From cabaa976aa8c1cbb493a259e33f5f27741eddc1d Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Fri, 5 Jul 2024 11:53:46 +0200
Subject: [PATCH] feat: remove nupes.social Mastodon (docker) instance

---
 docker.yml                                    |  7 ---
 group_vars/scw_cloud/restic.yml               | 12 ----
 group_vars/scw_cloud/smtprelay.yml            | 15 -----
 ...c-edbc31aa1731.pub.instances.scw.cloud.yml |  3 -
 production.yml                                | 35 -----------
 roles/docker/tasks/main.yml                   | 30 ---------
 .../vhosts/medias.nupes.social.conf.j2        | 55 -----------------
 .../templates/vhosts/nupes.social.conf.j2     | 61 -------------------
 roles/system/tasks/main.yml                   |  8 ---
 roles/webapps/tasks/main.yml                  |  9 +--
 .../{tootctl_nodocker.yml => tootctl.yml}     |  0
 roles/webapps/tasks/tootctl_docker.yml        | 15 -----
 site.yml                                      |  2 -
 13 files changed, 2 insertions(+), 250 deletions(-)
 delete mode 100644 docker.yml
 delete mode 100644 group_vars/scw_cloud/restic.yml
 delete mode 100644 group_vars/scw_cloud/smtprelay.yml
 delete mode 100644 host_vars/20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud.yml
 delete mode 100644 roles/docker/tasks/main.yml
 delete mode 100644 roles/nginx/templates/vhosts/medias.nupes.social.conf.j2
 delete mode 100644 roles/nginx/templates/vhosts/nupes.social.conf.j2
 rename roles/webapps/tasks/{tootctl_nodocker.yml => tootctl.yml} (100%)
 delete mode 100644 roles/webapps/tasks/tootctl_docker.yml

diff --git a/docker.yml b/docker.yml
deleted file mode 100644
index 318a537..0000000
--- a/docker.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- name: Deploy docker
-  hosts: dockerservers
-  diff: true
-  roles:
-      - docker
diff --git a/group_vars/scw_cloud/restic.yml b/group_vars/scw_cloud/restic.yml
deleted file mode 100644
index 636393e..0000000
--- a/group_vars/scw_cloud/restic.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-
-restic_aws_access_key_id: "SCWY2MFJSS6PFR6YB4SY"
-restic_aws_secret_access_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          35613563303963353736346430666231303238666231376233306438313363366565303066376635
-          6534353730303133336138373331313065623236656465380a313237393833316566626632646363
-          65396438663739366136376433653530623932323538643338306630303363313333623930316635
-          3438336539323036300a613735623730353864663038386635643731616361623366626634336130
-          34636632653032313935613566363066656636316135636263393862623031363332636338633038
-          6266303531303035663965356132376235343463643635363137
-restic_s3_url: "https://s3.pl-waw.scw.cloud/backup-nupes"
diff --git a/group_vars/scw_cloud/smtprelay.yml b/group_vars/scw_cloud/smtprelay.yml
deleted file mode 100644
index 7fc8081..0000000
--- a/group_vars/scw_cloud/smtprelay.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-smtprelay_origin: "nupes.social"
-smtprelay_host: "smtp.tem.scw.cloud"
-smtprelay_port: 2465
-
-smtprelay_login: "c558c549-147a-49c1-b19c-3a176b2d97f0"
-smtprelay_pass: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          34613163633334393736626235623434356236363430633038373362396537383862613364323236
-          6331633866663337343064613262623536393739333761310a393866393535333663636435323566
-          30666230633331643661393661393764376364666636623437356437353965656164356130343966
-          6231633633336131350a326138366439353536336364303136343630323264336664333530306334
-          38376366313834386664336461663633353530343662636135303236653430343033363738636565
-          3135373930336366363238313962646331663538623464646630
diff --git a/host_vars/20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud.yml b/host_vars/20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud.yml
deleted file mode 100644
index a153649..0000000
--- a/host_vars/20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-scootaloo_min_refresh_interval: 15
diff --git a/production.yml b/production.yml
index 094c75c..683447d 100644
--- a/production.yml
+++ b/production.yml
@@ -12,10 +12,6 @@ hypervisors:
   hosts:
     serenor.dmz.mateu.be:
 
-scw_cloud:
-  hosts:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
-
 resticservers:
   hosts:
     muse-HP-EliteBook-820-G2.home.arpa:
@@ -58,8 +54,6 @@ resticservers:
         - /srv
         - /etc
         - /var/lib/oolatoocs
-      restic_backup_excluded_path:
-        - /srv/docker/m.nintendojo.fr/public
     garage1.dmz.mateu.be:
       restic_backup_path:
         - /etc
@@ -72,14 +66,6 @@ resticservers:
         - /mnt/tank/iocage
       restic_backup_hour: 6
       restic_backup_minute: 45
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
-      restic_backup_path:
-        - /srv
-        - /home
-        - /etc
-        - /usr/local
-      restic_backup_excluded_path:
-        - /srv/docker/nupes.social/public
 
 garageservers:
   children:
@@ -90,7 +76,6 @@ garageservers:
 elasticsearchservers:
   hosts:
     es1.dmz.mateu.be:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
 
 nut:
   children:
@@ -168,10 +153,6 @@ webservers:
     pt1.dmz.mateu.be:
       web_hostname:
         - p.nintendojo.fr
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
-      web_hostname:
-        - nupes.social
-        - medias.nupes.social
 
 peertubeservers:
   hosts:
@@ -185,10 +166,6 @@ phpservers:
     web[2:3].dmz.mateu.be:
       php_modules: ['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath', 'curl', 'imagick']
 
