Migrate to the new v2 format

2020-04-15 21:35:53 +02:00 · 2020-04-15 21:35:53 +02:00 · 2b0cab6145
commit 2b0cab6145
parent 45c60fa186
39 changed files with 282 additions and 403 deletions
--- a/ansible/.vault.sh
+++ b/ansible/.vault.sh
@ -1,5 +0,0 @@
-#!/bin/bash
-
-set -eu -o pipefail
-
-echo $(pass show hosts/autonomic-dokku/vault/password)
--- a/ansible/post-deploy.yml
+++ b/ansible/post-deploy.yml
@ -1,40 +0,0 @@
---
- hosts: all
-  gather_facts: false
-  tasks:
-    - name: Load variables
-      include_vars:
-        dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/"
-        extensions:
-          - yml
-
-    - name: Set HTTP 80 port proxy
-      dokku_ports:
-        app: alerta
-        mappings:
-          - "http:80:{{ http_port }}"
-        state: present
-
-    - name: Setup LE certificates
-      shell: dokku letsencrypt alerta
-      args:
-        creates: /home/dokku/alerta/letsencrypt/certs
-
-    - name: Setup LE certificates renew cron job
-      shell: dokku letsencrypt:cron-job --add
-      args:
-        creates: /home/dokku/alerta/letsencrypt/cron-job
-
-    - name: Remove automatically configured ports
-      dokku_ports:
-        app: alerta
-        mappings:
-          - "http:8080:8080"
-        state: absent
-
-    - name: Set HTTP 443 port
-      dokku_ports:
-        app: alerta
-        mappings:
-          - "https:443:{{ http_port }}"
-        state: present
--- a/ansible/pre-deploy.yml
+++ b/ansible/pre-deploy.yml
@ -1,98 +0,0 @@
---
- hosts: all
-  gather_facts: false
-  tasks:
-    - name: Load variables
-      include_vars:
-        dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/"
-        extensions:
-          - yml
-
-    - name: "Configure the {{ domain }} domain"
-      dokku_domains:
-        app: alerta
-        domains:
-          - "{{ domain }}"
-        state: present
-
-    - name: Create mongo database
-      no_log: true
-      shell: "
-        dokku
-        mongo:create
-        alerta
-        --password {{ db_passwd }}
-        --root-password {{ root_db_passwd }}
-      "
-      args:
-        creates: /var/lib/dokku/services/mongo/alerta
-
-    - name: Link mongo database to application
-      dokku_service_link:
-        app: alerta
-        name: alerta
-        service: mongo
-
-    - name: Create application directories
-      become: true
-      file:
-        path: /var/lib/alerta
-        state: directory
-        owner: dokku
-        group: dokku
-
-    - name: Copy over the /web/ configurations
-      become: true
-      template:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        owner: "{{ docker_user_uid }}"
-        group: "{{ docker_user_gid }}"
-        mode: 0664
-      with_items:
-        - src: config.json
-          dest: /var/lib/alerta/config.json
-
-    # Note(decentral1se): can't use "template" module here
-    # because there are {{ }} jinja markers in this file!
