cloud-environments-example/cloud-openproject

- hosts: local
  connection: local
  roles:
    - basis
    - backup
    - postgres
    - nginx
    - openproject
    - checkmk

  vars:
    users_local: [] #some local users only specific to this node!
    users: "{{ users_local + users_admin }}"

    fail2ban_activate_modules:
      - sshd
      - nginx

    openproject_db:
      type: pgsql
      name: openproject
      user: openprojectuser
      pass: FancyOpenProjectDbPasswordVeryLong
    openproject_mail_smtp_host: "{{ mail_domain }}"
    openproject_mail_smtp_port: "{{ mail_port }}"
    openproject_mail_smtp_user: "{{ development_mail_address }}"
    openproject_mail_smtp_pass: "{{ development_mail_pass }}"
    openproject_mail_smtp_domain: "{{ openproject_mail_smtp_host }}"
    openproject_mail_admin: "{{ noreply_mail_address }}"
    openproject_domain: "project.{{ domain_external }}"

    openproject_http_port: 6000
    openproject_webste:
      domain: "project.{{ domain_external }}"
      letsencrypt: true
      state: present
      owner: openproject
      port: 80
      root_setup: false
      index: noindex
      root: noroot
      options:
        access_log: "/var/log/nginx/project.{{ domain_external }}-access.log"
        error_log: "/var/log/nginx/project.{{ domain_external }}-error.log"
      pre_options: |
        upstream openproject {
          server 127.0.0.1:{{ openproject_http_port }};
        }
      locations:
        - location: "/"
          options: |
            proxy_pass_header  Server;
            proxy_set_header   Host $host;
            proxy_set_header   X-Forwarded-Proto https;
            proxy_redirect     off;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Scheme $scheme;
            proxy_pass         http://openproject/;

    # Websites
    web_sites:
      - "{{ openproject_webste }}"

    # Databases
    db_configs:
      - "{{ openproject_db }}"

    # Backup
    backup_dbs:
      - "{{ db_configs | json_query('[*].{type: type, name: name}') }}"
    backup_targets:
      db: "{{ backup_dbs | flatten }}"
      file:
        - "/etc/letsencrypt"

  vars_files:
    - "group_vars/environment.yml"