defaults = { 'backups': { 'paths': { '/var/opt/hedgedoc', }, }, 'hedgedoc': { 'config': { 'production': { 'loglevel': 'info', 'hsts': { 'enable': False, }, 'csp': { 'enable': True, 'directives': {}, 'addDefaults': True, 'addDisqus': False, 'addGoogleAnalytics': False, 'upgradeInsecureRequests': 'auto', 'reportURI': 'undefined', 'allowFraming': False, 'allowPDFEmbed': False, }, 'cookiePolicy': 'lax', 'db': { 'username': 'hedgedoc', 'password': repo.vault.password_for('{} postgresql hedgedoc'.format(node.name)), 'database': 'hedgedoc', 'host': 'localhost', 'port': '5432', 'dialect': 'postgres' }, 'imageUploadType': 'filesystem', 'uploadsPath': '/var/opt/hedgedoc', 'allowAnonymous': False, 'allowFreeURL': True, 'requireFreeURLAuthentication': True, 'sessionSecret': repo.vault.password_for('{} hedgedoc sessionSecret'.format(node.name)), 'allowEmailRegister': False, 'protocolUseSSL': True, }, }, }, 'postgresql': { 'roles': { 'hedgedoc': { 'password': repo.vault.password_for('{} postgresql hedgedoc'.format(node.name)), }, }, 'databases': { 'hedgedoc': { 'owner': 'hedgedoc', }, }, }, 'zfs': { 'datasets': { 'tank/hedgedoc': {}, 'tank/hedgedoc/install': { 'mountpoint': '/opt/hedgedoc', 'needed_by': { 'directory:/opt/hedgedoc', }, }, 'tank/hedgedoc/uploads': { 'mountpoint': '/var/opt/hedgedoc', 'needed_by': { 'directory:/var/opt/hedgedoc', }, }, }, }, } if node.has_bundle('telegraf'): defaults['telegraf'] = { 'input_plugins': { 'builtin': { 'http': [{ 'urls': [ 'http://127.0.0.1:3000/status' ], 'data_format': 'json', 'name_override': 'hedgedoc_status', }], 'prometheus': [{ 'urls': [ 'http://127.0.0.1:3000/metrics' ], 'name_override': 'hedgedoc_metrics', 'metric_version': 2, }], }, }, } @metadata_reactor.provides( 'icinga2_api/hedgedoc/services', ) def icinga_check_for_new_release(metadata): return { 'icinga2_api': { 'hedgedoc': { 'services': { 'HEDGEDOC UPDATE': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release hedgedoc/hedgedoc {}'.format(metadata.get('hedgedoc/version')), 'vars.notification.mail': True, 'check_interval': '60m', }, }, }, }, } @metadata_reactor.provides( 'nginx/vhosts', ) def nginx(metadata): if not node.has_bundle('nginx'): raise DoNotRunAgain locations = { '/': { 'target': 'http://127.0.0.1:3000', 'proxy_set_header': { 'X-Real-IP': '$remote_addr', }, }, '/socket.io/': { 'target': 'http://127.0.0.1:3000', 'websockets': True, 'proxy_set_header': { 'X-Real-IP': '$remote_addr', }, }, '/metrics': { 'return': 'forbidden', 'mode': 403, }, '/status': { 'return': 'forbidden', 'mode': 403, }, } vhosts = { 'hedgedoc': { 'domain': metadata.get('hedgedoc/config/production/domain'), 'locations': locations, 'website_check_path': '/', 'website_check_string': 'HedgeDoc', }, } return { 'nginx': { 'vhosts': vhosts }, }