-    - name: Copy over email templates
-      become: true
-      copy:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        owner: "{{ docker_user_uid }}"
-        group: "{{ docker_user_gid }}"
-        mode: 0664
-      with_items:
-        - src: email.tmpl
-          dest: /var/lib/alerta/email.tmpl
-
-    - name: Copy over the /app/ configurations
-      become: true
-      template:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        owner: root
-        group: root
-        mode: 0664
-      with_items:
-        - src: alerta.conf
-          dest: /var/lib/alerta/alerta.conf
-        - src: alertad.conf
-          dest: /var/lib/alerta/alertad.conf
-
-    - name: Specify docker volume mounts
-      dokku_storage:
-        app: alerta
-        mounts:
-          - /var/lib/alerta/email.tmpl:/app/email.tmpl
-          - /var/lib/alerta/alerta.conf:/app/alerta.conf
-          - /var/lib/alerta/alertad.conf:/app/alertad.conf
-          - /var/lib/alerta/config.json:/web/config.json
-
-    - name: Configure the dokku app environment
-      dokku_config:
-        app: alerta
-        restart: false
-        config:
-          SMTP_PASSWORD: "{{ smtp_passwd }}"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -1,6 +0,0 @@
---
- src: dokku_bot.ansible_dokku
-  version: v2020.3.24
-
- src: https://git.coop/decentral1se/autonomic.gandi/-/archive/0.0.5/autonomic.gandi-0.0.5.tar.gz
-  name: autonomic.gandi
--- a/ansible/templates/alerta.conf
+++ b/ansible/templates/alerta.conf
@ -1,25 +0,0 @@
-[DEFAULT]
-debug = True
-endpoint = http://localhost:8080/api
-key = {{ alerta_cli_api_key }}
-output = json
-sslverify = False
-timezone = Europe/London
-
-[alerta-mailer]
-amqp_topic = notify
-amqp_url = {{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/alerta
-config_file = /app/alerta.conf
-dashboard_url = https://{{ domain }}
-debug = True
-email_type = text
-endpoint = http://localhost:8080/api
-key = {{ alerta_mailer_api_key }}
-mail_from = {{ mail_from }}
-mail_template = /app/email.tmpl
-mail_to = {{ mail_to }}
-skip_mta = False
-smtp_host = {{ smtp_host }}
-smtp_password = {{ smtp_passwd }}
-smtp_port = {{ smtp_port }}
-smtp_starttls = {{ smtp_starttls }}
--- a/ansible/templates/alertad.conf
+++ b/ansible/templates/alertad.conf
@ -1,79 +0,0 @@
-SITE_LOGO_URL = "https://www.coops.tech/images/coops/autonomic"
-
-DEBUG = True
-
-SECRET = "{{ alerta_secret_key }}"
-
-DASHBOARD_URL = "https://{{ domain }}"
-BASE_URL = "/api"
-USE_PROXYFIX = True
-
-AUTH_REQUIRED = True
-AUTH_PROVIDER = "keycloak"
-
-ADMIN_USERS = [
-    "calix",
-    "decentral1se",
-    "gunnar",
-    "kawaiipunk",
-    "naomi",
-    "roxie",
-    "takkaria"
-]
-USER_DEFAULT_SCOPES = ["admin"]
-
-SIGNUP_ENABLED = False
-
-KEYCLOAK_URL = "{{ keycloak_url }}"
-KEYCLOAK_REALM = "{{ keycloak_realm }}"
-ALLOWED_KEYCLOAK_ROLES = ["{{ keycloak_role }}"]
-OAUTH2_CLIENT_ID = "{{ oauth_client_id }}"
-OAUTH2_CLIENT_SECRET = "{{ oauth_client_secret }}"
-
-SEVERITY_MAP = {
-    "fatal": 0,
-    "critical": 1,
-    "major": 2,
-    "minor": 3,
-    "warning": 4,
-    "indeterminate": 5,
-    "cleared": 5,
-    "normal": 5,
-    "ok": 5,
-    "informational": 6,
-    "debug": 7,
-    "trace": 8,
-    "unknown": 9
-}
-
-DEFAULT_NORMAL_SEVERITY = "normal"
-DEFAULT_PREVIOUS_SEVERITY = "indeterminate"
-
-PLUGINS = [
-    "alerta-mailer",
-    "amqp",
-    "blackout",
-    "normalise",
-    "rocketchat",
-]
-
-AMQP_URL = "{{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/alerta"
-AMQP_TOPIC = "notify"
-
-ROCKETCHAT_WEBHOOK_URL = "{{ rocket_chat_webhook_url }}"
-ROCKETCHAT_CHANNEL = "{{ rocket_chat_channel }}"
