From c71a31b220c53e02bd7a6c652cf8acf80a21e81e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 2 May 2019 22:03:09 +0000
Subject: [PATCH] taiga: retire old taiga cloud instances, everything should be
 using teams.fedoraproject.org now.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/backups                             |   1 -
 inventory/cloud                               |   2 -
 .../host_vars/taiga.fedorainfracloud.org      |  26 --
 .../host_vars/taigastg.fedorainfracloud.org   |  23 --
 inventory/inventory                           |   3 -
 master.yml                                    |   2 -
 .../hosts/taiga.fedorainfracloud.org.yml      |  34 --
 .../hosts/taigastg.fedorainfracloud.org.yml   |  36 --
 roles/apps-fp-o/files/apps.yaml               |  10 -
 roles/taiga/files/backup-database             |  10 -
 roles/taiga/files/cron-renew-cert             |   1 -
 roles/taiga/files/fedora-logo.png             | Bin 504 -> 0 bytes
 roles/taiga/files/nginx.conf                  |  72 ----
 roles/taiga/files/pg_hba.conf                 |  74 ----
 roles/taiga/files/renew-cert.sh               |   5 -
 roles/taiga/files/taiga-back.service          |  15 -
 roles/taiga/files/urls.py                     |   4 -
 roles/taiga/handlers/main.yml                 |  19 -
 roles/taiga/tasks/main.yml                    | 341 ------------------
 roles/taiga/templates/conf.json               |  15 -
 roles/taiga/templates/cron-backup-database    |   1 -
 roles/taiga/templates/default.nginx           |   5 -
 roles/taiga/templates/initial_user.json       |  22 --
 roles/taiga/templates/local.py                |  63 ----
 roles/taiga/templates/taiga-ssl.nginx         |  62 ----
 25 files changed, 846 deletions(-)
 delete mode 100644 inventory/host_vars/taiga.fedorainfracloud.org
 delete mode 100644 inventory/host_vars/taigastg.fedorainfracloud.org
 delete mode 100644 playbooks/hosts/taiga.fedorainfracloud.org.yml
 delete mode 100644 playbooks/hosts/taigastg.fedorainfracloud.org.yml
 delete mode 100644 roles/taiga/files/backup-database
 delete mode 100644 roles/taiga/files/cron-renew-cert
 delete mode 100644 roles/taiga/files/fedora-logo.png
 delete mode 100644 roles/taiga/files/nginx.conf
 delete mode 100644 roles/taiga/files/pg_hba.conf
 delete mode 100644 roles/taiga/files/renew-cert.sh
 delete mode 100644 roles/taiga/files/taiga-back.service
 delete mode 100644 roles/taiga/files/urls.py
 delete mode 100644 roles/taiga/handlers/main.yml
 delete mode 100644 roles/taiga/tasks/main.yml
 delete mode 100644 roles/taiga/templates/conf.json
 delete mode 100644 roles/taiga/templates/cron-backup-database
 delete mode 100644 roles/taiga/templates/default.nginx
 delete mode 100644 roles/taiga/templates/initial_user.json
 delete mode 100644 roles/taiga/templates/local.py
 delete mode 100644 roles/taiga/templates/taiga-ssl.nginx

diff --git a/inventory/backups b/inventory/backups
index 67cb4d9158..79c4bf10a4 100644
--- a/inventory/backups
+++ b/inventory/backups
@@ -22,7 +22,6 @@ copr-fe.cloud.fedoraproject.org
 copr-keygen.cloud.fedoraproject.org
 #copr-dist-git.fedorainfracloud.org
 value01.phx2.fedoraproject.org
-taiga.fedorainfracloud.org
 tang01.phx2.fedoraproject.org
 taskotron01.qa.fedoraproject.org
 nuancier01.phx2.fedoraproject.org
diff --git a/inventory/cloud b/inventory/cloud
index 235d29a26d..f91021f5ce 100644
--- a/inventory/cloud
+++ b/inventory/cloud
@@ -73,8 +73,6 @@ ppc64-test.fedorainfracloud.org
 rawhide-test.fedorainfracloud.org
 regcfp2.fedorainfracloud.org
 respins.fedorainfracloud.org
-taiga.fedorainfracloud.org
-taigastg.fedorainfracloud.org
 telegram-irc.fedorainfracloud.org
 testdays.fedorainfracloud.org
 twisted-fedora26-1.fedorainfracloud.org
diff --git a/inventory/host_vars/taiga.fedorainfracloud.org b/inventory/host_vars/taiga.fedorainfracloud.org
deleted file mode 100644
index 9f44522138..0000000000
--- a/inventory/host_vars/taiga.fedorainfracloud.org
+++ /dev/null
@@ -1,26 +0,0 @@
----
-image: "{{ fedora25_x86_64 }}"
-instance_type: m1.medium
-keypair: fedora-admin-20130801
-security_group: ssh-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent
-zone: nova
-tcp_ports: [22, 80, 443]
-
-inventory_tenant: persistent
-inventory_instance_name: taiga
-hostbase: taiga
-public_ip: 209.132.184.50
-root_auth_users:  ralph maxamillion kellin
-description: taiga frontend server
-
-db_backup_dir: ['/backups']
-dbs_to_backup: ['taiga']
-
-volumes:
-  - volume_id: 8878d26e-a296-4c81-b636-3eb4dca15ed0
-    device: /dev/vdc
-
-cloud_networks:
-  # persistent-net
-  - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"
-
