OpenNeo/impress
OpenNeo/impress
1
0
Fork 1
Code Pull requests Activity

Compare commits

base: OpenNeo:377df4486c2f9b11d56854f20808060927643b26
Branches Tags
OpenNeo:main
OpenNeo:feature/wardrobe-v2
OpenNeo:feature/consolidate-auth-database
OpenNeo:modeling-tests
OpenNeo:rainbow-pool
OpenNeo:simpler-item-previews
..
compare: OpenNeo:e991eda3083508f9989629403ad5a88ad1ca94af
Branches Tags
OpenNeo:main
OpenNeo:feature/wardrobe-v2
OpenNeo:feature/consolidate-auth-database
OpenNeo:modeling-tests
OpenNeo:rainbow-pool
OpenNeo:simpler-item-previews

No commits in common. "377df4486c2f9b11d56854f20808060927643b26" and "e991eda3083508f9989629403ad5a88ad1ca94af" have entirely different histories.
377df4486c ... e991eda308

8 changed files with 7 additions and 234 deletions
Show stats Expand all files Collapse all files

1
app/views/layouts/application.html.haml
View file

@ -61,6 +61,7 @@
%ul
%li= link_to t('organization_name'), 'https://openneo.net/'
%li= link_to t('.footer.blog'), 'https://blog.openneo.net/'
%li= link_to t('.footer.source_code'), 'https://github.com/openneo/impress'
%li= link_to t('.footer.terms'), terms_path

3
deploy/files/.gitignore vendored
View file

@ -1,2 +1 @@
/production.env
/setup_secrets.yml
/production.env

2
deploy/files/authorized-ssh-keys.txt
View file

@ -1,7 +1,7 @@
# These are the SSH public keys that allow a user to log in and setup or deploy.
#
# It's dangerous to add a new key to this file! When you run
# `bin/deploy:setup`, it will copy these keys to the deploy server, which will
# `yarn deploy-setup`, it will copy these keys to the deploy server, which will
# allow the owner of these keys to log into the deploy server in the future.
#
# But the keys themselves aren't necessarily sensitive data, except for the name

16
deploy/files/sites-available/impress.conf
View file

@ -8,8 +8,6 @@ server {
}
server {
set $maintenance 0; # To enable maintenance mode, set this to 1.
server_name {{ impress_hostname }};
listen 443 ssl;
listen [::]:443 ssl;
@ -33,24 +31,10 @@ server {
add_header ETag "";
}
# On status 503, return the maintenance page. (We'll trigger this ourselves
# in the @app location, if $maintenance is on.)
error_page 503 /maintenance.html;
# On status 502, return the outage page. (nginx will trigger this if the
# `proxy_pass` to the application fails.)
error_page 502 /outage.html;
# Try serving static files first. If not found, fall back to the app.
try_files $uri/index.html $uri @app;
location @app {
# If we're hardcoded as being in maintenance mode, return status 503, which
# will show the maintenance page as specified above.
if ($maintenance = 1) {
return 503;
}
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

