From bfdabe077e68d854ba219840a93d29ab115084e9 Mon Sep 17 00:00:00 2001 From: SilasPeters <69711739+SilasPeters@users.noreply.github.com> Date: Fri, 12 Jul 2024 22:18:13 +0200 Subject: [PATCH] feat: host outline with Docker compose --- ansible/ansible.cfg | 1 + ansible/group_vars/production/vars.yml | 1 + ansible/group_vars/staging/vars.yml | 1 + ansible/roles/docker/tasks/compose-up.yml | 31 ++- ansible/roles/outline/handlers/main.yml | 26 --- ansible/roles/outline/tasks/main.yml | 69 +++--- .../outline/templates/docker-compose.yml.j2 | 71 ++++++ ansible/roles/outline/templates/docker.env.j2 | 208 ++++++++++++++++++ .../roles/outline/templates/outline.conf.j2 | 2 +- .../roles/outline/templates/outline.env.j2 | 118 ---------- .../outline/templates/outline.service.j2 | 18 -- ansible/roles/outline/vars/main.yml | 2 + ansible/roles/packages/tasks/main.yml | 1 + 13 files changed, 327 insertions(+), 222 deletions(-) delete mode 100644 ansible/roles/outline/handlers/main.yml create mode 100644 ansible/roles/outline/templates/docker-compose.yml.j2 create mode 100644 ansible/roles/outline/templates/docker.env.j2 delete mode 100644 ansible/roles/outline/templates/outline.env.j2 delete mode 100644 ansible/roles/outline/templates/outline.service.j2 create mode 100644 ansible/roles/outline/vars/main.yml diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 33f6408d2..36b868a61 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -5,3 +5,4 @@ stdout_callback = yaml roles_path = roles/ vars_plugins = ./plugins/vars +error_on_undefined_vars = True diff --git a/ansible/group_vars/production/vars.yml b/ansible/group_vars/production/vars.yml index aa3f84642..3c6a06a44 100644 --- a/ansible/group_vars/production/vars.yml +++ b/ansible/group_vars/production/vars.yml @@ -140,6 +140,7 @@ secret_outline: s3_secret_access_key: "{{ vault_secret_outline.s3_secret_access_key }}" s3_bucket: "outline-wiki-prod" mailgun_password: "{{ vault_secret_outline.mailgun_password }}" + postgresql_password: "{{ vault_secret_outline.postgresql_password }}" secret_koala_manual: password: "{{ vault_secret_koala_manual.password }}" diff --git a/ansible/group_vars/staging/vars.yml b/ansible/group_vars/staging/vars.yml index 8dc1e3c8a..4f31f615c 100644 --- a/ansible/group_vars/staging/vars.yml +++ b/ansible/group_vars/staging/vars.yml @@ -131,6 +131,7 @@ secret_outline: s3_secret_access_key: "{{ vault_secret_outline.s3_secret_access_key }}" s3_bucket: "outline-wiki-staging" mailgun_password: "{{ vault_secret_outline.mailgun_password }}" + postgresql_password: "{{ vault_secret_outline.postgresql_password }}" secret_koala_manual: password: "{{ vault_secret_koala_manual.password }}" diff --git a/ansible/roles/docker/tasks/compose-up.yml b/ansible/roles/docker/tasks/compose-up.yml index 6d07ec22b..86bce326f 100644 --- a/ansible/roles/docker/tasks/compose-up.yml +++ b/ansible/roles/docker/tasks/compose-up.yml @@ -1,17 +1,12 @@ --- # NOTE These tasks expect the 'project_source' variable to be set -- name: "Check if Docker daemon is active" - shell: "systemctl is-active docker" - register: "docker_status" - ignore_errors: "yes" # Will give a non-zero error code if not active +- name: "Gather service facts" + ansible.builtin.service_facts: -- name: "Assert Docker daemon is running" - assert: - that: - - "docker_status.rc == 0" - fail_msg: "Docker daemon is not running" - success_msg: "Docker daemon is running" +- name: "Assert that Docker daemon is active, but do not start it" + ansible.builtin.assert: + that: "ansible_facts.services['docker'].state == 'running'" - name: "Tear down existing services" community.docker.docker_compose_v2: @@ -32,19 +27,23 @@ project_src: "{{ project_source }}" register: "output" -# - name: Show results -# ansible.builtin.debug: -# var: output - - name: "Assert that all services properly started" ansible.builtin.assert: that: "not output.changed" - # Remember what services are included in the compose file, for later +# Remember what services are included in the compose file, for later - name: "Extract service names from output" - set_fact: + ansible.builtin.set_fact: docker_compose_service_names: "{{ output.containers | map(attribute='Name') | list }}" +# - name: Show docker results +# ansible.builtin.debug: +# var: output + +# - name: Show parsed services +# ansible.builtin.debug: +# var: docker_compose_service_names + - name: "Stop all services" community.docker.docker_compose_v2: project_src: "{{ project_source }}" diff --git a/ansible/roles/outline/handlers/main.yml b/ansible/roles/outline/handlers/main.yml deleted file mode 100644 index 05d09d3bc..000000000 --- a/ansible/roles/outline/handlers/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -- name: "restart outline" - # when: "_outline_checkout is changed - # or _outline_service_file is changed - # or _outline_env_file is changed" - ansible.builtin.systemd: - name: "outline.service" - state: "restarted" - daemon_reload: true - -- name: "install dependencies" - become_user: "outline" - become: true - ansible.builtin.command: "yarn install --frozen-lockfile" - args: - chdir: "/var/www/outline/outline" - listen: "yarn install" - -- name: "build outline" - become_user: "outline" - become: true - ansible.builtin.command: "yarn build" - args: - chdir: "/var/www/outline/outline" - listen: "yarn build" diff --git a/ansible/roles/outline/tasks/main.yml b/ansible/roles/outline/tasks/main.yml index b486b8494..65c7a3741 100644 --- a/ansible/roles/outline/tasks/main.yml +++ b/ansible/roles/outline/tasks/main.yml @@ -1,75 +1,58 @@ --- -- name: "create outline user" +- name: "Create outline user" ansible.builtin.user: name: "outline" - state: "present" - shell: "/bin/false" - system: true home: "/var/www/outline" + move_home: true + system: true + shell: "/sbin/nologin" password: "!" -- name: "create outline directory" +- name: "Create outline directory" ansible.builtin.file: - path: "/var/www/outline/outline" + path: "{{ outline_project_source }}" state: "directory" owner: "outline" group: "outline" -- name: "do database setup" +- name: "Do database setup" become_user: "postgres" become: true block: - - name: "ensure Postgres role exists" + - name: "Ensure Postgres role exists" community.postgresql.postgresql_user: name: "outline" + password: "{{ secret_outline.postgresql_password }}" # Sadly seems required to make authentication over localhost work, for peer authentication fails somehow state: "present" - - name: "ensure database exists" + - name: "Ensure database exists" community.postgresql.postgresql_db: name: "outline" owner: "outline" state: "present" -- name: "ensure config directory exists" - ansible.builtin.file: - path: "/etc/outline" - state: "directory" - -- name: "create environment file" +- name: "Create outline 'docker-compose.yml' file" ansible.builtin.template: - src: "outline.env.j2" - dest: "/etc/outline/outline.env" - owner: "root" + src: "docker-compose.yml.j2" + dest: "{{ outline_project_source }}/docker-compose.yml" + owner: "outline" + group: "outline" mode: "0600" - notify: "restart outline" - -- name: "clone repo and do Yarn stuff" - become_user: "outline" - become: true - ansible.builtin.git: - repo: "https://github.com/svsticky/Sticky-Compendium.git" - dest: "/var/www/outline/outline" - version: "main" - notify: - - "yarn install" - - "yarn build" - - "restart outline" -- name: "install Systemd service" +- name: "Create outline 'docker.env' file" ansible.builtin.template: - src: "outline.service.j2" - dest: "/etc/systemd/system/outline.service" - owner: "root" - mode: "0644" - notify: "restart outline" + src: "docker.env.j2" + dest: "{{ outline_project_source }}/docker.env" + owner: "outline" + group: "outline" + mode: "0600" -- name: "ensure outline service is started and enabled" - ansible.builtin.systemd: - name: "outline.service" - state: "started" - enabled: true +- name: "Docker compose" + ansible.builtin.include_tasks: "../docker/tasks/compose-up.yml" + vars: + project_source: "{{ outline_project_source }}" -- name: "install nginx config" +- name: "Install nginx config" ansible.builtin.template: src: "outline.conf.j2" dest: "/etc/nginx/sites-enabled/outline.conf" diff --git a/ansible/roles/outline/templates/docker-compose.yml.j2 b/ansible/roles/outline/templates/docker-compose.yml.j2 new file mode 100644 index 000000000..690ade4d4 --- /dev/null +++ b/ansible/roles/outline/templates/docker-compose.yml.j2 @@ -0,0 +1,71 @@ +services: + + outline: + image: outlinewiki/outline:0.78.0 + env_file: ./docker.env + # ports: + # - "4568:3000" + network_mode: host # TODO replace this + volumes: + - storage-data:/var/lib/outline/data + # depends_on: + # - postgres + # - redis + + # redis: + # image: redis + # env_file: ./docker.env + # ports: + # - "6379:6379" + # volumes: + # - ./redis.conf:/redis.conf + # command: ["redis-server", "/redis.conf"] + # healthcheck: + # test: ["CMD", "redis-cli", "ping"] + # interval: 10s + # timeout: 30s + # retries: 3 + + # postgres: + # image: postgres + # env_file: ./docker.env + # ports: + # - "5432:5432" + # volumes: + # - database-data:/var/lib/postgresql/data + # healthcheck: + # test: ["CMD", "pg_isready", "-d", "outline", "-U", "user"] + # interval: 30s + # timeout: 20s + # retries: 3 + # environment: + # POSTGRES_USER: 'user' + # POSTGRES_PASSWORD: 'pass' + # POSTGRES_DB: 'outline' + + # https-portal: + # image: steveltn/https-portal + # env_file: ./docker.env + # ports: + # - '80:80' + # - '443:443' + # links: + # - outline + # restart: always + # volumes: + # - https-portal-data:/var/lib/https-portal + # healthcheck: + # test: ["CMD", "service", "nginx", "status"] + # interval: 30s + # timeout: 20s + # retries: 3 + # environment: + # DOMAINS: 'docs.mycompany.com -> http://outline:3000' + # STAGE: 'production' + # WEBSOCKET: 'true' + # CLIENT_MAX_BODY_SIZE: '0' + +volumes: + # https-portal-data: + storage-data: + # database-data: diff --git a/ansible/roles/outline/templates/docker.env.j2 b/ansible/roles/outline/templates/docker.env.j2 new file mode 100644 index 000000000..f40b896ce --- /dev/null +++ b/ansible/roles/outline/templates/docker.env.j2 @@ -0,0 +1,208 @@ +# NOTE for the latest sample of what is possible, see +# https://github.com/outline/outline/blob/main/.env.sample + +# NOTE Some configuration can only be stored in the database. For more +# information, see docs/outline.md + +# –––––––––––––––– REQUIRED –––––––––––––––– + +NODE_ENV=production + +# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` +# in your terminal to generate a random value. +SECRET_KEY={{ secret_outline.secret_key }} + +# Generate a unique random key. The format is not important but you could still use +# `openssl rand -hex 32` in your terminal to produce this. +UTILS_SECRET={{ secret_outline.utils_key }} + +# For production point these at your databases, in development the default +# should work out of the