-ALERTA_USERNAME = "{{ alerta_username }}"
-ICON_EMOJI = "{{ rocket_chat_icon_emoji }}"
-
-DATABASE_URL = "{{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/{{ db_name }}"
-DATABASE_NAME = "{{ db_name }}"
-
-EMAIL_VERIFICATION = False
-MAIL_FROM = "{{ mail_from }}"
-SMTP_HOST = "{{ smtp_host }}"
-SMTP_PASSWORD = "{{ smtp_passwd }}"
-SMTP_PORT = "{{ smtp_port }}"
-SMTP_STARTTLS = True
-SMTP_USERNAME = "{{ smtp_username }}"
-
-CORS_ORIGINS = ["*"]
--- a/ansible/vars/alerta_admin_key.yml
+++ b/ansible/vars/alerta_admin_key.yml
@ -1,9 +0,0 @@
---
-alerta_admin_key: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  63646336653264643762383534656133316563613837663433303531313064333562303130366162
-  6639613330663839356562303463616538393335636438650a356462663561313961366632653761
-  64326530653339346138373666623430306138623139633061653466643939653032613538646237
-  3832333964306461330a366334383539636431623261666530623739623533356163653535303064
-  39363161326165623936346339313834383561366563356330303963666639353962336565356439
-  6634313338326362353332356132353033396235633335663864
--- a/ansible/vars/alerta_admin_passwd.yml
+++ b/ansible/vars/alerta_admin_passwd.yml
@ -1,9 +0,0 @@
---
-alerta_admin_passwd: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  38616564643264396163666135656438336266623132393436653734313339323731613638376630
-  6138653434376366623966343930383565363665396132340a356461313738326438373963383738
-  65356263303465366630666366616537316362656639663066616366383962393533393931366535
-  3731333261346631360a356538626235333532353730383439393166323838353964393166376137
-  61613034363765623966656536373135623139323566306665303064343437616464373631346665
-  6566336638343939353764623833383733653232373062306264
--- a/ansible/vars/alerta_cli_api_key.yml
+++ b/ansible/vars/alerta_cli_api_key.yml
@ -1,9 +0,0 @@
---
-alerta_cli_api_key: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  31613438623962623730323666633431383066306566653562393663376364373030303233653836
-  6664353163646430366436346530653463376464623164310a313965643737646563636263386564
-  66383965653138396338383938613134306438643537336531353437643239376135326564623737
-  6533666539346337340a333236343064656463383163386230313731343966363064626236336363
-  33396463666136613663356135643062666633356435643564353739616661303566363561613966
-  3164316364336135363331396363356266373666633731626262
--- a/ansible/vars/alerta_mailer_api_key.yml
+++ b/ansible/vars/alerta_mailer_api_key.yml
@ -1,9 +0,0 @@
---
-alerta_mailer_api_key: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  32366665633739636439343636633563616465653864356163386365616635396466656631656537
-  3266393861333132336561336236363633616434336462370a623539323664333763356562663934
-  62363033646264386137353933313931633637633736333737633066656561343530333938376532
-  3231666663376335370a353062633239356364306230356362303962633338333265646238356439
-  34663234666334366430323661353030373436363662383063363164366464646632303063646262
-  3366653738646438313265316639396636313565633737653335
--- a/ansible/vars/alerta_secret_key.yml
+++ b/ansible/vars/alerta_secret_key.yml
@ -1,9 +0,0 @@
---
-alerta_secret_key: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  65373532396564323565326161386132323730396234323465323166666661333537613537613137
-  6262333130363835336637313633383561343736663832320a316261623735356630646434383864
-  65313564633434306136613936333666646431333530326566356535393465376633363065626533
-  3935323633336234360a333030393965623364376233663134363562386463366238616336313163
-  32623339373863363737663530663235356134323634386664623833336533653735623937396161
-  3431306265383232393762333234333466336533346430333631
--- a/ansible/vars/all.yml
+++ b/ansible/vars/all.yml
@ -1,21 +0,0 @@
---
-alerta_username: "alerta"
-db_loc: "dokku-mongo-alerta:27017"
-db_name: "alerta"
-db_type: "mongodb"
-db_user: "alerta"
-docker_user_gid: 0
-docker_user_uid: 2000
-domain: "alerta.autonomic.zone"
-http_port: "8080"
-keycloak_realm: "autonomic"
-keycloak_role: "worker-owner"
-keycloak_url: "https://id.autonomic.zone"
-mail_from: "alerta-noreply@autonomic.zone"
-mail_to: "kaboom@autonomic.zone"
-rocket_chat_channel: "kaboom"
-rocket_chat_icon_emoji: ":rocket:"
-smtp_host: "mail.gandi.net"
-smtp_port: "587"
-smtp_starttls: "True"
-smtp_username: "alerta-noreply"
--- a/ansible/vars/ansible_become_pass.yml
+++ b/ansible/vars/ansible_become_pass.yml
@ -1,8 +0,0 @@
---
-ansible_become_pass: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  34396236353735666531323238656533643465303131663464613162396333313836363630666266
-  6539323631656635333864316166633064633366323936610a656137616334313534333635313232
-  35323561303763366563316631313638363333393763323935343563303963616334336639386462
-  3837383830616637360a373539613630356564363662393836366462666430353439353637303035
-  63396633303166343433313439303539313637306637663137313533316531616434
--- a/ansible/vars/db_passwd.yml
+++ b/ansible/vars/db_passwd.yml
@ -1,9 +0,0 @@
---
-db_passwd: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  66613866666133643236393137646262346262356564333730656432303766623663656639316135
-  6461373238626433343638326564316561623161666563390a323066616336336238643033313765
-  35303436643633383637663162643731326130646165363733643833663966306233383339613661
-  3234636138633533380a636363383366343834643831626633366366343732663334636632613730
-  32653539383834343937346563643539623963383237303036336431346463333262613838356134
-  6465386337343037336530646335663533656433306663343261
--- a/ansible/vars/oauth_client_id.yml
+++ b/ansible/vars/oauth_client_id.yml
@ -1,8 +0,0 @@
---
-oauth_client_id: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  39306264623166643338363663373230373263613139316532343061373434336565393766353566
-  3766306664323930366335323936336661346631643835320a653161303439306639376534373530
-  66366230353338306464623336363539393064366136346133653163653835333938323137613965
-  6261643035373035340a616166636636333730663632356533636561313530613466373635376239
-  64623336383365386164393234643463666434613935623164363138653731333766
--- a/ansible/vars/oauth_client_secret.yml
+++ b/ansible/vars/oauth_client_secret.yml
@ -1,9 +0,0 @@
---
-oauth_client_secret: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  66376130626633383864663931383235346236613964343930303962633032626339646264643566
-  3538393033383630633062323631306563383634643366610a343432633265303137626238393739
-  38323230646566623563653037336636636635333435653162373539333036353261333366666466
-  3861626564313636350a373938613136336233386437613833383333383565333933303938343766
-  63663730316431363133393332306562653164343337303334663933616337343964623033666432
-  3665653337373731616231363465383865313136393036393634
--- a/ansible/vars/rocket_chat_webhook_url.yml
+++ b/ansible/vars/rocket_chat_webhook_url.yml
@ -1,12 +0,0 @@
---
-rocket_chat_webhook_url: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  65346638303735373565363538386636616432323035313863356162363137323532323239316666
-  3731386135653361393734323038356665393164663630390a623632376364633639626338653436
-  31333038313138316233343533613061636462313965663764643530626531313738303461373833
-  3731656362613761350a616465653534643930393637656238643739383436643836306566636234
-  38643236643530623963663331313032396661336264333139356162356537313831373136363665
-  36643331663663353766643135336366613638343932343664616161633638393035386537396334
-  66626164396636396639396562386231646163366333616461376266316463646632316565333164
-  38343431393233633931356537363063383030353965663031633662636533313132393961643730
-  62323266373564633863316261363834303762646662333338383730636162366639
--- a/ansible/vars/root_db_passwd.yml
+++ b/ansible/vars/root_db_passwd.yml
@ -1,9 +0,0 @@
---
-root_db_passwd: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  61623136343461613137323665303834646466636631396538616232663061376439303739633861
-  6132323764333365396237303936353431313866383261340a336336313162643363643231656662
-  32613561666538633364643066343261636239656637303134396565666536623334616234393837
-  6165636634646332330a316130613531346430373163316130363330656532663137373832656237
-  63666337303434623465366331336538626536313535393938656232323634316632656636613339
-  3330386231353338343236356133393538366337626438613537
--- a/ansible/vars/smtp_passwd.yml
+++ b/ansible/vars/smtp_passwd.yml
@ -1,8 +0,0 @@
---
-smtp_passwd: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  63363435653931383333353934663266336231346465333934303964353435353330303865376361
-  3033346166353266663037376164663465306633643530340a383564383038306563633736623430
-  64386330303863336539346461653332346233303538613465613363356532376137623439616132
-  3563613431363738620a653339633765313564633639383366383236656635353737633031323466
-  64393064623139333661633361306531626532613562643465336561303536333632
--- a/app.json
+++ b/app.json
@ -1,5 +0,0 @@
-{
-  "name": "alerta",
-  "description": "A tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance’ visualisation",
-  "repository": "https://git.autonomic.zone/autonomic-cooperative/alerta"
-}
--- a/deploy.d/config.yml
+++ b/deploy.d/config.yml
@ -0,0 +1,58 @@
+---
+vars:
+  alerta_username: "alerta"
+  domain: "alerta.autonomic.zone"
+  keycloak_realm: "autonomic"
+  keycloak_role: "worker-owner"
+  keycloak_url: "https://id.autonomic.zone"
+  mail_from: "alerta-noreply@autonomic.zone"
+  mail_to: "kaboom@autonomic.zone"
+  port: "8080"
+  rocket_chat_channel: "kaboom"
+  rocket_chat_icon_emoji: ":rocket:"
+  smtp_host: "mail.gandi.net"
+  smtp_port: "587"
+  smtp_starttls: "True"
+  smtp_username: "alerta-noreply"
+
+dirs:
+  - path: /var/lib/alerta/
+
+db:
+  - type: "mongo"
+    passwd: "{{ vault.db_passwd }}"
+    root_passwd: "{{ vault.root_db_passwd }}"
+
+files:
+  - src: email.tmpl
+    dest: /var/lib/alerta/email.tmpl
+    owner: "{{ vars.docker_user_uid }}"
+    group: "{{ vars.docker_user_gid }}"
+    mode: "664"
+
+templates:
+  - src: config.json
+    dest: /var/lib/alerta/config.json
+    owner: "{{ vars.docker_user_uid }}"
+    group: "{{ vars.docker_user_gid }}"
+    mode: "664"
+  - src: alerta.conf
+    dest: /var/lib/alerta/alerta.conf
+    owner: "root"
+    group: "root"
+    mode: "664"
+  - src: alertad.conf
+    dest: /var/lib/alerta/alertad.conf
+    owner: "root"
+    group: "root"
+    mode: "664"
+
+volumes:
+  - /var/lib/alerta/email.tmpl:/app/email.tmpl
+  - /var/lib/alerta/alerta.conf:/app/alerta.conf
+  - /var/lib/alerta/alertad.conf:/app/alertad.conf
+  - /var/lib/alerta/config.json:/web/config.json
+
+env:
+  DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone"
+  SMTP_PASSWORD: "{{ vault.smtp_passwd }}"
--- a/deploy.d/files/email.tmpl
+++ b/deploy.d/files/email.tmpl
@ -29,6 +29,7 @@ Raw Data
 Comrades! To Arms!

 To acknowledge this alert visit this URL:
+
 {{ dashboard_url }}/#/alert/{{ alert.id }}

 Generated by {{ program }} on {{ hostname }} at {{ now }}
--- a/deploy.d/plays/predeploy.yml
+++ b/deploy.d/plays/predeploy.yml
@ -0,0 +1,19 @@
+---
+- name: Get uid/guid of the Docker user
+  become: true
+  getent:
+    database: passwd
+    key: docker
+    split: ":"
+
+- name: Prepare docker user information dictionary
+  set_fact:
+    docker_user_info:
+      {
+        "docker_user_uid": "{{ getent_passwd['docker'][1] }}",
+        "docker_user_gid": "{{ getent_passwd['docker'][2] }}",
+      }
+
+- name: Store docker user uid/guid in config.vars dictionary
+  set_fact:
+    config: "{{ config | update_vars(docker_user_info) }}"
--- a/deploy.d/templates/alerta.conf
+++ b/deploy.d/templates/alerta.conf
@ -0,0 +1,25 @@
+[DEFAULT]
+debug = True
+endpoint = http://localhost:8080/api
+key = {{ vault.alerta_cli_api_key }}
+output = json
+sslverify = False
+timezone = Europe/London
+
+[alerta-mailer]
+amqp_topic = notify
+amqp_url = {{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }}
+config_file = /app/alerta.conf
+dashboard_url = https://{{ config.vars.domain }}
+debug = True
+email_type = text
+endpoint = http://localhost:8080/api
+key = {{ vault.alerta_mailer_api_key }}
+mail_from = {{ config.vars.mail_from }}
+mail_template = /app/email.tmpl
+mail_to = {{ config.vars.mail_to }}
+skip_mta = False
+smtp_host = {{ config.vars.smtp_host }}
+smtp_password = {{ vault.smtp_passwd }}
+smtp_port = {{ config.vars.smtp_port }}
+smtp_starttls = {{ config.vars.smtp_starttls }}
--- a/deploy.d/templates/alertad.conf
+++ b/deploy.d/templates/alertad.conf
@ -0,0 +1,79 @@
+SITE_LOGO_URL = "https://www.coops.tech/images/coops/autonomic"
+
+DEBUG = True
+
+SECRET = "{{ vault.alerta_secret_key }}"
+
+DASHBOARD_URL = "https://{{ config.vars.domain }}"
+BASE_URL = "/api"
+USE_PROXYFIX = True
+
+AUTH_REQUIRED = True
+AUTH_PROVIDER = "keycloak"
+
+ADMIN_USERS = [
+    "calix",
+    "decentral1se",
+    "gunnar",
+    "kawaiipunk",
+    "naomi",
+    "roxie",
+    "takkaria"
+]
+USER_DEFAULT_SCOPES = ["admin"]
+
+SIGNUP_ENABLED = False
+
+KEYCLOAK_URL = "{{ config.vars.keycloak_url }}"
+KEYCLOAK_REALM = "{{ config.vars.keycloak_realm }}"
+ALLOWED_KEYCLOAK_ROLES = ["{{ config.vars.keycloak_role }}"]
+OAUTH2_CLIENT_ID = "{{ vault.oauth_client_id }}"
+OAUTH2_CLIENT_SECRET = "{{ vault.oauth_client_secret }}"
+
+SEVERITY_MAP = {
+    "fatal": 0,
+    "critical": 1,
+    "major": 2,
+    "minor": 3,
+    "warning": 4,
+    "indeterminate": 5,
+    "cleared": 5,
+    "normal": 5,
+    "ok": 5,
+    "informational": 6,
+    "debug": 7,
+    "trace": 8,
+    "unknown": 9
+}
+
+DEFAULT_NORMAL_SEVERITY = "normal"
+DEFAULT_PREVIOUS_SEVERITY = "indeterminate"
+
+PLUGINS = [
+    "alerta-mailer",
+    "amqp",
+    "blackout",
+    "normalise",
+    "rocketchat",
+]
+
+AMQP_URL = "{{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }}"
+AMQP_TOPIC = "notify"
+
+ROCKETCHAT_WEBHOOK_URL = "{{ vault.rocket_chat_webhook_url }}"
+ROCKETCHAT_CHANNEL = "{{ config.vars.rocket_chat_channel }}"
+ALERTA_USERNAME = "{{ config.vars.alerta_username }}"
+ICON_EMOJI = "{{ config.vars.rocket_chat_icon_emoji }}"
+
+DATABASE_URL = "{{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }}"
+DATABASE_NAME = "{{ dokku.app }}"
+
+EMAIL_VERIFICATION = False
+MAIL_FROM = "{{ config.vars.mail_from }}"
+SMTP_HOST = "{{ config.vars.smtp_host }}"
+SMTP_PASSWORD = "{{ vault.smtp_passwd }}"
+SMTP_PORT = "{{ config.vars.smtp_port }}"
+SMTP_STARTTLS = True
+SMTP_USERNAME = "{{ config.vars.smtp_username }}"
+
+CORS_ORIGINS = ["*"]
--- a/deploy.d/templates/config.json
+++ b/deploy.d/templates/config.json
--- a/deploy.d/vault/alerta_admin_key.yml
+++ b/deploy.d/vault/alerta_admin_key.yml
@ -0,0 +1,9 @@
+---
+alerta_admin_key: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  34313632666130383832633066396334313136393838313534326264346133336562333633323631
+  6566343333353165633537643331616364366566346533640a373965393433393735323237653762
+  61373835366162316630646136323665623332373966393061643237386661343463376137623539
+  6564623030336638340a316533613863303132366231393434376535383963653165313065653838
+  34323239326438616436363864323837366666393564343765643735363233636234343165303432
+  3964353761646163633162353761613763323139393664346565
--- a/deploy.d/vault/alerta_admin_passwd.yml
+++ b/deploy.d/vault/alerta_admin_passwd.yml
@ -0,0 +1,9 @@
+---
+alerta_admin_passwd: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  61386635613234316466653038313332633565663932353863666263643364363831343633616461
+  6238343035613264336666333838333864313064363666340a663839366631396536633966363264
+  35306264333563656633313032343937386435666631623738626632323837326262303136343163
+  6334633033373830620a626663393737653433633635643662663432333237656632663130626635
+  63643039333937353039653439616638613966363362333439613564643333616564373464633365
+  3866373639306361323466323537613236316163656636376239
--- a/deploy.d/vault/alerta_cli_api_key.yml
+++ b/deploy.d/vault/alerta_cli_api_key.yml
@ -0,0 +1,9 @@
+---
+alerta_cli_api_key: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  33653264303231306632383136363466643237643130633937613862666662636265623931356133
+  3966643536623562383737623935366264636339383730650a366563363730653865643839663032
+  65333766316637353737636162396666306332616338646233643134356633313033323263616231
+  3536366165626336300a336266353539326631376362313263653636376361366463343766636632
+  61373235643634346636343466393365633562383433323830373032323633633535333238646435
+  3937366335343037383031353130653937333034326332653162
--- a/deploy.d/vault/alerta_mailer_api_key.yml
+++ b/deploy.d/vault/alerta_mailer_api_key.yml
@ -0,0 +1,9 @@
+---
+alerta_mailer_api_key: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  62363530353231306463613063633465306633396630333262646461663563383038366565366361
+  3237386339393561646261333238303064663139643332390a303363613965323138333931613136
+  64306337633064313938366264316636663565616533376330393732363364333061316337386434
+  3636666430393436610a656263376133363939386362656439396563383861643638313763383065
+  39633366323336383430313032646131313535346261613833636539383832313737613530626331
+  3038646333373063363761666337373636346237353365623339
--- a/deploy.d/vault/alerta_secret_key.yml
+++ b/deploy.d/vault/alerta_secret_key.yml
@ -0,0 +1,9 @@
+---
+alerta_secret_key: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  63393463393937636330343330663164353035653235656362633435316337313034373535356466
+  3734386165306530363336353531326532623266386365620a633831323537656164366261613438
+  33303932316233353439646233616566353836376265613835333564326432643439336562376237
+  3563336163323138390a633261633661303361353935623637373635326134356437623261343334
+  32623861376666306637316466613365656266623364623661383032313461633434343332346636
+  6236383965323331313436646463346132626437653361303831
--- a/deploy.d/vault/db_passwd.yml
+++ b/deploy.d/vault/db_passwd.yml
@ -0,0 +1,9 @@
+---
+db_passwd: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  62323761346564613537633764396461313935646436633865373463323065396633316666303433
+  6435303135663230663862346230613030353838643563350a353739656135346362333030333331
+  65666361363638383964323162656232376539343636306235623863333839343932306461373636
+  3666623436623730630a653063306138316661333565306433633231346234363764303662386165
+  62636638373539656562653838313565393332633765653561623834653563633339346366636461
+  3032363032646631346161653932623337343735643138303137
