diff --git a/.devenv b/.devenv deleted file mode 100644 index 40cfb67e25..0000000000 --- a/.devenv +++ /dev/null @@ -1,26 +0,0 @@ -# Installation steps: -# -# Clone https://github.com/coopdevs/devenv and install it. Then, from the -# ofn-install's directory, execute devenv. -# -# Now, execute playbooks/setup.yml which will create ofn-admin and add your ssk -# key to it. Note you must be in the core_devs list. -# -# Once done you can execute playbooks/development.yml to have a development box -# or play with playbooks/provisioning.yml if you prefer. - -NAME="ofn" -DISTRIBUTION="ubuntu" -RELEASE="xenial" -ARCH="amd64" -HOST="ofn.local" - -DEVENV_USER="openfoodnetwork" -DEVENV_GROUP="openfoodnetwork" - -PROJECT_NAME="openfoodnetwork" -PROJECT_PATH="${PWD%/*}/$PROJECT_NAME" - -# Select the python interpeter python2.7 or python3 -PYTHON_INTERPRETER=python3 - diff --git a/bin/lint b/bin/lint new file mode 100755 index 0000000000..f3eae50041 --- /dev/null +++ b/bin/lint @@ -0,0 +1,3 @@ +#!/bin/sh + +exec ansible-lint site.yml playbooks/*.yml --exclude community diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index e6862f14fb..b7115a9e0a 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -86,7 +86,6 @@ multiredis_instances: #---------------------------------------------------------------------- # Database variables db: openfoodnetwork -test_db: ofn_test db_user: ofn_user db_host: localhost postgres_encoding: en_US.utf8 @@ -254,6 +253,8 @@ retired_core_devs: # nginx config app_root: "{{ current_path }}" +ssl_certificate: "/etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/fullchain.pem" +ssl_certificate_key: "/etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/privkey.pem" nginx_official_repo: True @@ -324,8 +325,8 @@ nginx_sites: listen [::]:443 ssl http2; server_name www.{{ domain }}; - ssl_certificate /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/privkey.pem; + ssl_certificate {{ ssl_certificate }}; + ssl_certificate_key {{ ssl_certificate_key }}; {{ nginx_tls_cipher_suites }} @@ -338,8 +339,8 @@ nginx_sites: server_name {{ certbot_domains | default([domain]) | join(' ') }}; root {{ app_root }}/public; - ssl_certificate /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/privkey.pem; + ssl_certificate {{ ssl_certificate }}; + ssl_certificate_key {{ ssl_certificate_key }}; {{ nginx_tls_cipher_suites }} diff --git a/inventory/group_vars/lexi.yml b/inventory/group_vars/lexi.yml deleted file mode 100644 index de2bba9dfd..0000000000 --- a/inventory/group_vars/lexi.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- - -# See https://github.com/openfoodfoundation/ofn-install/wiki/Setup for more info -checkout_zone: Australia -country_code: AU -currency: AUD -locale: en -language: en_AU.UTF-8 -language_packages: - - language-pack-en-base -l10n_repo: https://github.com/openfoodfoundation/l10n_au.git -timezone: Melbourne - -developer_email: admin@example.com - -users_sysadmin: - - "{{ core_devs }}" - -# Override default nginx settings because we don't have TLS -nginx_sites: - default: - - | - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - add_header X-Content-Type-Options nosniff always; - add_header X-Xss-Protection "1; mode=block" always; - add_header X-Frame-Options DENY always; - add_header Content-Security-Policy "default-src none" always; - - ofn_80: - - | - listen 80; - listen [::]:80; - server_name {{ domain }}; - root {{ app_root }}/public; - - add_header X-Content-Type-Options nosniff always; - add_header X-Xss-Protection "1; mode=block" always; - - gzip on; - gzip_disable "msie6"; - - try_files $uri/index.html $uri @rails; - location @rails { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect off; - proxy_pass http://rails; - } - - location ~ ^/(assets)/ { - gzip_static on; - expires max; - add_header Cache-Control public; - #add_header Last-Modified ""; - #add_header ETag ""; - } - - error_page 500 502 503 504 /500.html; - client_max_body_size 4G; - keepalive_timeout 60; - - include /etc/nginx/sites-available/ofn/*; diff --git a/inventory/group_vars/local.yml b/inventory/group_vars/local.yml new file mode 100644 index 0000000000..ea6fa44cc0 --- /dev/null +++ b/inventory/group_vars/local.yml @@ -0,0 +1,40 @@ +rails_env: "staging" + +ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem" +ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key" + +# See https://github.com/openfoodfoundation/ofn-install/wiki/Setup for more info +checkout_zone: Australia +country_code: AU +currency: AUD +locale: en +language: en_AU.UTF-8 +language_packages: + - language-pack-en-base +l10n_repo: https://github.com/openfoodfoundation/l10n_au.git +timezone: Melbourne + +developer_email: admin@example.com + +users_sysadmin: + - "{{ core_devs }}" + +# *** Test host configuration *** +# +# This is usually set in the host config but it's the same for all local +# containers. +domain: localhost + +admin_email: ofn@example.com +mail_domain: example.com + +# Add missing vars to emulate secrets.yml +db_password: 'f00d' +admin_password: 'ofn123' +secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365' +google_maps_api_key: 'xxx' + +mail_host: 'example.com' +mail_port: 25 +smtp_username: 'admin' +smtp_password: 'password' diff --git a/inventory/group_vars/lxc.yml b/inventory/group_vars/lxc.yml deleted file mode 100644 index 5288bceb56..0000000000 --- a/inventory/group_vars/lxc.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -# See https://github.com/openfoodfoundation/ofn-install/wiki/Setup for more info -checkout_zone: Australia -country_code: AU -currency: AUD -locale: en -language: en_AU.UTF-8 -language_packages: - - language-pack-en-base -l10n_repo: https://github.com/openfoodfoundation/l10n_au.git -timezone: Melbourne - -developer_email: admin@example.com - -users_sysadmin: - - "{{ core_devs }}" diff --git a/inventory/group_vars/test.yml b/inventory/group_vars/test.yml deleted file mode 100644 index 96b38fdf84..0000000000 --- a/inventory/group_vars/test.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- - -checkout_zone: Australia -country_code: AU -currency: AUD -locale: en -language: en_AU.UTF-8 -language_packages: - - language-pack-en-base -l10n_repo: https://github.com/openfoodfoundation/l10n_au.git -timezone: Melbourne - -developer_email: admin@example.com - -users_sysadmin: [] - -# Override default nginx settings because we don't have TLS -nginx_sites: - default: - - | - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - add_header X-Content-Type-Options nosniff always; - add_header X-Xss-Protection "1; mode=block" always; - add_header X-Frame-Options DENY always; - add_header Content-Security-Policy "default-src none" always; - - ofn_80: - - | - listen 80; - listen [::]:80; - server_name {{ domain }}; - root {{ app_root }}/public; - - add_header X-Content-Type-Options nosniff always; - add_header X-Xss-Protection "1; mode=block" always; - - gzip on; - gzip_disable "msie6"; - - try_files $uri/index.html $uri @rails; - location @rails { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect off; - proxy_pass http://rails; - } - - location ~ ^/(assets)/ { - gzip_static on; - expires max; - add_header Cache-Control public; - #add_header Last-Modified ""; - #add_header ETag ""; - } - - error_page 500 502 503 504 /500.html; - client_max_body_size 4G; - keepalive_timeout 60; - - include /etc/nginx/sites-available/ofn/*; diff --git a/inventory/group_vars/vagrant.yml b/inventory/group_vars/vagrant.yml deleted file mode 100644 index 342badfbcd..0000000000 --- a/inventory/group_vars/vagrant.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- - -# Adjust these settings locally to deploy different data to your Vagrant box - -# See https://github.com/openfoodfoundation/ofn-install/wiki/Setup for more info -checkout_zone: Australia -country_code: AU -currency: AUD -locale: en -language: en_AU.UTF-8 -language_packages: - - language-pack-en-base -l10n_repo: https://github.com/openfoodfoundation/l10n_au.git -timezone: Melbourne - -developer_email: admin@example.com - -users_sysadmin: - - "{{ core_devs }}" - -# Override default nginx settings because we don't have TLS -nginx_sites: - default: - - | - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - add_header X-Content-Type-Options nosniff always; - add_header X-Xss-Protection "1; mode=block" always; - add_header X-Frame-Options DENY always; - add_header