box. +DATABASE_URL=postgres://outline:{{ secret_outline.postgresql_password }}@localhost/outline +DATABASE_CONNECTION_POOL_MIN= +DATABASE_CONNECTION_POOL_MAX= +# Uncomment this to disable SSL for connecting to Postgres +# PGSSLMODE=disable + +# For redis you can either specify an ioredis compatible url like this +REDIS_URL=redis://localhost:6379 +# or alternatively, if you would like to provide additional connection options, +# use a base64 encoded JSON connection option object. Refer to the ioredis documentation +# for a list of available options. +# Example: Use Redis Sentinel for high availability +# {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"} +# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ== + +# URL should point to the fully qualified, publicly accessible URL. If using a +# proxy the port in URL and PORT may be different. +URL=https://compendium.{{ canonical_hostname }} +PORT=4568 #3000 by default + +# See [documentation](docs/SERVICES.md) on running a separate collaboration +# server, for normal operation this does not need to be set. +COLLABORATION_URL= + +# Specify what storage system to use. Possible value is one of "s3" or "local". +# For "local", the avatar images and document attachments will be saved on local disk. +FILE_STORAGE=s3 + +# If "local" is configured for FILE_STORAGE above, then this sets the parent directory under +# which all attachments/images go. Make sure that the process has permissions to create +# this path and also to write files to it. +FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data + +# Maximum allowed size for the uploaded attachment. +FILE_STORAGE_UPLOAD_MAX_SIZE=262144000 + +# Override the maximum size of document imports, generally this should be lower +# than the document attachment maximum size. +FILE_STORAGE_IMPORT_MAX_SIZE=5120000 + +# Override the maximum size of workspace imports, these can be especially large +# and the files are temporary being automatically deleted after a period of time. +FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE= + +# To support uploading of images for avatars and document attachments in a distributed +# architecture an s3-compatible storage can be configured if FILE_STORAGE=s3 above. +AWS_ACCESS_KEY_ID={{ secret_outline.s3_access_key_id }} +AWS_SECRET_ACCESS_KEY={{ secret_outline.s3_secret_access_key }} +AWS_REGION=eu-west-1 +#AWS_S3_ACCELERATE_URL= (this costs money, bleh) +AWS_S3_UPLOAD_BUCKET_URL=https://{{ secret_outline.s3_bucket }}.s3.eu-west-1.amazonaws.com +AWS_S3_UPLOAD_BUCKET_NAME={{ secret_outline.s3_bucket }} +AWS_S3_FORCE_PATH_STYLE=true +AWS_S3_ACL=private + +# –––––––––––––– AUTHENTICATION –––––––––––––– + +# Third party signin credentials, at least ONE OF EITHER Google, Slack, +# or Microsoft is required for a working installation or you'll have no sign-in +# options. + +# To configure Slack auth, you'll need to create an Application at +# => https://api.slack.com/apps +# +# When configuring the Client ID, add a redirect URL under "OAuth & Permissions": +# https:///auth/slack.callback +#SLACK_CLIENT_ID=get_a_key_from_slack +#SLACK_CLIENT_SECRET=get_the_secret_of_above_key + +# To configure Google auth, you'll need to create an OAuth Client ID at +# => https://console.cloud.google.com/apis/credentials +# +# When configuring the Client ID, add an Authorized redirect URI: +# https:///auth/google.callback +#GOOGLE_CLIENT_ID= +#GOOGLE_CLIENT_SECRET= + +# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See +# the guide for details on setting up your Azure App: +# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4 +#AZURE_CLIENT_ID= +#AZURE_CLIENT_SECRET= +#AZURE_RESOURCE_APP_ID= + +# To configure generic OIDC auth, you'll need some kind of identity provider. +# See documentation for whichever IdP you use to acquire the following info: +# Redirect URI is https:///auth/oidc.callback +OIDC_CLIENT_ID={{ secret_oauth2_proxy.client_id }} +OIDC_CLIENT_SECRET={{ secret_oauth2_proxy.client_secret }} +OIDC_AUTH_URI=https://koala.