[surepreme] Add rudimentary surepreme role

lab/ansible/roles/surepreme/files/celery-supervisor.conf

@@ -0,0 +1,7 @@
+[program:celery]
+command=/usr/local/bin/bash -lc "direnv exec /usr/local/src/fifteen5 celery -A ff worker -B -l DEBUG -c 2 -S django -Q test1,celery"
+autostart=true
+autorestart=true
+stdout_logfile=/var/log/celery.log
+stderr_logfile=/var/log/celery.log
+stopsignal=QUIT

lab/ansible/roles/surepreme/files/cert.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCTCCAvGgAwIBAgIUBDu0UeJ1sk5nFX4bAhprQq1f6t8wDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJMTVmaXZlLm1lMB4XDTE5MDgzMDE5NTI0MloXDTIwMDgy
+OTE5NTI0MlowFDESMBAGA1UEAwwJMTVmaXZlLm1lMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA+3dWHkLSk/tyvOp7hM9dIs45SDahnvPLlFLRXMd+aG+x
+LhURJDMFYNXUZDJ3S42CawvuMjs6A2vJU+giuRxX9thfTTAUB7VTK1KKBLb4fBdZ
+kihsOZJX+iHPk0qmTw5MSzY2LM8fsMa/LX5HkK5WGU32mmchUJvkLS0uAllSxGXP
+fSHYH/vmZ5XfFza56TRdzJbZDVwYtnoVr+nP6FMfWY14xkjCmVfokH9W/kOAG+w/
+zpvIxgYtTi7dZs9HfULi2XScB8cKZjv6VmpjQEMxQXNsFwiTfK0kXq4SLpE+wctJ
+ll4bJ8nVT2KbsTDDF7bmvg401AesVGJDQ4bBdU5FVBne2Kn08n/Gw0py6UEJJC2Q
++lnwfDFRZiO8djsmSMNa2bDAQy9EpYdjzBAYkeFH2Ja7Bnwqifj68yW1UZ50Dl2z
+4zOI+D4cvOKY1GkPD+x95EwRby3M/rXv+Y4p6RiTGTmFnZ/tmOKyCm2k0B8tlbls
+TyuyCGTI0O2IcLD0u3CWg5FpjB2llfjoDDOMDcSIHT0UdRJSk0rCzT6Nvw57CdZg
+WGJGdHqIsct85l4IOkUzSg5rgNbuloWgfxR9Ptx5VWGhYzngQzMK9OLXtYZO72am
+fkhqwtPpfsh6IN41pVr6pY5k27TKj+FYZK4QJKBEYNH5F2RL/XeMMw2U5ZQNbPsC
+AwEAAaNTMFEwHQYDVR0OBBYEFCZl3ZBVsZgIz1UWwec9PgwtnWrHMB8GA1UdIwQY
+MBaAFCZl3ZBVsZgIz1UWwec9PgwtnWrHMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBAHYUvAXsxVRDiHZ2icUU/sMPWF7+aFg9GYOE5DY2RdfB3tQm
+BJU0BS1fqzb/UQaAYXNW8a5q5i9ULEEdLzvLYvPDWMOZFb/DXmmGIjnbnPj8jzYl
+Zwf7nINmz0Ir0FhXznVDca0rYKS2N1sgelXkI++Vqkk0i7rK6v9PD9FOeGGj4wuv
+ef4gEUH8yMfzzCeWDFSTwYMuXPRduIgDrnISr3wdPJAgG30mGM5M0qyesvuUuvCU
+5ssgUa5Gozz9vbEYOrlK+FL6UBBPJ623Cao+2hBKbD+fnmkoNZcFI0Yg0IPBB/k6
+HdeqWX6eOyCqOjKvmbWEd8nZx4MeWhsn930CJWtMyM3fO2QDnJnpeFz9jMWce54g
+r+chYHhgS3WxNMvDQ2HRy8SrEcPXu5mhQfpnP3uHwLmCRxOEINULDlAyluXwtgLF
+eWzbh99BsufuDTKcxQwovaJpedQtOPHmPJeCs02d9aKuO1qeYfk2GBZ7ndObxBSS
+ZirEcyBuaCJ7gW+iwT/zgIujqatOs3q5YHppExg+qRgB1gO/h5O/22l1Hd/xz/pn
+E1UGOEhmnEBdzFUNpEvG+nTcyZIUWczo+o0GclcH0CZnput756G5D5YkCTijexJS
+knktutHUlHbx/9DPAesDCqkA/N/fwHs72Q6t18RoJjFbnhm4U56f1inAvYGu
+-----END CERTIFICATE-----

lab/ansible/roles/surepreme/files/key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQD7d1YeQtKT+3K8
+6nuEz10izjlINqGe88uUUtFcx35ob7EuFREkMwVg1dRkMndLjYJrC+4yOzoDa8lT
+6CK5HFf22F9NMBQHtVMrUooEtvh8F1mSKGw5klf6Ic+TSqZPDkxLNjYszx+wxr8t
+fkeQrlYZTfaaZyFQm+QtLS4CWVLEZc99Idgf++Znld8XNrnpNF3MltkNXBi2ehWv
+6c/oUx9ZjXjGSMKZV+iQf1b+Q4Ab7D/Om8jGBi1OLt1mz0d9QuLZdJwHxwpmO/pW
+amNAQzFBc2wXCJN8rSRerhIukT7By0mWXhsnydVPYpuxMMMXtua+DjTUB6xUYkND
+hsF1TkVUGd7YqfTyf8bDSnLpQQkkLZD6WfB8MVFmI7x2OyZIw1rZsMBDL0Slh2PM
+EBiR4UfYlrsGfCqJ+PrzJbVRnnQOXbPjM4j4Phy84pjUaQ8P7H3kTBFvLcz+te/5
+jinpGJMZOYWdn+2Y4rIKbaTQHy2VuWxPK7IIZMjQ7YhwsPS7cJaDkWmMHaWV+OgM
+M4wNxIgdPRR1ElKTSsLNPo2/DnsJ1mBYYkZ0eoixy3zmXgg6RTNKDmuA1u6WhaB/
+FH0+3HlVYaFjOeBDMwr04te1hk7vZqZ+SGrC0+l+yHog3jWlWvqljmTbtMqP4Vhk
+rhAkoERg0fkXZEv9d4wzDZTllA1s+wIDAQABAoICAQDxQnxYSio4mi1p/NoHAOBN
+jWe91dRYaXTvWEnP5wJrdoWaPdIVVfIaBu1gOF7mGN2AkJC2lsZBE/+zxerSiNQI
+W22L483D237w+J68iUN74vcn2CqFTdekfx3lJeDLxl8CZf+yHAI+m2A+aIKG2Ax4
++KjZWIrJCNfxVABpdoOHNFrOplLx1L8osMy6O+JAUOKRcETMoYiAQj9eaEf1kRJp
+2+Z87r/tWT8iq1muVtqpb4+ETUhiXPjIowP+KG5hSnPUyCEPATMEBRVYJXgV5qFy
+NygELVE7c+6J/B4rmWSJj92JK76H/Qfvwx628J6suOlGfODIcJgw2ZnJRpeDUVYG
+xHAb+SVg45hpIQcKnoON5pgYPieKBxmPneMC3IHi87TUqaEfw+vBTBPEjWAa2nh1
+uVGJp2lS7OZUw/nf93nIlA5X9kJ66rvICpcFC0SG8jZa92Qpy+aooVcXS5FHQYRy
+HXmq45It4SOhlY1CgfWkYVkkBSGv5bTNniPSJVLQAKSJDJbddy8J8kz3Rq3i/bmZ
+CyGLtN6VayQWDqfy8iOLInQluqsGSNet11iR5ew6wD2p2TtaouBdtwPd7hXn17hQ
+PJmtRUcX0TgoNMCwG8c1rId5X+a6dprtZGlihXXi049ulHeNRYSJsH4kS6TM8KTy
+PRDh2iqsouFN/y2Dw2LdGQKCAQEA/7a2n/Mh+Ku6EV1cSAZ7jnh+3oJmdn93g/EU
+GyGgDTzjwhukI3FnmAxe5Qe8y+RvDVr+2jQ8uCZU4kqGRtvJ39c8Xmkb+v5G4uUx
+4SCbnR8V8EhTglgas33v9sUW5OMHt4em+9dpsBOAiAWey1N0HaHevLqkm4EvRtNB
+FGsk7/Z+yh8TIgcKYbU1tBGRZBrNCsWVZnqYE3cuZbwgbqXnzlO5xFIX5Kzbgs3i
+W6BVkOXQwhtqZT1KwxHJKyVNwlWIbiNY26JFXXIsMSBKp+hwWmZruKkPIhvybWyM
+F5N+Jru0vJ7wntn5dNiKaUWo+zx018cEkK3LrQlUcmcHAAkL/wKCAQEA+79n2ulK
+yPwAJFK95qjhuAArGk13w23CcXNle123QqO/KUsD8L1kyQmBL9nhElRTp02feSNL
+PKoW3LykiSx64OyqItWRbqsY+iPN+NrIyhg04e1ECrn6DnDpQeQn+MJKIjqDLpvo
+tSO0VCqKpVuOk58Qi7yCLIOmvJX9S8fUrPHQrxMHCQdRt8AHbx5mOseyNZyZIsw7
+6Y2hRT/Z+CTpZdA9SCVWU//PPHSX84tn42dIRjicvmT5cB7ha0rZLP+FKObgZmAb
+Ev18OYpJPaaDhwpPPJjX8f7pEbPvunyUqbfVW6PEo4h3wOe4UmjW3Qzku/NvTAhh
+7v/so3I5oNPPBQKCAQBGVJGMEonwZALsDbp40NegysFSH5lg1BQiBOdbwvbLTUjz
+NTkCyokMh7J92Y/yoCRvDuzzRNTCbUCBcK/Xw1GVsBQZf11DvjXu58y9N4O1Rjx5
+dtsJCYRmg6fBPlnaoBqaPsQNliSqWeLLBoizMYPJNqEVVVw6rOA84ZOPsxxYp3od
+y0gu3rLbRsS7fu13E+v7H3bE1ckH6YqoToK5DAZieCKqvU13BpflNQ0h2EpQbPTq
+vjGYILB0UGr84+isH2xDppMk7U+YsPM4m8IMxmBIbM0J3+2amwclU2qAfX9/1baS
+/j/94MO8gGYpKBCe8PTN+B3oUPSo5d0FDhMdzl8vAoIBAQDc87GDQR6SKBs3xidG
+OxNhG0S5YSSsMblnOZDoJeiiZHVzGJPsx02d5Omtxdz06W5CeK5u87slE2PdePQw
+MQnoP89To35xU1oosSQmNl/kgDpp0ITXpUMDSbZwTn+GpX/Lau+YCN7FnQC4nl3x
+o9oPVpx/CIR37VR6UGpwCINxBwvRnTGfivz9+VyM+nFfRcXzp+3/zKEI63WQAeqd
+EEiJQ6uFlr+eGfcZaHu1FbWosQ2OFEH+GUGUVoYiVR8nj1yf+YMaV19r228cUXLW
+2T63VyUUWlGt471L/FF7q7wO+XoZZDNCFJSGitoL+lgayyY2kAIvCWxrB9P54FcU
+ANLBAoIBAQDgIe3rGLNUUE8F/O1tDwqE9xTmNCLXAF/gx3FtWG4AO73sscOT4B60
+wAPcgjEzOiUcqypTU8EjFgDUg5Tk8ROuRjZWpsDSrOJb+OE5cdT5XZY2eKkmqO0A
+o+H3KIOySl6QhH06bpiz37MGvmBM5ABFDBlY59G4IkFQIL20ooghg+mPNXDBn1TU
+1b8NL8QNRSgzyE5KClaKM/MH+LmQ5cb24hc6kSUKjdrXahSYWKsgzymUKf7k8riy
+zbQBPgbga39DjlIjntIMXcxVz0HrjvdvVXjVgQwog3jqzEbaUFadI87toAvXZEHr
+QBdCfs0070B/VoGPOthmk5K23B/bp7mK
+-----END PRIVATE KEY-----

lab/ansible/roles/surepreme/files/nginx-location.conf

@@ -0,0 +1,25 @@
+location /blog/ {
+         root /usr/local/www/nginx;
+}
+location /wordpress/ {
+         root /usr/local/www/nginx;
+}
+location /wp-login.php {
+         root /usr/local/www/nginx;
+}
+location favicon.ico {
+         root /usr/local/www/nginx;
+}
+
+location /static/node_modules {
+         alias /usr/local/src/fifteen5/node_modules;
+}
+location /static/static {
+         alias /usr/local/src/fifteen5/collected-static;
+}
+location / {
+         proxy_pass http://127.0.0.1:8087;
+         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header Host $host;
+         proxy_redirect off;
+}

lab/ansible/roles/surepreme/files/stignore

@@ -0,0 +1,22 @@
+node_modules/**
+collected-static/**
+collected-static
+*copy
+__pycache__
+media/**
+*.pyc
+*.o
+*.a
+*.so
+*.exe
+*.prof
+*.swp
+.bundle
+.vagrant
+.envrc
+index.html
+junitresults.xml
+generatedJUnitFiles/**
+.mypy_cache/**
+collected-static/**
+ff/static/dist/**

lab/ansible/roles/surepreme/files/surepreme-supervisor.conf

@@ -0,0 +1,8 @@
+[program:uvicorn]
+command=/usr/local/bin/bash -lc "direnv exec /usr/local/src/surepreme uvicorn --host 0.0.0.0 --port 8000 --debug surepreme.asgi:application --reload"
+autostart=true
+autorestart=true
+directory=/usr/local/src/surepreme
+stdout_logfile=/var/log/uvicorn.log
+stderr_logfile=/var/log/uvicorn.log
+stopsignal=QUIT

lab/ansible/roles/surepreme/files/tmux.conf

@@ -0,0 +1,86 @@
+bind j select-pane -D
+bind k select-pane -U
+bind h select-pane -L
+bind l select-pane -R
+
+bind | split-window -h
+bind - split-window -v
+
+bind -r J resize-pane -D 10
+bind -r K resize-pane -U 10
+bind -r H resize-pane -L 10
+bind -r L resize-pane -R 10
+
+set -g pane-border-fg white
+set -g pane-active-border-fg cyan
+set -g pane-active-border-bg cyan
+set -g status-left "session: #S | window: #I | pane: #P"
+
+set -g prefix C-a 
+bind-key C-a last-window
+set -g default-terminal "screen-256color"
+new-session -n $HOST
+
+# Colors {{{
+
+set -g pane-border-fg colour8
+set -g pane-active-border-fg colour7
+
+set -g status-bg default
+set -g status-fg colour7
+set -g window-status-current-fg colour15
+
+set -g message-bg default
+set -g message-fg colour15
+
+# }}}
+# Statusline {{{
+
+set -g base-index 1
+set -g pane-base-index 1
+set -g renumber-windows on
+
+set -g status-left ''
+set -g status-right '#{?client_prefix,#[fg=colour15 reverse],} #(echo $USER)@#H '
+
+set -g status-justify right
+set -g window-status-current-format '#I:#W '
+
+# }}}
+
+#### COLOUR (Solarized 256)
+
+# default statusbar colors
+set-option -g status-bg colour235 #base02
+set-option -g status-fg colour136 #yellow
+set-option -g status-attr default
+
+# default window title colors
+set-window-option -g window-status-fg colour244 #base0
+set-window-option -g window-status-bg default
+#set-window-option -g window-status-attr dim
+
+# active window title colors
+set-window-option -g window-status-current-fg colour166 #orange
+set-window-option -g window-status-current-bg default
+#set-window-option -g window-status-current-attr bright
+
+# pane border
+set-option -g pane-border-fg colour235 #base02
+set-option -g pane-active-border-fg colour240 #base01
+
+# message text
+set-option -g message-bg colour235 #base02
+set-option -g message-fg colour166 #orange
+
+# pane number display
+set-option -g display-panes-active-colour colour33 #blue
+set-option -g display-panes-colour colour166 #orange
+
+# clock
+set-window-option -g clock-mode-colour colour64 #green
+
+# bell
+set-window-option -g window-status-bell-style fg=colour235,bg=colour160 #base02, red
+
+set -s escape-time 0

lab/ansible/roles/surepreme/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Supervisor restarted
+  service:
+    name: supervisord
+    state: restarted
+
+- name: Nginx restarted
+  service:
+    name: nginx
+    state: restarted

lab/ansible/roles/surepreme/tasks/main.yml

@@ -0,0 +1,96 @@
+---
+- name: Dependencies installed
+  # We install xmlsec and cairocffi using pkg because python-Levenshtein is tricky to install on FreeBSD
+  community.general.pkgng:
+    name: git-tiny,direnv,jpeg-turbo,tiff,webp,lcms2,freetype2,yarn-node16,cairo,pango,gmake,xmlsec1,libxml2,libxslt,bash,cmake,ninja,postgresql13-client
+    state: latest
+
+- name: Tmux config installed
+  copy:
+    src: tmux.conf
+    dest: /root/.tmux.conf
+    mode: 0644
+
+- name: Github SSH key installed
+  template:
+    src: sshkey.j2
+    dest: /root/.ssh/id_ed25519
+    mode: 0400
+
+- name: Nginx location file installed
+  copy:
+    src: nginx-location.conf
+    dest: /usr/local/etc/nginx/locations/surepreme.conf
+    mode: 0644
+  notify: Nginx restarted
+
+- name: Source folder exists
+  file:
+    path: /usr/local/src
+    mode: 0755
+    state: directory
+
+- name: surepreme source deployed
+  git:
+    repo: "git@github.com:sureapp/surepreme.git"
+    dest: /usr/local/src/surepreme
+    accept_hostkey: yes
+    update: yes
+  ignore_errors: true
+  tags:
+    - deploy
+
+- name: Syncthing ignore file installed
+  copy:
+    src: stignore
+    dest: /usr/local/src/surepreme/.stignore
+    mode: 0775
+
+- name: Syncthing running as root
+  shell: sysrc syncthing_user="root"
+  notify: Syncthing restarted
+
+- name: Environment file installed
+  template:
+    src: envrc.j2
+    dest: /usr/local/src/surepreme/.envrc
+    mode: 0600
+  tags:
+    - deploy
+
+- name: Allow environment file
+  shell:
+    cmd: direnv allow
+    chdir: /usr/local/src/surepreme
+  tags:
+    - deploy
+
+- cron:
+    name: "Cron job to clear out tmp files every 5 minutes installed"
+    minute: "5"
+    job: 'find /usr/local/src/surepreme -type f -name ".syncthing*.tmp" -delete'
+
+- cron:
+    name: "Cron job to clear out syncthing conflicts every 30 min"
+    minute: "30"
+    job: 'find /usr/local/src/surepreme -type f -name "*.sync-conflict*" -delete'
+
+- name: surepreme migrations up to date
+  command: bash -lc "direnv exec /usr/local/src/surepreme /usr/local/bin/python3.10 /usr/local/src/surepreme/manage.py migrate"
+  tags:
+    - deploy
+
+- name: surepreme frontend files generated and copied
+  command: bash -lc "direnv exec /usr/local/src/surepreme /usr/local/bin/yarn"
+  args:
+    chdir: "/usr/local/src/surepreme"
+  tags:
+    - deploy
+
+- name: Surepreme uvicorn immortal file installed
+  template:
+    src: uvicorn-immortal.yml.j2
+    dest: /usr/local/etc/immortal/surepreme-uvicorn.yml
+    owner: root
+    mode: 0644
+  notify: Immortal restarted

lab/ansible/roles/surepreme/templates/celery-immortal.yml.j2

@@ -0,0 +1,61 @@
+cmd: celery -A ff worker -B -l DEBUG -c 2 -S django -Q test1,celery
+cwd: /usr/local/src/fifteen5
+env:
+    DJANGO_SETTINGS_MODULE: ff.settings.dev.colin
+    FF_LOCAL_DOMAIN: five.unbl.ink
+    CELERY_TASK_ALWAYS_EAGER: False
+    FF_LOG_FILE_PATH: /var/log/
+    FF_LOG_LEVEL: DEBUG
+    FF_LOG_SQL: False
+    FF_JSON_LOGGING: True
+    FF_AWS_S3: True
+    FF_AWS_ACCESS_KEY_ID: FIFTEENFIVE
+    FF_AWS_SECRET_ACCESS_KEY: {{fifteenfive_s3_secret_key}}
+    FF_AWS_STORAGE_BUCKET_NAME_PUBLIC: 'fifteenfive'
+    FF_AWS_STORAGE_BUCKET_NAME_PRIVATE: 'fifteenfive'
+    FF_AWS_ENDPOINT_URL: 'https://s3.unbl.ink'
+    FF_DB_NAME: fifteenfive
+    FF_DB_USER: fifteenfive
+    FF_DB_PASSWORD: {{fifteenfive_db_pass}}
+    FF_DB_HOST: db.service
+    FF_DB_PORT: 5432
+    FF_EMAIL_BACKEND: 'django.core.mail.backends.smtp.EmailBackend'
+    FF_EMAIL_HOST: 'mailhog.unbl.ink'
+    FF_EMAIL_PORT: 1025
+    FF_SECRET_KEY: {{fifteenfive_secret_key}}
+    FF_DEBUG_TOOLBAR: True
+    FF_REDIS_LOCATION: redis://:{{redis_password}}@cache.unbl.ink/
+    FF_SFTP_FORWARDER_SECRET: notasecret
+    FF_SFTP_ALLOW_DUPLICATE_FILES: True
+    FF_OKTA_LOCAL_DEV_API_KEY: {{fifteenfive_okta_key}}
+    FF_OKTA_LOCAL_DEV_CERT: {{fifteenfive_okta_cert}}
+    FF_OKTA_LOCAL_DEV_ID: 'exkvakjehhLMVGzDY4x6'
+    FF_OKTA_LOCAL_DEV_APP_NAME: 'unblinkdev331277_unblinksaml_1'
+    FF_OKTA_LOCAL_DEV_SUBDOMAIN: 'dev-331277'
+    FF_AZURE_LOCAL_DEV_ID: '92956dba-b937-4f12-aaa9-18263b3de204'
+    FF_AZURE_LOCAL_DEV_CERT: {{fifteenfive_azure_cert}}
+    FF_BAMBOO_HR_API_KEY: {{fifteenfive_bamboohr_api_key}}
+    FF_BAMBOO_HR_OPENID_APP_KEY: {{fifteenfive_bamboohr_app_key}}
+    FF_BAMBOO_HR_OPENID_CLIENT_ID: '15five-bamboohr-7.17.2017'
+    FF_BAMBOO_HR_OPENID_CLIENT_SECRET: {{fifteenfive_bamboohr_client_secret}}
+    FF_NAMELY_OAUTH_CLIENT_ID: 'mymsv4hhYE6HPeGvYRQHTsUAH2z7vwZOccELbwVUukde4JHepVQKZdfoVTIEaGFK'
+    FF_NAMELY_OAUTH_CLIENT_SECRET: {{fifteenfive_namely_oauth_client_secret}}
+    FF_ZUORA_CLIENT_ID: df3f5367-974e-43d2-9fe9-49d75fa9637c
+    FF_ZUORA_CLIENT_SECRET: {{fifteenfive_zuora_client_secret}}
+    FF_ZUORA_PAYMENT_PAGE_ID: {{fifteenfive_zuora_payment_page_id}}
+    FF_ZUORA_PORTAL_SSO_SECRET_KEY: {{fifteenfive_zuora_sso_secret_key}}
+    FF_NEXT_COMPANY_ID: 130000
+    FF_ELASTICSEARCH_HOST: elastic.local
+    FF_SALESFORCE_CONSUMER_KEY: 3MVG9_4NR96cWRpF2_OpG5HvuFI9Pgff1t5RE96IHWO_tHbcuQ.BNNgm08bws4BdNYMmRwGqXADLtds1CK5r6
+    FF_SALESFORCE_CONSUMER_SECRET: {{fifteenfive_salesforce_consumer_secret}}
+    FF_SALESFORCE_HOST: https://15five--15fivesb.my.salesforce.com
+    FF_SLACK_OAUTH_CLIENT_ID: 2743272933910.2752561950708
+    FF_SLACK_OAUTH_CLIENT_SECRET: {{fifteenfive_slack_oauth_client_secret}}
+    FF_ADP_OAUTH_CLIENT_ID: {{fifteenfive_adp_oauth_client_id}}
+    FF_ADP_OAUTH_CLIENT_SECRET: {{fifteenfive_adp_oauth_client_secret}}
+log:
+    file: /var/log/immortal-fifteen5.log
+    age: 86400 # log 1 day
+    num: 7 # keep 7 files
+    size: 1 # size of file 1MB
+wait: 1

lab/ansible/roles/surepreme/templates/envrc.j2

@@ -0,0 +1,74 @@
+export PYTHONPATH=`pwd`
+export PYTEST_ADDOPTS='-rs --durations=10 --reuse-db --isort --flake8'
+export DJANGO_SETTINGS_MODULE=ff.settings.dev.colin
+export FF_LOCAL_DOMAIN=five.unbl.ink
+
+export FF_LOG_FILE_PATH=/var/log/
+export FF_LOG_LEVEL=DEBUG
+export FF_LOG_SQL=False
+export FF_JSON_LOGGING=True
+#export FF_BACKEND_SENTRY_DSN="https://ee742b3c0b2f451e8e0de99597a8ced0@sentry.unbl.ink/2"
+
+export FF_AWS_S3=True
+export FF_AWS_ACCESS_KEY_ID=FIFTEENFIVE
+export FF_AWS_SECRET_ACCESS_KEY={{fifteenfive_s3_secret_key}}
+export FF_AWS_STORAGE_BUCKET_NAME_PUBLIC='fifteenfive'
+export FF_AWS_STORAGE_BUCKET_NAME_PRIVATE='fifteenfive'
+export FF_AWS_ENDPOINT_URL='https://s3.unbl.ink'
+
+export FF_DB_NAME=fifteenfive
+export FF_DB_USER=fifteenfive
+export FF_DB_PASSWORD={{fifteenfive_db_pass}}
+export FF_DB_HOST=db.service
+export FF_DB_PORT=5432
+
+export FF_EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'
+export FF_EMAIL_HOST='mailhog.unbl.ink'
+export FF_EMAIL_PORT=1025
+export FF_SECRET_KEY={{fifteenfive_secret_key}}
+export FF_DEBUG_TOOLBAR=True
+export FF_REDIS_LOCATION=redis://:{{redis_password}}@cache.service/15
+
+export FF_SFTP_FORWARDER_SECRET=notasecret
+export FF_SFTP_ALLOW_DUPLICATE_FILES=True
+
+export FF_OKTA_LOCAL_DEV_API_KEY={{fifteenfive_okta_key}}
+export FF_OKTA_LOCAL_DEV_CERT={{fifteenfive_okta_cert}}
+export FF_OKTA_LOCAL_DEV_ID='exkvakjehhLMVGzDY4x6'
+export FF_OKTA_LOCAL_DEV_APP_NAME='unblinkdev331277_unblinksaml_1'
+export FF_OKTA_LOCAL_DEV_SUBDOMAIN='dev-331277'
+
+export FF_AZURE_LOCAL_DEV_ID='92956dba-b937-4f12-aaa9-18263b3de204'
+export FF_AZURE_LOCAL_DEV_CERT={{fifteenfive_azure_cert}}
+
+# BambooHR
+export FF_BAMBOO_HR_API_KEY={{fifteenfive_bamboohr_api_key}}
+export FF_BAMBOO_HR_OPENID_APP_KEY={{fifteenfive_bamboohr_app_key}}
+export FF_BAMBOO_HR_OPENID_CLIENT_ID='15five-bamboohr-7.17.2017'
+export FF_BAMBOO_HR_OPENID_CLIENT_SECRET={{fifteenfive_bamboohr_client_secret}}
+
+# Namely
+export FF_NAMELY_OAUTH_CLIENT_ID='mymsv4hhYE6HPeGvYRQHTsUAH2z7vwZOccELbwVUukde4JHepVQKZdfoVTIEaGFK'
+export FF_NAMELY_OAUTH_CLIENT_SECRET={{fifteenfive_namely_oauth_client_secret}}
+
+export FF_RECURLY_PUBLIC_KEY='ewr1-zvYK71QQsAfdOm8ydeguAU'
+export FF_RECURLY_API_KEY={{fifteenfive_recurly_api_key}}
+
+export FF_ZUORA_CLIENT_ID=df3f5367-974e-43d2-9fe9-49d75fa9637c
+export FF_ZUORA_CLIENT_SECRET={{fifteenfive_zuora_client_secret}}
+export FF_ZUORA_PAYMENT_PAGE_ID={{fifteenfive_zuora_payment_page_id}}
+export FF_ZUORA_PORTAL_SSO_SECRET_KEY={{fifteenfive_zuora_sso_secret_key}}
+
+export FF_NEXT_COMPANY_ID=130000
+
+export FF_ELASTICSEARCH_HOST=elastic.local
+
+export FF_SALESFORCE_CONSUMER_KEY=3MVG9_4NR96cWRpF2_OpG5HvuFI9Pgff1t5RE96IHWO_tHbcuQ.BNNgm08bws4BdNYMmRwGqXADLtds1CK5r6
+export FF_SALESFORCE_CONSUMER_SECRET={{fifteenfive_salesforce_consumer_secret}}
+export FF_SALESFORCE_HOST=https://15five--15fivesb.my.salesforce.com
+
+export FF_SLACK_OAUTH_CLIENT_ID=2743272933910.2752561950708
+export FF_SLACK_OAUTH_CLIENT_SECRET={{fifteenfive_slack_oauth_client_secret}}
+
+export FF_ADP_OAUTH_CLIENT_ID={{fifteenfive_adp_oauth_client_id}}
+export FF_ADP_OAUTH_CLIENT_SECRET={{fifteenfive_adp_oauth_client_secret}}

