diff --git a/ansible/.vault.sh b/ansible/.vault.sh deleted file mode 100755 index 8f30d37..0000000 --- a/ansible/.vault.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -eu -o pipefail - -echo $(pass show hosts/autonomic-dokku/vault/password) diff --git a/ansible/post-deploy.yml b/ansible/post-deploy.yml deleted file mode 100644 index bbc123a..0000000 --- a/ansible/post-deploy.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- hosts: all - gather_facts: false - tasks: - - name: Load variables - include_vars: - dir: "{{ dokku_lib_root }}/data/ansible/drone/vars/" - extensions: - - yml - - - name: Set HTTP 80 port proxy - dokku_ports: - app: drone - mappings: - - "http:80:{{ drone_port }}" - state: present - - - name: Setup LE certificates - shell: dokku letsencrypt drone - args: - creates: /home/dokku/drone/letsencrypt/certs - - - name: Setup LE certificates renew cron job - shell: dokku letsencrypt:cron-job --add - args: - creates: /home/dokku/drone/letsencrypt/cron-job - - - name: Specify certificate docker volume mounts - dokku_storage: - app: keycloak - mounts: - - /home/dokku/drone/letsencrypt/certs:/etc/ssl/certs/ - - - name: Set HTTP 443 port - dokku_ports: - app: drone - mappings: - - "https:443:{{ drone_port }}" - state: present - - - name: Remove automatically configured ports - dokku_ports: - app: gitea - mappings: - - "http:{{ drone_port }}:{{ drone_port }}" - state: absent diff --git a/ansible/pre-deploy.yml b/ansible/pre-deploy.yml deleted file mode 100644 index f5d06f9..0000000 --- a/ansible/pre-deploy.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- hosts: all - gather_facts: false - tasks: - - name: Load variables - include_vars: - dir: "{{ dokku_lib_root }}/data/ansible/drone/vars/" - extensions: - - yml - - - name: "Configure {{ drone_domain }} domain" - dokku_domains: - app: drone - domains: - - "{{ drone_domain }}" - state: present - - - name: Create application directory - file: - path: /var/lib/drone - state: directory - owner: dokku - group: dokku - become: true - - - name: Specify docker volume mounts - dokku_storage: - app: drone - mounts: - - /var/lib/drone:/data - - /var/run/docker.sock:/var/run/docker.sock - - - name: Configure the app environment - dokku_config: - app: drone - restart: false - config: - DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}" - DRONE_GITEA_CLIENT_ID: "{{ gitea_client_id }}" - DRONE_GITEA_CLIENT_SECRET: "{{ gitea_client_secret }}" - DRONE_GITEA_SERVER: "{{ gitea_domain }}" - DRONE_GIT_ALWAYS_AUTH: "true" - DRONE_JSONNET_ENABLED: "{{ drone_jsonnet_enabled }}" - DRONE_RPC_SECRET: "{{ rpc_secret }}" - DRONE_SERVER_HOST: "{{ drone_domain }}" - DRONE_SERVER_PORT: ":{{ drone_port }}" - DRONE_SERVER_PROTO: "https" - DRONE_USER_FILTER: "{{ drone_user_filter }}" diff --git a/ansible/requirements.yml b/ansible/requirements.yml deleted file mode 100644 index e2e3214..0000000 --- a/ansible/requirements.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- src: dokku_bot.ansible_dokku - version: v2020.3.24 - -- src: https://git.coop/decentral1se/autonomic.gandi/-/archive/0.0.5/autonomic.gandi-0.0.5.tar.gz - name: autonomic.gandi diff --git a/ansible/vars/all.yml b/ansible/vars/all.yml deleted file mode 100644 index e348110..0000000 --- a/ansible/vars/all.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -autonomic_admin_mail: "helo@autonomic.zone" -drone_domain: "drone.autonomic.zone" -drone_jsonnet_enabled: "true" -drone_port: "8042" -drone_user_filter: "autonomic-cooperative" -gitea_domain: "https://git.autonomic.zone" diff --git a/ansible/vars/ansible_become_pass.yml b/ansible/vars/ansible_become_pass.yml deleted file mode 100644 index abb21b9..0000000 --- a/ansible/vars/ansible_become_pass.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -ansible_become_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34396236353735666531323238656533643465303131663464613162396333313836363630666266 - 6539323631656635333864316166633064633366323936610a656137616334313534333635313232 - 35323561303763366563316631313638363333393763323935343563303963616334336639386462 - 3837383830616637360a373539613630356564363662393836366462666430353439353637303035 - 63396633303166343433313439303539313637306637663137313533316531616434 diff --git a/ansible/vars/gitea_client_id.yml b/ansible/vars/gitea_client_id.yml deleted file mode 100644 index d03cc89..0000000 --- a/ansible/vars/gitea_client_id.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -gitea_client_id: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 37316265636364356436666632326364303438326235663566363336353139323031353635356232 - 3634386333333239653433646332323335363939323962650a393631333530633733353662666438 - 38663863386235383830653238373932616236393962303361643361633434396562663730326566 - 3032653461336331630a336366383335383832306430343364353862626662373837623433613065 - 37643933386161323936623733643930643232333734636132336261333034306561613965623237 - 3736363564626161366530356565663231393762353761376139 diff --git a/ansible/vars/gitea_client_secret.yml b/ansible/vars/gitea_client_secret.yml deleted file mode 100644 index 239d415..0000000 --- a/ansible/vars/gitea_client_secret.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -gitea_client_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30643361363138363430616537613332346133323939376364333033383936386138393435636139 - 3931386635323432623139356233346132363062663938320a656165656664313461356433383839 - 64626264613238323864386461373431623339353864663338343235623737383737663961396630 - 3532343934393761330a306530656630313466396530343733656633333930666334333364663961 - 36353238343030303164646366373031653862313839613565323863376539373634643562336331 - 6232656265363163646165656239663737333433323566313764 diff --git a/ansible/vars/rpc_secret.yml b/ansible/vars/rpc_secret.yml deleted file mode 100644 index ef653ca..0000000 --- a/ansible/vars/rpc_secret.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -rpc_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33346331663332396364613536313365316561616465656465653330646139333039326130336632 - 3931353462663631393536646266396237373735323433610a306632396237656133343963653530 - 34626237393165643464666133653731346335636261623935333134343137343135326334373135 - 6430653839636632350a643330666236636633336665306564303166343133396562643465373761 - 31633636326335316661313039383135366230356339376632313063386431343434633363366466 - 6530363438643965373030656537663533666236376232336162 diff --git a/app.json b/app.json deleted file mode 100644 index 86fd599..0000000 --- a/app.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "name": "drone", - "description": "Automate Software Testing and Delivery", - "repository": "https://git.autonomic.zone/autonomic-cooperative/drone" -} diff --git a/deploy.d/config.yml b/deploy.d/config.yml new file mode 100644 index 0000000..0eb23e2 --- /dev/null +++ b/deploy.d/config.yml @@ -0,0 +1,21 @@ +--- +volumes: + - type: directory + src: /var/lib/drone + dest: /data + - type: file + src: /var/run/docker.sock + dest: /var/run/docker.sock + +env: + DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone" + DRONE_GITEA_CLIENT_ID: "{{ vault.gitea_client_id }}" + DRONE_GITEA_CLIENT_SECRET: "{{ vault.gitea_client_secret }}" + DRONE_GITEA_SERVER: "git.autonomic.zone" + DRONE_GIT_ALWAYS_AUTH: "true" + DRONE_JSONNET_ENABLED: "true" + DRONE_RPC_SECRET: "{{ vault.rpc_secret }}" + DRONE_SERVER_HOST: "drone.autonomic.zone" + DRONE_SERVER_PORT: ":8042" + DRONE_SERVER_PROTO: "https" + DRONE_USER_FILTER: "autonomic-cooperative" diff --git a/deploy.d/vault/gitea_client_id.yml b/deploy.d/vault/gitea_client_id.yml new file mode 100644 index 0000000..5e839be --- /dev/null +++ b/deploy.d/vault/gitea_client_id.yml @@ -0,0 +1,9 @@ +--- +gitea_client_id: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 38353066373439363536386330363366613565653934356665666363333837653166316237366437 + 3332623362336337356530393936383261306663353035350a323831636430333666326563303030 + 35373263626566313036333939386363313466326534626665653735313764373435363731666662 + 6564353333303434330a393364356234623736363031653534353663653732336235623938623831 + 62376462313663323934393238343735353436613064663439383263316561383737363435663864 + 6566393036626161316262336637343934333439666461396632 diff --git a/deploy.d/vault/gitea_client_secret.yml b/deploy.d/vault/gitea_client_secret.yml new file mode 100644 index 0000000..05b41d5 --- /dev/null +++ b/deploy.d/vault/gitea_client_secret.yml @@ -0,0 +1,9 @@ +--- +gitea_client_secret: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 61346631386137353166353939616362373339316631356462356462396334333464303764633661 + 3963616663616461346235646630613633373937323831370a633235666239613933353633316638 + 63373733346630343863383065636665323231636337613162643963393632303832616263663263 + 6536656136333537300a366538613935396362326437653662363630316565306430313262666331 + 31666461326333613665303563326364386464636637396138396132373662383333303433363464 + 3935656435323364313466336363666631396535623566663961 diff --git a/deploy.d/vault/rpc_secret.yml b/deploy.d/vault/rpc_secret.yml new file mode 100644 index 0000000..5ae6725 --- /dev/null +++ b/deploy.d/vault/rpc_secret.yml @@ -0,0 +1,9 @@ +--- +rpc_secret: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 32373866396231333238323566306139633836636337353735643234353036356534343436343032 + 3061323132376335376662333064643633656132343931300a336266633465356563393466346263 + 63316236663137336635616630643633643733663831656361616262623631373166323332336537 + 6434626637663964620a613130376532376161313366613762336134353238333562353664393735 + 62653134313866323431306530646434393233383432373664313662393332326239366635343033 + 6666313035336237333234313865366366363138653233383837 diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 130e91f..0000000 --- a/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -ansible==2.9.6 diff --git a/sbin/encrypt.sh b/sbin/encrypt.sh deleted file mode 100755 index d328761..0000000 --- a/sbin/encrypt.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -eu -o pipefail - -# Usage -# ./encrypt.sh mysecretname mysecretvalue - -declare name="$1" -declare secret="$2" - -ansible-vault \ - encrypt_string \ - --vault-password-file ansible/.vault.sh \ - --name "$name" \ - "$secret"