{{ canonical_hostname }}/api/oauth/authorize +OIDC_TOKEN_URI=https://koala.{{ canonical_hostname }}/api/oauth/token +OIDC_USERINFO_URI=https://koala.{{ canonical_hostname }}/oauth/userinfo +OIDC_LOGOUT_URI=https://koala.{{ canonical_hostname }}/signout + +# Specify which claims to derive user information from +# Supports any valid JSON path with the JWT payload +OIDC_USERNAME_CLAIM=email + +# Display name for OIDC authentication +OIDC_DISPLAY_NAME=Koala Oauth + +# Space separated auth scopes. +OIDC_SCOPES=openid profile email member-read + +# To configure the GitHub integration, you'll need to create a GitHub App at +# => https://github.com/settings/apps +# +# When configuring the Client ID, add a redirect URL under "Permissions & events": +# https:///api/github.callback +#GITHUB_CLIENT_ID= +#GITHUB_CLIENT_SECRET= +#GITHUB_APP_NAME= +#GITHUB_APP_ID= +#GITHUB_APP_PRIVATE_KEY= + +# –––––––––––––––– OPTIONAL –––––––––––––––– + +# Base64 encoded private key and certificate for HTTPS termination. This is only +# required if you do not use an external reverse proxy. See documentation: +# https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45 +#SSL_KEY= +#SSL_CERT= + +# If using a Cloudfront/Cloudflare distribution or similar it can be set below. +# This will cause paths to javascript, stylesheets, and images to be updated to +# the hostname defined in CDN_URL. In your CDN configuration the origin server +# should be set to the same as URL. +#CDN_URL= + +# Auto-redirect to https in production. The default is true but you may set to +# false if you can be sure that SSL is terminated at an external loadbalancer. +FORCE_HTTPS=true + +# Have the installation check for updates by sending anonymized statistics to +# the maintainers +ENABLE_UPDATES=true + +# How many processes should be spawned. As a reasonable rule divide your servers +# available memory by 512 for a rough estimate +WEB_CONCURRENCY=1 + +# You can remove this line if your reverse proxy already logs incoming http +# requests and this ends up being duplicative +# DEBUG=cache,presenters,events,emails,mailer,utils,multiplayer,server,services + +# Configure lowest severity level for server logs. Should be one of +# error, warn, info, http, verbose, debug and silly +LOG_LEVEL=verbose + +# For a complete Slack integration with search and posting to channels the +# following configs are also needed, some more details +# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a +# +#SLACK_VERIFICATION_TOKEN=your_token +#SLACK_APP_ID=A0XXXXXXX +#SLACK_MESSAGE_ACTIONS=true + +# Optionally enable Sentry (sentry.io) to track errors and performance, +# and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI: +# https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option) +#SENTRY_DSN= +#SENTRY_TUNNEL= +# +# To support sending outgoing transactional emails such as "document updated" or +# "you've been invited" you'll need to provide authentication for an SMTP server +SMTP_HOST=smtp.mailgun.org +SMTP_PORT=465 +SMTP_USERNAME=outline@{{ canonical_hostname }} +SMTP_PASSWORD={{ secret_outline.mailgun_password }} +SMTP_FROM_EMAIL=noreply@svsticky.nl +SMTP_REPLY_EMAIL=noreply@svsticky.nl +#SMTP_TLS_CIPHERS= +#SMTP_SECURE=true + +# The default interface