diff --git a/inventory/backups b/inventory/backups index 67cb4d9158..79c4bf10a4 100644 --- a/inventory/backups +++ b/inventory/backups @@ -22,7 +22,6 @@ copr-fe.cloud.fedoraproject.org copr-keygen.cloud.fedoraproject.org #copr-dist-git.fedorainfracloud.org value01.phx2.fedoraproject.org -taiga.fedorainfracloud.org tang01.phx2.fedoraproject.org taskotron01.qa.fedoraproject.org nuancier01.phx2.fedoraproject.org diff --git a/inventory/cloud b/inventory/cloud index 235d29a26d..f91021f5ce 100644 --- a/inventory/cloud +++ b/inventory/cloud @@ -73,8 +73,6 @@ ppc64-test.fedorainfracloud.org rawhide-test.fedorainfracloud.org regcfp2.fedorainfracloud.org respins.fedorainfracloud.org -taiga.fedorainfracloud.org -taigastg.fedorainfracloud.org telegram-irc.fedorainfracloud.org testdays.fedorainfracloud.org twisted-fedora26-1.fedorainfracloud.org diff --git a/inventory/host_vars/taiga.fedorainfracloud.org b/inventory/host_vars/taiga.fedorainfracloud.org deleted file mode 100644 index 9f44522138..0000000000 --- a/inventory/host_vars/taiga.fedorainfracloud.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -image: "{{ fedora25_x86_64 }}" -instance_type: m1.medium -keypair: fedora-admin-20130801 -security_group: ssh-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent -zone: nova -tcp_ports: [22, 80, 443] - -inventory_tenant: persistent -inventory_instance_name: taiga -hostbase: taiga -public_ip: 209.132.184.50 -root_auth_users: ralph maxamillion kellin -description: taiga frontend server - -db_backup_dir: ['/backups'] -dbs_to_backup: ['taiga'] - -volumes: - - volume_id: 8878d26e-a296-4c81-b636-3eb4dca15ed0 - device: /dev/vdc - -cloud_networks: - # persistent-net - - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" - diff --git a/inventory/host_vars/taigastg.fedorainfracloud.org b/inventory/host_vars/taigastg.fedorainfracloud.org deleted file mode 100644 index 881ec29929..0000000000 --- a/inventory/host_vars/taigastg.fedorainfracloud.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -image: "{{ fedora28_x86_64 }}" -instance_type: m1.small -keypair: fedora-admin-20130801 -security_group: ssh-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent -zone: nova -tcp_ports: [22, 80, 443] - -inventory_tenant: persistent -inventory_instance_name: taigastg -hostbase: taigastg -public_ip: 209.132.184.232 -root_auth_users: ralph maxamillion doteast kellin abompard -description: stg instance of the taiga frontend server - -volumes: - - volume_id: 5babf722-0046-4535-a6e5-398f9c67b844 - device: /dev/vdc - -cloud_networks: - # persistent-net - - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" - diff --git a/inventory/inventory b/inventory/inventory index 26d2a85698..10fe311f78 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1108,9 +1108,6 @@ copr-keygen.cloud.fedoraproject.org # copr dev instances copr-be-dev.cloud.fedoraproject.org copr-fe-dev.cloud.fedoraproject.org -# taiga for kanban-style project planning -taiga.fedorainfracloud.org -taigastg.fedorainfracloud.org # glittergallery GSoC dev work glittergallery-dev.fedorainfracloud.org # fas2-dev diff --git a/master.yml b/master.yml index 84b3a12189..6e0f236292 100644 --- a/master.yml +++ b/master.yml @@ -144,7 +144,5 @@ - import_playbook: /srv/web/infra/ansible/playbooks/hosts/ansiblemagazine.fedorainfracloud.org.yml - import_playbook: /srv/web/infra/ansible/playbooks/hosts/regcfp2.fedorainfracloud.org.yml - import_playbook: /srv/web/infra/ansible/playbooks/hosts/respins.fedorainfracloud.org.yml -- import_playbook: /srv/web/infra/ansible/playbooks/hosts/taiga.fedorainfracloud.org.yml -- import_playbook: /srv/web/infra/ansible/playbooks/hosts/taigastg.fedorainfracloud.org.yml - import_playbook: /srv/web/infra/ansible/playbooks/hosts/testdays.fedorainfracloud.org.yml - import_playbook: /srv/web/infra/ansible/playbooks/hosts/upstreamfirst.fedorainfracloud.org.yml diff --git a/playbooks/hosts/taiga.fedorainfracloud.org.yml b/playbooks/hosts/taiga.fedorainfracloud.org.yml deleted file mode 100644 index 8f1650fdc8..0000000000 --- a/playbooks/hosts/taiga.fedorainfracloud.org.yml +++ /dev/null @@ -1,34 +0,0 @@ -- name: check/create instance - hosts: taiga.fedorainfracloud.org - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/fedora-cloud.yml - - /srv/private/ansible/files/openstack/passwords.yml - - tasks: - - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: setup all the things - hosts: taiga.fedorainfracloud.org - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) - hostname: name="{{inventory_hostname}}" - - roles: - - basessh - - role: taiga - taiga_back_version: stable - taiga_front_version: stable diff --git a/playbooks/hosts/taigastg.fedorainfracloud.org.yml b/playbooks/hosts/taigastg.fedorainfracloud.org.yml deleted file mode 100644 index 43d9359b5c..0000000000 --- a/playbooks/hosts/taigastg.fedorainfracloud.org.yml +++ /dev/null @@ -1,36 +0,0 @@ -- name: check/create instance - hosts: taigastg.fedorainfracloud.org - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/fedora-cloud.yml - - /srv/private/ansible/files/openstack/passwords.yml - - tasks: - - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: setup all the things - hosts: taigastg.fedorainfracloud.org - gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) - hostname: name="{{inventory_hostname}}" - - roles: - - basessh - - role: certbot - - role: taiga - taiga_back_version: stable - taiga_front_version: stable diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml index 4bc75699a1..637637bf9c 100644 --- a/roles/apps-fp-o/files/apps.yaml +++ b/roles/apps-fp-o/files/apps.yaml @@ -695,16 +695,6 @@ children: engineering *should* be producing and 2) all of the artifacts taht release engineering *did* produce. The web interface isn't much to write home about, but the API is where it's at. - - name: Taiga - data: - icon: taiga.png - url: https://taiga.fedorainfracloud.org/ - description: > - Taiga is a very pretty project management platform that we've - been messing around with. Feel free to use it. We backup the - database, but we don't necessarily support it yet with the same - kind of focus that we dedicate to our other services. If you - run into problems with it, let us know! - name: Ipsilon data: icon: diff --git a/roles/taiga/files/backup-database b/roles/taiga/files/backup-database deleted file mode 100644 index 3f6e7d8fb1..0000000000 --- a/roles/taiga/files/backup-database +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# Backup a database *locally* to /backups/. - -DB=$1 - -# Make our latest backup -/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz - -# Also, delete the backup from a few days ago. -rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz diff --git a/roles/taiga/files/cron-renew-cert b/roles/taiga/files/cron-renew-cert deleted file mode 100644 index 486ebdd6a0..0000000000 --- a/roles/taiga/files/cron-renew-cert +++ /dev/null @@ -1 +0,0 @@ -* * * * 0 root /usr/local/bin/renew-cert.sh diff --git a/roles/taiga/files/fedora-logo.png b/roles/taiga/files/fedora-logo.png deleted file mode 100644 index fc7a20021a..0000000000 Binary files a/roles/taiga/files/fedora-logo.png and /dev/null differ diff --git a/roles/taiga/files/nginx.conf b/roles/taiga/files/nginx.conf deleted file mode 100644 index 5ada1a0e3a..0000000000 --- a/roles/taiga/files/nginx.conf +++ /dev/null @@ -1,72 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log; -#error_log /var/log/nginx/error.log notice; -#error_log /var/log/nginx/error.log info; - -pid /run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - #keepalive_timeout 0; - keepalive_timeout 65; - - #gzip on; - - index index.html index.htm; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - #server { - # listen 80 default_server; - # server_name localhost; - # root /usr/share/nginx/html; - - # #charset koi8-r; - - # #access_log /var/log/nginx/host.access.log main; - - # # Load configuration files for the default server block. - # include /etc/nginx/default.d/*.conf; - - # location / { - # } - - # # redirect server error pages to the static page /40x.html - # # - # error_page 404 /404.html; - # location = /40x.html { - # } - - # # redirect server error pages to the static page /50x.html - # # - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # } - #} -} diff --git a/roles/taiga/files/pg_hba.conf b/roles/taiga/files/pg_hba.conf deleted file mode 100644 index a3dc154fda..0000000000 --- a/roles/taiga/files/pg_hba.conf +++ /dev/null @@ -1,74 +0,0 @@ -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# Refer to the PostgreSQL Administrator's Guide, chapter "Client -# Authentication" for a complete description. A short synopsis -# follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which PostgreSQL user names they can use, which -# databases they can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTION] -# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] -# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION] -# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain socket, -# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an -# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket. -# -# DATABASE can be "all", "sameuser", "samerole", a database name, or -# a comma-separated list thereof. -# -# USER can be "all", a user name, a group name prefixed with "+", or -# a comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names from -# a separate file. -# -# CIDR-ADDRESS specifies the set of hosts the record matches. -# It is made up of an IP address and a CIDR mask that is an integer -# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies -# the number of significant bits in the mask. Alternatively, you can write -# an IP address and netmask in separate columns to specify the set of hosts. -# -# METHOD can be "trust", "reject", "md5", "crypt", "password", -# "krb5", "ident", or "pam". Note that "password" sends passwords -# in clear text; "md5" is preferred since it sends encrypted passwords. -# -# OPTION is the ident map or the name of the PAM service, depending on METHOD. -# -# Database and user names containing spaces, commas, quotes and other special -# characters must be quoted. Quoting one of the keywords "all", "sameuser" or -# "samerole" makes the name lose its special character, and just match a -# database or username with that name. -# -# This file is read on server startup and when the postmaster receives -# a SIGHUP signal. If you edit the file on a running system, you have -# to SIGHUP the postmaster for the changes to take effect. You can use -# "pg_ctl reload" to do that. - -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make PostgreSQL listen -# on a non-local interface via the listen_addresses configuration parameter, -# or via the -i or -h command line switches. -# - -#@authcomment@ - -# TYPE DATABASE USER CIDR-ADDRESS METHOD - -#@remove-line-for-nolocal@# "local" is for Unix domain socket connections only -#@remove-line-for-nolocal@local all all @authmethod@ -# IPv4 local connections: -#host all all 127.0.0.1/32 @authmethod@ -# IPv6 local connections: -#host all all ::1/128 @authmethod@ - -local all all trust -#host all all 0.0.0.0 0.0.0.0 md5 diff --git a/roles/taiga/files/renew-cert.sh b/roles/taiga/files/renew-cert.sh deleted file mode 100644 index 07ee2e3a50..0000000000 --- a/roles/taiga/files/renew-cert.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -#renew letsencrypt certificate. it checks if cert need renewal. if not nginx will not stop -# check and renew if required, quietly. if so do it in standalone mode -/usr/bin/certbot renew -q --pre-hook "/usr/bin/systemctl stop nginx" --post-hook "/usr/bin/systemctl start nginx" - diff --git a/roles/taiga/files/taiga-back.service b/roles/taiga/files/taiga-back.service deleted file mode 100644 index 5fcedca24f..0000000000 --- a/roles/taiga/files/taiga-back.