diff --git a/inventory/host_vars/taigastg.fedorainfracloud.org b/inventory/host_vars/taigastg.fedorainfracloud.org
deleted file mode 100644
index 881ec29929..0000000000
--- a/inventory/host_vars/taigastg.fedorainfracloud.org
+++ /dev/null
@@ -1,23 +0,0 @@
----
-image: "{{ fedora28_x86_64 }}"
-instance_type: m1.small
-keypair: fedora-admin-20130801
-security_group: ssh-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent
-zone: nova
-tcp_ports: [22, 80, 443]
-
-inventory_tenant: persistent
-inventory_instance_name: taigastg
-hostbase: taigastg
-public_ip: 209.132.184.232
-root_auth_users:  ralph maxamillion doteast kellin abompard
-description: stg instance of the taiga frontend server
-
-volumes:
-  - volume_id: 5babf722-0046-4535-a6e5-398f9c67b844
-    device: /dev/vdc
-
-cloud_networks:
-  # persistent-net
-  - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"
-
diff --git a/inventory/inventory b/inventory/inventory
index 26d2a85698..10fe311f78 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -1108,9 +1108,6 @@ copr-keygen.cloud.fedoraproject.org
 # copr dev instances
 copr-be-dev.cloud.fedoraproject.org
 copr-fe-dev.cloud.fedoraproject.org
-# taiga for kanban-style project planning
-taiga.fedorainfracloud.org
-taigastg.fedorainfracloud.org
 # glittergallery GSoC dev work
 glittergallery-dev.fedorainfracloud.org
 # fas2-dev
diff --git a/master.yml b/master.yml
index 84b3a12189..6e0f236292 100644
--- a/master.yml
+++ b/master.yml
@@ -144,7 +144,5 @@
 - import_playbook: /srv/web/infra/ansible/playbooks/hosts/ansiblemagazine.fedorainfracloud.org.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/hosts/regcfp2.fedorainfracloud.org.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/hosts/respins.fedorainfracloud.org.yml
-- import_playbook: /srv/web/infra/ansible/playbooks/hosts/taiga.fedorainfracloud.org.yml
-- import_playbook: /srv/web/infra/ansible/playbooks/hosts/taigastg.fedorainfracloud.org.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/hosts/testdays.fedorainfracloud.org.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/hosts/upstreamfirst.fedorainfracloud.org.yml
diff --git a/playbooks/hosts/taiga.fedorainfracloud.org.yml b/playbooks/hosts/taiga.fedorainfracloud.org.yml
deleted file mode 100644
index 8f1650fdc8..0000000000
--- a/playbooks/hosts/taiga.fedorainfracloud.org.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-- name: check/create instance
-  hosts: taiga.fedorainfracloud.org
-  gather_facts: False
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/web/infra/ansible/vars/fedora-cloud.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-
-  tasks:
-  - import_tasks: "{{ tasks_path }}/persistent_cloud.yml"
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-- name: setup all the things
-  hosts: taiga.fedorainfracloud.org
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  pre_tasks:
-  - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
-  - name: set hostname (required by some services, at least postfix need it)
-    hostname: name="{{inventory_hostname}}"
-
-  roles:
-  - basessh
-  - role: taiga
-    taiga_back_version: stable
-    taiga_front_version: stable
diff --git a/playbooks/hosts/taigastg.fedorainfracloud.org.yml b/playbooks/hosts/taigastg.fedorainfracloud.org.yml
deleted file mode 100644
index 43d9359b5c..0000000000
--- a/playbooks/hosts/taigastg.fedorainfracloud.org.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-- name: check/create instance
-  hosts: taigastg.fedorainfracloud.org
-  gather_facts: False
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/web/infra/ansible/vars/fedora-cloud.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-
-  tasks:
-  - import_tasks: "{{ tasks_path }}/persistent_cloud.yml"
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-- name: setup all the things
-  hosts: taigastg.fedorainfracloud.org
-  gather_facts: True
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  pre_tasks:
-  - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
-  - name: set hostname (required by some services, at least postfix need it)
-    hostname: name="{{inventory_hostname}}"
-
-  roles:
-  - basessh
-  - role: certbot
-  - role: taiga
-    taiga_back_version: stable
-    taiga_front_version: stable
diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml
index 4bc75699a1..637637bf9c 100644
--- a/roles/apps-fp-o/files/apps.yaml
+++ b/roles/apps-fp-o/files/apps.yaml
@@ -695,16 +695,6 @@ children:
                 engineering *should* be producing and 2) all of the artifacts
                 taht release engineering *did* produce.  The web interface isn't
                 much to write home about, but the API is where it's at.
