diff --git a/README.md b/README.md index 121d37c..5d623cd 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,6 @@ On découpe nos *playbooks* Ansible par rôles : - `site.yml`: Inclu tous les autres, pratique pour tout exécuter. - `pycon.yml`: Pour les pycon.fr -- `passbolt.yml`: Pour passbolt. - `backup.yml`: Configure rsnapshot pour sauvegarder nos serveurs. - ... @@ -19,8 +18,6 @@ Puis pour jouer les *playbooks* : - Pour tout relancer : `ansible-playbook site.yml` - Pour configurer les PyCons : `ansible-playbook pycons.yml` -- Pour configurer Passbolt : `ansible-playbook passbolt.yml` - (attention voir [#15](https://github.com/laxathom/ansible-role-passbolt/issues/15)). ## TODO @@ -68,7 +65,7 @@ Liste des jails toujours utiles : - smtpd (/usr/local/etc/mail/smtpd.conf) - dovecot (comptes: /usr/local/etc/mail/tables/passwd) - spamd -- mailman: Le sitepass est disponnible dans passbolt. +- mailman: Le sitepass est disponnible dans [pass](https://github.com/AFPy/pass/). - http: toujours utile pour https://lists.afpy.org @@ -112,14 +109,6 @@ backup storage.afpy.org:/var/www/ storage.afpy.org/ ``` -## Passbolt - -See [passbolt backup documentation](https://help.passbolt.com/hosting/backup). - -On a un CRON qui lance un `mysqldump` vers `/srv/backups/passbolt.sql` -sur le serveur du passbolt, qui dont pourrait se faire sauvegarder par rsnapshot. - - ## BBB On a installé le BBB simplement, sur bbb.afpy.org, une machine dédiée : diff --git a/backup.yml b/backup.yml index dc38004..0b9ba0b 100644 --- a/backup.yml +++ b/backup.yml @@ -1,20 +1,5 @@ --- -- hosts: rsnapshoters - roles: [common] - tasks: - - name: Setup rsnapshot cron - include_role: name=rsnapshoter - vars: - rsnapshotted_hosts: "{{ groups.rsnapshotted }}" - rsnapshot_backups: - - remote: passbolt.afpy.org:/srv/backups/ - path: passbolt.afpy.org/ - - remote: passbolt.afpy.org:/srv/passbolt/www/webroot/img/public/ - path: passbolt.afpy.org/ - - remote: passbolt.afpy.org:/srv/passbolt/www/config/ - path: passbolt.afpy.org/ - - hosts: rsnapshotted roles: [common] tasks: diff --git a/inventory b/inventory index 77028b0..e4cc757 100644 --- a/inventory +++ b/inventory @@ -4,15 +4,9 @@ deb.afpy.org [dl] dl.afpy.org -[rsnapshoters] -silence.local # Yes it's on Julien's LAN. - [rsnapshotted] deb.afpy.org -[passbolt] -deb.afpy.org - [alains] deb.afpy.org diff --git a/passbolt.yml b/passbolt.yml deleted file mode 100644 index c7935b2..0000000 --- a/passbolt.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- - -- hosts: passbolt - roles: [common, tschifftner.exim4_sendonly, laxathom.passbolt] - tasks: - - name: Create passbolt backup directory - file: - path: /srv/backups/ - owner: root - group: root - mode: 0700 - state: directory - tags: backup - - - name: Setup mysql passbolt backup - cron: - name: passbolt mysql backup - minute: 20 - hour: 5 - job: '/usr/bin/mysqldump passbolt > /srv/backups/passbolt.sql' - tags: backup - - vars: - passbolt_version: "2.12.0" - passbolt_tmpdir: "/srv/passbolt-tmp/" - passbolt_homedir: "/srv/passbolt/" - passbolt_webroot: "/srv/passbolt/www/" - passbolt_use_ssl: True - passbolt_url: "https://passbolt.afpy.org" - passbolt_domain: "passbolt.afpy.org" - passbolt_gpgkey_length: 4096 - passbolt_gpgkey_sublength: 4096 - passbolt_gpgkey_email: "passbolt@afpy.org" - passbolt_dbpass: "{{ vault_passbolt_dbpass }}" - passbolt_smtp_sender_email: "passbolt@afpy.org" - - passbolt_php_fpm_includedir: /etc/php/7.3/fpm/pool.d/ - passbolt_php_fpm_listen: /var/run/php/fpm.sock - passbolt_php_fpm_user: passbolt - passbolt_php_fpm_group: passbolt - passbolt_php_fpm_listen_owner: www-data - passbolt_php_fpm_listen_group: www-data - - passbolt_dbport: 3306 - mysql_root_username: root - mysql_root_password: "{{ vault_mysql_root_password }}" - mysql_databases: - - name: passbolt - encoding: utf8mb4 - collation: utf8mb4_unicode_ci - mysql_users: - - name: passbolt - password: "{{ vault_passbolt_dbpass }}" - priv: "passbolt.*:ALL" - mysql_packages: - - mariadb-server - - mariadb-client - - python-mysqldb - mysql_bind_address: '127.0.0.1' - php_memory_limit: "512M" - php_date_timezone: "Europe/Paris" - php_webserver_daemon: "nginx" - php_enable_php_fpm: true - php_enable_webserver: false - nginx_sites: - passbolt_http: - - listen 80 - - server_name "{{ passbolt_domain }}" - - access_log /var/log/nginx/passbolt.afpy.org-access.log - - error_log /var/log/nginx/passbolt.afpy.org-error.log - - location / { - return 301 https://{{ passbolt_domain }}$request_uri; - } - - passbolt: - - listen 443 ssl - - server_name passbolt.afpy.org - - server_tokens off - - access_log /var/log/nginx/passbolt.afpy.org-access.log - - error_log /var/log/nginx/passbolt.afpy.org-error.log - - include snippets/letsencrypt-{{ passbolt_domain }}.conf - - root {{ passbolt_webroot }}/webroot/ - - location / { try_files $uri /index.php$is_args$args; } - - location ~ \.php(/|$) { - fastcgi_pass unix:{{ passbolt_php_fpm_listen }}; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - fastcgi_read_timeout 500; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_param SERVER_NAME $http_host; - fastcgi_param DOCUMENT_ROOT $realpath_root; - internal; - } diff --git a/requirements.yml b/requirements.yml index 6edb58b..457e2ff 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,5 +4,3 @@ roles: version: master - src: tschifftner.exim4_sendonly version: master - - src: laxathom.passbolt - version: master diff --git a/site.yml b/site.yml index 5d856a0..1581e61 100644 --- a/site.yml +++ b/site.yml @@ -4,7 +4,6 @@ - import_playbook: pycon.fr.yml - import_playbook: afpy.org.yml - import_playbook: logs.afpy.org.yml -# - import_playbook: passbolt.yml # See https://github.com/laxathom/ansible-role-passbolt/issues/15 - import_playbook: backup.yml - import_playbook: autoconfig.yml - import_playbook: alain.yml