Move app files into cluster subdirectories; add prod garage

15 files changed, 0 insertions, 213 deletions

diff --git a/app/directory/config/bottin/config.json.tpl b/app/directory/config/bottin/config.json.tpl
deleted file mode 100644
index 844f7b7..0000000
--- a/app/directory/config/bottin/config.json.tpl
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  "suffix": "{{ key "secrets/directory/ldap_base_dn" }}",
-  "bind": "0.0.0.0:389",
-  "log_level": "debug",
-  "acl": [
-		"*,{{ key "secrets/directory/ldap_base_dn" }}::read:*:* !userpassword !user_secret !alternate_user_secrets !garage_s3_secret_key",
-		"*::read modify:SELF:*",
-		"ANONYMOUS::bind:*,ou=users,{{ key "secrets/directory/ldap_base_dn" }}:",
-		"ANONYMOUS::bind:cn=admin,{{ key "secrets/directory/ldap_base_dn" }}:",
-		"*,ou=services,ou=users,{{ key "secrets/directory/ldap_base_dn" }}::bind:*,ou=users,{{ key "secrets/directory/ldap_base_dn" }}:*",
-		"*,ou=services,ou=users,{{ key "secrets/directory/ldap_base_dn" }}::read:*:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}:add:*,ou=invitations,{{ key "secrets/directory/ldap_base_dn" }}:*",
-		"ANONYMOUS::bind:*,ou=invitations,{{ key "secrets/directory/ldap_base_dn" }}:",
-		"*,ou=invitations,{{ key "secrets/directory/ldap_base_dn" }}::delete:SELF:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}:add:*,ou=users,{{ key "secrets/directory/ldap_base_dn" }}:*",
-		"*,ou=invitations,{{ key "secrets/directory/ldap_base_dn" }}::add:*,ou=users,{{ key "secrets/directory/ldap_base_dn" }}:*",
-
-		"*:cn=asso_deuxfleurs,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}:modifyAdd:cn=email,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}:*",
-		"*,ou=invitations,{{ key "secrets/directory/ldap_base_dn" }}::modifyAdd:cn=email,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}:*",
-
-		"cn=admin,{{ key "secrets/directory/ldap_base_dn" }}::read add modify delete:*:*",
-		"*:cn=admin,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}:read add modify delete:*:*"
-  ]
-}
diff --git a/app/directory/config/guichet/config.json.tpl b/app/directory/config/guichet/config.json.tpl
deleted file mode 100644
index 1a843a8..0000000
--- a/app/directory/config/guichet/config.json.tpl
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  "http_bind_addr": ":9991",
-  "ldap_server_addr": "ldap://bottin.service.staging.consul:389",
-
-  "base_dn": "{{ key "secrets/directory/ldap_base_dn" }}",
-  "user_base_dn": "ou=users,{{ key "secrets/directory/ldap_base_dn" }}",
-  "user_name_attr": "cn",
-  "group_base_dn": "ou=groups,{{ key "secrets/directory/ldap_base_dn" }}",
-  "group_name_attr": "cn",
-
-  "invitation_base_dn": "ou=invitations,{{ key "secrets/directory/ldap_base_dn" }}",
-  "invitation_name_attr": "cn",
-  "invited_mail_format": "{}@{{ key "secrets/directory/guichet/mail_domain" | trimSpace }}",
-  "invited_auto_groups": [
-    "cn=email,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}"
-  ],
-
-  "web_address": "https://{{ key "secrets/directory/guichet/web_hostname" }}",
-  "mail_from": "{{ key "secrets/directory/guichet/mail_from" }}",
-  "smtp_server": "{{ key "secrets/directory/guichet/smtp_server" }}",
-  "smtp_username": "{{ key "secrets/directory/guichet/smtp_user" | trimSpace }}",
-  "smtp_password": "{{ key "secrets/directory/guichet/smtp_pass" | trimSpace }}",
-
-  "admin_account": "cn=admin,{{ key "secrets/directory/ldap_base_dn" }}",
-  "group_can_admin": "cn=admin,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}",
-  "group_can_invite": "cn=asso_deuxfleurs,ou=groups,{{ key "secrets/directory/ldap_base_dn" }}",
-
-  "s3_endpoint": "{{ key "secrets/directory/guichet/s3_endpoint" }}",
-  "s3_access_key": "{{ key "secrets/directory/guichet/s3_access_key" | trimSpace }}",
-  "s3_secret_key": "{{ key "secrets/directory/guichet/s3_secret_key" | trimSpace }}",
-  "s3_region": "{{ key "secrets/directory/guichet/s3_region" }}",
-  "s3_bucket": "{{ key "secrets/directory/guichet/s3_bucket" }}"
-}
-
diff --git a/app/directory/deploy/directory.hcl b/app/directory/deploy/directory.hcl
deleted file mode 100644
index 405c321..0000000
--- a/app/directory/deploy/directory.hcl
+++ /dev/null
@@ -1,141 +0,0 @@
-job "directory" {
-  datacenters = ["dc1", "neptune"]
-  type = "service"
-  priority = 90
-
-  constraint {
-    attribute = "${attr.cpu.arch}"
-    value     = "amd64"
-  }
-
-  group "bottin" {
-    count = 1
-
-    network {
-      port "ldap_port" {
-        static = 389
-        to = 389
-      }
-    }
-
-    task "bottin" {
-      driver = "docker"
-      config {
-        image = "superboum/bottin_amd64:22"
-        network_mode = "host"
-        readonly_rootfs = true
-        ports = [ "ldap_port" ]
-        volumes = [
-          "secrets/config.json:/config.json",
-          "secrets:/etc/bottin",
-        ]
-      }
-
-      resources {
-        memory = 100
-      }
-
-      template {
-        data = file("../config/bottin/config.json.tpl")
-        destination = "secrets/config.json"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
-        destination = "secrets/consul-ca.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
-        destination = "secrets/consul-client.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-client.key\" }}"
-        destination = "secrets/consul-client.key"
-      }
-
-      template {
-        data = <<EOH
-CONSUL_HTTP_ADDR=https://localhost:8501
-CONSUL_HTTP_SSL=true
-CONSUL_CACERT=/etc/bottin/consul-ca.crt
-CONSUL_CLIENT_CERT=/etc/bottin/consul-client.crt
-CONSUL_CLIENT_KEY=/etc/bottin/consul-client.key
-EOH
-        destination = "secrets/env"
-        env = true
-      }
-
-      service {
-        tags = ["bottin"]
-        port = "ldap_port"
-        address_mode = "host"
-        name = "bottin"
-        check {
-          type = "tcp"
-          port = "ldap_port"
-          interval = "60s"
-          timeout = "5s"
-          check_restart {
-            limit = 3
-            grace = "90s"
-            ignore_warnings = false
-          }
-        }
-      }
-    }
-  }
-
-  group "guichet" {
-    count = 1
-
-    network {
-      port "web_port" { to = 9991 }
-    }
-
-    task "guichet" {
-      driver = "docker"
-      config {
-        image = "superboum/guichet_amd64:15"
-        readonly_rootfs = true
-        ports = [ "web_port" ]
-        volumes = [
-          "secrets/config.json:/config.json"
-        ]
-      }
-
-      template {
-        data = file("../config/guichet/config.json.tpl")
-        destination = "secrets/config.json"
-      }
-
-      resources {
-        memory = 200
-      }
-
-      service {
-        name = "guichet"
-        tags = [
-          "guichet",
-          "tricot guichet-staging.home.adnab.me",
-          "tricot guichet.staging.deuxfleurs.org",
-        ]
-        port = "web_port"
-        address_mode = "host"
-        check {
-          type = "tcp"
-          port = "web_port"
-          interval = "60s"
-          timeout = "5s"
-          check_restart {
-            limit = 3
-            grace = "90s"
-            ignore_warnings = false
-          }
-        }
-      }
-    }
-  }
-}
-
diff --git a/app/directory/secrets/directory/guichet/mail_domain b/app/directory/secrets/directory/guichet/mail_domain
deleted file mode 100644
index 5db1ba3..0000000
--- a/app/directory/secrets/directory/guichet/mail_domain
+++ /dev/null
@@ -1 +0,0 @@
-USER E-mail domain for new users (e.g. example.com)
diff --git a/app/directory/secrets/directory/guichet/mail_from b/app/directory/secrets/directory/guichet/mail_from
deleted file mode 100644
index 9075cbf..0000000
--- a/app/directory/secrets/directory/guichet/mail_from
+++ /dev/null
@@ -1 +0,0 @@
-USER E-mail address from which to send welcome emails to new users
diff --git a/app/directory/secrets/directory/guichet/s3_access_key b/app/directory/secrets/directory/guichet/s3_access_key
deleted file mode 100644
index e5b37ff..0000000
--- a/app/directory/secrets/directory/guichet/s3_access_key
+++ /dev/null
@@ -1 +0,0 @@
-USER Garage access key for Guichet profile pictures
diff --git a/app/directory/secrets/directory/guichet/s3_bucket b/app/directory/secrets/directory/guichet/s3_bucket
deleted file mode 100644
index cb059cf..0000000
--- a/app/directory/secrets/directory/guichet/s3_bucket
+++ /dev/null
@@ -1 +0,0 @@
-USER S3 bucket in which to store data files (such as profile pictures)
diff --git a/app/directory/secrets/directory/guichet/s3_endpoint b/app/directory/secrets/directory/guichet/s3_endpoint
deleted file mode 100644
index b414269..0000000
--- a/app/directory/secrets/directory/guichet/s3_endpoint
+++ /dev/null
@@ -1 +0,0 @@
-USER S3 endpoint URL
diff --git a/app/directory/secrets/directory/guichet/s3_region b/app/directory/secrets/directory/guichet/s3_region
deleted file mode 100644
index ef16924..0000000
--- a/app/directory/secrets/directory/guichet/s3_region
+++ /dev/null
@@ -1 +0,0 @@
-USER S3 region
diff --git a/app/directory/secrets/directory/guichet/s3_secret_key b/app/directory/secrets/directory/guichet/s3_secret_key
deleted file mode 100644
index f3e7f0f..0000000
--- a/app/directory/secrets/directory/guichet/s3_secret_key
+++ /dev/null
@@ -1 +0,0 @@
-USER Garage secret key for Guichet profile pictures
diff --git a/app/directory/secrets/directory/guichet/smtp_pass b/app/directory/secrets/directory/guichet/smtp_pass
deleted file mode 100644
index fc9d1e3..0000000
--- a/app/directory/secrets/directory/guichet/smtp_pass
+++ /dev/null
@@ -1 +0,0 @@
-USER SMTP password
diff --git a/app/directory/secrets/directory/guichet/smtp_server b/app/directory/secrets/directory/guichet/smtp_server
deleted file mode 100644
index c453935..0000000
--- a/app/directory/secrets/directory/guichet/smtp_server
+++ /dev/null
@@ -1 +0,0 @@
-USER SMTP server address (hostname:port)
diff --git a/app/directory/secrets/directory/guichet/smtp_user b/app/directory/secrets/directory/guichet/smtp_user
deleted file mode 100644
index c9c8bd0..0000000
--- a/app/directory/secrets/directory/guichet/smtp_user
+++ /dev/null
@@ -1 +0,0 @@
-USER SMTP username
diff --git a/app/directory/secrets/directory/guichet/web_hostname b/app/directory/secrets/directory/guichet/web_hostname
deleted file mode 100644
index afe2512..0000000
--- a/app/directory/secrets/directory/guichet/web_hostname
+++ /dev/null
@@ -1 +0,0 @@
-USER Public hostname from which Guichet is accessible via HTTP (e.g. guichet.example.com)
diff --git a/app/directory/secrets/directory/ldap_base_dn b/app/directory/secrets/directory/ldap_base_dn
deleted file mode 100644
index ea5c7ae..0000000
--- a/app/directory/secrets/directory/ldap_base_dn
+++ /dev/null
@@ -1 +0,0 @@
-USER LDAP base DN for everything (e.g. dc=example,dc=com)