Verified Commit bdda1074 authored by Frederik Schwan's avatar Frederik Schwan
Browse files

remove unused kanboard role

parent c8d8c843
......@@ -48,7 +48,6 @@
security_tracker_dir: "/srv/http/security-tracker"
- { role: mailman, mailman_domain: "lists.archlinux.org" }
- { role: patchwork }
- { role: kanboard }
- { role: grafana }
- { role: archwiki }
- { role: conf_archlinux }
......
---
kanboard_dir: "/srv/http/kanboard"
kanboard_domain: "kanboard.archlinux.org"
kanboard_db_user: "kanboard"
kanboard_db: "kanboard"
kanboard_version: "stable"
---
- name: restart php-fpm@kanboard
service: name=php-fpm@kanboard state=restarted
---
- name: install packages
pacman: name=git state=present
- name: make kanboard user
user: name=kanboard shell=/bin/false home="{{ kanboard_dir }}" createhome=no
- name: clone kanboard git repo
git: repo=https://github.com/kanboard/kanboard.git dest="{{ kanboard_dir }}" version={{ kanboard_version }}
- name: install nginx config
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/kanboard.conf owner=root group=root mode=644
notify:
- reload nginx
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ kanboard_domain }} state=directory owner=root group=root mode=0755
- name: make dirs for webuser
file: path="{{ kanboard_dir }}/{{ item }}" owner=kanboard mode=700 state=directory
with_items:
- data
- name: create kanboard db user
postgresql_user: name={{ kanboard_db_user }} password={{ vault_kanboard_db_password }} encrypted=true
become: yes
become_user: postgres
become_method: su
- name: create kanboard db
postgresql_db: db="{{ kanboard_db }}"
become: yes
become_user: postgres
become_method: su
- name: install kanboard config
template: src=config.php.j2 dest="{{ kanboard_dir }}/config.php" owner=root group=kanboard mode=640
- name: configure php-fpm
template:
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/kanboard.conf"
owner=root group=root mode=0644
notify:
- restart php-fpm@kanboard
- name: start and enable systemd socket
service: name=php-fpm@kanboard.socket state=started enabled=true
- name: install systemd timers for kanboard cronjob
template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- kanboard-cron.timer
- kanboard-cron.service
- name: activate systemd timers for kanboard cronjob
service: name=kanboard-cron.timer enabled=yes state=started
<?php
define('DB_DRIVER', 'postgres');
define('DB_USERNAME', '{{kanboard_db_user}}');
define('DB_PASSWORD', '{{vault_kanboard_db_password}}');
define('DB_HOSTNAME', 'localhost');
define('DB_NAME', '{{kanboard_db}}');
define('ENABLE_HSTS', false);
define('ENABLE_URL_REWRITE', true);
define('MAIL_TRANSPORT', 'smtp');
define('MAIL_SMTP_HOSTNAME', 'localhost');
define('MAIL_SMTP_PORT', 25);
define('MAIL_FROM', 'kanboard@archlinux.org');
[Unit]
Description=Kanboard cronjob
[Service]
User=kanboard
Type=oneshot
WorkingDirectory={{kanboard_dir}}
ExecStart=/usr/bin/php ./cli cron
NoNewPrivileges=true
TimeoutStartSec=3600
ProtectHome=true
ProtectSystem=full
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
[Unit]
Description=Kanboard cronjob
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
upstream kanboard {
server unix:///run/php-fpm/kanboard.socket;
}
server {
listen 80;
listen [::]:80;
server_name {{ kanboard_domain }};
access_log /var/log/nginx/{{ kanboard_domain }}/access.log json_reduced;
error_log /var/log/nginx/{{ kanboard_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ kanboard_domain }};
access_log /var/log/nginx/{{ kanboard_domain }}/access.log json_reduced;
error_log /var/log/nginx/{{ kanboard_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ kanboard_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ kanboard_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ kanboard_domain }}/chain.pem;
root {{ kanboard_dir }};
index index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
access_log /var/log/nginx/{{ kanboard_domain }}/access.log json_main;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass kanboard;
}
# Deny access to the directory data
location ~* /data {
deny all;
return 404;
}
# Deny access to .htaccess
location ~ /\.ht {
deny all;
return 404;
}
}
[global]
error_log = syslog
daemonize = no
[kanboard]
listen = /run/php-fpm/kanboard.socket
listen.owner = kanboard
listen.group = http
listen.mode = 0660
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 2000
php_admin_value[open_basedir] = {{ kanboard_dir }}:/tmp
php_admin_value[opcache.memory_consumption] = 128
php_admin_value[opcache.interned_strings_buffer] = 8
php_admin_value[opcache.max_accelerated_files] = 200
php_admin_value[opcache.revalidate_freq] = 60
php_admin_value[opcache.fast_shutdown] = 1
php_admin_value[disable_functions] = passthru, exec, proc_open, shell_exec, system, popen
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment