From 2847a294cf02bbfcfda5d25c8b979d2ba0479e51 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 15:46:08 +0200
Subject: [PATCH 01/22] Rename caliopen cert and key to match naming

---
 roles/nginx/files/{caliopen.crt => caliopen.org.crt} | 0
 roles/nginx/files/{caliopen.key => caliopen.org.key} | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename roles/nginx/files/{caliopen.crt => caliopen.org.crt} (100%)
 rename roles/nginx/files/{caliopen.key => caliopen.org.key} (100%)

diff --git a/roles/nginx/files/caliopen.crt b/roles/nginx/files/caliopen.org.crt
similarity index 100%
rename from roles/nginx/files/caliopen.crt
rename to roles/nginx/files/caliopen.org.crt
diff --git a/roles/nginx/files/caliopen.key b/roles/nginx/files/caliopen.org.key
similarity index 100%
rename from roles/nginx/files/caliopen.key
rename to roles/nginx/files/caliopen.org.key

From a57645a99ab81234d25d8d58f46977283ed5617b Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 15:47:03 +0200
Subject: [PATCH 02/22] Install also the base *.caliopen.org cert

---
 roles/nginx/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 0ce382a..7765c67 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -15,6 +15,8 @@
   with_items:
     - "{{ caliopen_domain_name }}.crt"
     - "{{ caliopen_domain_name }}.key"
+    - "{{ caliopen_base_domain }}.crt"
+    - "{{ caliopen_base_domain }}.key"
 
 - name: install prometheus nginx metric exporter
   git:

From dde0ff63d36d629bbac4b1a3fb6a8ae2d4c7b340 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 15:47:47 +0200
Subject: [PATCH 03/22] Add role for docker registry

---
 deploy-registry.yaml                          |  7 ++
 hosts.template                                | 22 +++++
 roles/registry/files/docker-compose.yml       | 10 +++
 roles/registry/files/registry.htpasswd        |  9 +++
 roles/registry/tasks/main.yml                 | 25 ++++++
 .../templates/docker-registry.nginx.j2        | 80 +++++++++++++++++++
 6 files changed, 153 insertions(+)
 create mode 100644 deploy-registry.yaml
 create mode 100644 roles/registry/files/docker-compose.yml
 create mode 100644 roles/registry/files/registry.htpasswd
 create mode 100644 roles/registry/tasks/main.yml
 create mode 100644 roles/registry/templates/docker-registry.nginx.j2

diff --git a/deploy-registry.yaml b/deploy-registry.yaml
new file mode 100644
index 0000000..c9279dd
--- /dev/null
+++ b/deploy-registry.yaml
@@ -0,0 +1,7 @@
+- hosts: registry
+  roles:
+    - common-no-vlan
+    - nginx
+    - docker
+    - registry
+    - drone
\ No newline at end of file
diff --git a/hosts.template b/hosts.template
index 222c767..cbccef6 100644
--- a/hosts.template
+++ b/hosts.template
@@ -4,12 +4,14 @@ caliopen
 gateway
 storage
 smtp
+citools
 
 [services:vars]
 dist_directory=./dist
 object_store_access_key=SZ1BBGKTD2N13E0W5L8N
 object_store_secret_key=qTsjiThBQA2NH6ZO32tCwCC6wcC8ValVLR16XUsB
 caliopen_domain_name=alpha.caliopen.org
+caliopen_base_domain=caliopen.org
 caliopen_nameservers=["155.133.128.67", "155.133.128.65"]
 
 # Vault
@@ -20,6 +22,20 @@ vault_worker_password=TO_BE_DEFINED
 vault_cert_path=/etc/vault/alpha.caliopen.org.crt
 vault_key_path=/etc/vault/alpha.caliopen.org.key
 
+# Docker registry
+registry_path=/etc/docker-registry
+
+# Drone
+drone_path=/etc/drone
+# Github OAuth
+DRONE_GITHUB_CLIENT=
+DRONE_GITHUB_SECRET=
+# Agent/Server communication
+DRONE_SECRET=this_should_be_a_secret
+# List of admins, Github usernames
+DRONE_ADMIN=
+DRONE_HOST=drone.caliopen.org
+
 # Version of installed software out of host packaging
 
 # monitoring platform
@@ -61,6 +77,9 @@ cache
 mq
 object_store
 
+[citools:children]
+registry
+
 [store]
 store1 ansible_host=ip_store1 ansible_user=root backend_ip=backend_store1
 store2 ansible_host=ip_store2 ansible_user=root backend_ip=backend_store2
@@ -107,3 +126,6 @@ mail1 ansible_host=ip_mail1 ansible_user=root backend_ip=backend_mail1
 
 [logstash]
 logstash1 ansible_host=ip_logstash1 ansible_user=root backend_ip=backend_logstash1
+
+[registry]
+registry1 ansible_host=ip_registry1 ansible_user=root backend_ip=backend_registry1
\ No newline at end of file
diff --git a/roles/registry/files/docker-compose.yml b/roles/registry/files/docker-compose.yml
new file mode 100644
index 0000000..b6e61fc
--- /dev/null
+++ b/roles/registry/files/docker-compose.yml
@@ -0,0 +1,10 @@
+version: '2'
+
+services:
+
+  registry:
+    image: registry:2
+    ports:
+      - 127.0.0.1:5000:5000
+    volumes:
+      - ./data:/var/lib/registry
diff --git a/roles/registry/files/registry.htpasswd b/roles/registry/files/registry.htpasswd
new file mode 100644
index 0000000..4ebf219
--- /dev/null
+++ b/roles/registry/files/registry.htpasswd
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+38343563333862323230616439303037656531306339656132306539616132336336306639633435
+6135323263643732326538376531323234626235303935660a366437333130323531333765343965
+34363962323665386161633939613337663334616266646235663064303965623062333663636162
+6162386564383466320a613162383438303131336566336163376637363465653264643038646364
+38396436393663343432333830333236383433633361393638393433383563633437666137383132
+62623633616639653832653235643665323734393137636331613065616461313131316339396531
+31303030656564383632643237363130353664643233313137303632396465323962363638383436
+66306230373632383730
diff --git a/roles/registry/tasks/main.yml b/roles/registry/tasks/main.yml
new file mode 100644
index 0000000..2bd0c76
--- /dev/null
+++ b/roles/registry/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: create docker-registry directory
+  file:
+    path: "{{ registry_path }}"
+    state: directory
+
+- name: copy compose file for registry server
+  copy: src=docker-compose.yml dest={{ registry_path }}/docker-compose.yml
+
+- name: start docker-registry
+  shell: docker-compose up -f {{ registry_path }}/docker-compose.yml
+
+- name: copy registry pass file
+  copy:
+    src: registry.htpasswd
+    dest: /etc/nginx/auth/registry.htpasswd
+
+- name: configure nginx vhost
+  template:
+    src: docker-registry.nginx.j2
+    dest: /etc/nginx/sites-enabled/docker-registry 
+
+- name: restart service nginx
+  service:
+    name: nginx
+    state: restarted
diff --git a/roles/registry/templates/docker-registry.nginx.j2 b/roles/registry/templates/docker-registry.nginx.j2
new file mode 100644
index 0000000..fdf2f3c
--- /dev/null
+++ b/roles/registry/templates/docker-registry.nginx.j2
@@ -0,0 +1,80 @@
+http {
+
+  upstream docker-registry {
+    server registry:5000;
+  }
+
+  map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
+    '' 'registry/2.0';
+  }
+
+  server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name registry.{{ caliopen_base_domain }};
+
+    ssl_certificate     /etc/nginx/certs/{{ caliopen_base_domain }}.crt;
+    ssl_certificate_key /etc/nginx/certs/{{ caliopen_base_domain }}.key;
+    ssl_prefer_server_ciphers On;
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
+    ssl_session_cache shared:SSL:10m;
+
+    client_max_body_size 0;
+    chunked_transfer_encoding on;
+
+    location /v2/ {
+
+    	if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+    	  return 404;
+    	}
+
+    	auth_basic "Registry realm";
+    	auth_basic_user_file /etc/nginx/auth/registry.htpasswd;
+
+    	add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
+
+    	proxy_pass http://docker-registry;
+    	proxy_set_header Host $http_host;
+    	proxy_set_header X-Real-IP $remote_addr;
+    	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    	proxy_set_header X-Forwarded-Proto $scheme;
+    	proxy_read_timeout 900;
+    }
+  }
+
+  server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name public-registry.{{ caliopen_base_domain }};
+
+    ssl_certificate     /etc/nginx/certs/{{ caliopen_base_domain }}.crt;
+    ssl_certificate_key /etc/nginx/certs/{{ caliopen_base_domain }}.key;
+    ssl_prefer_server_ciphers On;
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
+    ssl_session_cache shared:SSL:10m;
+
+    client_max_body_size 0;
+    chunked_transfer_encoding on;
+    
+    if ($request_method !~ ^(GET|HEAD)$ ) {
+      return 444;
+    }
+
+    location /v2/ {
+
+      if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+        return 404;
+      }
+
+      auth_basic off;
+
+      add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
+	
+      proxy_pass http://docker-registry;
+      proxy_read_timeout 900;
+    }   
+  }
+
+}

