- { role: docker_jabber_test, tags: jabber_test } - { role: docker_jabber_test, tags: jabber_test }
- { role: docker_ldap, tags: ldap } - { role: docker_ldap, tags: ldap }
- { role: docker_keycloak, tags: keycloak }
- { role: docker_matterbridge, tags: matterbridge } - { role: docker_matterbridge, tags: matterbridge }
- { role: docker_warpinfra, tags: warpinfra } - { role: docker_warpinfra, tags: warpinfra }
- { role: docker_warpinfratest, tags: warpinfratest } - { role: docker_warpinfratest, tags: warpinfratest }
......
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:42008/;
proxy_redirect off;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:42009/;
proxy_redirect off;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:42007/;
proxy_redirect off;
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment