diff --git a/Makefile b/Makefile index 678fdf1..ff0ef22 100644 --- a/Makefile +++ b/Makefile @@ -11,5 +11,3 @@ container: release: docker push gempir/justlog -provision: - ansible-playbook -i ansible/hosts ansible/playbook.yml --ask-vault-pass ${ARGS} \ No newline at end of file diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml deleted file mode 100755 index 17957d9..0000000 --- a/ansible/group_vars/all.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -api_domain: api.gempir.com -email: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65373739353434323038366266343639376262633166356330336339396664326264343334633864 - 6164633261343062623666613536343265663038343330360a313637663739343464396133366565 - 35666538386231343533333231646131383734663834663039636235313237636366343535376366 - 3438353430666537630a323338663565366439353163646435633738653563393330613064363163 - 66356363623063373532626262343361663933623132653162633034396131623038 -username: gempbot -oauth: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 66373430346665366531646264336337613562373035653735643932636137356333326434623734 - 3666356337396236316539623931333666346330393262370a376335373437613133663561313230 - 61383331616335383631643933326632653438623462666430616661313465353765396130323166 - 6237666263393265630a623637653565306138626633316135643032616231323839396234653863 - 35346561656133383230313464636339653338373462383233383962376161386334 -clientID: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62316166366330343165663837393431616230343061663664366433383533666538353563323735 - 6633336330393765383934366361623465643335333862320a376636613862636130653231396633 - 36353764356232353731316165303061333765343162356665666563373935326435623439653463 - 3035653631353231340a636437303436633536636334643131303164353066316365333735616466 - 63663636356635636439623162366564343036623735376534626161316333393134 \ No newline at end of file diff --git a/ansible/hosts b/ansible/hosts deleted file mode 100755 index 3ebe9b6..0000000 --- a/ansible/hosts +++ /dev/null @@ -1,2 +0,0 @@ -[main] -apollo.gempir.com \ No newline at end of file diff --git a/ansible/playbook.retry b/ansible/playbook.retry deleted file mode 100755 index daf9f27..0000000 --- a/ansible/playbook.retry +++ /dev/null @@ -1 +0,0 @@ -apollo.gempir.com diff --git a/ansible/playbook.yml b/ansible/playbook.yml deleted file mode 100755 index fd5cf11..0000000 --- a/ansible/playbook.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Provision hosts for logstv - hosts: all - remote_user: root - - roles: - - {role: 'common', tags: ['common']} - - {role: 'nginx', tags: ['nginx']} - - {role: 'bot', tags: ['bot']} - - handlers: - - name: restart ufw - service: name=ufw state=restarted - - - name: Reload systemd daemon - command: systemctl daemon-reload \ No newline at end of file diff --git a/ansible/roles/bot/tasks/main.yml b/ansible/roles/bot/tasks/main.yml deleted file mode 100755 index d899f71..0000000 --- a/ansible/roles/bot/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: create log directory - file: - path: /mnt/data/justlog - state: directory - owner: justlog - group: justlog - mode: 0750 - -- name: create config file - template: - src: templates/config.j2 - dest: /home/justlog/config.json - owner: justlog - group: justlog - mode: 0640 - -- name: install systemd unit file - template: src=service.j2 dest=/etc/systemd/system/justlog.service - -- name: reload units - systemd: - daemon_reload: yes \ No newline at end of file diff --git a/ansible/roles/bot/templates/config.j2 b/ansible/roles/bot/templates/config.j2 deleted file mode 100755 index d451ada..0000000 --- a/ansible/roles/bot/templates/config.j2 +++ /dev/null @@ -1,25 +0,0 @@ -{ - "admin": "gempir", - "logsDirectory": "/mnt/data/justlog", - "clientID": "{{ clientID }}", - "username": "{{ username }}", - "oauth": "{{ oauth }}", - "channels": [ - "11148817", - "77829817", - "99659894", - "22484632", - "42426044", - "62300805", - "93031467", - "14824099", - "133554225", - "36396364", - "134551603", - "43689956", - "41015858", - "74844182", - "36588055", - "30816637" - ] -} \ No newline at end of file diff --git a/ansible/roles/bot/templates/service.j2 b/ansible/roles/bot/templates/service.j2 deleted file mode 100644 index 62f756d..0000000 --- a/ansible/roles/bot/templates/service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=justlog service -After=network.target - -[Service] -Type=simple -ExecStart=/home/justlog/justlog -WorkingDirectory=/home/justlog -TimeoutStopSec=5 -User=justlog -Group=justlog -Restart=always - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml deleted file mode 100755 index 095a278..0000000 --- a/ansible/roles/common/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: update and upgrade apt packages - become: true - apt: - upgrade: yes - update_cache: yes - cache_valid_time: 86400 #One day - -- name: install apt-transport-https - apt: name=apt-transport-https state=present - -- name: install htop - apt: name=htop state=present - -- name: install ufw firewall - include: ufw.yml - -- name: Ensure group "justlog" exists - group: - name: justlog - state: present - -- name: Create justlog user - user: - name: justlog - shell: /bin/bash - groups: justlog - append: yes \ No newline at end of file diff --git a/ansible/roles/common/tasks/ufw.yml b/ansible/roles/common/tasks/ufw.yml deleted file mode 100755 index d9142ed..0000000 --- a/ansible/roles/common/tasks/ufw.