M host_vars/xenrox.net/docker_services.yml => host_vars/xenrox.net/docker_services.yml +0 -1
@@ 1,3 1,2 @@
---
docker_services:
- - bookstack
M playbooks/avalon.yml => playbooks/avalon.yml +0 -1
@@ 42,7 42,6 @@
- { role: borg }
- { role: navidrome }
# - { role: screego }
- - { role: bookstack }
- { role: syncthing }
- { role: wireguard }
- { role: wireguard_vpn_server }
D roles/bookstack/files/bookstack.conf => roles/bookstack/files/bookstack.conf +0 -19
@@ 1,19 0,0 @@
-server {
- include /etc/nginx/snippets/http.conf;
- server_name wiki.xenrox.net;
-}
-
-server {
- include /etc/nginx/snippets/https.conf;
- server_name wiki.xenrox.net;
-
- client_max_body_size 50m;
-
- location / {
- proxy_pass http://127.0.0.1:6875;
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
-}
D roles/bookstack/tasks/main.yml => roles/bookstack/tasks/main.yml +0 -68
@@ 1,68 0,0 @@
----
-- name: Get secrets
- ansible.builtin.set_fact:
- bookstack_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/bookstack') }}"
- email_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/email') }}"
-
-- name: Create directory
- ansible.builtin.file:
- path: /opt/bookstack
- state: directory
- owner: root
- group: root
- mode: 0755
-
-- name: Configure
- ansible.builtin.template:
- src: docker-compose.yml.j2
- dest: /opt/bookstack/docker-compose.yml
- owner: root
- group: root
- mode: 0600
-
-- name: Create config directory
- ansible.builtin.file:
- path: /opt/bookstack/config/www
- state: directory
- owner: xenrox
- group: xenrox
- mode: 0775
-
-- name: Set app key
- ansible.builtin.lineinfile:
- dest: /opt/bookstack/config/BOOKSTACK_APP_KEY.txt
- line: "{{ bookstack_secrets['app_key'] }}"
- owner: xenrox
- group: xenrox
- mode: 0644
- create: true
-
-- name: Configure env
- ansible.builtin.template:
- src: config.env.j2
- dest: /opt/bookstack/config/www/.env
- owner: xenrox
- group: xenrox
- mode: 0660
-
-- name: Copy nginx conf
- ansible.builtin.copy:
- src: bookstack.conf
- dest: /etc/nginx/nginx.d/bookstack.conf
- owner: root
- group: root
- mode: 0644
- notify: restart nginx
-
-- name: Install backup script
- ansible.builtin.template:
- src: backup.sh.j2
- dest: /opt/bookstack/backup.sh
- owner: root
- group: root
- mode: 0700
-
-- name: Start
- community.docker.docker_compose:
- project_src: /opt/bookstack/
- pull: true
D roles/bookstack/templates/backup.sh.j2 => roles/bookstack/templates/backup.sh.j2 +0 -6
@@ 1,6 0,0 @@
-#!/bin/bash
-
-mkdir -p /opt/backup/docker/bookstack
-
-cd /opt/bookstack
-docker exec bookstack_db /bin/bash -c 'mysqldump -u bookstack -p{{ bookstack_secrets['psql_password'] }} bookstack' > /opt/backup/docker/bookstack/dump.sql
D roles/bookstack/templates/config.env.j2 => roles/bookstack/templates/config.env.j2 +0 -71
@@ 1,71 0,0 @@
-# This file, when named as ".env" in the root of your BookStack install
-# folder, is used for the core configuration of the application.
-# By default this file contains the most common required options but
-# a full list of options can be found in the '.env.example.complete' file.
-
-# NOTE: If any of your values contain a space or a hash you will need to
-# wrap the entire value in quotes. (eg. MAIL_FROM_NAME="BookStack Mailer")
-
-# Application key
-# Used for encryption where needed.
-# Run `php artisan key:generate` to generate a valid key.
-APP_KEY={{ bookstack_secrets['app_key'] }}
-
-# Application URL
-# This must be the root URL that you want to host BookStack on.
-# All URLs in BookStack will be generated using this value
-# to ensure URLs generated are consistent and secure.
