Vasiliy webchi

## ovpn-playbook.yaml
---
- name: Install ovpn
  hosts: ovpn
  become: true
  gather_facts: true
  roles:
    - kyl191.openvpn
  vars:
    openvpn_ovpn_dir: /etc/openvpn/client
    openvpn_server_hostname: <external-host-ip>

## monitoring-role.yaml
---
- name: Setup monitoring server
  hosts: all
  become: true
  roles:
    - cloudalchemy.prometheus
    - cloudalchemy.grafana
    - cloudalchemy.alertmanager
    - cloudalchemy.blackbox-exporter
  vars:

## docker-compose.yaml
version: "3"

services:

  caddy:
    image: caddy:2.4.3-alpine
    restart: unless-stopped
    command: caddy reverse-proxy --from https:/you-awesome-domain.com:443 --to http://sonarqube:9000
    ports:
      - 80:80

## iptables.sh
#!/bin/bash
# Flushing all rules
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

## iam.tf
resource "yandex_iam_service_account" "swarm-group" {
  name        = "swarm-group"
  description = "service account to manage Instance Group"
}

resource "yandex_resourcemanager_folder_iam_binding" "editor" {
  folder_id = var.yandex_folder_id
  role      = "editor"
  members   = [
    "serviceAccount:${yandex_iam_service_account.swarm-group.id}",

## Dockerfile
FROM ruby:2.5.5-alpine3.9 as builder

WORKDIR /app

ARG RAILS_MASTER_KEY

ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
    BUNDLE_IGNORE_MESSAGES=1 \
    BUNDLE_GITHUB_HTTPS=1 \
    BUNDLE_FROZEN=1 \

## Dockerfile
FROM ruby:2.5.5-alpine3.9 as builder

WORKDIR /app

ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
    BUNDLE_IGNORE_MESSAGES=1 \
    BUNDLE_GITHUB_HTTPS=1 \
    BUNDLE_FROZEN=1 \
    BUNDLE_WITHOUT=development:test

## Dockerfile
FROM ruby:2.5.5-alpine3.9 as builder

WORKDIR /app

ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
    BUNDLE_IGNORE_MESSAGES=1 \
    BUNDLE_GITHUB_HTTPS=1 \
    BUNDLE_FROZEN=1 \
    BUNDLE_WITHOUT=development:test

## pg-replica.yml
version: '3.5'

networks:
  webapp:
    driver: overlay
    name: webapp

services:
  primary:
    hostname: 'primary'

## pg-stack.yml
version: '3.5'

networks:
  plannerix:
    name: plannerix
    external: true

services:
  primary:
    hostname: 'primary'
	---
	- name: Install ovpn
	hosts: ovpn
	become: true
	gather_facts: true
	roles:
	- kyl191.openvpn
	vars:
	openvpn_ovpn_dir: /etc/openvpn/client
	openvpn_server_hostname: <external-host-ip>
	---
	- name: Setup monitoring server
	hosts: all
	become: true
	roles:
	- cloudalchemy.prometheus
	- cloudalchemy.grafana
	- cloudalchemy.alertmanager
	- cloudalchemy.blackbox-exporter
	vars:
	version: "3"

	services:

	caddy:
	image: caddy:2.4.3-alpine
	restart: unless-stopped
	command: caddy reverse-proxy --from https:/you-awesome-domain.com:443 --to http://sonarqube:9000
	ports:
	- 80:80
	#!/bin/bash
	# Flushing all rules
	iptables -F FORWARD
	iptables -F INPUT
	iptables -F OUTPUT
	iptables -X
	# Setting default filter policy
	iptables -P INPUT DROP
	iptables -P OUTPUT DROP
	iptables -P FORWARD DROP
	resource "yandex_iam_service_account" "swarm-group" {
	name = "swarm-group"
	description = "service account to manage Instance Group"
	}

	resource "yandex_resourcemanager_folder_iam_binding" "editor" {
	folder_id = var.yandex_folder_id
	role = "editor"
	members = [
	"serviceAccount:${yandex_iam_service_account.swarm-group.id}",
	FROM ruby:2.5.5-alpine3.9 as builder

	WORKDIR /app

	ARG RAILS_MASTER_KEY

	ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
	BUNDLE_IGNORE_MESSAGES=1 \
	BUNDLE_GITHUB_HTTPS=1 \
	BUNDLE_FROZEN=1 \
	version: '3.5'

	networks:
	webapp:
	driver: overlay
	name: webapp

	services:
	primary:
	hostname: 'primary'
	version: '3.5'

	networks:
	plannerix:
	name: plannerix
	external: true

	services:
	primary:
	hostname: 'primary'