-    -   name:   Taiga
-        data:
-            icon:   taiga.png
-            url:    https://taiga.fedorainfracloud.org/
-            description: >
-                 Taiga is a very pretty project management platform that we've
-                 been messing around with.  Feel free to use it.  We backup the
-                 database, but we don't necessarily support it yet with the same
-                 kind of focus that we dedicate to our other services.  If you
-                 run into problems with it, let us know!
     -   name:   Ipsilon
         data:
             icon:
diff --git a/roles/taiga/files/backup-database b/roles/taiga/files/backup-database
deleted file mode 100644
index 3f6e7d8fb1..0000000000
--- a/roles/taiga/files/backup-database
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-# Backup a database *locally* to /backups/.
-
-DB=$1
-
-# Make our latest backup
-/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
-
-# Also, delete the backup from a few days ago.
-rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz
diff --git a/roles/taiga/files/cron-renew-cert b/roles/taiga/files/cron-renew-cert
deleted file mode 100644
index 486ebdd6a0..0000000000
--- a/roles/taiga/files/cron-renew-cert
+++ /dev/null
@@ -1 +0,0 @@
-* * * * 0 root /usr/local/bin/renew-cert.sh
diff --git a/roles/taiga/files/fedora-logo.png b/roles/taiga/files/fedora-logo.png
deleted file mode 100644
index fc7a20021a638e4f73c8f8fe0bec2d21912a321e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 504
zcmV<U0SEqxP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV00006VoOIv0RI60
z0RN!9r;`8x010qNS#tmY3ljhU3ljkVnw%H_000McNliru-vtyBBr%7x-CzI!0fk9K
zK~y-)b<;a*R8bTK;BViV-~)V=I${`!Ac!_rf||luntvb`Hs+Vu_z$$QNox^pBsL=h
zS_x?+;0z+#Da0oxWailH(ZhAz&AI2?z1CTK?R`QkN-1Y?6D#QF@jE=nlZbd*=SK_t
z5LeKtjypJv3HI?UBJR$9HWm00mRsOoxPu-};{wiS?q7mZ$^%?(RdW>AFvxv3OB$n}
z7~QP-s()hxUsL{T9KjA=;scgTDN9Wn)|o@_BG-GV^cxmZ*^k7mHtBXdnlud#R%TBV
zypa2qZq=%SUA#|;<4Q?`lh{j=6S?-Il(L-(TgiUg|6?78a4t*On-RRhCmc@&TWR9w
zoQtJw@uf6#nuOckl>G(Avd<T>nsV213pXmzv{JO$WbJUEHJQ6r|L4U7Pn%4L?D?bu
zKhE!7>(*HeB4X4{f>Ri!^hrLR*)*P+10F`i+DzVeEat7FDyfH8_}P*@7!HSPe_mrL
u<vQ-?Z9DjwPA{hP{hWzSY(&Jkmhv0i_InaR6bbnN0000<MNUMnLSTY_%-cQy

diff --git a/roles/taiga/files/nginx.conf b/roles/taiga/files/nginx.conf
deleted file mode 100644
index 5ada1a0e3a..0000000000
--- a/roles/taiga/files/nginx.conf
+++ /dev/null
@@ -1,72 +0,0 @@
-# For more information on configuration, see:
-#   * Official English Documentation: http://nginx.org/en/docs/
-#   * Official Russian Documentation: http://nginx.org/ru/docs/
-
-user  nginx;
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log;
-#error_log  /var/log/nginx/error.log  notice;
-#error_log  /var/log/nginx/error.log  info;
-
-pid        /run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    #keepalive_timeout  0;
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    index   index.html index.htm;
-
-    # Load modular configuration files from the /etc/nginx/conf.d directory.
-    # See http://nginx.org/en/docs/ngx_core_module.html#include
-    # for more information.
-    include /etc/nginx/conf.d/*.conf;
-
-    #server {
-    #    listen       80 default_server;
-    #    server_name  localhost;
-    #    root         /usr/share/nginx/html;
-
-    #    #charset koi8-r;
-
-    #    #access_log  /var/log/nginx/host.access.log  main;
-
-    #    # Load configuration files for the default server block.