From 1d4c868dbaef49dd1134a03148bbb4c2abb65864 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 15:50:00 +0200
Subject: [PATCH 04/22] Add base role for vms not connected to private vlan

---
 roles/common-no-vlan/files/ssh_authorized_keys | 8 ++++++++
 roles/common-no-vlan/tasks/main.yml            | 4 ++++
 2 files changed, 12 insertions(+)
 create mode 100644 roles/common-no-vlan/files/ssh_authorized_keys
 create mode 100644 roles/common-no-vlan/tasks/main.yml

diff --git a/roles/common-no-vlan/files/ssh_authorized_keys b/roles/common-no-vlan/files/ssh_authorized_keys
new file mode 100644
index 0000000..b94fd4c
--- /dev/null
+++ b/roles/common-no-vlan/files/ssh_authorized_keys
@@ -0,0 +1,8 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5+2ViaP1ktWlzMCY4IOJOV1K0TH1GstHzoMdeIf9ihiSz7nR7wKcYJMC6KlmOYVQzftENXHQZAtbL4tVPLpLWXN+4fCn+pbQVu47P3QCH9Ez0d23p4byZl5h+qyx0dJv/ltc71X6NIvHH2WXmvvy+Bda4b1NVpJN/voiMoihipsjPPeL+s6B+3dw6PD3h5vvzvJCrfkKGijoT74+BbjYimwmNsaDRQH9tIMaTVeV7ZIe9qfxg5fkg4WsFl9mzikbqYzdBgiC2XeK/L4w3FJONALAEy7FTsUdNaenKxTn4zw/9qdV20TqYEyCbYlANS+2NMLYxeSqdpYB3yvePoucOw== mric@gandi.net
+ssh-dss AAAAB3NzaC1kc3MAAACBAM686CNkUeMiHvr/1tj4zRaJMqAgZAFCuX6WmocNHleTLG2yWcQPAIXKONp++AJ78woEERCTB2otJSsP4Ur8q/K95UiPYmtRJ/wwTI4ojrCk4BmK9KK2hb0OONOL0SvX/sUZlddFtAZ2xnSFD6YC4gtANE1nnojo2/BOrgs9h13tAAAAFQCkqnmRZOK29LK8OPI+095IzI0YMQAAAIAf3BB/TX2mZWGtB9PivKybt+QPMx5YWA43jK6NippTIVq60ihvcnVKpAQDt0llZn4J5qoEgVHwELr+4F6vMz2HP3ZviQ3c/4hlIpfknVsFLgMkJynKZaJLTe+Afwv1r+8DAA2+/SvtwLjFIDcbkTgGdxiyInD8rDyprKQ7nI3sNwAAAIABuUMiFMmpkARmatAJoXjFm2V1JIyycuJdMqJMUoq9m7kjJB4r55+eTLEtIvtBs/LnlAUTl2kCQszEax4VlLGiEEH/hWryaePRuosEv1issiISiluJmIQcJU+vgAHApyGH6uVCWzoc58or5rnQto22MEcH/qHIggTuKIfQvz8Hhg== esion99@gmail.com
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzWy1ckqww3CP8BPB56tfHwN7Wh+/4dpByhwTpb5lXpfjNvI3KNaz3835oa/cHvxt34alBHdhG65eUQOYOX3frXGEPxFPCjADPBh0+WAa00IpFLCyvsVxOutBU9Fu5eGVVcmIC5gq4M21zUppbiFzppc/7a8W/xz4W17LzuqzRRaerz5WcYNE5uf+arqW2zrmWA5Nhwjo2C1Q0qB8a+6Nvg14OAKyYL8P2eTUmzmK+Dv3oCwgqLZalx1djjmFv3N6SWdOLK92Jq3/b6Xb9RHCALP1/wnVtmzKFaCtspBpDs9eU6f6G4hP67sRobimMWdB/EibLlLDw3Sul6j6CK6Qd8QMJwR5cU2+lmSQXlwlvRmgvhayPUNJEwR0nY3uiHoybJzClF3LOljn7RkqBUY6ud3y1L1OUbJvUYw9ou6gd61HGqXFjuD8hLDRBdCaAzlPm1Wm6eAY01bLOcKcXdqNJOoSh/ZKAdT5VvmPZgbit9c5OitujNGs3wkI2O+DydMa/UBJbdzQdh+QZLVFzQ1qO2BPkQCQ2TZBad0YqtlTxGiB+cEwIx4dkYfJcbWcrVZs04g24otMQOnb+1KcISKcqVR/qOWvFzaBMa8uXu6JoDE2qL6R1q+uls+gMFFIKoy16C3skg7jxydlgXEfiURWNy3RkIEgMSEkGz9dxDv8UAQ== david.epely@gandi.net
+ssh-dss AAAAB3NzaC1kc3MAAACBAMZ50GLnHEvUFvMQsHBRdlUka0ikKOmpTt7etALYXfDSsR6ItF1r3evY74bDGrQjD6SwOHiwfnDsUH6pw8OydHH17803JBhUjDe2/NEhmaAqOmI+sLTknHVJZwDEVLhvXBaFTQcT4qEGgG0XYxM+EZ7vBirodzvGwBpwXnmMlNA3AAAAFQDVlmYkBh8rhBbJwZpmWGaGDPjFBQAAAIEAl4shqD8f64XTqcaJ456j5vghvElyPN1T8JoqlUg7iyzFeRnHlcGZkN3nw+aB1DVHIRIBA5hGk0TOCXgGRNkcgtDn6Wj9R0A2Wow/reFFPjio+NIM5YaNVqUPirFMWOO+cVhCaN3RvIHjWzGM+oQjk2LGxpN/Tzh2UyF7O3FLU6MAAACAcH39fUlEERGhrfx6cyKv7jjoChOsHKc/Wix3QyU7jq7Ta5iVjOGBOR1nYL5JKJWnEhIx/g5N+NAuvvzLIe/x4vlFo8PLk0obCXDeOsucuwWpcCldYE3GqTJZzxnCOIkdjooszQhztmxe1bBP/Aib7KyogaJmKrQv6BOjWQhx/TE= laurent@brasil
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPQJeSOFDn9N73xOkJvWS97CvGQLarKI6n2kaA4cLzx root@argentina
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCm70qHMJSqaQKJdoNOzrfCo+1pzlhqHIFBozI5VCiMwA6Nr2qEHD+VgSbhDByX0xdgv9cwIcxvVzWMZPn8QM2ZewvNgPHoQxH4ae3pWjTM+W8qqaNjBfWuarinwt7gO8jT8i55AcMa5ctihvXWE3jTM6EHcaKTngFD1NYFj5tS4Zrw9a5nK1ZRsMrPF6Wte9S3e2PWiPYiT8uCauNUB5Xi6r1BxzMtviJddZmv0r4WQL3QD672Gmia6xhIybiIFTOID+N4cAARKZKh7WSlcx4qA1umWLd1nst5HgyK4SfFhSPd+2XJLsPc1cZpVVfjJRGomLi7yxu4P8VMaKwwCiuj stan@BobyLap
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdqFMRQx+OI+3b8st+ho1Ioqp3wiQqqMlMKiNjDC1rUiQ5sGhGT1uxBzxWSA8UjyfJmYaJhllfe5Tjp2D1lUyXX2tX0QCMM1doHON/29wjBXxBgtP7i5focNAv6KP2suSuyFuIRpP3MuEyieQgyH0atL1FxNpQIrvnOrdiw609T4xfLTWfad+jjtIo3qq3Rvb7TpI9h0lBcgJEHPSjsapYenFPNCaRE+3oye37OtYdWaF9ozdHkRBDj8mp23bitJSwltYOhYZlVs8fVyBr30+z4tSwNMizl7DCrr+rJFBCRwoHUOLo82LuJf1ivQwu3mC77JJgWsiycMYnKPOamDwv pablo@pablo
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTHau8idcljL+CRudl/i0HPzKbTxYk+qSJg26ql/K+BJF5uS360jYt9MW+C4qLSfYBtY0Ywcb7ePeO+1I/BjAdf6BtzxnNCYDnKptPMlkq9E0caMcDuuYFNG8BZQ6HcVmIbCns6aa0cXRGZcIBeHFAWfveocPdpcnTOXbFItV4ndFhm+KsCaJ9uQUxmJZMuUYoA/mmIgizddevh+bWMyN2/ntLhCvXucKti79sUoGVo5Ihk4KKXYxmZkWMJeY6y72TMeMx/KOJuoI5bkaLl/Y7oF8g7gzghmF56yI0uev83CyY1Mi+nF+qYqcjA9W9UVzx/xlkt3vhVyQ0C7hywoW1SPultSOr2ovtaEEFG16phOhWCNTwc1fUBwDv+UHHSgDjUQw1XBeMpTyW3d0Kys6bqvdisT9Z8n364BNDs2wC5VpctOLMyWXOt7stql56625fjMTGZYxD/+b4IvyW+qP9JRSjeeqb03PXoT+45V57s6UxJpIihjZSrEqJ1ZXAD0tLv3Fsj1KHNQi8da+P0ph33XeplCGPhRBohiL3obxWSDZ/WX0MaX4tgICqDHAkSGrDJkeF8dgNAtO2+m44oty6U/ztnuSKQGBXACxbpS+M8YfPFTyBkjrOtfqk0R/MgdG2gxvPyYPG3ody20QcYzTbG9LrtOReN58kPt4D/3Mp2w== dev@lanza.fr
diff --git a/roles/common-no-vlan/tasks/main.yml b/roles/common-no-vlan/tasks/main.yml
new file mode 100644
index 0000000..6b140f0
--- /dev/null
+++ b/roles/common-no-vlan/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: install ssh authorized keys
+  copy: src=ssh_authorized_keys dest=/root/.ssh/authorized_keys mode=0600
+  tags:
+    - ssh

From 3f0a2de9e1563a5f8b599cff2c35c636e579b5ab Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 15:50:37 +0200
Subject: [PATCH 05/22] Role to install docker on machines that need it

---
 roles/docker/tasks/main.yml | 39 +++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 roles/docker/tasks/main.yml

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
new file mode 100644
index 0000000..bec9109
--- /dev/null
+++ b/roles/docker/tasks/main.yml
@@ -0,0 +1,39 @@
+- name: install dependencies
+  apt: package={{ item }} state=installed update_cache=yes
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+    - curl
+    - gnupg2
+    - software-properties-common
+
+- name: add apt key
+  apt_key:
+    url: https://download.docker.com/linux/debian/gpg
+    state: present
+
+- name: get debian version
+  shell: lsb_release -cs
+  register: debian_version
+
+- name: Add docker apt repo
+  apt_repository:
+    repo: 'deb [arch=amd64] https://download.docker.com/linux/debian {{ debian_version }} stable'
+    filename: docker
+    state: present
+
+- name: install docker ce
+  apt: package={{ item }} update_cache=yes
+  with_items:
+    - docker-ce
+
+- name: start docker
+  service:
+    name: docker
+    state: restarted
+
+- name: install docker compose
+  get_url:
+    url: https://github.com/docker/compose/releases/download/1.22.0/docker-compose-Linux-x86_64
+    dest: /usr/local/bin/docker-compose
+    mode: 0550
\ No newline at end of file

From beca8549997ae1471e39a097dafd38dd68988ef5 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 15:51:23 +0200
Subject: [PATCH 06/22] Add role for drone server

---
 roles/drone/tasks/main.yml                  | 20 +++++++++++++
 roles/drone/templates/docker-compose.yml.j2 | 33 +++++++++++++++++++++
 roles/drone/templates/drone.nginx.j2        | 33 +++++++++++++++++++++
 3 files changed, 86 insertions(+)
 create mode 100644 roles/drone/tasks/main.yml
 create mode 100644 roles/drone/templates/docker-compose.yml.j2
 create mode 100644 roles/drone/templates/drone.nginx.j2

diff --git a/roles/drone/tasks/main.yml b/roles/drone/tasks/main.yml
new file mode 100644
index 0000000..67126b8
--- /dev/null
+++ b/roles/drone/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: create drone directory
+  file:
+    path: "{{ drone_path }}"
+    state: directory
+
+- name: copy compose file for registry server
+  template: src=docker-compose.yml.j2 dest={{ drone_path }}/docker-compose.yml
+
+- name: start drone
+  shell: docker-compose up -f {{ drone_path }}/docker-compose.yml
+
+- name: configure nginx vhost
+  template:
+    src: drone.nginx.j2
+    dest: /etc/nginx/sites-enabled/drone
+
+- name: restart service nginx
+  service:
+    name: nginx
+    state: restarted
diff --git a/roles/drone/templates/docker-compose.yml.j2 b/roles/drone/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..ac13367
--- /dev/null
+++ b/roles/drone/templates/docker-compose.yml.j2
@@ -0,0 +1,33 @@
+version: '2'
+
+services:
+
+  drone-server:
+    image: drone/drone
+    ports:
+      - 80:8000
+      - 9000
+    volumes:
+      - ./drone/:/var/lib/drone/
+    restart: always
+    environment:
+      - DRONE_OPEN=true
+      - DRONE_HOST={{ DRONE_HOST }}
+      - DRONE_GITHUB=true
+      - DRONE_ORGS=CaliOpen
+      - DRONE_GITHUB_CLIENT={{ DRONE_GITHUB_CLIENT }}
+      - DRONE_GITHUB_SECRET={{ DRONE_GITHUB_SECRET }}
+      - DRONE_SECRET={{ DRONE_SECRET }}
+      - DRONE_ADMIN={{ DRONE_ADMIN }}
+
+  drone-agent:
+    image: drone/agent
+    command: agent
+    restart: always
+    depends_on:
+      - drone-server
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - DRONE_SERVER=drone-server:9000
+      - DRONE_SECRET={{ DRONE_SECRET }}
diff --git a/roles/drone/templates/drone.nginx.j2 b/roles/drone/templates/drone.nginx.j2
new file mode 100644
index 0000000..c7c12ad
--- /dev/null
+++ b/roles/drone/templates/drone.nginx.j2
@@ -0,0 +1,33 @@
+http {
+  
+    upstream drone {
+        server drone-server:8000;
+    }
+
+    server {
+        listen 443 ssl;
+        listen [::]:443 ssl:
+        server_name drone.{{ caliopen_base_domain }};
+
+        ssl_certificate     /etc/nginx/certs/{{ caliopen_base_domain }}.crt;
+        ssl_certificate_key /etc/nginx/certs/{{ caliopen_base_domain }}.key;
+        ssl_prefer_server_ciphers On;
+        ssl_protocols TLSv1.1 TLSv1.2;
+        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
+        ssl_session_cache shared:SSL:10m;
+
+        location / {
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header Host $http_host;
+
+            proxy_pass http://drone;
+            proxy_redirect off;
+            proxy_http_version 1.1;
+            proxy_buffering off;
+
+            chunked_transfer_encoding off;
+        }
+    }
+
+}
\ No newline at end of file

From 5a0cb4b399225c32fcc7c57c14e3890cecbe4c69 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 16:17:30 +0200
Subject: [PATCH 07/22] Nginx not running as a container the IP is needed

---
 roles/drone/templates/drone.nginx.j2              | 2 +-
 roles/registry/templates/docker-registry.nginx.j2 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/drone/templates/drone.nginx.j2 b/roles/drone/templates/drone.nginx.j2
index c7c12ad..8124089 100644
--- a/roles/drone/templates/drone.nginx.j2
+++ b/roles/drone/templates/drone.nginx.j2
@@ -1,7 +1,7 @@
 http {
   
     upstream drone {
-        server drone-server:8000;
+        server 127.0.0.1:8000;
     }
 
     server {
diff --git a/roles/registry/templates/docker-registry.nginx.j2 b/roles/registry/templates/docker-registry.nginx.j2
index fdf2f3c..423744d 100644
--- a/roles/registry/templates/docker-registry.nginx.j2
+++ b/roles/registry/templates/docker-registry.nginx.j2
@@ -1,7 +1,7 @@
 http {
 
   upstream docker-registry {
-    server registry:5000;
+    server 127.0.0.1:5000;
   }
 
   map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {

From 16bcf7a158ccf984aa8ab33e0755d8d7debe0f47 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 16:31:18 +0200
Subject: [PATCH 08/22] Fix naming and end of files

---
 deploy-registry.yaml                 | 2 +-
 hosts.template                       | 8 ++++----
 roles/docker/tasks/main.yml          | 2 +-
 roles/drone/templates/drone.nginx.j2 | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/deploy-registry.yaml b/deploy-registry.yaml
index c9279dd..d6cb4b5 100644
--- a/deploy-registry.yaml
+++ b/deploy-registry.yaml
@@ -4,4 +4,4 @@
     - nginx
     - docker
     - registry
-    - drone
\ No newline at end of file
+    - drone
diff --git a/hosts.template b/hosts.template
index cbccef6..280c82d 100644
--- a/hosts.template
+++ b/hosts.template
@@ -10,8 +10,8 @@ citools
 dist_directory=./dist
 object_store_access_key=SZ1BBGKTD2N13E0W5L8N
 object_store_secret_key=qTsjiThBQA2NH6ZO32tCwCC6wcC8ValVLR16XUsB
-caliopen_domain_name=alpha.caliopen.org
-caliopen_base_domain=caliopen.org
+caliopen_domain_base=caliopen.org
+caliopen_domain_name=alpha.{{ caliopen_domain_base }}
 caliopen_nameservers=["155.133.128.67", "155.133.128.65"]
 
 # Vault
@@ -34,7 +34,7 @@ DRONE_GITHUB_SECRET=
 DRONE_SECRET=this_should_be_a_secret
 # List of admins, Github usernames
 DRONE_ADMIN=
-DRONE_HOST=drone.caliopen.org
+DRONE_HOST=drone.{{ caliopen_domain_base }}
 
 # Version of installed software out of host packaging
 
@@ -128,4 +128,4 @@ mail1 ansible_host=ip_mail1 ansible_user=root backend_ip=backend_mail1
 logstash1 ansible_host=ip_logstash1 ansible_user=root backend_ip=backend_logstash1
 
 [registry]
-registry1 ansible_host=ip_registry1 ansible_user=root backend_ip=backend_registry1
\ No newline at end of file
+registry1 ansible_host=ip_registry1 ansible_user=root backend_ip=backend_registry1
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index bec9109..5172240 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -36,4 +36,4 @@
   get_url:
     url: https://github.com/docker/compose/releases/download/1.22.0/docker-compose-Linux-x86_64
     dest: /usr/local/bin/docker-compose
-    mode: 0550
\ No newline at end of file
+    mode: 0550
diff --git a/roles/drone/templates/drone.nginx.j2 b/roles/drone/templates/drone.nginx.j2
index 8124089..68dcf0e 100644
--- a/roles/drone/templates/drone.nginx.j2
+++ b/roles/drone/templates/drone.nginx.j2
@@ -30,4 +30,4 @@ http {
         }
     }
 
-}
\ No newline at end of file
+}

From dba782f27394bd2808c237570d8d703ab1afc338 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 16:37:57 +0200
Subject: [PATCH 09/22] Variable is now named caliopen_domain_base

---
 roles/drone/templates/drone.nginx.j2              |  6 +++---
 roles/nginx/tasks/main.yml                        |  4 ++--
 roles/registry/templates/docker-registry.nginx.j2 | 12 ++++++------
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/roles/drone/templates/drone.nginx.j2 b/roles/drone/templates/drone.nginx.j2
index 68dcf0e..6114b48 100644
--- a/roles/drone/templates/drone.nginx.j2
+++ b/roles/drone/templates/drone.nginx.j2
@@ -7,10 +7,10 @@ http {
     server {
         listen 443 ssl;
         listen [::]:443 ssl:
-        server_name drone.{{ caliopen_base_domain }};
+        server_name drone.{{ caliopen_domain_base }};
 
-        ssl_certificate     /etc/nginx/certs/{{ caliopen_base_domain }}.crt;
-        ssl_certificate_key /etc/nginx/certs/{{ caliopen_base_domain }}.key;
+        ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
+        ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
         ssl_prefer_server_ciphers On;
         ssl_protocols TLSv1.1 TLSv1.2;
         ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 7765c67..559e04c 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -15,8 +15,8 @@
   with_items:
     - "{{ caliopen_domain_name }}.crt"
     - "{{ caliopen_domain_name }}.key"
-    - "{{ caliopen_base_domain }}.crt"
-    - "{{ caliopen_base_domain }}.key"
+    - "{{ caliopen_domain_base }}.crt"
+    - "{{ caliopen_domain_base }}.key"
 
 - name: install prometheus nginx metric exporter
   git:
diff --git a/roles/registry/templates/docker-registry.nginx.j2 b/roles/registry/templates/docker-registry.nginx.j2
index 423744d..e9dbcf2 100644
--- a/roles/registry/templates/docker-registry.nginx.j2
+++ b/roles/registry/templates/docker-registry.nginx.j2
@@ -11,10 +11,10 @@ http {
   server {
     listen 443 ssl;
     listen [::]:443 ssl;
-    server_name registry.{{ caliopen_base_domain }};
+    server_name registry.{{ caliopen_domain_base }};
 
-    ssl_certificate     /etc/nginx/certs/{{ caliopen_base_domain }}.crt;
-    ssl_certificate_key /etc/nginx/certs/{{ caliopen_base_domain }}.key;
+    ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
+    ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
     ssl_prefer_server_ciphers On;
     ssl_protocols TLSv1.1 TLSv1.2;
     ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
@@ -46,10 +46,10 @@ http {
   server {
     listen 443 ssl;
     listen [::]:443 ssl;
-    server_name public-registry.{{ caliopen_base_domain }};
+    server_name public-registry.{{ caliopen_domain_base }};
 
-    ssl_certificate     /etc/nginx/certs/{{ caliopen_base_domain }}.crt;
-    ssl_certificate_key /etc/nginx/certs/{{ caliopen_base_domain }}.key;
+    ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
+    ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
     ssl_prefer_server_ciphers On;
     ssl_protocols TLSv1.1 TLSv1.2;
     ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;

From b24fa8beb3164c9adb73c0f5c0ef64afb982c6db Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 16:43:25 +0200
Subject: [PATCH 10/22] VM should also be created...

---
 bin/create_gandi_vm.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bin/create_gandi_vm.sh b/bin/create_gandi_vm.sh
index 5a0233e..c496040 100755
--- a/bin/create_gandi_vm.sh
+++ b/bin/create_gandi_vm.sh
@@ -40,3 +40,6 @@ gandi vm create --memory 1024 --hostname worker1 --image "Debian 8" --size 10G -
 # SMTP
 # vlan ip range for smtp services : 192.168.1.32/29
 gandi vm create --memory 2048 --hostname mail1 --image "Debian 8" --size 20G --datacenter FR-SD3 --vlan alpha_vlan --ip 192.168.1.33 --ip-version 4
+
+# Registry
+gandi vm create --memory 2048 --hostname registry1 --image "Debian 8" --size 50G --datacenter FR-SD3 --ip-version 4
\ No newline at end of file

From b6fe69c128e24c12d8f0b3acd33837de555a663d Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 17:58:50 +0200
Subject: [PATCH 11/22] nginx conf files do not need http directive

---
 roles/drone/templates/drone.nginx.j2          |  48 ++++---
 .../templates/docker-registry.nginx.j2        | 120 +++++++++---------
 2 files changed, 80 insertions(+), 88 deletions(-)

diff --git a/roles/drone/templates/drone.nginx.j2 b/roles/drone/templates/drone.nginx.j2
index 6114b48..62c63aa 100644
--- a/roles/drone/templates/drone.nginx.j2
+++ b/roles/drone/templates/drone.nginx.j2
@@ -1,33 +1,29 @@
-http {
-  
-    upstream drone {
-        server 127.0.0.1:8000;
-    }
+upstream drone {
+    server 127.0.0.1:8000;
+}
 
-    server {
-        listen 443 ssl;
-        listen [::]:443 ssl:
-        server_name drone.{{ caliopen_domain_base }};
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name drone.{{ caliopen_domain_base }};
 
-        ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
-        ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
-        ssl_prefer_server_ciphers On;
-        ssl_protocols TLSv1.1 TLSv1.2;
-        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
-        ssl_session_cache shared:SSL:10m;
+    ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
+    ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
+    ssl_prefer_server_ciphers On;
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
+    ssl_session_cache shared:SSL:10m;
 
-        location / {
-            proxy_set_header X-Forwarded-For $remote_addr;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header Host $http_host;
+    location / {
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
 
-            proxy_pass http://drone;
-            proxy_redirect off;
-            proxy_http_version 1.1;
-            proxy_buffering off;
+        proxy_pass http://drone;
+        proxy_redirect off;
+        proxy_http_version 1.1;
+        proxy_buffering off;
 
-            chunked_transfer_encoding off;
-        }
+        chunked_transfer_encoding off;
     }
-
 }
diff --git a/roles/registry/templates/docker-registry.nginx.j2 b/roles/registry/templates/docker-registry.nginx.j2
index e9dbcf2..3c868f7 100644
--- a/roles/registry/templates/docker-registry.nginx.j2
+++ b/roles/registry/templates/docker-registry.nginx.j2
@@ -1,80 +1,76 @@
-http {
+upstream docker-registry {
+  server 127.0.0.1:5000;
+}
 
-  upstream docker-registry {
-    server 127.0.0.1:5000;
-  }
+map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
+  '' 'registry/2.0';
+}
 
-  map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
-    '' 'registry/2.0';
-  }
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  server_name registry.{{ caliopen_domain_base }};
+
+  ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
+  ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
+  ssl_prefer_server_ciphers On;
+  ssl_protocols TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
+  ssl_session_cache shared:SSL:10m;
+
+  client_max_body_size 0;
+  chunked_transfer_encoding on;
+
+  location /v2/ {
 
-  server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name registry.{{ caliopen_domain_base }};
+    if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+      return 404;
+    }
 
-    ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
-    ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
-    ssl_prefer_server_ciphers On;
-    ssl_protocols TLSv1.1 TLSv1.2;
-    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
-    ssl_session_cache shared:SSL:10m;
+    auth_basic "Registry realm";
+    auth_basic_user_file /etc/nginx/auth/registry.htpasswd;
 
-    client_max_body_size 0;
-    chunked_transfer_encoding on;
+    add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
 
-    location /v2/ {
+    proxy_pass http://docker-registry;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_read_timeout 900;
+  }
+}
 
-    	if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
-    	  return 404;
-    	}
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  server_name public-registry.{{ caliopen_domain_base }};
 
-    	auth_basic "Registry realm";
-    	auth_basic_user_file /etc/nginx/auth/registry.htpasswd;
+  ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
+  ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
+  ssl_prefer_server_ciphers On;
+  ssl_protocols TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
+  ssl_session_cache shared:SSL:10m;
 
-    	add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
+  client_max_body_size 0;
+  chunked_transfer_encoding on;
 
-    	proxy_pass http://docker-registry;
-    	proxy_set_header Host $http_host;
-    	proxy_set_header X-Real-IP $remote_addr;
-    	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    	proxy_set_header X-Forwarded-Proto $scheme;
-    	proxy_read_timeout 900;
-    }
+  if ($request_method !~ ^(GET|HEAD)$ ) {
+    return 444;
   }
 
-  server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name public-registry.{{ caliopen_domain_base }};
-
-    ssl_certificate     /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
-    ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
-    ssl_prefer_server_ciphers On;
-    ssl_protocols TLSv1.1 TLSv1.2;
-    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
-    ssl_session_cache shared:SSL:10m;
-
-    client_max_body_size 0;
-    chunked_transfer_encoding on;
-    
-    if ($request_method !~ ^(GET|HEAD)$ ) {
-      return 444;
-    }
+  location /v2/ {
 
-    location /v2/ {
+    if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+      return 404;
+    }
 
-      if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
-        return 404;
-      }
+    auth_basic off;
 
-      auth_basic off;
+    add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
 
-      add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
-	
-      proxy_pass http://docker-registry;
-      proxy_read_timeout 900;
-    }   
+    proxy_pass http://docker-registry;
+    proxy_read_timeout 900;
   }
-
 }

From bc0aebd6637d3bb617db3b3336e80c1bb896298c Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 18:02:31 +0200
Subject: [PATCH 12/22] Upgrade machine on start

---
 roles/common-no-vlan/tasks/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/common-no-vlan/tasks/main.yml b/roles/common-no-vlan/tasks/main.yml
index 6b140f0..a51226c 100644
--- a/roles/common-no-vlan/tasks/main.yml
+++ b/roles/common-no-vlan/tasks/main.yml
@@ -2,3 +2,6 @@
   copy: src=ssh_authorized_keys dest=/root/.ssh/authorized_keys mode=0600
   tags:
     - ssh
+
+- name: upgrade packages
+  shell: apt-get upgrade -y

From 11db4ff6f1963b010992dff53caa46cc46a1dade Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 18:02:50 +0200
Subject: [PATCH 13/22] fix docker compose command

---
 roles/docker/tasks/main.yml | 8 ++------
 roles/drone/tasks/main.yml  | 2 +-
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 5172240..bb8d01f 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -2,8 +2,8 @@
   apt: package={{ item }} state=installed update_cache=yes
   with_items:
     - apt-transport-https
-    - ca-certificates
     - curl
+    - ca-certificates
     - gnupg2
     - software-properties-common
 
@@ -12,13 +12,9 @@
     url: https://download.docker.com/linux/debian/gpg
     state: present
 
-- name: get debian version
-  shell: lsb_release -cs
-  register: debian_version
-
 - name: Add docker apt repo
   apt_repository:
-    repo: 'deb [arch=amd64] https://download.docker.com/linux/debian {{ debian_version }} stable'
+    repo: "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable"
     filename: docker
     state: present
 
diff --git a/roles/drone/tasks/main.yml b/roles/drone/tasks/main.yml
index 67126b8..397c49b 100644
--- a/roles/drone/tasks/main.yml
+++ b/roles/drone/tasks/main.yml
@@ -7,7 +7,7 @@
   template: src=docker-compose.yml.j2 dest={{ drone_path }}/docker-compose.yml
 
 - name: start drone
-  shell: docker-compose up -f {{ drone_path }}/docker-compose.yml
+  shell: docker-compose -f {{ drone_path }}/docker-compose.yml up -d
 
 - name: configure nginx vhost
   template:

From 1a0ace94371b6a8a3aad9597a1b36d027408ecf3 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 18:03:25 +0200
Subject: [PATCH 14/22] Create auth directory

---
 roles/registry/tasks/main.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/registry/tasks/main.yml b/roles/registry/tasks/main.yml
index 2bd0c76..8c3b6f2 100644
--- a/roles/registry/tasks/main.yml
+++ b/roles/registry/tasks/main.yml
@@ -7,7 +7,12 @@
   copy: src=docker-compose.yml dest={{ registry_path }}/docker-compose.yml
 
 - name: start docker-registry
-  shell: docker-compose up -f {{ registry_path }}/docker-compose.yml
+  shell: docker-compose -f {{ registry_path }}/docker-compose.yml up -d
+
+- name: create auth files directory
+  file:
+    path: /etc/nginx/auth
+    state: directory
 
 - name: copy registry pass file
   copy:

From f3926a45f8b8fa47b7eef6525fc84eb7684ee2aa Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 26 Jul 2018 18:03:55 +0200
Subject: [PATCH 15/22] add tag to skip monitoring tasks

---
 roles/nginx/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 559e04c..9bd67bc 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -22,10 +22,12 @@
   git:
     repo: "https://github.com/knyar/nginx-lua-prometheus.git"
     dest: /srv/nginx-lua-prometheus
+  tags: monitoring
 
 - name: configure lua
   template: src=lua.conf.j2 dest=/etc/nginx/conf.d/lua.conf
   notify: restart nginx
+  tags: monitoring
 
 - name: remove default nginx site
   file:

From 1d040fa84ccfc845bef9a68803935502843742d8 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Fri, 27 Jul 2018 10:29:03 +0200
Subject: [PATCH 16/22] Update caliopen certs

---
 roles/nginx/files/caliopen.org.crt |  19 ++--
 roles/nginx/files/caliopen.org.key | 176 ++++++++++++++---------------
 2 files changed, 97 insertions(+), 98 deletions(-)

