diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -5,6 +5,7 @@
22221 Phabricator Aphlict (admin)
24080 Tommy HTTP - CI
24180 Tommy HTTP - CD
+ 25080 Auth Grove HTTP
31080 Phabricator HTTP - DevCentral
34080 Etherpad
38080 Jenkins HTTP - CD
diff --git a/pillar/credentials/zr.sls b/pillar/credentials/zr.sls
--- a/pillar/credentials/zr.sls
+++ b/pillar/credentials/zr.sls
@@ -14,6 +14,10 @@
nasqueron:
+ # login.nasqueron.org
+ auth-grove:
+ mysql: 67
+
# status.nasqueron.org
cachet:
mysql: 47
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -35,6 +35,9 @@
- library/registry
- nasqueron/mysql
+ # Nasqueron services
+ - nasqueron/auth-grove
+
# Infrastructure and development services
- nasqueron/aphlict
- nasqueron/etherpad:production
@@ -211,6 +214,13 @@
credential: nasqueron.etherpad.api
mysql_link: acquisitariat
+ auth-grove:
+ login:
+ app_port: 25080
+ host: login.nasqueron.org
+ credential: nasqueron.auth-grove.mysql
+ mysql_link: acquisitariat
+
# phpBB SaaS
# The SaaS uses a MySQL instance, declared in the MySQL section.
diff --git a/roles/paas-docker/containers/auth-grove.sls b/roles/paas-docker/containers/auth-grove.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/auth-grove.sls
@@ -0,0 +1,65 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2016-05-21
+# License: Trivial work, not eligible to copyright
+# Description: SSO for Nasqueron services.
+# Image: nasqueron/auth-grove
+# Services used: MySQL server (acquisitariat)
+# Docker volume (/data/login/storage)
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set containers = pillar['docker_containers'][grains['id']] %}
+
+{% for instance, container in containers['auth-grove'].items() %}
+
+# -------------------------------------------------------------
+# Data directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ instance }}/storage:
+ file.directory:
+ - user: 431
+ - group: 433
+ - makedirs: True
+
+{% if has_selinux %}
+selinux_context_{{ instance }}_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ instance }}/storage
+ - sel_type: container_file_t
+
+selinux_context_{{ instance }}_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ instance }}/storage
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: nasqueron/auth-grove
+ - links: {{ container['mysql_link'] }}:mysql
+ - environment:
+ - DB_DRIVER: mysql
+ - DB_HOST: mysql
+ - DB_PORT: 3306
+ - DB_DATABASE: {{ instance }}
+ - DB_USERNAME: {{ salt['zr.get_username'](container['credential']) }}
+ - DB_PASSWORD: {{ salt['zr.get_password'](container['credential']) }}
+
+ - CANONICAL_URL: https://{{ container['host'] }}
+ - TRUST_ALL_PROXIES: 1
+ - binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
+ - ports:
+ - 80
+ - port_bindings:
+ - 127.0.0.1:{{ container['app_port'] }}:80
+
+{% endfor %}
diff --git a/roles/paas-docker/nginx/files/vhosts/auth-grove.conf b/roles/paas-docker/nginx/files/vhosts/auth-grove.conf
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/vhosts/auth-grove.conf
@@ -0,0 +1,43 @@
+# -------------------------------------------------------------
+# Configuration for Docker PaaS front-end nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2018-09-22
+# Source file: roles/paas-docker/nginx/files/vhosts/auth-grove.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ fqdn }};
+
+ include includes/letsencrypt;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ server_name {{ fqdn }};
+
+ include includes/tls;
+ ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
+ ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem;
+
+ include includes/letsencrypt;
+
+ location / {
+ proxy_pass http://localhost:{{ app_port }};
+ include includes/proxy_params;
+ }
+
+ root /var/wwwroot-502/$server_name;
+ error_page 502 /502.html;
+ location /502.html {}
+}