-    #    include /etc/nginx/default.d/*.conf;
-
-    #    location / {
-    #    }
-
-    #    # redirect server error pages to the static page /40x.html
-    #    #
-    #    error_page  404              /404.html;
-    #    location = /40x.html {
-    #    }
-
-    #    # redirect server error pages to the static page /50x.html
-    #    #
-    #    error_page   500 502 503 504  /50x.html;
-    #    location = /50x.html {
-    #    }
-    #}
-}
diff --git a/roles/taiga/files/pg_hba.conf b/roles/taiga/files/pg_hba.conf
deleted file mode 100644
index a3dc154fda..0000000000
--- a/roles/taiga/files/pg_hba.conf
+++ /dev/null
@@ -1,74 +0,0 @@
-# PostgreSQL Client Authentication Configuration File
-# ===================================================
-#
-# Refer to the PostgreSQL Administrator's Guide, chapter "Client
-# Authentication" for a complete description.  A short synopsis
-# follows.
-#
-# This file controls: which hosts are allowed to connect, how clients
-# are authenticated, which PostgreSQL user names they can use, which
-# databases they can access.  Records take one of these forms:
-#
-# local      DATABASE  USER  METHOD  [OPTION]
-# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
-# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
-# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
-#
-# (The uppercase items must be replaced by actual values.)
-#
-# The first field is the connection type: "local" is a Unix-domain socket,
-# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
-# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
-#
-# DATABASE can be "all", "sameuser", "samerole", a database name, or
-# a comma-separated list thereof.
-#
-# USER can be "all", a user name, a group name prefixed with "+", or
-# a comma-separated list thereof.  In both the DATABASE and USER fields
-# you can also write a file name prefixed with "@" to include names from
-# a separate file.
-#
-# CIDR-ADDRESS specifies the set of hosts the record matches.
-# It is made up of an IP address and a CIDR mask that is an integer
-# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
-# the number of significant bits in the mask.  Alternatively, you can write
-# an IP address and netmask in separate columns to specify the set of hosts.
-#
-# METHOD can be "trust", "reject", "md5", "crypt", "password",
-# "krb5", "ident", or "pam".  Note that "password" sends passwords
-# in clear text; "md5" is preferred since it sends encrypted passwords.
-#
-# OPTION is the ident map or the name of the PAM service, depending on METHOD.
-#
-# Database and user names containing spaces, commas, quotes and other special
-# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
-# "samerole" makes the name lose its special character, and just match a
-# database or username with that name.
-#
-# This file is read on server startup and when the postmaster receives
-# a SIGHUP signal.  If you edit the file on a running system, you have
-# to SIGHUP the postmaster for the changes to take effect.  You can use
-# "pg_ctl reload" to do that.
-
-# Put your actual configuration here
-# ----------------------------------
-#
-# If you want to allow non-local connections, you need to add more
-# "host" records. In that case you will also need to make PostgreSQL listen
-# on a non-local interface via the listen_addresses configuration parameter,
-# or via the -i or -h command line switches.
-#
-
-#@authcomment@
-
-# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
-
-#@remove-line-for-nolocal@# "local" is for Unix domain socket connections only
-#@remove-line-for-nolocal@local   all         all                               @authmethod@
-# IPv4 local connections:
-#host    all         all         127.0.0.1/32          @authmethod@
-# IPv6 local connections:
-#host    all         all         ::1/128               @authmethod@
-
-local  all      all             trust
-#host   all      all             0.0.0.0 0.0.0.0 md5
diff --git a/roles/taiga/files/renew-cert.sh b/roles/taiga/files/renew-cert.sh
deleted file mode 100644
index 07ee2e3a50..0000000000
--- a/roles/taiga/files/renew-cert.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-#renew letsencrypt certificate. it checks if cert need renewal. if not nginx will not stop
-# check and renew if required, quietly. if so do it in standalone mode
-/usr/bin/certbot renew -q --pre-hook "/usr/bin/systemctl stop nginx" --post-hook "/usr/bin/systemctl start nginx"
-
diff --git a/roles/taiga/files/taiga-back.service b/roles/taiga/files/taiga-back.service
deleted file mode 100644
index 5fcedca24f..0000000000
--- a/roles/taiga/files/taiga-back.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=taiga backend, run by gunicorn
-After=network.target
-Documentation=https://github.com/taigaio/taiga-back
-
-[Service]
-ExecStart=/srv/taiga/venv/bin/python /usr/bin/gunicorn-3 -w 3 -t 60 --pythonpath=. -b 127.0.0.1:8001 taiga.wsgi
-WorkingDirectory=/srv/taiga/taiga-back/
-Type=simple
-User=taiga
-Group=taiga
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/taiga/files/urls.py b/roles/taiga/files/urls.py
deleted file mode 100644
index 49865d1d22..0000000000
--- a/roles/taiga/files/urls.py
+++ /dev/null
@@ -1,4 +0,0 @@
-from taiga.urls import *
-urlpatterns += [
-    url(r"^api/oidc/", include("mozilla_django_oidc.urls")),
-]
diff --git a/roles/taiga/handlers/main.yml b/roles/taiga/handlers/main.yml
deleted file mode 100644
index 8d2461b94a..0000000000
--- a/roles/taiga/handlers/main.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: restart postgresql
-  service: name=postgresql state=restarted
-
-- name: restart taiga-back
-  service: name=taiga-back state=restarted
-
-- name: reload systemd service files
-  command: systemctl daemon-reload
-
-- name: restart nginx
-  service: name=nginx state=restarted
-
-- name: restart postfix
-  service: name=postfix state=restarted
-
-- name: restart crond
-  service: name=crond state=restarted
-
diff --git a/roles/taiga/tasks/main.yml b/roles/taiga/tasks/main.yml
deleted file mode 100644
index bb0ef05c4a..0000000000
--- a/roles/taiga/tasks/main.yml
+++ /dev/null
@@ -1,341 +0,0 @@
-# This is mostly following
-# http://taigaio.github.io/taiga-doc/dist/setup-production.html#circus-and-gunicorn
-#
-# It is just for dev/testing.. we're installing stuff from git/pip, etc..
-#
-
-- dnf: name={{item}} state=present
-  with_items:
-  - postfix
-  - cronie
-  - nginx
-  - libsemanage-python
-  - postgresql-server
-  # Need this to use the postgresql ansible module
-  - python-psycopg2
-
-  - python3-gunicorn
-  - python3-psycopg2
-  # So we don't have to rebuild them in the virtualenv
-  - python3-cairo
-  - python3-cryptography
-  - python3-pyOpenSSL
-  - gettext
-
-  - git
-  - python3
-  - python3-devel
-  - python3-pip
-  - redhat-rpm-config
-  - gcc
-  - freetype-devel
-  - libxml2-devel
-  - libxslt-devel
-  - libjpeg-turbo-devel
-  - postgresql-devel
-  # To build the frontend
-  - npm
-# need this for letsencrypt cert
-  - certbot
-  - python3-certbot-nginx
-  tags: taiga
-
-- user: name=taiga comment="Taiga System Account"
-  tags: taiga
-
-### Real quick, let's setup postfix for mail on the side.
-### if we ever move this internally, we'll just use bastion.
-- name: Set postfix to run on boot
-  service: name=postfix state=started enabled=yes
-  tags: taiga
-
-### FIRST, there is a lot of postgres db stuff to setup ###
-- name: Initialize postgres if necessary
-  command: /usr/bin/postgresql-setup initdb
-           creates=/var/lib/pgsql/data/base
-  notify: restart postgresql
-  tags: taiga
-
-- name: Add our postgres config file.
-  copy: >
-    src=pg_hba.conf
-    dest=/var/lib/pgsql/data/pg_hba.conf
-    owner=postgres
-  notify: restart postgresql
-  tags: taiga
-
-# No need to let postgres talk to the world, right?
-#- name: Let postgresql listen to '*'
-#  command: sed -i -e "s|#listen_addresses = 'localhost'|listen_addresses = '*'|" /var/lib/pgsql/data/postgresql.conf
-#  notify: restart postgresql
-#  tags: taiga
-
-- name: Ensure postgres has a place to backup to
-  file: dest=/backups state=directory owner=postgres
-  tags: taiga
-
-- name: Copy over backup scriplet
-  copy: src=backup-database dest=/usr/local/bin/backup-database mode=0755
-  tags: taiga
-
-- name: Set up some cronjobs to backup databases as configured
-  template: >
-    src=cron-backup-database
-    dest=/etc/cron.d/cron-backup-database-{{ item }}
-  with_items:
-  - taiga
-  tags: taiga
-
-- name: Set postgresql-server to run on boot
-  service: name=postgresql state=started enabled=yes
-  tags: taiga
-
-# Make sure we have db users
-- postgresql_user: name=taiga
-  # password={{ taiga_db_pass }}
-  tags: taiga
-
-- postgresql_db: name=taiga owner=taiga encoding=UTF-8
-  tags: taiga
-### DONE with db stuff
-
-
-- become: yes
-  become_user: taiga
-  tags: taiga
-  block:
-
-  # Create the python virtualenv
-  - name: setup the virtualenv
-    pip:
-      name: pip
-      state: latest
-      chdir: /srv/taiga
-      virtualenv: /srv/taiga/venv
-      virtualenv_command: pyvenv
-      virtualenv_site_packages: yes
-
-  - name: install Gunicorn
-    pip:
-      name: gunicorn
-      virtualenv: /srv/taiga/venv
-
-  # Install our plugin for the backend first
-  - name: install the OIDC auth plugin
-    git:
-      dest: /srv/taiga/taiga-contrib-oidc-auth
-      repo: https://github.com/fedora-infra/taiga-contrib-oidc-auth.git
-    tags: taiga
-
-  - pip:
-      name: .