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=taiga backend, run by gunicorn -After=network.target -Documentation=https://github.com/taigaio/taiga-back - -[Service] -ExecStart=/srv/taiga/venv/bin/python /usr/bin/gunicorn-3 -w 3 -t 60 --pythonpath=. -b 127.0.0.1:8001 taiga.wsgi -WorkingDirectory=/srv/taiga/taiga-back/ -Type=simple -User=taiga -Group=taiga -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/roles/taiga/files/urls.py b/roles/taiga/files/urls.py deleted file mode 100644 index 49865d1d22..0000000000 --- a/roles/taiga/files/urls.py +++ /dev/null @@ -1,4 +0,0 @@ -from taiga.urls import * -urlpatterns += [ - url(r"^api/oidc/", include("mozilla_django_oidc.urls")), -] diff --git a/roles/taiga/handlers/main.yml b/roles/taiga/handlers/main.yml deleted file mode 100644 index 8d2461b94a..0000000000 --- a/roles/taiga/handlers/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: restart postgresql - service: name=postgresql state=restarted - -- name: restart taiga-back - service: name=taiga-back state=restarted - -- name: reload systemd service files - command: systemctl daemon-reload - -- name: restart nginx - service: name=nginx state=restarted - -- name: restart postfix - service: name=postfix state=restarted - -- name: restart crond - service: name=crond state=restarted - diff --git a/roles/taiga/tasks/main.yml b/roles/taiga/tasks/main.yml deleted file mode 100644 index bb0ef05c4a..0000000000 --- a/roles/taiga/tasks/main.yml +++ /dev/null @@ -1,341 +0,0 @@ -# This is mostly following -# http://taigaio.github.io/taiga-doc/dist/setup-production.html#circus-and-gunicorn -# -# It is just for dev/testing.. we're installing stuff from git/pip, etc.. -# - -- dnf: name={{item}} state=present - with_items: - - postfix - - cronie - - nginx - - libsemanage-python - - postgresql-server - # Need this to use the postgresql ansible module - - python-psycopg2 - - - python3-gunicorn - - python3-psycopg2 - # So we don't have to rebuild them in the virtualenv - - python3-cairo - - python3-cryptography - - python3-pyOpenSSL - - gettext - - - git - - python3 - - python3-devel - - python3-pip - - redhat-rpm-config - - gcc - - freetype-devel - - libxml2-devel - - libxslt-devel - - libjpeg-turbo-devel - - postgresql-devel - # To build the frontend - - npm -# need this for letsencrypt cert - - certbot - - python3-certbot-nginx - tags: taiga - -- user: name=taiga comment="Taiga System Account" - tags: taiga - -### Real quick, let's setup postfix for mail on the side. -### if we ever move this internally, we'll just use bastion. -- name: Set postfix to run on boot - service: name=postfix state=started enabled=yes - tags: taiga - -### FIRST, there is a lot of postgres db stuff to setup ### -- name: Initialize postgres if necessary - command: /usr/bin/postgresql-setup initdb - creates=/var/lib/pgsql/data/base - notify: restart postgresql - tags: taiga - -- name: Add our postgres config file. - copy: > - src=pg_hba.conf - dest=/var/lib/pgsql/data/pg_hba.conf - owner=postgres - notify: restart postgresql - tags: taiga - -# No need to let postgres talk to the world, right? -#- name: Let postgresql listen to '*' -# command: sed -i -e "s|#listen_addresses = 'localhost'|listen_addresses = '*'|" /var/lib/pgsql/data/postgresql.conf -# notify: restart postgresql -# tags: taiga - -- name: Ensure postgres has a place to backup to - file: dest=/backups state=directory owner=postgres - tags: taiga - -- name: Copy over backup scriplet - copy: src=backup-database dest=/usr/local/bin/backup-database mode=0755 - tags: taiga - -- name: Set up some cronjobs to backup databases as configured - template: > - src=cron-backup-database - dest=/etc/cron.d/cron-backup-database-{{ item }} - with_items: - - taiga - tags: taiga - -- name: Set postgresql-server to run on boot - service: name=postgresql state=started enabled=yes - tags: taiga - -# Make sure we have db users -- postgresql_user: name=taiga - # password={{ taiga_db_pass }} - tags: taiga - -- postgresql_db: name=taiga owner=taiga encoding=UTF-8 - tags: taiga -### DONE with