100
deploy/setup.yml
View file

@ -6,10 +6,6 @@
vars:
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
impress_hostname: impress.openneo.net
vars_files:
# mysql_root_password, mysql_user_password, mysql_user_password_2020,
# dev_ips
- files/setup_secrets.yml
tasks:
- name: Create SSH folder for logged-in user
become: no
@ -66,22 +62,6 @@
rule: allow
port: "443"
- name: Configure ufw firewall to allow MySQL connections from impress-2020
community.general.ufw:
rule: allow
port: "3306"
from_ip: "{{ item }}"
loop:
- "45.56.112.222"
- "2600:3c02::f03c:92ff:fe9a:4615"
- name: Configure ufw firewall to allow MySQL connections from known devs
community.general.ufw:
rule: allow
port: "3306"
from_ip: "{{ item }}"
loop: "{{ dev_ips }}"
- name: Enable ufw firewall with all other ports closed by default
community.general.ufw:
state: enabled
@ -278,7 +258,7 @@
- name: Create service file for impress
copy:
src: files/impress.service
dest: /etc/systemd/system/impress.service
dest: /etc/systemd/system/impress.service
notify:
- Reload systemctl
- Restart impress
@ -310,7 +290,7 @@
src: files/sites-available/impress.conf
dest: /etc/nginx/sites-available/impress.conf
notify:
- Reload nginx
- Restart nginx
- name: Enable impress config file in nginx
file:
@ -318,84 +298,12 @@
dest: /etc/nginx/sites-enabled/impress.conf
state: link
notify:
- Reload nginx
- name: Install MariaDB
apt:
name: mariadb-server
- name: Install a Python MySQL client, for Ansible to use when configuring
apt:
name: python3-mysqldb
- name: Update MariaDB root password
community.mysql.mysql_user:
name: root
host_all: true
password: "{{mysql_root_password}}"
- name: Create root's .my.cnf file
copy:
content: |
[client]
user=root
password='{{ mysql_root_password }}'
dest: /root/.my.cnf
mode: 0400
- name: Remove test database
community.mysql.mysql_db:
name: test
state: absent
login_unix_socket: "{{ login_unix_socket | default(omit) }}"
- name: Remove anonymous users
community.mysql.mysql_user:
name: ""
state: absent
host_all: true
- name: Remove remote root access
community.mysql.mysql_query:
query:
- DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
- name: Expose MariaDB to the internet (but ufw will block most clients)
copy:
dest: /etc/mysql/mariadb.conf.d/80-bind-address.cnf
content: |
[mysqld]
skip-networking=0
skip-bind-address
notify: Restart MariaDB
- name: Create MySQL databases
community.mysql.mysql_db:
name:
- openneo_impress
- openneo_id
- name: Create MySQL user openneo_impress
community.mysql.mysql_user:
name: openneo_impress
password: "{{ mysql_user_password }}"
priv: "openneo_impress.*:ALL,openneo_id.*:ALL"
- name: Create MySQL user impress2020
community.mysql.mysql_user:
name: impress2020
password: "{{ mysql_user_password_2020 }}"
priv: "openneo_impress.*:ALL,openneo_id.*:ALL"
- Restart nginx
handlers:
- name: Reload nginx
- name: Restart nginx
systemd:
name: nginx
state: reloaded
- name: Restart MariaDB
systemd:
name: mariadb
state: restarted
- name: Reload systemctl

BIN
public/images/error-grundo.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 82 KiB

56
public/maintenance.html
View file

@ -1,56 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Dress to Impress: Maintenance Time!</title>
<style type="text/css">
body {
background-color: #fff;
color: #666;
font-family: arial, sans-serif;
padding: 2em 1em;
}
main {
border: 1px solid #ccc;
margin-inline: auto;
padding: 1em;
max-width: 600px;
display: grid;
grid-template-areas: "illustration body";
grid-template-columns: auto 1fr;
column-gap: 1em;
}
h1 {
font-size: 1.5em;
margin: 0;
margin-bottom: 0.5em;
}
p {
margin-bottom: 0.5em;
}
</style>
</head>
<body>
<main>
<img
width="100"
height="100"
alt="Distressed Grundo programmer"
src="/images/error-grundo.png"
/>
<div>
<h1>DTI is down for maintenance!</h1>
<p>
We're working on something for the moment, sorry for the
trouble!
</p>
<p>We're doing our best to be back up soon! 💖</p>
</div>
</main>
</body>
</html>

63
public/outage.html
View file

@ -1,63 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Dress to Impress: Surprise Downtime?</title>
<style type="text/css">
body {
background-color: #fff;
color: #666;
font-family: arial, sans-serif;
padding: 2em 1em;
}
main {
border: 1px solid #ccc;
margin-inline: auto;
padding: 1em;
max-width: 600px;
display: grid;
grid-template-areas: "illustration body";
grid-template-columns: auto 1fr;
column-gap: 1em;
}
h1 {
font-size: 1.5em;
margin: 0;
margin-bottom: 0.5em;
}
p {
margin-bottom: 0.5em;
}
</style>
</head>
<body>
<main>
<img
width="100"
height="100"
alt="Distressed Grundo programmer"
src="/images/error-grundo.png"
/>
<div>
<h1>DTI is down for the count?!</h1>
<p>
Hrm, it looks like the DTI application has crashed all the
way into the ground?? 😬
</p>
<p>
This can happen when our system gets overloaded, or when the
team is working on something and we hit the wrong button 😓
</p>
<p>
We'll be notified of this outage, and we'll do our best to
be back up soon! 💖
</p>
</div>
</main>
</body>
</html>