-dockerservers:
-  hosts:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
-
 mariadbservers:
   hosts:
     web[2:3].dmz.mateu.be:
@@ -198,7 +175,6 @@ pgsqlservers:
     pt1.dmz.mateu.be:
     masto1.dmz.mateu.be:
     web1.dmz.mateu.be:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
 
 mastodonservers:
   hosts:
@@ -206,7 +182,6 @@ mastodonservers:
 
 rorservers:
   hosts:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
     masto1.dmz.mateu.be:
 
 mailservers:
@@ -241,29 +216,19 @@ muninservers:
   hosts:
     munin.dmz.mateu.be:
 
-disabled_loadbalanced_webservers:
-  hosts:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
-
 disabled_munin:
   hosts:
     baybay-ponay.mateu.be:
     muse-HP-EliteBook-820-G2.home.arpa:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
     frederica.dmz.mateu.be:
 
 disabled_syslog:
   hosts:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
     baybay-ponay.mateu.be:
     machinbox.mateu.be:
     muse-HP-EliteBook-820-G2.home.arpa:
     frederica.dmz.mateu.be:
 
-fedinupesservers:
-  hosts:
-    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
-
 ftpservers:
   hosts:
     ftp.dmz.mateu.be:
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
deleted file mode 100644
index 83e0305..0000000
--- a/roles/docker/tasks/main.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-
-- name: Get docker repo key
-  ansible.builtin.apt_key:
-    url: https://download.docker.com/linux/debian/gpg
-    state: present
-
-- name: Install docker repo
-  ansible.builtin.apt_repository:
-    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable"
-    state: present
-
-- name: Install docker, docker-compose and extra packages
-  ansible.builtin.package:
-    name: "{{ item }}"
-    state: present
-  loop:
-    - docker-ce
-    - docker-ce-cli
-    - containerd.io
-    - docker-compose
-    - fuse-overlayfs
-
-- name: Create docker directory
-  ansible.builtin.file:
-    path: /srv/docker
-    owner: root
-    group: root
-    state: directory
-    mode: 0755
diff --git a/roles/nginx/templates/vhosts/medias.nupes.social.conf.j2 b/roles/nginx/templates/vhosts/medias.nupes.social.conf.j2
deleted file mode 100644
index fc3e499..0000000
--- a/roles/nginx/templates/vhosts/medias.nupes.social.conf.j2
+++ /dev/null
@@ -1,55 +0,0 @@
-proxy_cache_path /tmp/nginx-cache-instance-media levels=1:2 keys_zone=s3_cache:10m max_size=10g inactive=48h use_temp_path=off;
-
-server {
-{% include './templates/header.conf.j2' %}
-	root /srv/docker/nupes.social/public/system;
-
-	set $s3_backend 'https://nupes-medias.s3.nl-ams.scw.cloud';
-
-	keepalive_timeout 30;
-
-	location = / {
-		index index.html;
-	}
-
-	location / {
-		try_files $uri @s3;
-	}
-
-	location @s3 {
-		limit_except GET {
-			deny all;
-		}
-
-		resolver 9.9.9.9;
-		proxy_set_header Host 'nupes-medias.s3.nl-ams.scw.cloud';
-		proxy_set_header Connection '';
-		proxy_set_header Authorization '';
-		proxy_hide_header Set-Cookie;
-		proxy_hide_header 'Access-Control-Allow-Origin';
-		proxy_hide_header 'Access-Control-Allow-Methods';
-		proxy_hide_header 'Access-Control-Allow-Headers';
-		proxy_hide_header x-amz-id-2;
-		proxy_hide_header x-amz-request-id;
-		proxy_hide_header x-amz-meta-server-side-encryption;
-		proxy_hide_header x-amz-server-side-encryption;
-		proxy_hide_header x-amz-bucket-region;
-		proxy_hide_header x-amzn-requestid;
-		proxy_ignore_headers Set-Cookie;
-		proxy_pass $s3_backend$uri;
-		proxy_intercept_errors off;
-
-		proxy_cache s3_cache;
-		proxy_cache_valid 200 304 48h;
-		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-		proxy_cache_lock on;
-		proxy_cache_revalidate on;
-
-		expires 1y;
-		add_header Cache-Control public;
-		add_header 'Access-Control-Allow-Origin' '*';
-		add_header X-Cache-Status $upstream_cache_status;
-		add_header X-Content-Type-Options nosniff;
-		add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
-	}
-}
diff --git a/roles/nginx/templates/vhosts/nupes.social.conf.j2 b/roles/nginx/templates/vhosts/nupes.social.conf.j2
deleted file mode 100644
index c214072..0000000
--- a/roles/nginx/templates/vhosts/nupes.social.conf.j2
+++ /dev/null
@@ -1,61 +0,0 @@
-map $http_upgrade $connection_upgrade {
-	default upgrade;
-	''      close;
-}
-
-server {
-{% include './templates/header.conf.j2' %}
-	keepalive_timeout    70;
-	sendfile             on;
-	client_max_body_size 0;
-	large_client_header_buffers 4 32k;
-
-	# Referrer-Policy, même si Chrome ne comprendra pas
-	add_header Referrer-Policy "same-origin";
-
-	location / {
-		try_files $uri @proxy;
-	}
-
-	location @proxy {
-		proxy_pass http://localhost:3000;
-		
-		proxy_set_header Host $host;
-		proxy_set_header X-Real-IP $remote_addr;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Proto https;
-		
-		proxy_set_header Proxy "";
-		proxy_pass_header Server;
-		
-		proxy_buffering off;
-		proxy_redirect off;
-		
-		proxy_http_version 1.1;
-		proxy_set_header Upgrade $http_upgrade;
-		proxy_set_header Connection $connection_upgrade;
-		
-		tcp_nodelay on;
-	}
-
-	location /api/v1/streaming {
-		proxy_pass http://localhost:4000;
-		
-		proxy_set_header Host $host;
-		proxy_set_header X-Real-IP $remote_addr;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Proto https;
-		
-		proxy_set_header Proxy "";
-		
-		proxy_buffering off;
-		proxy_redirect off;
-		
-		proxy_http_version 1.1;
-		proxy_set_header Upgrade $http_upgrade;
-		proxy_set_header Connection $connection_upgrade;
-		
-		tcp_nodelay on;
-	}
-}
-
diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml
index b89d0a4..daea5e8 100644
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@@ -98,14 +98,6 @@
         state: present
         key: "{{ lookup('file', 'ssh/work.id_rsa.pub') }}"
 