Content-Security-Policy "default-src none" always; - - ofn_80: - - | - listen 80; - listen [::]:80; - server_name {{ domain }}; - root {{ app_root }}/public; - - add_header X-Content-Type-Options nosniff always; - add_header X-Xss-Protection "1; mode=block" always; - - gzip on; - gzip_disable "msie6"; - - try_files $uri/index.html $uri @rails; - location @rails { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect off; - proxy_pass http://rails; - } - - location ~ ^/(assets)/ { - gzip_static on; - expires max; - add_header Cache-Control public; - #add_header Last-Modified ""; - #add_header ETag ""; - } - - error_page 500 502 503 504 /500.html; - client_max_body_size 4G; - keepalive_timeout 60; - - include /etc/nginx/sites-available/ofn/*; diff --git a/inventory/host_vars/local_lexi/config.yml b/inventory/host_vars/local_lexi/config.yml deleted file mode 100644 index d903f60aa4..0000000000 --- a/inventory/host_vars/local_lexi/config.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -domain: localhost -rails_env: development - -admin_email: admin@example.com -mail_domain: example.com - -# Add missing vars to emulate secrets.yml -db_password: 'lexi123' -admin_password: 'spree123' -secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365' -google_maps_api_key: 'xxx' - -mail_host: 'example.com' -mail_port: 25 -smtp_username: 'admin' -smtp_password: 'password' diff --git a/inventory/host_vars/local_test/config.yml b/inventory/host_vars/local_test/config.yml deleted file mode 100644 index a3892df0c3..0000000000 --- a/inventory/host_vars/local_test/config.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -domain: localhost -host_id: ofn-test -rails_env: development - -admin_email: admin@example.com -mail_domain: example.com - - -# Add missing vars to emulate secrets.yml - -db_password: 'test123' -admin_password: 'spree123' -secret_token: '522a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365' -google_maps_api_key: 'xxx' - -mail_host: 'example.com' -mail_port: 25 -smtp_username: 'admin' -smtp_password: 'password' - -rbenv_extra_depends: [] -ruby_compile_options: "" diff --git a/inventory/host_vars/local_vagrant/config.yml b/inventory/host_vars/local_vagrant/config.yml deleted file mode 100644 index 014dc87763..0000000000 --- a/inventory/host_vars/local_vagrant/config.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -domain: localhost -rails_env: development - -admin_email: admin@example.com -mail_domain: example.com - -# Add missing vars to emulate /local_vagrant/secrets.yml -db_password: 'vagrant123' -admin_password: 'spree123' -secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365' -google_maps_api_key: 'xxx' - -mail_host: 'example.com' -mail_port: 25 -smtp_username: 'admin' -smtp_password: 'password' diff --git a/inventory/host_vars/ofn.local/config.yml b/inventory/host_vars/ofn.local/config.yml deleted file mode 100644 index d1f9864f0e..0000000000 --- a/inventory/host_vars/ofn.local/config.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -domain: localhost -rails_env: development - -admin_email: admin@example.com -mail_domain: example.com - -# Add missing vars to emulate secrets.yml -db_password: 'lxc123' -admin_password: 'spree123' -secret_token: '511a3d0fa1551b9fa75a1aef5b47684905c64807963fa2c190272878366365' -google_maps_api_key: 'xxx' - -mail_host: 'example.com' -mail_port: 25 -smtp_username: 'admin' -smtp_password: 'password' - diff --git a/playbooks/development.yml b/playbooks/development.yml deleted file mode 100644 index 7d7ac09eb2..0000000000 --- a/playbooks/development.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -# Note that by relying on this playbook you will end up with a development -# environment that uses some of roles we use for live instances. You won't have -# Nginx and you will have to manually start the rails running `bundle -# exec rails server`. -# -# Also, there are a number of things you will need to do manually such as -# creating the development database with `bundle exec rake db:create` as you -# would do on your host without containers. - -- name: provision - hosts: ofn_servers - remote_user: "{{ user }}" - roles: - - role: app_user # Create unprivileged user for the