9 files changed, 1 insertions(+), 219 deletions(-)

M host_vars/xenrox.net/docker_services.yml
M playbooks/avalon.yml
D roles/bookstack/files/bookstack.conf
D roles/bookstack/tasks/main.yml
D roles/bookstack/templates/backup.sh.j2
D roles/bookstack/templates/config.env.j2
D roles/bookstack/templates/docker-compose.yml.j2
M terraform_hetzner/locals.tf
M terraform_keycloak/keycloak.tf

@@ 1,3 1,2 @@
 ---
 docker_services:
-  - bookstack

@@ 42,7 42,6 @@
     - { role: borg }
     - { role: navidrome }
     # - { role: screego }
-    - { role: bookstack }
     - { role: syncthing }
     - { role: wireguard }
     - { role: wireguard_vpn_server }

@@ 1,19 0,0 @@
-server {
-    include /etc/nginx/snippets/http.conf;
-    server_name wiki.xenrox.net;
-}
-
-server {
-    include /etc/nginx/snippets/https.conf;
-    server_name wiki.xenrox.net;
-
-    client_max_body_size 50m;
-
-    location / {
-        proxy_pass http://127.0.0.1:6875;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-}

@@ 1,68 0,0 @@
----
-- name: Get secrets
-  ansible.builtin.set_fact:
-    bookstack_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/bookstack') }}"
-    email_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/email') }}"
-
-- name: Create directory
-  ansible.builtin.file:
-    path: /opt/bookstack
-    state: directory
-    owner: root
-    group: root
-    mode: 0755
-
-- name: Configure
-  ansible.builtin.template:
-    src: docker-compose.yml.j2
-    dest: /opt/bookstack/docker-compose.yml
-    owner: root
-    group: root
-    mode: 0600
-
-- name: Create config directory
-  ansible.builtin.file:
-    path: /opt/bookstack/config/www
-    state: directory
-    owner: xenrox
-    group: xenrox
-    mode: 0775
-
-- name: Set app key
-  ansible.builtin.lineinfile:
-    dest: /opt/bookstack/config/BOOKSTACK_APP_KEY.txt
-    line: "{{ bookstack_secrets['app_key'] }}"
-    owner: xenrox
-    group: xenrox
-    mode: 0644
-    create: true
-
-- name: Configure env
-  ansible.builtin.template:
-    src: config.env.j2
-    dest: /opt/bookstack/config/www/.env
-    owner: xenrox
-    group: xenrox
-    mode: 0660
-
-- name: Copy nginx conf
-  ansible.builtin.copy:
-    src: bookstack.conf
-    dest: /etc/nginx/nginx.d/bookstack.conf
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart nginx
-
-- name: Install backup script
-  ansible.builtin.template:
-    src: backup.sh.j2
-    dest: /opt/bookstack/backup.sh
-    owner: root
-    group: root
-    mode: 0700
-
-- name: Start
-  community.docker.docker_compose:
-    project_src: /opt/bookstack/
-    pull: true

@@ 1,6 0,0 @@
-#!/bin/bash
-
-mkdir -p /opt/backup/docker/bookstack
-
-cd /opt/bookstack
-docker exec bookstack_db /bin/bash -c 'mysqldump -u bookstack -p{{ bookstack_secrets['psql_password'] }} bookstack' > /opt/backup/docker/bookstack/dump.sql

@@ 1,71 0,0 @@
-# This file, when named as ".env" in the root of your BookStack install
-# folder, is used for the core configuration of the application.
-# By default this file contains the most common required options but
-# a full list of options can be found in the '.env.example.complete' file.
-
-# NOTE: If any of your values contain a space or a hash you will need to
-# wrap the entire value in quotes. (eg. MAIL_FROM_NAME="BookStack Mailer")
-
-# Application key
-# Used for encryption where needed.
-# Run `php artisan key:generate` to generate a valid key.
-APP_KEY={{ bookstack_secrets['app_key'] }}
-
-# Application URL
-# This must be the root URL that you want to host BookStack on.
-# All URLs in BookStack will be generated using this value
-# to ensure URLs generated are consistent and secure.
-# If you change this in the future you may need to run a command
-# to update stored URLs in the database. Command example:
-# php artisan bookstack:update-url https://old.example.com https://new.example.com
-APP_URL=https://wiki.xenrox.net
-
-# Database details
-DB_HOST=bookstack_db
-DB_DATABASE=bookstack
-DB_USERNAME=bookstack
-DB_PASSWORD={{ bookstack_secrets['psql_password'] }}
-
-# Mail system to use
-# Can be 'smtp' or 'sendmail'
-MAIL_DRIVER=smtp
-
-# Mail sender details
-MAIL_FROM_NAME="BookStack"
-MAIL_FROM=noreply@xenrox.net
-
-# SMTP mail options
-# These settings can be checked using the "Send a Test Email"
-# feature found in the "Settings > Maintenance" area of the system.
-MAIL_HOST=mail.xenrox.net
-MAIL_PORT=587
-MAIL_USERNAME={{ email_secrets['noreply_user'] }}
-MAIL_PASSWORD={{ email_secrets['noreply_password'] }}
-MAIL_ENCRYPTION=tls
-
-WKHTMLTOPDF=/usr/bin/wkhtmltopdf
-ALLOW_UNTRUSTED_SERVER_FETCHING=true
-
-# Keycloak
-AUTH_METHOD=oidc
-OIDC_NAME=Keycloak
-OIDC_DISPLAY_NAME_CLAIMS=name
-OIDC_CLIENT_ID=openid_bookstack
-OIDC_CLIENT_SECRET={{ bookstack_secrets['oidc_secret'] }}
-OIDC_ISSUER=https://keycloak.xenrox.net/auth/realms/xenrox
-OIDC_ISSUER_DISCOVER=true
-
-ALLOW_ROBOTS=false
-SESSION_SECURE_COOKIE=true
-CACHE_DRIVER=database
-SESSION_DRIVER=database
-REVISION_LIMIT=10
-
-STORAGE_TYPE=s3
-STORAGE_S3_KEY={{ bookstack_secrets['s3_access'] }}
-STORAGE_S3_SECRET={{ bookstack_secrets['s3_secret'] }}
-STORAGE_S3_BUCKET=bookstack
-STORAGE_S3_ENDPOINT=https://minio.xenrox.net
-STORAGE_URL=https://minio.xenrox.net/bookstack
-# Maximum file size, in megabytes, that can be uploaded to the system.
-FILE_UPLOAD_SIZE_LIMIT=50

@@ 1,31 0,0 @@
----
-version: "2"
-services:
-  bookstack:
-    image: lscr.io/linuxserver/bookstack
-    container_name: bookstack
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - APP_URL=https://wiki.xenrox.net
-    volumes:
-      - ./config:/config
-    ports:
-      - 127.0.0.1:6875:80
-    restart: unless-stopped
-    depends_on:
-      - bookstack_db
-  bookstack_db:
-    image: lscr.io/linuxserver/mariadb
-    container_name: bookstack_db
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - MYSQL_ROOT_PASSWORD={{ bookstack_secrets['psql_password'] }}
-      - TZ=Europe/Berlin
-      - MYSQL_DATABASE=bookstack
-      - MYSQL_USER=bookstack
-      - MYSQL_PASSWORD={{ bookstack_secrets['psql_password'] }}
-    volumes:
-      - ./db_config:/config
-    restart: unless-stopped

@@ 22,7 22,7 @@ locals {
 
     "bot", "faceit", "gamja", "pass", "search",
 
-    "push", "music", "screego", "wiki", "status", "gotify",
+    "push", "music", "screego", "status", "gotify",
   ])
 
   xenrox_net_cname = {

@@ 407,24 407,3 @@ resource "keycloak_group_roles" "hedgedoc" {
   group_id = keycloak_group.hedgedoc.id
   role_ids = [keycloak_role.hedgedoc.id]
 }
-
-# Bookstack
-
-data "vault_generic_secret" "bookstack" {
-  path = "ansible/bookstack"
-}
-
-resource "keycloak_openid_client" "bookstack_openid_client" {
-  realm_id      = "xenrox"
-  client_id     = "openid_bookstack"
-  client_secret = data.vault_generic_secret.bookstack.data["oidc_secret"]
-
-  name                  = "Bookstack"
-  enabled               = true
-  standard_flow_enabled = true
-
-  access_type = "CONFIDENTIAL"
-  valid_redirect_uris = [
-    "https://wiki.xenrox.net/oidc/callback"
-  ]
-}