Move to v2 format

2020-04-14 15:51:05 +02:00 · 2020-04-14 15:51:05 +02:00 · 636c199d39
parent 5b531f787a
commit 636c199d39
16 changed files with 48 additions and 168 deletions
--- a/ansible/.vault.sh
+++ b/ansible/.vault.sh
@ -1,5 +0,0 @@
-#!/bin/bash
-
-set -eu -o pipefail
-
-echo $(pass show hosts/autonomic-dokku/vault/password)
--- a/ansible/post-deploy.yml
+++ b/ansible/post-deploy.yml
@ -1,46 +0,0 @@
---
- hosts: all
-  gather_facts: false
-  tasks:
-    - name: Load variables
-      include_vars:
-        dir: "{{ dokku_lib_root }}/data/ansible/drone/vars/"
-        extensions:
-          - yml
-
-    - name: Set HTTP 80 port proxy
-      dokku_ports:
-        app: drone
-        mappings:
-          - "http:80:{{ drone_port }}"
-        state: present
-
-    - name: Setup LE certificates
-      shell: dokku letsencrypt drone
-      args:
-        creates: /home/dokku/drone/letsencrypt/certs
-
-    - name: Setup LE certificates renew cron job
-      shell: dokku letsencrypt:cron-job --add
-      args:
-        creates: /home/dokku/drone/letsencrypt/cron-job
-
-    - name: Specify certificate docker volume mounts
-      dokku_storage:
-        app: keycloak
-        mounts:
-          - /home/dokku/drone/letsencrypt/certs:/etc/ssl/certs/
-
-    - name: Set HTTP 443 port
-      dokku_ports:
-        app: drone
-        mappings:
-          - "https:443:{{ drone_port }}"
-        state: present
-
-    - name: Remove automatically configured ports
-      dokku_ports:
-        app: gitea
-        mappings:
-          - "http:{{ drone_port }}:{{ drone_port }}"
-        state: absent
--- a/ansible/pre-deploy.yml
+++ b/ansible/pre-deploy.yml
@ -1,48 +0,0 @@
---
- hosts: all
-  gather_facts: false
-  tasks:
-    - name: Load variables
-      include_vars:
-        dir: "{{ dokku_lib_root }}/data/ansible/drone/vars/"
-        extensions:
-          - yml
-
-    - name: "Configure {{ drone_domain }} domain"
-      dokku_domains:
-        app: drone
-        domains:
-          - "{{ drone_domain }}"
-        state: present
-
-    - name: Create application directory
-      file:
-        path: /var/lib/drone
-        state: directory
-        owner: dokku
-        group: dokku
-      become: true
-
-    - name: Specify docker volume mounts
-      dokku_storage:
-        app: drone
-        mounts:
-          - /var/lib/drone:/data
-          - /var/run/docker.sock:/var/run/docker.sock
-
-    - name: Configure the app environment
-      dokku_config:
-        app: drone
-        restart: false
-        config:
-          DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}"
-          DRONE_GITEA_CLIENT_ID: "{{ gitea_client_id }}"
-          DRONE_GITEA_CLIENT_SECRET: "{{ gitea_client_secret }}"
-          DRONE_GITEA_SERVER: "{{ gitea_domain }}"
-          DRONE_GIT_ALWAYS_AUTH: "true"
-          DRONE_JSONNET_ENABLED: "{{ drone_jsonnet_enabled }}"
-          DRONE_RPC_SECRET: "{{ rpc_secret }}"
-          DRONE_SERVER_HOST: "{{ drone_domain }}"
-          DRONE_SERVER_PORT: ":{{ drone_port }}"
-          DRONE_SERVER_PROTO: "https"
-          DRONE_USER_FILTER: "{{ drone_user_filter }}"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -1,6 +0,0 @@
---
- src: dokku_bot.ansible_dokku
-  version: v2020.3.24
-
- src: https://git.coop/decentral1se/autonomic.gandi/-/archive/0.0.5/autonomic.gandi-0.0.5.tar.gz
-  name: autonomic.gandi
--- a/ansible/vars/all.yml
+++ b/ansible/vars/all.yml
@ -1,7 +0,0 @@
---
-autonomic_admin_mail: "helo@autonomic.zone"
-drone_domain: "drone.autonomic.zone"
-drone_jsonnet_enabled: "true"
-drone_port: "8042"
-drone_user_filter: "autonomic-cooperative"
-gitea_domain: "https://git.autonomic.zone"
--- a/ansible/vars/ansible_become_pass.yml
+++ b/ansible/vars/ansible_become_pass.yml
@ -1,8 +0,0 @@
---
-ansible_become_pass: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  34396236353735666531323238656533643465303131663464613162396333313836363630666266
-  6539323631656635333864316166633064633366323936610a656137616334313534333635313232
-  35323561303763366563316631313638363333393763323935343563303963616334336639386462
-  3837383830616637360a373539613630356564363662393836366462666430353439353637303035
-  63396633303166343433313439303539313637306637663137313533316531616434
--- a/ansible/vars/gitea_client_id.yml
+++ b/ansible/vars/gitea_client_id.yml
@ -1,9 +0,0 @@
---
-gitea_client_id: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  37316265636364356436666632326364303438326235663566363336353139323031353635356232
-  3634386333333239653433646332323335363939323962650a393631333530633733353662666438
-  38663863386235383830653238373932616236393962303361643361633434396562663730326566
-  3032653461336331630a336366383335383832306430343364353862626662373837623433613065
-  37643933386161323936623733643930643232333734636132336261333034306561613965623237
-  3736363564626161366530356565663231393762353761376139
--- a/ansible/vars/gitea_client_secret.yml
+++ b/ansible/vars/gitea_client_secret.yml
@ -1,9 +0,0 @@
---
-gitea_client_secret: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  30643361363138363430616537613332346133323939376364333033383936386138393435636139
-  3931386635323432623139356233346132363062663938320a656165656664313461356433383839
-  64626264613238323864386461373431623339353864663338343235623737383737663961396630
-  3532343934393761330a306530656630313466396530343733656633333930666334333364663961
-  36353238343030303164646366373031653862313839613565323863376539373634643562336331
-  6232656265363163646165656239663737333433323566313764
--- a/ansible/vars/rpc_secret.yml
+++ b/ansible/vars/rpc_secret.yml
@ -1,9 +0,0 @@
---
-rpc_secret: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  33346331663332396364613536313365316561616465656465653330646139333039326130336632
-  3931353462663631393536646266396237373735323433610a306632396237656133343963653530
-  34626237393165643464666133653731346335636261623935333134343137343135326334373135
-  6430653839636632350a643330666236636633336665306564303166343133396562643465373761
-  31633636326335316661313039383135366230356339376632313063386431343434633363366466
-  6530363438643965373030656537663533666236376232336162
--- a/app.json
+++ b/app.json
@ -1,5 +0,0 @@
-{
-  "name": "drone",
-  "description": "Automate Software Testing and Delivery",
-  "repository": "https://git.autonomic.zone/autonomic-cooperative/drone"
-}
--- a/deploy.d/config.yml
+++ b/deploy.d/config.yml
@ -0,0 +1,21 @@
+---
+volumes:
+  - type: directory
+    src: /var/lib/drone
+    dest: /data
+  - type: file
+    src: /var/run/docker.sock
+    dest: /var/run/docker.sock
+
+env:
+  DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone"
+  DRONE_GITEA_CLIENT_ID: "{{ vault.gitea_client_id }}"
+  DRONE_GITEA_CLIENT_SECRET: "{{ vault.gitea_client_secret }}"
+  DRONE_GITEA_SERVER: "git.autonomic.zone"
+  DRONE_GIT_ALWAYS_AUTH: "true"
+  DRONE_JSONNET_ENABLED: "true"
+  DRONE_RPC_SECRET: "{{ vault.rpc_secret }}"
+  DRONE_SERVER_HOST: "drone.autonomic.zone"
+  DRONE_SERVER_PORT: ":8042"
+  DRONE_SERVER_PROTO: "https"
+  DRONE_USER_FILTER: "autonomic-cooperative"
--- a/deploy.d/vault/gitea_client_id.yml
+++ b/deploy.d/vault/gitea_client_id.yml
@ -0,0 +1,9 @@
+---
+gitea_client_id: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  38353066373439363536386330363366613565653934356665666363333837653166316237366437
+  3332623362336337356530393936383261306663353035350a323831636430333666326563303030
+  35373263626566313036333939386363313466326534626665653735313764373435363731666662
+  6564353333303434330a393364356234623736363031653534353663653732336235623938623831
+  62376462313663323934393238343735353436613064663439383263316561383737363435663864
+  6566393036626161316262336637343934333439666461396632
--- a/deploy.d/vault/gitea_client_secret.yml
+++ b/deploy.d/vault/gitea_client_secret.yml
@ -0,0 +1,9 @@
+---
+gitea_client_secret: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  61346631386137353166353939616362373339316631356462356462396334333464303764633661
+  3963616663616461346235646630613633373937323831370a633235666239613933353633316638
+  63373733346630343863383065636665323231636337613162643963393632303832616263663263
+  6536656136333537300a366538613935396362326437653662363630316565306430313262666331
+  31666461326333613665303563326364386464636637396138396132373662383333303433363464
+  3935656435323364313466336363666631396535623566663961
--- a/deploy.d/vault/rpc_secret.yml
+++ b/deploy.d/vault/rpc_secret.yml
@ -0,0 +1,9 @@
+---
+rpc_secret: !vault |-
+  $ANSIBLE_VAULT;1.1;AES256
+  32373866396231333238323566306139633836636337353735643234353036356534343436343032
+  3061323132376335376662333064643633656132343931300a336266633465356563393466346263
+  63316236663137336635616630643633643733663831656361616262623631373166323332336537
+  6434626637663964620a613130376532376161313366613762336134353238333562353664393735
+  62653134313866323431306530646434393233383432373664313662393332326239366635343033
+  6666313035336237333234313865366366363138653233383837
--- a/requirements.txt
+++ b/requirements.txt
@ -1 +0,0 @@
-ansible==2.9.6
--- a/sbin/encrypt.sh
+++ b/sbin/encrypt.sh
@ -1,15 +0,0 @@
-#!/bin/bash
-
-set -eu -o pipefail
-
-# Usage
-# ./encrypt.sh mysecretname mysecretvalue
-
-declare name="$1"
-declare secret="$2"
-
-ansible-vault \
-  encrypt_string \
-  --vault-password-file ansible/.vault.sh \
-  --name "$name" \
-  "$secret"