app - tags: app_user - - - role: common # Install common apps and libraries, and setup shell. - tags: common - - - role: language # Setup locale. - tags: language - - - role: zzet.rbenv # Install ruby. If missing run: ansible-galaxy install zzet.rbenv - rbenv: - env: user - version: v1.0.0 - default_ruby: "{{ ruby_version }}" - rubies: - - version: "{{ ruby_version }}" - - rbenv_users: - - "{{ app_user }}" - tags: ruby - - - role: dbserver # Set up database server and user for the app. - become: yes - become_user: root - tags: dbserver - db_user_roles: SUPERUSER,CREATEDB - - - role: datadog - become: yes - tags: datadog - - tasks: - - name: install bundler - # This needs to be run inside a bash shell to initialise rbenv - # See http://stackoverflow.com/questions/22115936/install-bundler-gem-using-ansible - command: bash -lc "./script/install-bundler --no-ri --no-rdoc" - args: - chdir: /opt/openfoodnetwork - register: bundler - changed_when: bundler.stdout | length > 0 - become: yes - become_user: "{{ app_user }}" - tags: bundler - - vars: - ansible_python_interpreter: /usr/bin/python2.7 - language_packages: - - language-pack-en-base - language: en_US.UTF-8 - users_sysadmin: [] diff --git a/roles/temporary_proxy/tasks/main.yml b/roles/temporary_proxy/tasks/main.yml index 65b091e0b3..597eb05327 100644 --- a/roles/temporary_proxy/tasks/main.yml +++ b/roles/temporary_proxy/tasks/main.yml @@ -25,8 +25,8 @@ server_name {{ certbot_domains | default([domain]) | join(' ') }}; access_log off; - ssl_certificate /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ certbot_cert_name | default(domain) }}/privkey.pem; + ssl_certificate {{ ssl_certificate }}; + ssl_certificate_key {{ ssl_certificate_key }}; location / { proxy_pass https://{{ proxy_target }}; diff --git a/scripts/config/lxc.cfg b/scripts/config/lxc.cfg deleted file mode 100644 index 4ea6b8b89a..0000000000 --- a/scripts/config/lxc.cfg +++ /dev/null @@ -1,10 +0,0 @@ -# Vars to use in lxc-create -name="ofn-dev" -template="/usr/share/lxc/templates/lxc-ubuntu" -rls="xenial" -lxc_config="/tmp/ubuntu.$name.conf" -host="local.ofn.org" -project_name="openfoodnetwork" -project_path="${PWD%/*}/$project_name" -app_user="openfoodnetwork" -ssh_path="/.ssh/id_rsa.pub" diff --git a/scripts/db-setup.sh b/scripts/db-setup.sh deleted file mode 100644 index d77a9187cc..0000000000 --- a/scripts/db-setup.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# Createded date: 21/03/2016 - -# Flags -set -e - -bundle="$PWD/.rbenv/shims/bundle" - -cd openfoodnetwork/ -echo "Copy example config/application.yml" -cp -n config/application.yml.example config/application.yml -echo "Installing ruby application and gem dependencies" -"$bundle" install -echo "Doing the database setup..." -"$bundle" exec rake db:setup << EOF -spree@example.com -spree123 -EOF -echo -echo "Load default data for development environment..." -"$bundle" exec rake ofn:dev:load_sample_data diff --git a/scripts/provisioning-dev.sh b/scripts/provisioning-dev.sh deleted file mode 100755 index 43a8a841bb..0000000000 --- a/scripts/provisioning-dev.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Createded date: 21/03/2016 - -# Flags -set -e - -# External files -# Get cfg values -source "$PWD/scripts/config/lxc.cfg" -# Check if container exist -# Install python2.7 in container: -echo "Installing Python2.7" -sudo lxc-attach -n "$name" -- sudo apt update -sudo lxc-attach -n "$name" -- sudo apt install -y python2.7 -echo -# Install the community role dependencies of the playbooks -echo "Installing ansible community dependencies of playbooks" -bin/setup -echo -# Execute playbook development.yml: -echo "Ansible playbooks" -ansible-playbook playbooks/default_user.yml -i "$PWD/inventory/dev" --limit=lxc -e "ssh_key_path=$ssh_path ansible_python_interpreter=/usr/bin/python2.7" -ansible-playbook playbooks/development.yml -u openfoodnetwork -i "$PWD/inventory/dev" -e 'ansible_python_interpreter=/usr/bin/python2.7' --limit=lxc --ask-sudo-pass -echo "Provision OK!" -echo -echo "Accessing $host with user $app_user to install bundle dependencies and setup db" -ssh "$app_user"@"$host" "bash -s" < "$PWD/scripts/db-setup.sh" - -echo "Databases ready!"