forked from betagouv/datapass
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfigure.yml
208 lines (200 loc) · 7.07 KB
/
configure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
- hosts: datapass-front,datapass-back,api-auth
become: true
roles:
- app-user
- role: team-ssh-keys
tags: team-ssh-keys
- role: ufw
tags: ufw
- role: nginx
tags: nginx
- hosts: datapass-front
become: true
roles:
- role: ansible-role-nodejs
nodejs_version: 16.x
tags: nodejs
- hosts: api-auth
become: true
roles:
- role: ansible-role-nodejs
nodejs_version: 12.x
tags: nodejs
- hosts: datapass-back
become: true
roles:
- role: ruby
tags: ruby
- role: redis
tags: redis
- role: ssl
server_name: "{{ back_domain_name }}"
tags: ssl
- role: postgres
pg_user: back
pg_password: "{{ back_pg_password }}"
pg_database: signup-back
- role: backup-script
backup_user: postgres
store_identifier: signup-back
backup_type: postgresql
frequency: daily
tags: backup-script
when: disable_backup is not defined
- role: backup-script
backup_user: signup
store_identifier: /opt/apps/signup-back/uploads
frequency: weekly
backup_type: file
tags: backup-script
when: disable_backup is not defined
- role: rails-app
app_service_name: signup-back
server_name: "{{ back_domain_name }}"
app_port: 3000
pg_user: back
pg_password: "{{ back_pg_password }}"
pg_database: signup-back
devise_secret: "{{ back_devise_secret }}"
secret_key_base: "{{ back_secret_key_base }}"
env_var:
RUBYOPT: "'-W0'"
SERVER_NAME: "{{ inventory_hostname }}"
PORT: "{{ app_port }}"
FRONT_HOST: "{{ front_host }}"
ALLOWED_ORIGINS: "{{ allowed_origins }}"
BACK_HOST: "{{ back_host }}"
OAUTH_HOST: "{{ oauth_host }}"
DEVISE_SECRET: "{{ devise_secret }}"
SECRET_KEY_BASE: "{{ secret_key_base }}"
RGPD_CONTACT_ERROR_HOOK_ID: "{{ rgpd_contact_error_hook_id }}"
SENTRY_DSN: "{{ sentry_dsn | default('') }}"
PG_USER: "{{ pg_user }}"
PG_PASSWORD: "{{ pg_password }}"
PG_DATABASE: "{{ pg_database }}"
DATAPASS_OAUTH_CLIENT_ID: "{{ datapass_oauth_client_id }}"
DATAPASS_OAUTH_CLIENT_SECRET: "{{ datapass_oauth_client_secret }}"
DISABLE_API_PARTICULIER_BRIDGE: "{{ disable_api_particulier_bridge | default('') }}"
API_PARTICULIER_HOST: "{{ api_particulier_host }}"
API_PARTICULIER_API_KEY: "{{ api_particulier_api_key }}"
DISABLE_FRANCECONNECT_BRIDGE: "{{ disable_franceconnect_bridge | default('') }}"
FRANCECONNECT_PARTICULIER_HOST: "{{ franceconnect_particulier_host }}"
FRANCECONNECT_PARTICULIER_API_KEY: "{{ franceconnect_particulier_api_key }}"
DISABLE_API_ENTREPRISE_BRIDGE: "{{ disable_api_entreprise_bridge | default('') }}"
API_ENTREPRISE_HOST: "{{ api_entreprise_host }}"
API_ENTREPRISE_API_KEY: "{{ api_entreprise_api_key }}"
API_ENTREPRISE_WEBHOOK_URL: "{{ api_entreprise_webhook_url }}"
API_ENTREPRISE_VERIFY_TOKEN: "{{ api_entreprise_verify_token }}"
DISABLE_AIDANTS_CONNECT_BRIDGE: "{{ disable_aidants_connect_bridge | default('') }}"
AIDANTS_CONNECT_HOST: "{{ aidants_connect_host }}"
AIDANTS_CONNECT_API_KEY: "{{ aidants_connect_api_key }}"
DISABLE_API_IMPOT_PARTICULIER_BRIDGE: "{{ disable_api_impot_particulier_bridge | default('') }}"
DISABLE_API_DROITS_CNAM_BRIDGE: "{{ disable_api_droits_cnam_bridge | default('') }}"