lab/ansible/roles/surepreme/templates/sshkey.j2

@@ -0,0 +1 @@
+{{github_ssh_key}}

lab/ansible/roles/surepreme/templates/uvicorn-immortal.yml.j2

@@ -0,0 +1,61 @@
+cmd: gunicorn -b 0.0.0.0:8087 --reload --preload ff.wsgi:application
+cwd: /usr/local/src/fifteen5
+env:
+    DJANGO_SETTINGS_MODULE: ff.settings.dev.colin
+    FF_LOCAL_DOMAIN: five.unbl.ink
+    CELERY_TASK_ALWAYS_EAGER: False
+    FF_LOG_FILE_PATH: /var/log/
+    FF_LOG_LEVEL: DEBUG
+    FF_LOG_SQL: False
+    FF_JSON_LOGGING: True
+    FF_AWS_S3: True
+    FF_AWS_ACCESS_KEY_ID: FIFTEENFIVE
+    FF_AWS_SECRET_ACCESS_KEY: {{fifteenfive_s3_secret_key}}
+    FF_AWS_STORAGE_BUCKET_NAME_PUBLIC: 'fifteenfive'
+    FF_AWS_STORAGE_BUCKET_NAME_PRIVATE: 'fifteenfive'
+    FF_AWS_ENDPOINT_URL: 'https://s3.unbl.ink'
+    FF_DB_NAME: fifteenfive
+    FF_DB_USER: fifteenfive
+    FF_DB_PASSWORD: {{fifteenfive_db_pass}}
+    FF_DB_HOST: db.service
+    FF_DB_PORT: 5432
+    FF_EMAIL_BACKEND: 'django.core.mail.backends.smtp.EmailBackend'
+    FF_EMAIL_HOST: 'mailhog.unbl.ink'
+    FF_EMAIL_PORT: 1025
+    FF_SECRET_KEY: {{fifteenfive_secret_key}}
+    FF_DEBUG_TOOLBAR: True
+    FF_REDIS_LOCATION: redis://:{{redis_password}}@cache.unbl.ink/
+    FF_SFTP_FORWARDER_SECRET: notasecret
+    FF_SFTP_ALLOW_DUPLICATE_FILES: True
+    FF_OKTA_LOCAL_DEV_API_KEY: {{fifteenfive_okta_key}}
+    FF_OKTA_LOCAL_DEV_CERT: {{fifteenfive_okta_cert}}
+    FF_OKTA_LOCAL_DEV_ID: 'exkvakjehhLMVGzDY4x6'
+    FF_OKTA_LOCAL_DEV_APP_NAME: 'unblinkdev331277_unblinksaml_1'
+    FF_OKTA_LOCAL_DEV_SUBDOMAIN: 'dev-331277'
+    FF_AZURE_LOCAL_DEV_ID: '92956dba-b937-4f12-aaa9-18263b3de204'
+    FF_AZURE_LOCAL_DEV_CERT: {{fifteenfive_azure_cert}}
+    FF_BAMBOO_HR_API_KEY: {{fifteenfive_bamboohr_api_key}}
+    FF_BAMBOO_HR_OPENID_APP_KEY: {{fifteenfive_bamboohr_app_key}}
+    FF_BAMBOO_HR_OPENID_CLIENT_ID: '15five-bamboohr-7.17.2017'
+    FF_BAMBOO_HR_OPENID_CLIENT_SECRET: {{fifteenfive_bamboohr_client_secret}}
+    FF_NAMELY_OAUTH_CLIENT_ID: 'mymsv4hhYE6HPeGvYRQHTsUAH2z7vwZOccELbwVUukde4JHepVQKZdfoVTIEaGFK'
+    FF_NAMELY_OAUTH_CLIENT_SECRET: {{fifteenfive_namely_oauth_client_secret}}
+    FF_ZUORA_CLIENT_ID: df3f5367-974e-43d2-9fe9-49d75fa9637c
+    FF_ZUORA_CLIENT_SECRET: {{fifteenfive_zuora_client_secret}}
+    FF_ZUORA_PAYMENT_PAGE_ID: {{fifteenfive_zuora_payment_page_id}}
+    FF_ZUORA_PORTAL_SSO_SECRET_KEY: {{fifteenfive_zuora_sso_secret_key}}
+    FF_NEXT_COMPANY_ID: 130000
+    FF_ELASTICSEARCH_HOST: elastic.local
+    FF_SALESFORCE_CONSUMER_KEY: 3MVG9_4NR96cWRpF2_OpG5HvuFI9Pgff1t5RE96IHWO_tHbcuQ.BNNgm08bws4BdNYMmRwGqXADLtds1CK5r6
+    FF_SALESFORCE_CONSUMER_SECRET: {{fifteenfive_salesforce_consumer_secret}}
+    FF_SALESFORCE_HOST: https://15five--15fivesb.my.salesforce.com
+    FF_SLACK_OAUTH_CLIENT_ID: 2743272933910.2752561950708
+    FF_SLACK_OAUTH_CLIENT_SECRET: {{fifteenfive_slack_oauth_client_secret}}
+    FF_ADP_OAUTH_CLIENT_ID: {{fifteenfive_adp_oauth_client_id}}
+    FF_ADP_OAUTH_CLIENT_SECRET: {{fifteenfive_adp_oauth_client_secret}}
+log:
+    file: /var/log/immortal-fifteen5.log
+    age: 86400 # log 1 day
+    num: 7 # keep 7 files
+    size: 1 # size of file 1MB
+wait: 1