diff --git a/roles/nginx/files/caliopen.org.crt b/roles/nginx/files/caliopen.org.crt
index 13b21d6..bb36221 100644
--- a/roles/nginx/files/caliopen.org.crt
+++ b/roles/nginx/files/caliopen.org.crt
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIE/TCCA+WgAwIBAgIRAIn6T0qtHCKnhWVOo9GJrm0wDQYJKoZIhvcNAQELBQAw
+MIIE/TCCA+WgAwIBAgIRAKO4AoUUaIjbwWmDEdaT8JQwDQYJKoZIhvcNAQELBQAw
 XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
 MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
-MB4XDTE3MDIwMTAwMDAwMFoXDTE4MDMwOTIzNTk1OVowYjEhMB8GA1UECxMYRG9t
+MB4XDTE4MDIxNTAwMDAwMFoXDTIwMDMzMDIzNTk1OVowYjEhMB8GA1UECxMYRG9t
 YWluIENvbnRyb2wgVmFsaWRhdGVkMSQwIgYDVQQLExtHYW5kaSBTdGFuZGFyZCBX
 aWxkY2FyZCBTU0wxFzAVBgNVBAMMDiouY2FsaW9wZW4ub3JnMIIBIjANBgkqhkiG
 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ke+cfirm6IeW1NCIBYADlSu6BzfkfgO0u5w
@@ -20,12 +20,12 @@ dXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUw
 PAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5k
 YXJkU1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0
 LmNvbTAnBgNVHREEIDAegg4qLmNhbGlvcGVuLm9yZ4IMY2FsaW9wZW4ub3JnMA0G
-CSqGSIb3DQEBCwUAA4IBAQBfgKcVApJwM6dWGh/cFn46laoBNqyBBZr/Szlw1w7X
-a73j+Eh4tCCNgwozPq834UUavbzP0K5SlDyenYAzHbKwXZDa+R/tdos84ike46Z3
-Wtd0kTUdv0K7L/sIJCWWGiyVs5V8zPQ0T+o4B77Bd745fapLYQQJ5D8RLTHDurgq
-hzg/bQ7CG9XbXSzWm+ZB66VYMZjQg8h1nC/I1mPA1D6J2IvMhwZYvukOlarH/o0+
-5Dq1B5LLsI4i1EVnbHEwg2a8HqgB1xvBjSieXs7JSCulLphd37HInaLvhan76l34
-EqNISm/xqIWpge/Dg1VxKe9p7WWlNj/EQH2e56Pn8i9f
+CSqGSIb3DQEBCwUAA4IBAQBIp+2X3cN7EHUXcz8cLp/9sP05PAz/HIEawdkX/muv
+uWEctln2Pdg2YR3GWaCVFYAIOOaTpG5gFFysQ9E0d7hex4obKaWMeMFjw3aJMXcN
+P1WO6YL3zgabeK+C4+ZupMhrS/G4hw3dIIDE54YXtY4NidkPE+9cvhMNWgNQvLdT
+irDqRMX+dNt0BKVksXty2F++Y+zdOeEUHnI/l4A09Q0b4bxGX4cwjGydDUR+3uKF
+6YGyTqOtXXd1z8sR0oUmUDEBk0XFWqSU+zLrqfhaSUcIvykdKBHPOphWE3g1xxrB
+fWA/1c0//CFBR++Q5LcO1tFiWkZKJBdq1LPbtQIcuVdc
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIF6TCCA9GgAwIBAgIQBeTcO5Q4qzuFl8umoZhQ4zANBgkqhkiG9w0BAQwFADCB
@@ -92,5 +92,4 @@ YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
 Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
 Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
 0fKtirOMxyHNwu8=
------END CERTIFICATE-----
-
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/roles/nginx/files/caliopen.org.key b/roles/nginx/files/caliopen.org.key
index c8a338c..8b3266b 100644
--- a/roles/nginx/files/caliopen.org.key
+++ b/roles/nginx/files/caliopen.org.key
@@ -1,89 +1,89 @@
 $ANSIBLE_VAULT;1.1;AES256
-39666235356531396565653736306630383466626530323634303263386439633137313439383335
-6130383664356363356365323239356534303564383831640a313164363362646434653565363630
-36613136623138663266343636666463646330356535373832616664343362666434316531663763
-6333663139373062390a323938383838343535356637386232323035323537353830306536663933
-64623139316239373836386236646166333364363533323562356538623534663935363932633333
-62383663313566303934656461326630616262616362653066613938373232663432326430323532
-64353662386532663361333962643961653730303365613434613665663365653638343261393962
-33383434626464346563383564636439653033343432313166386462373137363464393734313736
-33623231663834383232613161616532613139363363313834653430353561313735623036353738
-65336337646134643863363662616237356633303265316633633835376330303239383961346633
-30353032326434633439303861353464613131343262383433336631623364613134616535393762
-37336434363231313365663062363663303439333465383234393662373664663334343064313733
-64656638323337313535396562623461633032633931323663633734313034666131303131643134
-31353738656335333837373566366665643465343930306666646235646663393063323739343163
-65333765333162643834366234353166396335363833616233363635313465663633353135346536
-38343361366633613338633066366666353161636465663732663438663233316665316537373133
-66306333356635333234303132323264653161643831323132356635633338343463653636656161
-65633739306531383932636366333961666636353266646538356265656338313165376137653132
-30306333373339356430396462323237376139303565346433316231626537633663356531666137
-64343831366138373532303466373232623133386664323666306530303466613561653930386336
-34616565343061373135663830386233396662363861633161303136386261323438396263376139
-39633564383563333136346564653135626238376561316164656230373039386337373334356362
-61393366363261326163663638613031613239363135356234326464376435393037396230623438
-32643337373263323863636337663465366630376237396530356133316536393965633364616231
-65346261383432333138343263353039323933356237623130336335666466383462323265333333
-34326664633738303061333534313466636636666631643534326532643331663235353732383462
-33393631663835316134623035333633623034656430343737613339323135393236653334333563
-66333036663632326236383930326665616539626634663764303063656334613035613931393434
-34383136386233326238353637616635666563333766363461346333393037343063303961666361
-33323437323933396234353234366337316139333263396134663936383533656263323834636661
-36303231643836623963346465636437313361653666323731333135386330636238353765643032
-31346436383939636239313964363738376539373566353663333762653965616664316435373062
-31376632303263353661643531613130646438663433303966633361343938383031336532396466
-32646162313434306137623536666634353564353532303938656633353437666566316666613636
-34346261306366326338663463363439643134333238626666366261623436663463306161336262
-37363865373965343032313339323339396163386663643638633538346163336635653734333935
-30316534343334386231343632343532623466386633376636633437326366383964393962663162
-33333236366338303431633364313461313265663534393661333132626438633863376362356639
-35376436633366396232636664653739343335353165363936366565313565623037323138343538
-34373534393535616639346638666633616630323539396237373233303639323662643036326136
-37653338313937633932356138666331396539323563363932386131396465383330623030316661
-32633632336165333138303634353838623462376339343830333330306463393663666134373832
-36623336643530616335343262323535336432656433643434323535623736323264386439326466
-30363663363933363265333230613462323564353530663438316165373637363031373763636133
-66396338343234393937363832386136633437343836373037613432313463303965636535316464
-36636130376433366262393235396261623636616330313765323264373064373238353261393532
-34336630316463306635646436323833643437646238616366663638613334343061653564663631
-39666361363363643435353464383331663663633730656238626230616338643665363166316632
-34623333643433616139663163633663363931616362323333336139666436653134333466643166
-30323833623965353334313136633562313838393639343935346337383736353835353565313831
-34396633333033393165356364373033303566636133303530646663623131653462653163346134
-36323732653063333662646365666532613630386430323533313661383631653834306566366531
-31303061633136633235643561636431363531303834323066383639366630333234666532626165
-35333062376432653937363039366330663537303135633937303831336238366166613435356338
-62383266623262363163666636306632666637333130663831376234326437623733333536623635
-37393236333465313161326330323666363431313334383330623961366436636236353139383237
-63653565663339666436373738313933396339613063366236626231333733656161663265303931
-33666465316335613534386638643038313566363533393465663139393664626363333430316230
-63616632353765313365613464323333333661363036303639353233386265663464663532396463
-66663337346561303235663938623334613130326465343039336364383232646637626162646663
-36373336343261363032353965316235626638393264363730666463343666393438623239376264
-34353130393632313539306232326635303431613634623261396161616230363735323535656462
-66613164656366663535663434366232373563353439616563656438363332396564626162316232
-37663239303230363532623366306261376630303362366366633962653833633037393939383837
-30626261306461646463663437316631393834346633383762653938376538376264666639643338
-30363166306438316461646338666264363930663236376265653064623337303036306335633139
-62393733396330323263353431613732333532306136336539633739666166653231633836373362
-62326134346161363031306266366266633736346335326366353931313565616239346131306632
-66313563636639343330306437326138363064393538613334313630666661323361663339653730
-66303964663461633866336536646539346435383061656664653766393438616537373133333336
-33323631396136366666313930373065633034656562303966646439646531313365376666353636
-30343136613335383731656435643338343838366230373339306263633130376631303964383632
-65356339336137653432336439393437316134366336333835356362646266623634373631396665
-61363165353764386435636462623731393632663664353666373361306361636236373463393066
-64626439346261373738646238613164623631396430623462313466313034353631373862336434
-36343432316439626130373135316334393837363530616230613332613133613566633433303063
-32386438663161373131643561353234383237383962666234643132656430363864303033343661
-37323066346163646438336138363066613964613433313362343838313635653236636364386362
-32623563393061666139643039363236393161326538313366653131616635656435653065343262
-63633931376238343230643762303339356333353063366334623331313962313435343363393533
-34666336623864396531323534303431653638333862636434616334646232653035313537383432
-32333934326462636130333563346361626236656636643932313865333937323863316136386563
-31343461363431373062313332643339646434653065356338336533346639336461393665396131
-65636336653238666462636262393364653331326536303538323061396531666464366230343563
-62343939643836313035343862393933363432313137633966393438636534336139333434643864
-33306334343863326363653362363337323839623631623033613532373933376238343966363933
-37356434613936626665643930316264643861626238303764626265363235356530666433393233
-62323133643263663433
+31616464643031346534323531336464626633653262356463396661353234633435333134353130
+3061636161653234363962616435656136663238396630390a646563653163663536353262646239
+31393762623262616237613936616238646133366663383765383361376330363463633433303135
+3131623961306466340a613436613235613066336335393666333936373566396364626138313937
+61386464303733323230663232636666643566666463313737643064393938656665373430643731
+61396236656234396364666436363236303466323366306133636265363134653061326437646630
+31616330353430363966326638366164386565333134613266373764343061326330643037313935
+39623930373166613439633732643332366535306538613638383366376663326539313636383937
+37626539633535663631616662396339623331353131663366383065373439653437663832336136
+63656462653636366232626566386261613236663964336237353135396566633662333663323933
+36333838303536356432633837613434353138653461326237376264383731333638353536653531
+36653830376334643266373039633136663861613939313666393738316661373034396632636630
+65666632396637613962386538356463363566653139613134653237383736336564346437383532
+36393866643363653461333735346465363235316631343366633130363032343637373839373738
+37656465623133303837623138336633653137346136326132353539353438366234633238303534
+35373034646462396134333364643336373633663262626533393839383839613338316465626134
+66306263353862643635363131653131616461363961653837323132396462343631383861663031
+66643061613134323039653530666230323337653432373666656466646333663237623631323039
+31396638616531653064373766613635383439653439393630626539373538653234353933396135
+30386661303330373533393463306638353562306232663065313565386363306663363866343562
+31393334346236396362353565646530316431623461613935333536656363373438336363663532
+64643061393435623861366635633365643265323733356432633563643333373332656161366466
+66383037326339643734623437343437623732313264656466303863363664643966303166333561
+39323064353265376361663337366462383139353637653864663239303661323462353235303661
+31656638356463646434663834366263343132363237323261386639373162383039313334333633
+36303730336162333166373162343234356562386162353764663566613264646663626366633261
+35633063326339353237626539333035663936306462323464383965306436633737616666376664
+62616538366231623832333335626433393638616666636332313435346330636336663966663332
+65656663366535663738636464343833376630636362636237303839336665656538373461383439
+63313731313135363164356563316238353733646437376564366666356133663662306532653538
+38306237383132363238653965376136353566643363363131306434326335633565363339396661
+66383462316565353038666263386439633463616334633864626333313235396633656665316637
+64373637386663313337636566613130303638303866616136613961333461623539623433653733
+32306464633639383936626233363432303061613132393265666165353766333735313635303065
+35663237313739623436636566623932373063346538396237626530653735346332366637376365
+35636535336663623564383235613233396236353065353230393363343737613530643537666232
+30626334613562353136613339316430646134383739663830336135323332386264663135356331
+61306562663236666162396366353064393565356535653261316135366266663161656463383564
+62313130626463343637376334326539643439613132643038616230313638393866623362373338
+39303933643332323465643464313436623836613133316661323063366437333866363639376439
+32643539393239323233333132316434623333356237316430653965363466396436336532643837
+37663533656364656639396637636537666530326435393461396132656361356333636462363362
+31333630663838666361356532653139646234346234333361633563393938663430313836643361
+39353563396565633934303462623135323737316266363031623330323332353634346137303062
+66373636633765613333376238333865326566326134616466663238316264663864303030636664
+61626337343764643161646363336136343163386437623830396439633332326262303465616562
+38306535303636303865613032666133373664303965363233616163323736613231613830303431
+36386535616530363535303930353035333936663732303037373431623362363565636330663537
+32376635353661333839633330376335386435323664336138666236363838386566383636396435
+36333534623537363336353563656536313863333061633163363635393637636535663239323539
+38616165623663353236373838393261386139626666623336346233613361333135366165396666
+61323061636331373866376238636565363766656435663666313139663865653464623034616634
+64633232303365656236326663323530353530653930643232656337613634633462323739373062
+33396234326231636537336531363536353630356464333931393363336138326462366261346135
+32356661653032616333656665643437663833626136333130323964653064386139613633636566
+36303165643865643135353837656636366364633736356565613938336463383035306230376539
+64386634316166646530643861363366336133363933326364353931313634353063623338636231
+33633031326631323038336661343163353233376263306366376639663331623230616161303438
+66326465333234373366336132353239656364643538653632333365373765356536653130653731
+37316166343035666437316630653335366462656534623735336134623830376131653433666361
+33366165326362303436323363326338643534383130616564366266386434373630323538356261
+39666438336437643032323739313435626463333063336339663132356566373539616261356635
+30343238333562303733303764393931383036633338613630343436653137323065303338323935
+38376236653338333539326164626462386330643963656533613832353666343738383532373365
+37393439326532333539336166383731393362633735373538353230626338353938613965646130
+30396130336361336431336239666637316135396334303764396331393137613339616166336465
+35333161633732363434633338663233656461663135346331626361363431333034366239373831
+31353039303030333630333163363936666565303666653739643163623233343732633564343463
+36343636396563393563623234313534346235363838653330336533663663346230666139396665
+32393730383432636535323837363936643562633133396430376362363630656635313731316430
+64313764633039366137353139336631316263383630326633373633393233623230336334393133
+38393037663064656132396139356466313938363732373865663533313138646330323766623133
+64326634623838316538616363663532353439383164653165323932663566643366313965343662
+35626261623832313630343932656134346532386339356262653637653365333466326137623237
+66623039323232316136393736393039623161616337366339396433653533653532623966383035
+36343130306264613363656634396663366265356434326638656233623333623537323033646531
+63663364333166313162393536656530313063613734366336653337626262623638366461303336
+30363739386636656432663135343332653738376335306239383965323264376465663435616663
+65333838656136353238316432346232623635383837303638396264323962363462613064636437
+66656639313132396564666266373436623239633836623235653663373262633139363532373031
+64393938323162643938663034616535353534633238393461653836393537313234323563333665
+37616230646265376265353339343535373366323239313063303632376464633966346538613031
+32336535376430646133333836643537373065343739656537316237343164633633353665663530
+39343661333232386633363736656134373666663132613266636434633663663535393666383962
+37396130633066633461646136616563633462313632646565306230656435326332316131333464
+61616534633431366639363834323762663037383039306231623065393633316463356137303865
+37336264326361616336393263633231376135663265313464626634336661626439626566653634
+66343232373066656438