db stuff - - -- become: yes - become_user: taiga - tags: taiga - block: - - # Create the python virtualenv - - name: setup the virtualenv - pip: - name: pip - state: latest - chdir: /srv/taiga - virtualenv: /srv/taiga/venv - virtualenv_command: pyvenv - virtualenv_site_packages: yes - - - name: install Gunicorn - pip: - name: gunicorn - virtualenv: /srv/taiga/venv - - # Install our plugin for the backend first - - name: install the OIDC auth plugin - git: - dest: /srv/taiga/taiga-contrib-oidc-auth - repo: https://github.com/fedora-infra/taiga-contrib-oidc-auth.git - tags: taiga - - - pip: - name: . - editable: yes - chdir: /srv/taiga/taiga-contrib-oidc-auth/back - virtualenv: /srv/taiga/venv - tags: taiga - - # setup taiga-back from git - - git: - repo: https://github.com/taigaio/taiga-back.git - dest: /srv/taiga/taiga-back - version: "{{taiga_back_version}}" - # We modify the requirements.txt, we need to force here. - force: yes - - - name: remove some versionned dependencies - replace: - path: /srv/taiga/taiga-back/requirements.txt - regexp: '^(CairoSVG|cryptography)==.*$' - replace: '\1' - - - name: install taiga-back dependencies - pip: - requirements: /srv/taiga/taiga-back/requirements.txt - virtualenv: /srv/taiga/venv - tags: taiga - -- name: copy in our taiga backend config - template: src=local.py dest=/srv/taiga/taiga-back/settings/local.py - mode=0640 owner=taiga group=taiga - notify: restart taiga-back - tags: taiga - -- name: copy in our taiga backend URLs config - copy: src=urls.py dest=/srv/taiga/taiga-back/settings/urls.py - mode=0640 owner=taiga group=taiga - notify: restart taiga-back - tags: taiga - -- file: dest=/srv/taiga/taiga-back/locale state=directory - owner=taiga group=taiga - tags: taiga - - # change default admin password -- name: copy in our initial_user fixture - template: src=initial_user.json dest=/srv/taiga/initial_user.json - mode=0640 owner=taiga group=taiga - tags: taiga - -- become: yes - become_user: taiga - tags: taiga - block: - - - django_manage: - app_path: /srv/taiga/taiga-back - virtualenv: /srv/taiga/venv - command: migrate - - - django_manage: - app_path: /srv/taiga/taiga-back - virtualenv: /srv/taiga/venv - command: loaddata - fixtures: /srv/taiga/initial_user.json initial_project_templates - - - django_manage: - app_path: /srv/taiga/taiga-back - virtualenv: /srv/taiga/venv - command: compilemessages - - - django_manage: - app_path: /srv/taiga/taiga-back - virtualenv: /srv/taiga/venv - command: collectstatic - ### DONE with taiga-back - - ### Setup taiga-front-dist from git - - git: - repo: https://github.com/taigaio/taiga-front-dist.git - dest: /srv/taiga/taiga-front-dist - version: "{{taiga_front_version}}" - -- name: install the frontend configuration file - template: - src: conf.json - dest: /srv/taiga/taiga-front-dist/dist/conf.json - mode: 0644 - owner: taiga - group: taiga - tags: taiga - -# create plugins directory - new in taiga 3.0.0 -- file: dest=/srv/taiga/taiga-front-dist/dist/plugins state=directory owner=taiga group=taiga - tags: taiga - -# Build the frontend -# npm config set strict-ssl false -# npm install -# npm install gulp -# ./node_modules/.bin/gulp build - -- become: yes - become_user: taiga - tags: taiga - block: - - # Build our plugin - - npm: - path: /srv/taiga/taiga-contrib-oidc-auth/front - - npm: - path: /srv/taiga/taiga-contrib-oidc-auth/front - name: gulp - - command: ./node_modules/.bin/gulp build - args: - chdir: /srv/taiga/taiga-contrib-oidc-auth/front - creates: /srv/taiga/taiga-contrib-oidc-auth/front/dist/oidc_auth.js - -- name: copy the Fedora logo - copy: - src: fedora-logo.png - dest: /srv/taiga/taiga-front-dist/dist/plugins/oidc-auth/images/contrib/fedora-logo.png - owner: taiga - group: taiga - tags: taiga - -- name: link our plugin pieces in place - file: src=/srv/taiga/taiga-contrib-oidc-auth/front/dist - dest=/srv/taiga/taiga-front-dist/dist/plugins/oidc-auth - state=link - owner=taiga - group=taiga - tags: taiga - -- name: set selinux labels - file: - path: "/srv/taiga/{{ item }}" - state: directory - setype: httpd_sys_content_rw_t - recurse: yes - with_items: - - taiga-front-dist/dist - - taiga-back/static - - taiga-back/media - -### DONE with taiga-front - - -## taiga-back service -- name: copy systemd service file in for taiga - copy: src=taiga-back.service dest=/usr/lib/systemd/system/taiga-back.service - notify: reload systemd service files - tags: taiga - -- name: set taiga-back to start - service: name=taiga-back state=started enabled=yes - tags: taiga - - -# Letsencrypt - -- name: get the letsencrypt cert - command: certbot certonly -n --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" -d {{ inventory_hostname }} --agree-tos --email admin@fedoraproject.org - args: - creates: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem" - notify: restart nginx - -- name: copy cert renew script - copy: src=renew-cert.sh dest=/usr/local/bin/renew-cert.sh mode=0755 - tags: - - taiga - - cron - - letsencrypt - -- name: install cron for cert renewal - copy: src=cron-renew-cert dest=/etc/cron.d/cron-renew-cert - notify: restart crond - tags: - - taiga - - cron - - -### FINALLY, nginx to serve/proxy it all -- template: src=default.nginx dest=/etc/nginx/default.d/taiga.conf - mode=0644 owner=nginx group=nginx - notify: restart nginx - tags: - - taiga - - nginx -- template: src=taiga-ssl.nginx dest=/etc/nginx/conf.d/taiga-ssl.conf - mode=0644 owner=nginx group=nginx - notify: restart nginx - tags: - - taiga - - nginx - -# Add nginx to the taiga group so it gets rights to read all our static stuff -- user: name=nginx groups=taiga append=yes - tags: taiga -- file: dest=/srv/taiga mode=0750 - tags: taiga -- seboolean: name="{{item}}" state=true persistent=true - with_items: - # So we can read static content at all - - httpd_read_user_content - # So we can follow the symlink to our FAS plugin - - httpd_enable_homedirs - # So we can reverse proxy stuff locally to gunicorn - - httpd_can_network_connect - tags: taiga - -- service: name=nginx state=started enabled=yes - tags: taiga diff --git a/roles/taiga/templates/conf.json b/roles/taiga/templates/conf.json deleted file mode 100644 index 1db11983b6..0000000000 --- a/roles/taiga/templates/conf.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "api": "https://{{inventory_hostname}}/api/v1/", - "eventsUrl": "wss://{{inventory_hostname}}/events", - "debug": true, - "publicRegisterEnabled": false, - "feedbackEnabled": true, - "privacyPolicyUrl": null, - "termsOfServiceUrl": null, - "maxUploadFileSize": null, - "contribPlugins": ["/plugins/oidc-auth/oidc-auth.json"], - "oidcMountPoint": "/api/oidc", - "oidcButtonText": "Fedora", - "oidcButtonImage": "fedora-logo.png", - "debugInfo": false -} diff --git a/roles/taiga/templates/cron-backup-database b/roles/taiga/templates/cron-backup-database deleted file mode 100644 index ce3c52d7d4..0000000000 --- a/roles/taiga/templates/cron-backup-database +++ /dev/null @@ -1 +0,0 @@ -0 0 * * * postgres /usr/local/bin/backup-database {{ item }} diff --git a/roles/taiga/templates/default.nginx b/roles/taiga/templates/default.nginx deleted file mode 100644 index 1751bf83c9..0000000000 --- a/roles/taiga/templates/default.nginx +++ /dev/null @@ -1,5 +0,0 @@ -large_client_header_buffers 4 32k; -client_max_body_size 50M; -charset utf-8; - -return 302 https://{{ inventory_hostname }}$request_uri; diff --git a/roles/taiga/templates/initial_user.json b/roles/taiga/templates/initial_user.json deleted file mode 100644 index 53297d40a0..0000000000 --- a/roles/taiga/templates/initial_user.json +++ /dev/null @@ -1,22 +0,0 @@ -[ - { - "model": "users.user", - "fields": { - "username": "admin", - "full_name": "Administrator", - "bio": "", - "lang": "", - "color": "", - "photo": "", - "is_active": true, - "colorize_tags": false, - "timezone": "", - "is_superuser": true, - "token": "", - "last_login": "2013-04-04T07:36:09.880Z", - "password": "{{ taiga_admin_pw }}", - "email": "admin@fedoraproject.org", - "date_joined": "2013-04-01T13:48:21.711Z" - } - } -] diff --git a/roles/taiga/templates/local.py b/roles/taiga/templates/local.py deleted file mode 100644 index 88c22e29e5..0000000000 --- a/roles/taiga/templates/local.py +++ /dev/null @@ -1,63 +0,0 @@ -from .common import * - -MEDIA_URL = "https://{{ inventory_hostname }}/media/" -STATIC_URL = "https://{{ inventory_hostname }}/static/" -ADMIN_MEDIA_PREFIX = "https://{{ inventory_hostname }}/static/admin/" -SITES["front"]["scheme"] = "https" -SITES["front"]["domain"] = "{{ inventory_hostname }}" - -SECRET_KEY = "{{ taiga_secret_key }}" - -DEBUG = False -TEMPLATE_DEBUG = False -PUBLIC_REGISTER_ENABLED = True - -DEFAULT_FROM_EMAIL = "nobody@fedoraproject.org" -SERVER_EMAIL = DEFAULT_FROM_EMAIL - -INSTALLED_APPS += [ - "mozilla_django_oidc", - "taiga_contrib_oidc_auth", -] - -AUTHENTICATION_BACKENDS = list(AUTHENTICATION_BACKENDS) + [ - "taiga_contrib_oidc_auth.oidc.TaigaOIDCAuthenticationBackend", -] - -# OIDC Settings -OIDC_CALLBACK_CLASS = "taiga_contrib_oidc_auth.views.TaigaOIDCAuthenticationCallbackView" -OIDC_RP_SCOPES = "openid profile email" -OIDC_RP_SIGN_ALGO = "RS256" -# Set the OIDC provider here. -OIDC_BASE_URL = "https://id{{ env_suffix }}.fedoraproject.org/openidc" -# Those URL values work for Ipsilon. -OIDC_OP_JWKS_ENDPOINT = OIDC_BASE_URL + "/Jwks" -OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_BASE_URL + "/Authorization" -OIDC_OP_TOKEN_ENDPOINT = OIDC_BASE_URL + "/Token" -OIDC_OP_USER_ENDPOINT = OIDC_BASE_URL + "/UserInfo" -# These two are private! Don't commit them to VCS. -OIDC_RP_CLIENT_ID = "{{ taiga_stg_oidc_client_id }}" -OIDC_RP_CLIENT_SECRET = "{{ taiga_stg_oidc_client_secret }}" - -# Add the OIDC urls -ROOT_URLCONF = "settings.urls" - -## Uncomment all this stuff to get the async celery stuff working. -## It is not necessary.. it just makes everything snappier. -#EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend" -#EVENTS_PUSH_BACKEND_OPTIONS = {"url": "amqp://taiga:{{ taiga_events_password }}@localhost:5672/taiga"} -# -#from .celery import * -# -#BROKER_URL = 'amqp://guest:guest@localhost:5672//' -#CELERY_RESULT_BACKEND = 'redis://localhost:6379/0' -#CELERY_ENABLED = True - -# Uncomment and populate with proper connection parameters -# for enable email sending. -EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" -EMAIL_USE_TLS = False -EMAIL_HOST = "localhost" -EMAIL_HOST_USER = "" -EMAIL_HOST_PASSWORD = "" -EMAIL_PORT = 25 diff --git a/roles/taiga/templates/taiga-ssl.nginx b/roles/taiga/templates/taiga-ssl.nginx deleted file mode 100644 index 05183c0d0e..0000000000 --- a/roles/taiga/templates/taiga-ssl.nginx +++ /dev/null @@ -1,62 +0,0 @@ -server { - listen 443 ssl; - server_name {{ inventory_hostname }}; - - ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; - add_header Strict-Transport-Security "max-age=31536000;"; - ssl_session_cache shared:SSL:20m; - ssl_session_timeout 180m; - ssl_prefer_server_ciphers on; - - large_client_header_buffers 4 32k; - client_max_body_size 50M; - charset utf-8; - types_hash_max_size 4096; - - # Langdon wanted his project renamed... so we redirect. - rewrite ^/project/langdon-modularity/(.*)$ /project/modularity/$1 redirect; - - # Frontend - location / { - root /srv/taiga/taiga-front-dist/dist/; - try_files $uri $uri/ /index.html; - - disable_symlinks off; - } - - # Backend - location /api { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://127.0.0.1:8001/api; - proxy_redirect off; - } - -### no more admiin access -# # Django admin access (/admin/) -# location /admin { -# proxy_set_header Host $http_host; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Scheme $scheme; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_pass http://127.0.0.1:8001$request_uri; -# proxy_redirect off; -# } - - # Static files - location /static { - alias /srv/taiga/taiga-back/static; - } - - # Media files - location /media { - alias /srv/taiga/taiga-back/media; - } -}