-# If you change this in the future you may need to run a command
-# to update stored URLs in the database. Command example:
-# php artisan bookstack:update-url https://old.example.com https://new.example.com
-APP_URL=https://wiki.xenrox.net
-
-# Database details
-DB_HOST=bookstack_db
-DB_DATABASE=bookstack
-DB_USERNAME=bookstack
-DB_PASSWORD={{ bookstack_secrets['psql_password'] }}
-
-# Mail system to use
-# Can be 'smtp' or 'sendmail'
-MAIL_DRIVER=smtp
-
-# Mail sender details
-MAIL_FROM_NAME="BookStack"
-MAIL_FROM=noreply@xenrox.net
-
-# SMTP mail options
-# These settings can be checked using the "Send a Test Email"
-# feature found in the "Settings > Maintenance" area of the system.
-MAIL_HOST=mail.xenrox.net
-MAIL_PORT=587
-MAIL_USERNAME={{ email_secrets['noreply_user'] }}
-MAIL_PASSWORD={{ email_secrets['noreply_password'] }}
-MAIL_ENCRYPTION=tls
-
-WKHTMLTOPDF=/usr/bin/wkhtmltopdf
-ALLOW_UNTRUSTED_SERVER_FETCHING=true
-
-# Keycloak
-AUTH_METHOD=oidc
-OIDC_NAME=Keycloak
-OIDC_DISPLAY_NAME_CLAIMS=name
-OIDC_CLIENT_ID=openid_bookstack
-OIDC_CLIENT_SECRET={{ bookstack_secrets['oidc_secret'] }}
-OIDC_ISSUER=https://keycloak.xenrox.net/auth/realms/xenrox
-OIDC_ISSUER_DISCOVER=true
-
-ALLOW_ROBOTS=false
-SESSION_SECURE_COOKIE=true
-CACHE_DRIVER=database
-SESSION_DRIVER=database
-REVISION_LIMIT=10
-
-STORAGE_TYPE=s3
-STORAGE_S3_KEY={{ bookstack_secrets['s3_access'] }}
-STORAGE_S3_SECRET={{ bookstack_secrets['s3_secret'] }}
-STORAGE_S3_BUCKET=bookstack
-STORAGE_S3_ENDPOINT=https://minio.xenrox.net
-STORAGE_URL=https://minio.xenrox.net/bookstack
-# Maximum file size, in megabytes, that can be uploaded to the system.
-FILE_UPLOAD_SIZE_LIMIT=50
D roles/bookstack/templates/docker-compose.yml.j2 => roles/bookstack/templates/docker-compose.yml.j2 +0 -31
@@ 1,31 0,0 @@
----
-version: "2"
-services:
- bookstack:
- image: lscr.io/linuxserver/bookstack
- container_name: bookstack
- environment:
- - PUID=1000
- - PGID=1000
- - APP_URL=https://wiki.xenrox.net
- volumes:
- - ./config:/config
- ports:
- - 127.0.0.1:6875:80
- restart: unless-stopped
- depends_on:
- - bookstack_db
- bookstack_db:
- image: lscr.io/linuxserver/mariadb
- container_name: bookstack_db
- environment:
- - PUID=1000
- - PGID=1000
- - MYSQL_ROOT_PASSWORD={{ bookstack_secrets['psql_password'] }}
- - TZ=Europe/Berlin
- - MYSQL_DATABASE=bookstack
- - MYSQL_USER=bookstack
- - MYSQL_PASSWORD={{ bookstack_secrets['psql_password'] }}
- volumes:
- - ./db_config:/config
- restart: unless-stopped
M terraform_hetzner/locals.tf => terraform_hetzner/locals.tf +1 -1
@@ 22,7 22,7 @@ locals {
"bot", "faceit", "gamja", "pass", "search",
- "push", "music", "screego", "wiki", "status", "gotify",
+ "push", "music", "screego", "status", "gotify",
])
xenrox_net_cname = {
M terraform_keycloak/keycloak.tf => terraform_keycloak/keycloak.tf +0 -21
@@ 407,24 407,3 @@ resource "keycloak_group_roles" "hedgedoc" {
group_id = keycloak_group.hedgedoc.id
role_ids = [keycloak_role.hedgedoc.id]
}
-
-# Bookstack
-
-data "vault_generic_secret" "bookstack" {
- path = "ansible/bookstack"
-}
-
-resource "keycloak_openid_client" "bookstack_openid_client" {
- realm_id = "xenrox"
- client_id = "openid_bookstack"
- client_secret = data.vault_generic_secret.bookstack.data["oidc_secret"]
-
- name = "Bookstack"
- enabled = true
- standard_flow_enabled = true
-
- access_type = "CONFIDENTIAL"
- valid_redirect_uris = [
- "https://wiki.xenrox.net/oidc/callback"
- ]
-}