-    - name: Put ssh key stef
-      ansible.posix.authorized_key:
-        user: root
-        state: present
-        key: "{{ lookup('file', 'ssh/stefofficiel.id_rsa.pub') }}"
-        path: "~/.ssh/instance_keys"
-      when: inventory_hostname in groups['fedinupesservers']
-
 - name: Put cron-apt configuration file
   ansible.builtin.copy:
     src: files/5-install
diff --git a/roles/webapps/tasks/main.yml b/roles/webapps/tasks/main.yml
index ead3a6f..4aed147 100644
--- a/roles/webapps/tasks/main.yml
+++ b/roles/webapps/tasks/main.yml
@@ -12,11 +12,6 @@
 - name: Oolatoocs for NintendojoFR
   ansible.builtin.include_tasks: oolatoocs.yml
   when: inventory_hostname in groups['mastodonservers']
-
-# Scootaloo
-- name: Tootctl (docker) for mastodon
-  ansible.builtin.include_tasks: tootctl_docker.yml
-  when: inventory_hostname in groups['dockerservers']
-- name: Tootctl (no docker) for mastodon
-  ansible.builtin.include_tasks: tootctl_nodocker.yml
+- name: Tootctl for mastodon
+  ansible.builtin.include_tasks: tootctl.yml
   when: inventory_hostname in groups['mastodonservers']
diff --git a/roles/webapps/tasks/tootctl_nodocker.yml b/roles/webapps/tasks/tootctl.yml
similarity index 100%
rename from roles/webapps/tasks/tootctl_nodocker.yml
rename to roles/webapps/tasks/tootctl.yml
diff --git a/roles/webapps/tasks/tootctl_docker.yml b/roles/webapps/tasks/tootctl_docker.yml
deleted file mode 100644
index a41cc3a..0000000
--- a/roles/webapps/tasks/tootctl_docker.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-- name: Cron for media tootctl
-  ansible.builtin.cron:
-    name: Mastodon tootctl
-    minute: "0"
-    hour: "2"
-    job: "docker-compose -f /srv/docker/{{ web_hostname[0] }}/docker-compose.yml run --rm web bin/tootctl media remove"
-
-- name: Cron for preview_cards tootctl
-  ansible.builtin.cron:
-    name: Mastodon tootctl preview
-    minute: "30"
-    hour: "2"
-    job: "docker-compose -f /srv/docker/{{ web_hostname[0] }}/docker-compose.yml run --rm web bin/tootctl preview_cards remove"
diff --git a/site.yml b/site.yml
index 51c3736..36047f4 100644
--- a/site.yml
+++ b/site.yml
@@ -22,8 +22,6 @@
   import_playbook: webservers.yml
 - name: Run loadbalancinghttp playbook
   import_playbook: loadbalancinghttp.yml
-- name: Run docker playbook
-  import_playbook: docker.yml
 - name: Run php playbook
   import_playbook: php.yml
 - name: Run mariadb playbook