--- a/deploy.d/vault/oauth_client_id.yml
+++ b/deploy.d/vault/oauth_client_id.yml
@ -0,0 +1,8 @@
+---
+oauth_client_id: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  61373639333566663566666465376265346266363461353061353866333562636432323731626164
+  3966356130323836376264633538333233663463386336650a666561336234353964306339623739
+  63326431356561323730346463393336373431383839333764353233333462393338626665383165
+  3262666232393361320a646230306666373963633036663261643063366337356365366163636238
+  34346235666536643761356635383236336365643839633434333235323930303162
--- a/deploy.d/vault/oauth_client_secret.yml
+++ b/deploy.d/vault/oauth_client_secret.yml
@ -0,0 +1,9 @@
+---
+oauth_client_secret: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  33613831323161653934373132316538643564623666346133626165346438356430613061333332
+  3661643836343966663739306665663231653833306630330a346565313638626164373038306362
+  62373339336662333434343762383062623235346134333531373833346466343338323563353831
+  6638303763663333370a653065356266646638313634373431306130363838353738666633393666
+  30383933353334313932313637386433373738393765306162666461303663663563373334316236
+  6264633331353565643139616436363737633162343037623632
--- a/deploy.d/vault/rocket_chat_webhook_url.yml
+++ b/deploy.d/vault/rocket_chat_webhook_url.yml
@ -0,0 +1,12 @@
+---
+rocket_chat_webhook_url: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  36326239336466373635303536363064666165386136393630633435666662313737326561376661
+  6666623437383265386137396430326135623138643935340a386461633463616330343630373333
+  63633438303032383331613932323235623331326539353561623632663936356562393136303765
+  3037613739316630320a613163613863383764613864326664613263373634663738333432326433
+  33326232303933313264666537656634313763316430633937396633326133653866353934346463
+  65343161356565326264663563313462616136383663386461346135383034353961653362303735
+  33666438626338306161376238343365386566326138666639623330316566373561633139313130
+  32636166363763636532346663383139383765316533343162353630356264353966636133303434
+  30643838346530356534656430363862383364396365353435396232353931653862
--- a/deploy.d/vault/root_db_passwd.yml
+++ b/deploy.d/vault/root_db_passwd.yml
@ -0,0 +1,9 @@
+---
+root_db_passwd: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  33343661333761643934323666663537313862626465613763373734613763346663303638663230
+  6333343962353439653534646266383039343034646130350a396435636638333936663465623263
+  30306266303337366564663333643764386334303733316436363137643465306135633661316466
+  3634393864613439650a373965393166323531333338376436366135343736336366343364383834
+  66333839343337633666346134396264306334616235363239356130653136336365373763366630
+  6366363230663864666266623838383035366462636565663464
--- a/deploy.d/vault/smtp_passwd.yml
+++ b/deploy.d/vault/smtp_passwd.yml
@ -0,0 +1,8 @@
+---
+smtp_passwd: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  38356466313262356537666361396462376663393733393433636161613466356431396665386165
+  3139303436666663356332663766343931323031623161610a373364356163636335326666653030
+  35373366663962363562616631316639376166316438656237386363623461376562643334613262
+  6638613730346139370a303637653665653036316430393239633435613664326362663033636530
+  61306434636234343333626161303866623461643233366434356635373463313432
--- a/requirements.txt
+++ b/requirements.txt
@ -1 +0,0 @@
-ansible==2.9.6
--- a/sbin/encrypt.sh
+++ b/sbin/encrypt.sh
@ -1,15 +0,0 @@
-#!/bin/bash
-
-set -eu -o pipefail
-
-# Usage
-# ./encrypt.sh mysecretname mysecretvalue
-
-declare name="$1"
-declare secret="$2"
-
-ansible-vault \
-  encrypt_string \
-  --vault-password-file ansible/.vault.sh \
-  --name "$name" \
-  "$secret"