remove unused kanboard role

playbooks/apollo.yml

@@ -48,7 +48,6 @@
       security_tracker_dir: "/srv/http/security-tracker"
     - { role: mailman, mailman_domain: "lists.archlinux.org" }
     - { role: patchwork }
-    - { role: kanboard }
     - { role: grafana }
     - { role: archwiki }
     - { role: conf_archlinux }

roles/kanboard/defaults/main.yml

----
-
-kanboard_dir: "/srv/http/kanboard"
-kanboard_domain: "kanboard.archlinux.org"
-
-kanboard_db_user: "kanboard"
-kanboard_db: "kanboard"
-
-kanboard_version: "stable"
-

roles/kanboard/handlers/main.yml

----
-
-- name: restart php-fpm@kanboard
-  service: name=php-fpm@kanboard state=restarted

roles/kanboard/tasks/main.yml

----
-
-- name: install packages
-  pacman: name=git state=present
-
-- name: make kanboard user
-  user: name=kanboard shell=/bin/false home="{{ kanboard_dir }}" createhome=no
-
-- name: clone kanboard git repo
-  git: repo=https://github.com/kanboard/kanboard.git dest="{{ kanboard_dir }}" version={{ kanboard_version }}
-
-- name: install nginx config
-  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/kanboard.conf owner=root group=root mode=644
-  notify:
-    - reload nginx
-  tags: ['nginx']
-
-- name: make nginx log dir
-  file: path=/var/log/nginx/{{ kanboard_domain }} state=directory owner=root group=root mode=0755
-
-- name: make dirs for webuser
-  file: path="{{ kanboard_dir }}/{{ item }}" owner=kanboard mode=700 state=directory
-  with_items:
-    - data
-
-- name: create kanboard db user
-  postgresql_user: name={{ kanboard_db_user }} password={{ vault_kanboard_db_password }} encrypted=true
-  become: yes
-  become_user: postgres
-  become_method: su
-
-- name: create kanboard db
-  postgresql_db: db="{{ kanboard_db }}"
-  become: yes
-  become_user: postgres
-  become_method: su
-
-- name: install kanboard config
-  template: src=config.php.j2 dest="{{ kanboard_dir }}/config.php" owner=root group=kanboard mode=640
-
-- name: configure php-fpm
-  template:
-    src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/kanboard.conf"
-    owner=root group=root mode=0644
-  notify:
-    - restart php-fpm@kanboard
-
-- name: start and enable systemd socket
-  service: name=php-fpm@kanboard.socket state=started enabled=true
-
-- name: install systemd timers for kanboard cronjob
-  template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  with_items:
-    - kanboard-cron.timer
-    - kanboard-cron.service
-
-- name: activate systemd timers for kanboard cronjob
-  service: name=kanboard-cron.timer enabled=yes state=started

roles/kanboard/templates/config.php.j2

-<?php
-
-define('DB_DRIVER', 'postgres');
-define('DB_USERNAME', '{{kanboard_db_user}}');
-define('DB_PASSWORD', '{{vault_kanboard_db_password}}');
-define('DB_HOSTNAME', 'localhost');
-define('DB_NAME', '{{kanboard_db}}');
-
-define('ENABLE_HSTS', false);
-define('ENABLE_URL_REWRITE', true);
-
-define('MAIL_TRANSPORT', 'smtp');
-define('MAIL_SMTP_HOSTNAME', 'localhost');
-define('MAIL_SMTP_PORT', 25);
-define('MAIL_FROM', 'kanboard@archlinux.org');

roles/kanboard/templates/kanboard-cron.service

-[Unit]
-Description=Kanboard cronjob
-
-[Service]
-User=kanboard
-Type=oneshot
-WorkingDirectory={{kanboard_dir}}
-ExecStart=/usr/bin/php ./cli cron
-
-NoNewPrivileges=true
-TimeoutStartSec=3600
-
-ProtectHome=true
-ProtectSystem=full
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectControlGroups=true

roles/kanboard/templates/kanboard-cron.timer

-[Unit]
-Description=Kanboard cronjob
-
-[Timer]
-OnCalendar=daily
-Persistent=true
-
-[Install]
-WantedBy=timers.target

roles/kanboard/templates/nginx.d.conf.j2

-upstream kanboard {
-    server unix:///run/php-fpm/kanboard.socket;
-}
-
-server {
-    listen       80;
-    listen       [::]:80;
-    server_name  {{ kanboard_domain }};
-
-    access_log   /var/log/nginx/{{ kanboard_domain }}/access.log json_reduced;
-    error_log    /var/log/nginx/{{ kanboard_domain }}/error.log;
-
-    include snippets/letsencrypt.conf;
-
-    location / {
-        access_log off;
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-server {
-    listen       443 ssl http2;
-    listen       [::]:443 ssl http2;
-    server_name  {{ kanboard_domain }};
-
-    access_log   /var/log/nginx/{{ kanboard_domain }}/access.log json_reduced;
-    error_log    /var/log/nginx/{{ kanboard_domain }}/error.log;
-
-    ssl_certificate      /etc/letsencrypt/live/{{ kanboard_domain }}/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/{{ kanboard_domain }}/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/{{ kanboard_domain }}/chain.pem;
-
-    root {{ kanboard_dir }};
-
-    index index.php;
-
-    location / {
-        try_files $uri $uri/ /index.php$is_args$args;
-    }
-
-    location ~ \.php$ {
-        access_log   /var/log/nginx/{{ kanboard_domain }}/access.log json_main;
-        try_files $uri =404;
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        include fastcgi_params;
-        fastcgi_pass kanboard;
-    }
-
-    # Deny access to the directory data
-    location ~* /data {
-        deny all;
-        return 404;
-    }
-
-    # Deny access to .htaccess
-    location ~ /\.ht {
-        deny all;
-        return 404;
-    }
-}

roles/kanboard/templates/php-fpm.conf.j2

-[global]
-error_log = syslog
-daemonize = no
-
-[kanboard]
-listen = /run/php-fpm/kanboard.socket
-listen.owner = kanboard
-listen.group = http
-listen.mode = 0660
-
-pm = dynamic
-pm.max_children = 20
-pm.start_servers = 1
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
-pm.max_requests = 2000
-
-php_admin_value[open_basedir] = {{ kanboard_dir }}:/tmp
-php_admin_value[opcache.memory_consumption] = 128
-php_admin_value[opcache.interned_strings_buffer] = 8
-php_admin_value[opcache.max_accelerated_files] = 200
-php_admin_value[opcache.revalidate_freq] = 60
-php_admin_value[opcache.fast_shutdown] = 1
-php_admin_value[disable_functions] = passthru, exec, proc_open, shell_exec, system, popen