language. See translate.getoutline.com for a list of +# available language codes and their rough percentage translated. +DEFAULT_LANGUAGE=en_US + +# Optionally enable rate limiter at application web server +RATE_LIMITER_ENABLED=true + +# Configure default throttling parameters for rate limiter +RATE_LIMITER_REQUESTS=1000 +RATE_LIMITER_DURATION_WINDOW=60 + +# Iframely API config +#IFRAMELY_URL= +#IFRAMELY_API_KEY= diff --git a/ansible/roles/outline/templates/outline.conf.j2 b/ansible/roles/outline/templates/outline.conf.j2 index d06a6b2a4..136f71230 100644 --- a/ansible/roles/outline/templates/outline.conf.j2 +++ b/ansible/roles/outline/templates/outline.conf.j2 @@ -1,7 +1,7 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name ~^(compendium|stickypedia|wiki)\.{{ canonical_hostname }}; + server_name ~^(compendium|stickypedia|wiki|stickywiki)\.{{ canonical_hostname }}; ssl_certificate /etc/letsencrypt/live/compendium.{{ canonical_hostname }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/compendium.{{ canonical_hostname }}/privkey.pem; diff --git a/ansible/roles/outline/templates/outline.env.j2 b/ansible/roles/outline/templates/outline.env.j2 deleted file mode 100644 index 09ef695a5..000000000 --- a/ansible/roles/outline/templates/outline.env.j2 +++ /dev/null @@ -1,118 +0,0 @@ -# –––––––––––––––– REQUIRED –––––––––––––––– - -# Generate a unique random key, you can use `openssl rand -hex 32` in terminal -# DO NOT LEAVE UNSET -SECRET_KEY={{ secret_outline.secret_key }} - -# Generate a unique random key, you can use `openssl rand -hex 32` in terminal -# DO NOT LEAVE UNSET -UTILS_SECRET={{ secret_outline.utils_key }} - -# For production point these at your databases, in development the default -# should work out of the box. -PGHOST=/run/postgresql -DATABASE_URL=postgres:///outline?dbname=outline&host=/run/postgresql -# DATABASE_URL_TEST=postgres://user:pass@localhost:5532/outline-test -# Uncomment this to disable SSL for connecting to Postgres -# PGSSLMODE=disable -REDIS_URL=redis://localhost:6379 - -# URL should point to the fully qualified, publicly accessible URL. If using a -# proxy the port in URL and PORT may be different. -URL=https://compendium.{{ canonical_hostname }} -PORT=4568 - -# To support uploading of images for avatars and document attachments an -# s3-compatible storage must be provided. AWS S3 is recommended for redundency -# however if you want to keep all file storage local an alternative such as -# minio (https://github.com/minio/minio) can be used. - -# A more detailed guide on setting up S3 is available here: -# => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f -# -AWS_ACCESS_KEY_ID={{ secret_outline.s3_access_key_id }} -AWS_SECRET_ACCESS_KEY={{ secret_outline.s3_secret_access_key }} -AWS_REGION=eu-west-1 -AWS_S3_UPLOAD_BUCKET_URL=https://{{ secret_outline.s3_bucket }}.s3.eu-west-1.amazonaws.com -AWS_S3_UPLOAD_BUCKET_NAME={{ secret_outline.s3_bucket }} -AWS_S3_UPLOAD_MAX_SIZE=26214400 -AWS_S3_FORCE_PATH_STYLE=true -AWS_S3_ACL=private - - -# –––––––––––––– AUTHENTICATION –––––––––––––– - - -OIDC_CLIENT_ID={{ secret_oauth2_proxy.client_id }} -OIDC_CLIENT_SECRET={{ secret_oauth2_proxy.client_secret }} -OIDC_AUTH_URI=https://koala.{{ canonical_hostname }}/api/oauth/authorize -OIDC_TOKEN_URI=https://koala.{{ canonical_hostname }}/api/oauth/token -OIDC_USERINFO_URI=https://koala.{{ canonical_hostname }}/oauth/userinfo - -# Display name for OIDC authentication -OIDC_DISPLAY_NAME=Koala Oauth - -# Space separated auth scopes. -OIDC_SCOPES=openid profile email member-read - -# –––––––––––––––– OPTIONAL –––––––––––––––– - -# If using a Cloudfront/Cloudflare distribution or similar it can be set below. -# This will cause paths to javascript, stylesheets, and images to be updated to -# the hostname defined in CDN_URL. In your CDN configuration the origin server -# should be set to the same as URL. -# CDN_URL= - -# Auto-redirect to https in production. The default is true but you may set to -# false if you can be sure that SSL is terminated at an external loadbalancer. -FORCE_HTTPS=true - -# Have the installation check for updates by sending anonymized statistics to -# the maintainers -ENABLE_UPDATES=true - -# How many processes should be spawned. As a reasonable rule divide your servers -# available memory by 512 for a rough estimate -WEB_CONCURRENCY=1 - -# Override the maxium size of document imports, could be required if you have -# especially large Word documents with embedded imagery -MAXIMUM_IMPORT_SIZE=5120000 - -# You may enable or disable debugging categories to increase the noisiness of -# logs. The default is a good balance -DEBUG=cache,presenters,events,emails,mailer,utils,multiplayer,server,services - -# Comma separated list of domains to be allowed to signin to the wiki. If not -# set, all domains are allowed by default when using Google OAuth to signin -# ALLOWED_DOMAINS= - -# For a complete Slack integration with search and posting to channels the -# following configs are also needed, some more details -# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a -# -# SLACK_VERIFICATION_TOKEN=your_token -# SLACK_APP_ID=A0XXXXXXX -# SLACK_MESSAGE_ACTIONS=true - -# Optionally enable google analytics to track pageviews in the knowledge base -# GOOGLE_ANALYTICS_ID= - -# Optionally enable Sentry (sentry.io) to track errors and performance -# SENTRY_DSN= - -# To support sending outgoing transactional emails such as "document updated" or -# "you've been invited" you'll need to provide authentication for an SMTP server -SMTP_HOST=smtp.mailgun.org -SMTP_PORT=465 -SMTP_USERNAME=outline@{{ canonical_hostname }} -SMTP_PASSWORD={{ secret_outline.mailgun_password }} -SMTP_FROM_EMAIL=noreply@svsticky.nl -SMTP_REPLY_EMAIL=noreply@svsticky.nl - -# Custom logo that displays on the authentication screen, scaled to height: 60px -TEAM_LOGO=https://public.svsticky.nl/logos/hoofd_outline_wit.png - -# The default interface language. See translate.getoutline.com for a list of -# available language codes and their rough percentage translated. -DEFAULT_LANGUAGE=en_US diff --git a/ansible/roles/outline/templates/outline.service.j2 b/ansible/roles/outline/templates/outline.service.j2 deleted file mode 100644 index ce7aa8b72..000000000 --- a/ansible/roles/outline/templates/outline.service.j2 +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Outline Wiki server -Wants=redis.service postgresql.service - -[Service] -ExecStartPre=/usr/bin/yarn db:migrate -ExecStart=/usr/bin/yarn start --env production -WorkingDirectory=/var/www/outline/outline - -EnvironmentFile=/etc/outline/outline.env - -PrivateTmp=yes - -User=outline -Group=outline - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/outline/vars/main.yml b/ansible/roles/outline/vars/main.yml new file mode 100644 index 000000000..63ccdf7bd --- /dev/null +++ b/ansible/roles/outline/vars/main.yml @@ -0,0 +1,2 @@ +--- +outline_project_source: "/var/www/outline/outline" diff --git a/ansible/roles/packages/tasks/main.yml b/ansible/roles/packages/tasks/main.yml index 80bb3f208..0bf73fc86 100644 --- a/ansible/roles/packages/tasks/main.yml +++ b/ansible/roles/packages/tasks/main.yml @@ -19,6 +19,7 @@ - "acl" - "git" - "toilet" + - "neovim" state: "present" - name: "update all packages"