-      editable: yes
-      chdir: /srv/taiga/taiga-contrib-oidc-auth/back
-      virtualenv: /srv/taiga/venv
-    tags: taiga
-
-  # setup taiga-back from git
-  - git:
-      repo: https://github.com/taigaio/taiga-back.git
-      dest: /srv/taiga/taiga-back
-      version: "{{taiga_back_version}}"
-      # We modify the requirements.txt, we need to force here.
-      force: yes
-
-  - name: remove some versionned dependencies
-    replace:
-      path: /srv/taiga/taiga-back/requirements.txt
-      regexp: '^(CairoSVG|cryptography)==.*$'
-      replace: '\1'
-
-  - name: install taiga-back dependencies
-    pip:
-      requirements: /srv/taiga/taiga-back/requirements.txt
-      virtualenv: /srv/taiga/venv
-    tags: taiga
-
-- name: copy in our taiga backend config
-  template: src=local.py dest=/srv/taiga/taiga-back/settings/local.py
-            mode=0640 owner=taiga group=taiga
-  notify: restart taiga-back
-  tags: taiga
-
-- name: copy in our taiga backend URLs config
-  copy: src=urls.py dest=/srv/taiga/taiga-back/settings/urls.py
-            mode=0640 owner=taiga group=taiga
-  notify: restart taiga-back
-  tags: taiga
-
-- file: dest=/srv/taiga/taiga-back/locale state=directory
-        owner=taiga group=taiga
-  tags: taiga
-
-  # change default admin password
-- name: copy in our initial_user fixture
-  template: src=initial_user.json dest=/srv/taiga/initial_user.json
-            mode=0640 owner=taiga group=taiga
-  tags: taiga
-
-- become: yes
-  become_user: taiga
-  tags: taiga
-  block:
-
-  - django_manage:
-      app_path: /srv/taiga/taiga-back
-      virtualenv: /srv/taiga/venv
-      command: migrate
-
-  - django_manage:
-      app_path: /srv/taiga/taiga-back
-      virtualenv: /srv/taiga/venv
-      command: loaddata
-      fixtures: /srv/taiga/initial_user.json initial_project_templates
-
-  - django_manage:
-      app_path: /srv/taiga/taiga-back
-      virtualenv: /srv/taiga/venv
-      command: compilemessages
-
-  - django_manage:
-      app_path: /srv/taiga/taiga-back
-      virtualenv: /srv/taiga/venv
-      command: collectstatic
-  ### DONE with taiga-back
-
-  ### Setup taiga-front-dist from git
-  - git:
-      repo: https://github.com/taigaio/taiga-front-dist.git
-      dest: /srv/taiga/taiga-front-dist
-      version: "{{taiga_front_version}}"
-
-- name: install the frontend configuration file
-  template:
-    src: conf.json
-    dest: /srv/taiga/taiga-front-dist/dist/conf.json
-    mode: 0644
-    owner: taiga
-    group: taiga
-  tags: taiga
-
-# create plugins directory - new in taiga 3.0.0
-- file: dest=/srv/taiga/taiga-front-dist/dist/plugins state=directory owner=taiga group=taiga
-  tags: taiga
-
-# Build the frontend
-# npm config set strict-ssl false
-# npm install
-# npm install gulp
-# ./node_modules/.bin/gulp build
-
-- become: yes
-  become_user: taiga
-  tags: taiga
-  block:
-
-  # Build our plugin
-  - npm:
-      path: /srv/taiga/taiga-contrib-oidc-auth/front
-  - npm:
-      path: /srv/taiga/taiga-contrib-oidc-auth/front
-      name: gulp
-  - command: ./node_modules/.bin/gulp build
-    args:
-      chdir: /srv/taiga/taiga-contrib-oidc-auth/front
-      creates: /srv/taiga/taiga-contrib-oidc-auth/front/dist/oidc_auth.js
-
-- name: copy the Fedora logo
-  copy:
-    src: fedora-logo.png
-    dest: /srv/taiga/taiga-front-dist/dist/plugins/oidc-auth/images/contrib/fedora-logo.png
-    owner: taiga
-    group: taiga
-  tags: taiga
-
-- name: link our plugin pieces in place
-  file: src=/srv/taiga/taiga-contrib-oidc-auth/front/dist
-        dest=/srv/taiga/taiga-front-dist/dist/plugins/oidc-auth
-        state=link
-        owner=taiga
-        group=taiga
-  tags: taiga
-
-- name: set selinux labels
-  file:
-    path: "/srv/taiga/{{ item }}"
-    state: directory
-    setype: httpd_sys_content_rw_t
-    recurse: yes
-  with_items:
-  - taiga-front-dist/dist
-  - taiga-back/static
-  - taiga-back/media
-
-### DONE with taiga-front
-
-
-## taiga-back service
-- name: copy systemd service file in for taiga
-  copy: src=taiga-back.service dest=/usr/lib/systemd/system/taiga-back.service
-  notify: reload systemd service files
-  tags: taiga
-
-- name: set taiga-back to start
-  service: name=taiga-back state=started enabled=yes
-  tags: taiga
-
-
-# Letsencrypt
-
-- name: get the letsencrypt cert
-  command: certbot certonly -n --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" -d {{ inventory_hostname }} --agree-tos --email admin@fedoraproject.org
-  args:
-    creates: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem"
-  notify: restart nginx
-
