eef463afbd
Some checks failed
kunsi/bundlewrap/pipeline/head There was a failure building this commit
163 lines
4.6 KiB
Python
163 lines
4.6 KiB
Python
defaults = {
|
|
'backups': {
|
|
'paths': {
|
|
'/var/opt/hedgedoc',
|
|
},
|
|
},
|
|
'hedgedoc': {
|
|
'config': {
|
|
'production': {
|
|
'loglevel': 'info',
|
|
'hsts': {
|
|
'enable': False,
|
|
},
|
|
'csp': {
|
|
'enable': True,
|
|
'directives': {},
|
|
'addDefaults': True,
|
|
'addDisqus': False,
|
|
'addGoogleAnalytics': False,
|
|
'upgradeInsecureRequests': 'auto',
|
|
'reportURI': 'undefined',
|
|
'allowFraming': False,
|
|
'allowPDFEmbed': False,
|
|
},
|
|
'cookiePolicy': 'lax',
|
|
'db': {
|
|
'username': 'hedgedoc',
|
|
'password': repo.vault.password_for('{} postgresql hedgedoc'.format(node.name)),
|
|
'database': 'hedgedoc',
|
|
'host': 'localhost',
|
|
'port': '5432',
|
|
'dialect': 'postgres'
|
|
},
|
|
'imageUploadType': 'filesystem',
|
|
'uploadsPath': '/var/opt/hedgedoc',
|
|
'allowAnonymous': False,
|
|
'allowFreeURL': True,
|
|
'requireFreeURLAuthentication': True,
|
|
'sessionSecret': repo.vault.password_for('{} hedgedoc sessionSecret'.format(node.name)),
|
|
'allowEmailRegister': False,
|
|
'protocolUseSSL': True,
|
|
},
|
|
},
|
|
},
|
|
'postgresql': {
|
|
'roles': {
|
|
'hedgedoc': {
|
|
'password': repo.vault.password_for('{} postgresql hedgedoc'.format(node.name)),
|
|
},
|
|
},
|
|
'databases': {
|
|
'hedgedoc': {
|
|
'owner': 'hedgedoc',
|
|
},
|
|
},
|
|
},
|
|
'zfs': {
|
|
'datasets': {
|
|
'tank/hedgedoc': {},
|
|
'tank/hedgedoc/install': {
|
|
'mountpoint': '/opt/hedgedoc',
|
|
'needed_by': {
|
|
'directory:/opt/hedgedoc',
|
|
},
|
|
},
|
|
'tank/hedgedoc/uploads': {
|
|
'mountpoint': '/var/opt/hedgedoc',
|
|
'needed_by': {
|
|
'directory:/var/opt/hedgedoc',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
|
|
if node.has_bundle('telegraf'):
|
|
defaults['telegraf'] = {
|
|
'input_plugins': {
|
|
'builtin': {
|
|
'http': [{
|
|
'urls': [
|
|
'http://127.0.0.1:3000/status'
|
|
],
|
|
'data_format': 'json',
|
|
'name_override': 'hedgedoc_status',
|
|
}],
|
|
'prometheus': [{
|
|
'urls': [
|
|
'http://127.0.0.1:3000/metrics'
|
|
],
|
|
'name_override': 'hedgedoc_metrics',
|
|
'metric_version': 2,
|
|
}],
|
|
},
|
|
},
|
|
}
|
|
|
|
|
|
@metadata_reactor.provides(
|
|
'icinga2_api/hedgedoc/services',
|
|
)
|
|
def icinga_check_for_new_release(metadata):
|
|
return {
|
|
'icinga2_api': {
|
|
'hedgedoc': {
|
|
'services': {
|
|
'HEDGEDOC UPDATE': {
|
|
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release hedgedoc/hedgedoc {}'.format(metadata.get('hedgedoc/version')),
|
|
'vars.notification.mail': True,
|
|
'check_interval': '60m',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
|
|
@metadata_reactor.provides(
|
|
'nginx/vhosts',
|
|
)
|
|
def nginx(metadata):
|
|
if not node.has_bundle('nginx'):
|
|
raise DoNotRunAgain
|
|
|
|
locations = {
|
|
'/': {
|
|
'target': 'http://127.0.0.1:3000',
|
|
'proxy_set_header': {
|
|
'X-Real-IP': '$remote_addr',
|
|
},
|
|
},
|
|
'/socket.io/': {
|
|
'target': 'http://127.0.0.1:3000',
|
|
'websockets': True,
|
|
'proxy_set_header': {
|
|
'X-Real-IP': '$remote_addr',
|
|
},
|
|
},
|
|
'/metrics': {
|
|
'return': 'forbidden',
|
|
'mode': 403,
|
|
},
|
|
'/status': {
|
|
'return': 'forbidden',
|
|
'mode': 403,
|
|
},
|
|
}
|
|
|
|
vhosts = {
|
|
'hedgedoc': {
|
|
'domain': metadata.get('hedgedoc/config/production/domain'),
|
|
'locations': locations,
|
|
'website_check_path': '/',
|
|
'website_check_string': 'HedgeDoc',
|
|
},
|
|
}
|
|
|
|
return {
|
|
'nginx': {
|
|
'vhosts': vhosts
|
|
},
|
|
}
|