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# - name: Install ufw -# apt: package=ufw state=present - -# - name: Configure ufw defaults -# ufw: direction={{ item.direction }} policy={{ item.policy }} -# with_items: -# - { direction: 'incoming', policy: 'deny' } -# - { direction: 'outgoing', policy: 'allow' } -# notify: -# - restart ufw - -# - name: Configure ufw rules -# ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }} -# with_items: -# - { rule: 'limit', port: '{{ ssh_port | default("22") }}', proto: 'tcp' } -# - { rule: 'allow', port: '80', proto: 'tcp' } -# - { rule: 'allow', port: '443', proto: 'tcp' } -# notify: -# - restart ufw - -# - name: Enable ufw logging -# ufw: logging=on -# notify: -# - restart ufw - -# - name: Enable ufw -# ufw: state=enabled \ No newline at end of file diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml deleted file mode 100644 index 6dc82e9..0000000 --- a/ansible/roles/nginx/tasks/main.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- - - name: Upgrade system - apt: upgrade=dist update_cache=yes - - - name: Install nginx - apt: name=nginx state=latest - - - name: install letsencrypt - apt: name=letsencrypt state=latest - - - name: create letsencrypt directory - file: name=/var/www/letsencrypt state=directory - - - name: Remove default nginx config - file: name=/etc/nginx/sites-enabled/default state=absent - - - name: Install system nginx config - template: - src: templates/nginx.conf.j2 - dest: /etc/nginx/nginx.conf - - - name: Install nginx site for api - template: - src: templates/api.j2 - dest: /etc/nginx/sites-enabled/api - - - name: Reload nginx to activate letsencrypt site - service: name=nginx state=restarted - - - name: Create letsencrypt certificate - shell: letsencrypt certonly -n --webroot -w /var/www/letsencrypt -m {{ email }} --agree-tos -d {{ api_domain }} - args: - creates: /etc/letsencrypt/live/{{ api_domain }} - - - name: Generate dhparams - shell: openssl dhparam -out /etc/nginx/dhparams.pem 2048 - args: - creates: /etc/nginx/dhparams.pem - - - name: Install nginx site for api - template: - src: templates/api.le.j2 - dest: /etc/nginx/sites-enabled/api_le - - - name: Reload nginx to activate specified site - service: name=nginx state=restarted - - - name: Add letsencrypt cronjob for cert renewal - cron: - name: letsencrypt_renewal - special_time: weekly - job: letsencrypt --renew certonly -n --webroot -w /var/www/letsencrypt -m {{ email }} --agree-tos -d {{ api_domain }} && service nginx reload diff --git a/ansible/roles/nginx/templates/api.j2 b/ansible/roles/nginx/templates/api.j2 deleted file mode 100644 index 234b064..0000000 --- a/ansible/roles/nginx/templates/api.j2 +++ /dev/null @@ -1,15 +0,0 @@ -server_tokens off; - -server { - listen 80 default_server; - server_name {{ api_domain }}; - - location /.well-known/acme-challenge { - root /var/www/letsencrypt; - try_files $uri $uri/ =404; - } - - location / { - rewrite ^ https://$host$request_uri? permanent; - } -} \ No newline at end of file diff --git a/ansible/roles/nginx/templates/api.le.j2 b/ansible/roles/nginx/templates/api.le.j2 deleted file mode 100644 index e9737de..0000000 --- a/ansible/roles/nginx/templates/api.le.j2 +++ /dev/null @@ -1,21 +0,0 @@ -server { - listen 443 ssl default deferred; - server_name {{ api_domain }}; - - ssl on; - ssl_certificate /etc/letsencrypt/live/{{ api_domain }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ api_domain }}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{{ api_domain }}/fullchain.pem; - - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; - - ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - ssl_dhparam /etc/nginx/dhparams.pem; - - location / { - proxy_pass http://127.0.0.1:8025; - } -} \ No newline at end of file diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2 deleted file mode 100644 index 6784a69..0000000 --- a/ansible/roles/nginx/templates/nginx.conf.j2 +++ /dev/null @@ -1,35 +0,0 @@ -user www-data; -worker_processes 4; -pid /run/nginx.pid; - -events { - worker_connections 2000; -} - -http { - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - proxy_connect_timeout 600; - proxy_send_timeout 600; - proxy_read_timeout 600; - send_timeout 600; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - gzip on; - gzip_disable "msie6"; - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} \ No newline at end of file