Merge branch 'master' of ssh://gitlab.warpzone.ms:444/infrastruktur/ansible-warpzone

fc8910b7 · Christian Elberfeld · 0f0eb7e9 · e270beb4 · fc8910b7 · fc8910b7
Commit fc8910b7 authored 7 years ago by Christian Elberfeld
--- a/webserver/docker_hackmd/templates/docker-compose.yml
+++ b/webserver/docker_hackmd/templates/docker-compose.yml
+version: "3"
+services:
+  app:
+    image: hackmdio/hackmd:1.2.0
+    restart: always
+    depends_on:
+      - db
+    ports:
+      - 127.0.0.1:42007:3000
+    environment:
+      HMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd"
+      CMD_SESSION_SECRET: "{{ hackmd_session_secret }}"
+      CMD_ALLOW_ANONYMOUS: "true"
+      CMD_ALLOW_ANONYMOUS_EDITS: "true"
+      CMD_DEFAULT_PERMISSION: "freely"
+      CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
+      CMD_LDAP_BINDDN: "{{ ldap_readonly_bind_dn }}"
+      CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
+      CMD_LDAP_SEARCHBASE: "{{ ldap_base_dn }}"
+      CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
+      CMD_LDAP_SEARCHATTRIBUTES: "uid"
+      CMD_LDAP_USERIDFIELD: "uid"
+      CMD_LDAP_USERNAMEFIELD: "uid"
+      CMD_EMAIL: "false"
+  db: 
+    image: mariadb:10
+    volumes:
+      - /srv/hackmd/db:/var/lib/mysql
+      - /srv/hackmd/mysql-utf8.cnf:/etc/mysql/conf.d/utf8.cnf
+    environment:
+      MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}"
+      MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+      MYSQL_DATABASE: "hackmd"
+      MYSQL_USER: "hackmd"
\ No newline at end of file
--- a/webserver/docker_hackmd/templates/mysql-utf8.cnf
+++ b/webserver/docker_hackmd/templates/mysql-utf8.cnf
+[client]
+default-character-set=utf8
+[mysql]
+default-character-set=utf8
+[mysqld]
+collation-server = utf8_unicode_ci
+init-connect='SET NAMES utf8'
+character-set-server = utf8
--- a/webserver/docker_keycloak/tasks/main.yml
+++ b/webserver/docker_keycloak/tasks/main.yml
+---
+- include: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/keycloak/keycloak_admin_pass,  length: 24 }
+   - { path: /srv/keycloak/postgres_user_pass,  length: 12 }
+- name: create folder struct for keycloak
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - /srv/keycloak/
+    - /srv/keycloak/db/
+- name: Konfig-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/keycloak/{{ item }}"
+  with_items:
+    - docker-compose.yml
+  notify: restart keycloak docker
+- name: start keycloak docker
+  docker_service:
+    project_src: /srv/keycloak/
+    state: present
--- a/webserver/docker_keycloak/templates/docker-compose.yml
+++ b/webserver/docker_keycloak/templates/docker-compose.yml
+version: "3"
+services:
+  app:
+    image: jboss/keycloak:4.0.0.Final
+    restart: always
+    ports:
+      - 127.0.0.1:42009:8080 
+    depends_on:
+      - db
+    environment:
+      KEYCLOAK_USER: "admin"
+      KEYCLOAK_PASSWORD: "{{ keycloak_admin_pass }}"
+      DB_VENDOR: "POSTGRES"
+      DB_ADDR: "db"
+      DB_DATABASE: "keycloak"
+      DB_USER: "keycloak"
+      DB_PASSWORD: "{{ postgres_user_pass }}"
+      PROXY_ADDRESS_FORWARDING: "true"
+  db:
+    image: postgres
+    restart: always
+    volumes:
+      - /srv/keycloak/db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: "{{ postgres_user_pass }}" 
--- a/webserver/main.yml
+++ b/webserver/main.yml
@@ -5,14 +5,18 @@
  roles:
    - { role: ../common/borgbackup, tags: borgbackup }
    - { role: ../common/docker, tags: docker }
+    - { role: ../common/telegraf, tags: telegraf }
    - { role: nginx, tags: nginx }
    - { role: openvpn, tags: openvpn }
+    - { role: docker_alerta, tags: alerta }
    - { role: docker_dokuwiki, tags: dokuwiki }
    - { role: docker_etherpad, tags: etherpad }
    - { role: docker_gitlab, tags: gitlab }
+    - { role: docker_hackmd, tags: hackmd }
    - { role: docker_jabber, tags: jabber }
    - { role: docker_jabber_test, tags: jabber_test }
    - { role: docker_ldap, tags: ldap }
+    - { role: docker_keycloak, tags: keycloak }
    - { role: docker_matterbridge, tags: matterbridge }
    - { role: docker_warpinfra, tags: warpinfra }
    - { role: docker_warpinfratest, tags: warpinfratest }

--- a/webserver/nginx/includes/alerta
+++ b/webserver/nginx/includes/alerta
+	location /  {
+        	proxy_set_header        Host $host;
+        	proxy_set_header        X-Real-IP $remote_addr;
+	        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        	proxy_set_header        X-Forwarded-Proto $scheme;
+	        proxy_pass      http://127.0.0.1:42008/;
+        	proxy_redirect  off;
+    }
--- a/webserver/nginx/includes/auth
+++ b/webserver/nginx/includes/auth
+	location /  {
+        	proxy_set_header        Host $host;
+        	proxy_set_header        X-Real-IP $remote_addr;
+	        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        	proxy_set_header        X-Forwarded-Proto $scheme;
+	        proxy_pass      http://127.0.0.1:42009/;
+        	proxy_redirect  off;
+    }
--- a/webserver/nginx/includes/md
+++ b/webserver/nginx/includes/md
+	location /  {
+        	proxy_set_header        Host $host;
+        	proxy_set_header        X-Real-IP $remote_addr;
+	        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        	proxy_set_header        X-Forwarded-Proto $scheme;
+	        proxy_pass      http://127.0.0.1:42007/;
+        	proxy_redirect  off;
+    }