From 1d8d3493ce4d6050b95f2d43166e3ffab67e9fae Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Fri, 27 Jul 2018 14:56:14 +0200
Subject: [PATCH 17/22] Password change

---
 roles/registry/files/registry.htpasswd | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/roles/registry/files/registry.htpasswd b/roles/registry/files/registry.htpasswd
index 4ebf219..1e26e6d 100644
--- a/roles/registry/files/registry.htpasswd
+++ b/roles/registry/files/registry.htpasswd
@@ -1,9 +1,8 @@
 $ANSIBLE_VAULT;1.1;AES256
-38343563333862323230616439303037656531306339656132306539616132336336306639633435
-6135323263643732326538376531323234626235303935660a366437333130323531333765343965
-34363962323665386161633939613337663334616266646235663064303965623062333663636162
-6162386564383466320a613162383438303131336566336163376637363465653264643038646364
-38396436393663343432333830333236383433633361393638393433383563633437666137383132
-62623633616639653832653235643665323734393137636331613065616461313131316339396531
-31303030656564383632643237363130353664643233313137303632396465323962363638383436
-66306230373632383730
+32636337393037333365393131386138356138343765643663636363623732623136383666633563
+3536633333616539333930373336336532383537326638340a633535396635343965653262393063
+62366337613365653532656563653538663133346336333831666463343861663362613332336538
+3035323566353937620a333931616162303438653166323865313336333230626265386331343866
+32613634383962373065653363373262346233323465363165613430316331663061623234383733
+37363663386338653532613438323437373131626639306630363163643334373037356333356435
+646261613934633539353632303764343138

From 7d3551d1425792e6f642d37d9e729a6329a61f9e Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Tue, 31 Jul 2018 11:20:12 +0200
Subject: [PATCH 18/22] Getting the release codename from the machine allows
 more version flexibility

---
 deploy-registry.yaml        | 2 +-
 roles/docker/tasks/main.yml | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/deploy-registry.yaml b/deploy-registry.yaml
index d6cb4b5..4319eed 100644
--- a/deploy-registry.yaml
+++ b/deploy-registry.yaml
@@ -1,7 +1,7 @@
 - hosts: registry
   roles:
     - common-no-vlan
-    - nginx
     - docker
+    - nginx
     - registry
     - drone
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index bb8d01f..8bcd3e2 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -12,9 +12,13 @@
     url: https://download.docker.com/linux/debian/gpg
     state: present
 
+- name: get codename
+  shell: lsb_release -cs
+  register: debian_codename
+
 - name: Add docker apt repo
   apt_repository:
-    repo: "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable"
+    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ debian_codename.stdout }} stable"
     filename: docker
     state: present
 

From 7df4d75372ec56a60f55566db3cc0658b229eb48 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Tue, 31 Jul 2018 11:21:01 +0200
Subject: [PATCH 19/22] Expose directly drone on port 8000 to avoid conflicts
 with nginx

---
 roles/drone/templates/docker-compose.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/drone/templates/docker-compose.yml.j2 b/roles/drone/templates/docker-compose.yml.j2
index ac13367..91141bf 100644
--- a/roles/drone/templates/docker-compose.yml.j2
+++ b/roles/drone/templates/docker-compose.yml.j2
@@ -5,7 +5,7 @@ services:
   drone-server:
     image: drone/drone
     ports:
-      - 80:8000
+      - 8000:8000
       - 9000
     volumes:
       - ./drone/:/var/lib/drone/

From 8a3b7fa528857aa2fc10a28c7180859d8300c3a0 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Tue, 31 Jul 2018 11:21:22 +0200
Subject: [PATCH 20/22] Tags no longer needed

---
 roles/nginx/tasks/main.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 9bd67bc..559e04c 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -22,12 +22,10 @@
   git:
     repo: "https://github.com/knyar/nginx-lua-prometheus.git"
     dest: /srv/nginx-lua-prometheus
-  tags: monitoring
 
 - name: configure lua
   template: src=lua.conf.j2 dest=/etc/nginx/conf.d/lua.conf
   notify: restart nginx
-  tags: monitoring
 
 - name: remove default nginx site
   file:

From 861f50d4c18504948cf41289f5d6edb29d40a027 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Tue, 31 Jul 2018 11:22:19 +0200
Subject: [PATCH 21/22] add_header directive correction

---
 roles/registry/templates/docker-registry.nginx.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/registry/templates/docker-registry.nginx.j2 b/roles/registry/templates/docker-registry.nginx.j2
index 3c868f7..c87001a 100644
--- a/roles/registry/templates/docker-registry.nginx.j2
+++ b/roles/registry/templates/docker-registry.nginx.j2
@@ -30,7 +30,7 @@ server {
     auth_basic "Registry realm";
     auth_basic_user_file /etc/nginx/auth/registry.htpasswd;
 
-    add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
+    add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version;
 
     proxy_pass http://docker-registry;
     proxy_set_header Host $http_host;
@@ -68,7 +68,7 @@ server {
 
     auth_basic off;
 
-    add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
+    add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version;
 
     proxy_pass http://docker-registry;
     proxy_read_timeout 900;

From 7593456838a1578be5fdbb26c785f781cd8500e8 Mon Sep 17 00:00:00 2001
From: Pablo <ppiedrafita95@gmail.com>
Date: Thu, 2 Aug 2018 10:18:02 +0200
Subject: [PATCH 22/22] Building applications needs more RAM and cpu

---
 bin/create_gandi_vm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/create_gandi_vm.sh b/bin/create_gandi_vm.sh
index c496040..ae246ad 100755
--- a/bin/create_gandi_vm.sh
+++ b/bin/create_gandi_vm.sh
@@ -42,4 +42,4 @@ gandi vm create --memory 1024 --hostname worker1 --image "Debian 8" --size 10G -
 gandi vm create --memory 2048 --hostname mail1 --image "Debian 8" --size 20G --datacenter FR-SD3 --vlan alpha_vlan --ip 192.168.1.33 --ip-version 4
 
 # Registry
-gandi vm create --memory 2048 --hostname registry1 --image "Debian 8" --size 50G --datacenter FR-SD3 --ip-version 4
\ No newline at end of file
+gandi vm create --memory 4096 --cpu 2 --hostname registry1 --image "Debian 8" --size 50G --datacenter FR-SD3 --ip-version 4