-- name: copy cert renew script
-  copy: src=renew-cert.sh dest=/usr/local/bin/renew-cert.sh mode=0755
-  tags:
-  - taiga
-  - cron
-  - letsencrypt
-
-- name: install cron for cert renewal
-  copy: src=cron-renew-cert dest=/etc/cron.d/cron-renew-cert
-  notify: restart crond
-  tags:
-  - taiga
-  - cron
-
-
-### FINALLY, nginx to serve/proxy it all
-- template: src=default.nginx dest=/etc/nginx/default.d/taiga.conf
-            mode=0644 owner=nginx group=nginx
-  notify: restart nginx
-  tags:
-  - taiga
-  - nginx
-- template: src=taiga-ssl.nginx dest=/etc/nginx/conf.d/taiga-ssl.conf
-        mode=0644 owner=nginx group=nginx
-  notify: restart nginx
-  tags:
-  - taiga
-  - nginx
-
-# Add nginx to the taiga group so it gets rights to read all our static stuff
-- user: name=nginx groups=taiga append=yes
-  tags: taiga
-- file: dest=/srv/taiga mode=0750
-  tags: taiga
-- seboolean: name="{{item}}" state=true persistent=true
-  with_items:
-  # So we can read static content at all
-  - httpd_read_user_content
-  # So we can follow the symlink to our FAS plugin
-  - httpd_enable_homedirs
-  # So we can reverse proxy stuff locally to gunicorn
-  - httpd_can_network_connect
-  tags: taiga
-
-- service: name=nginx state=started enabled=yes
-  tags: taiga
diff --git a/roles/taiga/templates/conf.json b/roles/taiga/templates/conf.json
deleted file mode 100644
index 1db11983b6..0000000000
--- a/roles/taiga/templates/conf.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "api": "https://{{inventory_hostname}}/api/v1/",
-    "eventsUrl": "wss://{{inventory_hostname}}/events",
-    "debug": true,
-    "publicRegisterEnabled": false,
-    "feedbackEnabled": true,
-    "privacyPolicyUrl": null,
-    "termsOfServiceUrl": null,
-    "maxUploadFileSize": null,
-    "contribPlugins": ["/plugins/oidc-auth/oidc-auth.json"],
-    "oidcMountPoint": "/api/oidc",
-    "oidcButtonText": "Fedora",
-    "oidcButtonImage": "fedora-logo.png",
-    "debugInfo": false
-}
diff --git a/roles/taiga/templates/cron-backup-database b/roles/taiga/templates/cron-backup-database
deleted file mode 100644
index ce3c52d7d4..0000000000
--- a/roles/taiga/templates/cron-backup-database
+++ /dev/null
@@ -1 +0,0 @@
-0 0 * * * postgres /usr/local/bin/backup-database {{ item }}
diff --git a/roles/taiga/templates/default.nginx b/roles/taiga/templates/default.nginx
deleted file mode 100644
index 1751bf83c9..0000000000
--- a/roles/taiga/templates/default.nginx
+++ /dev/null
@@ -1,5 +0,0 @@
-large_client_header_buffers 4 32k;
-client_max_body_size 50M;
-charset utf-8;
-
-return 302 https://{{ inventory_hostname }}$request_uri;
diff --git a/roles/taiga/templates/initial_user.json b/roles/taiga/templates/initial_user.json
deleted file mode 100644
index 53297d40a0..0000000000
--- a/roles/taiga/templates/initial_user.json
+++ /dev/null
@@ -1,22 +0,0 @@
-[
-    {
-        "model": "users.user",
-        "fields": {
-            "username": "admin",
-            "full_name": "Administrator",
-            "bio": "",
-            "lang": "",
-            "color": "",
-            "photo": "",
-            "is_active": true,
-            "colorize_tags": false,
-            "timezone": "",
-            "is_superuser": true,
-            "token": "",
-            "last_login": "2013-04-04T07:36:09.880Z",
-            "password": "{{ taiga_admin_pw }}",
-            "email": "admin@fedoraproject.org",
-            "date_joined": "2013-04-01T13:48:21.711Z"
-        }
-    }
-]
diff --git a/roles/taiga/templates/local.py b/roles/taiga/templates/local.py
deleted file mode 100644
index 88c22e29e5..0000000000
--- a/roles/taiga/templates/local.py
+++ /dev/null
@@ -1,63 +0,0 @@
-from .common import *
-
-MEDIA_URL = "https://{{ inventory_hostname }}/media/"
-STATIC_URL = "https://{{ inventory_hostname }}/static/"
-ADMIN_MEDIA_PREFIX = "https://{{ inventory_hostname }}/static/admin/"
-SITES["front"]["scheme"] = "https"
-SITES["front"]["domain"] = "{{ inventory_hostname }}"
-
-SECRET_KEY = "{{ taiga_secret_key }}"
-
-DEBUG = False
-TEMPLATE_DEBUG = False
-PUBLIC_REGISTER_ENABLED = True
-
-DEFAULT_FROM_EMAIL = "nobody@fedoraproject.org"
-SERVER_EMAIL = DEFAULT_FROM_EMAIL
-
-INSTALLED_APPS += [
-    "mozilla_django_oidc",
-    "taiga_contrib_oidc_auth",
-]
-
-AUTHENTICATION_BACKENDS = list(AUTHENTICATION_BACKENDS) + [
-    "taiga_contrib_oidc_auth.oidc.TaigaOIDCAuthenticationBackend",
-]
-
-# OIDC Settings
-OIDC_CALLBACK_CLASS = "taiga_contrib_oidc_auth.views.TaigaOIDCAuthenticationCallbackView"
-OIDC_RP_SCOPES = "openid profile email"
-OIDC_RP_SIGN_ALGO = "RS256"
-# Set the OIDC provider here.
-OIDC_BASE_URL = "https://id{{ env_suffix }}.fedoraproject.org/openidc"
-# Those URL values work for Ipsilon.
-OIDC_OP_JWKS_ENDPOINT = OIDC_BASE_URL + "/Jwks"
-OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_BASE_URL + "/Authorization"
-OIDC_OP_TOKEN_ENDPOINT = OIDC_BASE_URL + "/Token"
-OIDC_OP_USER_ENDPOINT = OIDC_BASE_URL + "/UserInfo"
-# These two are private! Don't commit them to VCS.
-OIDC_RP_CLIENT_ID = "{{ taiga_stg_oidc_client_id }}"
-OIDC_RP_CLIENT_SECRET = "{{ taiga_stg_oidc_client_secret }}"
-
-# Add the OIDC urls
-ROOT_URLCONF = "settings.urls"
-
-## Uncomment all this stuff to get the async celery stuff working.
-## It is not necessary.. it just makes everything snappier.
-#EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend"
-#EVENTS_PUSH_BACKEND_OPTIONS = {"url": "amqp://taiga:{{ taiga_events_password }}@localhost:5672/taiga"}
-#
-#from .celery import *
-#
-#BROKER_URL = 'amqp://guest:guest@localhost:5672//'
-#CELERY_RESULT_BACKEND = 'redis://localhost:6379/0'
-#CELERY_ENABLED = True
-
-# Uncomment and populate with proper connection parameters
-# for enable email sending.
-EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
-EMAIL_USE_TLS = False
-EMAIL_HOST = "localhost"
-EMAIL_HOST_USER = ""
-EMAIL_HOST_PASSWORD = ""
-EMAIL_PORT = 25
diff --git a/roles/taiga/templates/taiga-ssl.nginx b/roles/taiga/templates/taiga-ssl.nginx
deleted file mode 100644
index 05183c0d0e..0000000000
--- a/roles/taiga/templates/taiga-ssl.nginx
+++ /dev/null
@@ -1,62 +0,0 @@
-server {
-    listen 443 ssl;
-    server_name {{ inventory_hostname }};
-
-    ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
-    add_header Strict-Transport-Security "max-age=31536000;";
-    ssl_session_cache shared:SSL:20m;
-    ssl_session_timeout 180m;
-    ssl_prefer_server_ciphers on;
-
-    large_client_header_buffers 4 32k;
-    client_max_body_size 50M;
-    charset utf-8;
-    types_hash_max_size 4096;
-
-    # Langdon wanted his project renamed... so we redirect.
-    rewrite ^/project/langdon-modularity/(.*)$ /project/modularity/$1 redirect;
-
-    # Frontend
-    location / {
-        root /srv/taiga/taiga-front-dist/dist/;
-        try_files $uri $uri/ /index.html;
-
-        disable_symlinks off;
-    }
-
-    # Backend
-    location /api {
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Scheme $scheme;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_pass http://127.0.0.1:8001/api;
-        proxy_redirect off;
-    }
-
-### no more admiin access
-#    # Django admin access (/admin/)
-#    location /admin {
-#        proxy_set_header Host $http_host;
-#        proxy_set_header X-Real-IP $remote_addr;
-#        proxy_set_header X-Scheme $scheme;
-#        proxy_set_header X-Forwarded-Proto $scheme;
-#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#        proxy_pass http://127.0.0.1:8001$request_uri;
-#        proxy_redirect off;
-#    }
-
-    # Static files
-    location /static {
-        alias /srv/taiga/taiga-back/static;
-    }
-
-    # Media files
-    location /media {
-        alias /srv/taiga/taiga-back/media;
-    }
-}