DISABLE_API_INDEMNITES_JOURNALIERES_CNAM_BRIDGE: "{{ disable_api_indemnites_journalieres_cnam_bridge | default('') }}"
DISABLE_HUBEE_PORTAIL_BRIDGE: "{{ disable_hubee_portail_bridge | default('') }}"
HUBEE_HOST: "{{ hubee_host }}"
HUBEE_AUTH_URL: "{{ hubee_auth_url }}"
HUBEE_CLIENT_ID: "{{ hubee_client_id }}"
HUBEE_CLIENT_SECRET: "{{ hubee_client_secret }}"
MAILJET_API_KEY: "{{ mailjet_api_key }}"
MAILJET_SECRET_KEY: "{{ mailjet_secret_key }}"
SENDINBLUE_API_KEY: "{{ sendinblue_api_key }}"
DO_NOT_SEND_MAIL: "{{ do_not_send_mail | default('') }}"
tags:
- back
- app-config
- hosts: datapass-front
become: true
roles:
- role: ssl
server_name: "{{ front_domain_name }}"
tags: ssl
- role: ssl
server_name: "{{ former_front_domain_name }}"
tags: ssl
- role: react-app
app_service_name: signup-front
server_name: "{{ front_domain_name }}"
permanent_redirect_rules:
- source_pattern: "~ ^/api-impot-particulier(/[0-9]*|)$"
destination_path: "/api-impot-particulier-fc-sandbox$1"
- source_pattern: "~ ^/api-impot-particulier-step2(/[0-9]*|)$"
destination_path: "/api-impot-particulier-fc-production$1"
- source_pattern: "~ ^/hubee(/[0-9]*|)$"
destination_path: "/hubee-portail$1"
- source_pattern: "~ ^/le-taxi-chauffeurs(/[0-9]*|)$"
destination_path: "/le-taxi$1"
- source_pattern: "~ ^/le-taxi-clients(/[0-9]*|)$"
destination_path: "/le-taxi$1"
tags:
- front
- app-config
- role: domain-redirection
alternative_domain: "{{ former_front_domain_name }}"
current_domain: "{{ front_domain_name }}"
tags: domain-redirection
- hosts: api-auth
become: true
roles:
- role: ssl
server_name: "{{ api_auth_domain_name }}"
tags: ssl
- role: postgres
pg_user: api-auth
pg_password: "{{ api_auth_pg_password }}"
pg_database: api-auth
- role: backup-script
backup_user: api-auth
store_identifier: api-auth
backup_type: postgresql
frequency: daily
tags: backup-script
when: disable_backup is not defined
- role: redis
tags: redis
- role: node-app
app_service_name: api-auth
server_name: "{{ api_auth_domain_name }}"
app_port: 3000
env_var:
PGUSER: api-auth
PGPASSWORD: "{{ api_auth_pg_password }}"
PGDATABASE: api-auth
PGPORT: 5432
DATABASE_URL: "postgres://api-auth:{{ api_auth_pg_password }}@127.0.0.1:5432/api-auth"
SENDINBLUE_API_KEY: "{{ sendinblue_api_key }}"
API_AUTH_HOST: "https://{{ api_auth_domain_name }}"
DO_NOT_SEND_MAIL: "{{ do_not_send_mail | default('') }}"
SESSION_COOKIE_SECRET: "{{ session_cookie_secret }}"
tags:
- api-auth
- app-config
- hosts: api-auth
become: true
roles:
- role: app-user
app_user: retool
when: retool_ssh_key is defined
tags: retool
- role: team-ssh-keys
app_user: retool
team_ssh_keys:
- "{{ retool_ssh_key }}"
when: retool_ssh_key is defined
tags: retool
- hosts: datapass-back
become: true
vars_files:
- "{{ inventory_dir }}/group_vars/datapass-back.yml"
roles:
- role: continuous-deployment
when: github_action_ssh_key is defined
tags: continuous-deployment
- hosts: datapass-front
become: true
vars_files:
- "{{ inventory_dir }}/group_vars/datapass-front.yml"
roles:
- role: continuous-deployment
when: github_action_ssh_key is defined
tags: continuous-deployment