diff --git a/ansible/group_vars/production/vars.yml b/ansible/group_vars/production/vars.yml index aa3f8464..3c6a06a4 100644 --- a/ansible/group_vars/production/vars.yml +++ b/ansible/group_vars/production/vars.yml @@ -140,6 +140,7 @@ secret_outline: s3_secret_access_key: "{{ vault_secret_outline.s3_secret_access_key }}" s3_bucket: "outline-wiki-prod" mailgun_password: "{{ vault_secret_outline.mailgun_password }}" + postgresql_password: "{{ vault_secret_outline.postgresql_password }}" secret_koala_manual: password: "{{ vault_secret_koala_manual.password }}" diff --git a/ansible/group_vars/staging/vars.yml b/ansible/group_vars/staging/vars.yml index 8dc1e3c8..4f31f615 100644 --- a/ansible/group_vars/staging/vars.yml +++ b/ansible/group_vars/staging/vars.yml @@ -131,6 +131,7 @@ secret_outline: s3_secret_access_key: "{{ vault_secret_outline.s3_secret_access_key }}" s3_bucket: "outline-wiki-staging" mailgun_password: "{{ vault_secret_outline.mailgun_password }}" + postgresql_password: "{{ vault_secret_outline.postgresql_password }}" secret_koala_manual: password: "{{ vault_secret_koala_manual.password }}" diff --git a/ansible/roles/outline/handlers/main.yml b/ansible/roles/outline/handlers/main.yml deleted file mode 100644 index 7c2a7f83..00000000 --- a/ansible/roles/outline/handlers/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: "restart outline" - # when: "_outline_checkout is changed - # or _outline_service_file is changed - # or _outline_env_file is changed" - systemd: - name: "outline.service" - state: "restarted" - daemon_reload: true diff --git a/ansible/roles/outline/tasks/main.yml b/ansible/roles/outline/tasks/main.yml index 7860b189..db113285 100644 --- a/ansible/roles/outline/tasks/main.yml +++ b/ansible/roles/outline/tasks/main.yml @@ -22,6 +22,7 @@ - name: "Ensure Postgres role exists" community.postgresql.postgresql_user: name: "outline" + password: "{{ secret_outline.postgresql_password }}" # Sadly seems required to make authentication over localhost work, for peer authentication fails somehow state: "present" - name: "Ensure database exists" @@ -57,8 +58,3 @@ dest: "/etc/nginx/sites-enabled/outline.conf" notify: "reload nginx" -# TODO test creating and restoring backup -# TODO is het erg dat outline:outline in templates staat? -# TODO AWS_S3 accelration URL? -# TODO FILE_STORAGE niet local maar s3? -# TODO compose-up.yml moet misschien andere naam krijgen? diff --git a/ansible/roles/outline/templates/docker-compose.yml.j2 b/ansible/roles/outline/templates/docker-compose.yml.j2 index 65c71a4e..a96a5fc4 100644 --- a/ansible/roles/outline/templates/docker-compose.yml.j2 +++ b/ansible/roles/outline/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: env_file: ./docker.env # ports: # - "4568:3000" - network_mode: host + network_mode: host # TODO replace this volumes: - storage-data:/var/lib/outline/data # depends_on: diff --git a/ansible/roles/outline/templates/docker.env.j2 b/ansible/roles/outline/templates/docker.env.j2 index 3e2f162c..906d9bae 100644 --- a/ansible/roles/outline/templates/docker.env.j2 +++ b/ansible/roles/outline/templates/docker.env.j2 @@ -12,7 +12,7 @@ UTILS_SECRET={{ secret_outline.utils_key }} # For production point these at your databases, in development the default # should work out of the box. -DATABASE_URL=postgres://outline:outline@localhost/outline?dbname=outline #?dbname=outline&user=outline&host=/run/postgresql +DATABASE_URL=postgres://outline:{{ secret_outline.postgresql_password }}@localhost/outline DATABASE_CONNECTION_POOL_MIN= DATABASE_CONNECTION_POOL_MAX= # Uncomment this to disable SSL for connecting to Postgres @@ -61,7 +61,7 @@ FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE= AWS_ACCESS_KEY_ID={{ secret_outline.s3_access_key_id }} AWS_SECRET_ACCESS_KEY={{ secret_outline.s3_secret_access_key }} AWS_REGION=eu-west-1 -#AWS_S3_ACCELERATE_URL= +#AWS_S3_ACCELERATE_URL= (this costs money, bleh) AWS_S3_UPLOAD_BUCKET_URL=https://{{ secret_outline.s3_bucket }}.s3.eu-west-1.amazonaws.com AWS_S3_UPLOAD_BUCKET_NAME={{ secret_outline.s3_bucket }} AWS_S3_FORCE_PATH_STYLE=true diff --git a/ansible/roles/outline/templates/outline.conf.j2 b/ansible/roles/outline/templates/outline.conf.j2 index d06a6b2a..136f7123 100644 --- a/ansible/roles/outline/templates/outline.conf.j2 +++ b/ansible/roles/outline/templates/outline.conf.j2 @@ -1,7 +1,7 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name ~^(compendium|stickypedia|wiki)\.{{ canonical_hostname }}; + server_name ~^(compendium|stickypedia|wiki|stickywiki)\.{{ canonical_hostname }}; ssl_certificate /etc/letsencrypt/live/compendium.{{ canonical_hostname }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/compendium.{{ canonical_hostname }}/privkey.pem;