Decommission dokku

I don't use it, still. I have a better plan for doing this in future anyway...

ansible/ansible.cfg

@@ -7,8 +7,6 @@ collections_path = $PWD/galaxy_collections
 inventory = ./hosts
 become_ask_pass = True
 interpreter_python = auto_silent
-# HACK: Force Ansible to find dokku plugins
-library = $PWD/galaxy_roles/dokku_bot.ansible_dokku/library
 
 [ssh_connection]
 pipelining = True

ansible/galaxy-requirements.yml

@@ -16,8 +16,6 @@ roles:
     version: 1.0.2
   - src: ironicbadger.snapraid
     version: 1.0.0
-  - src: dokku_bot.ansible_dokku
-    version: v2024.4.11
   - src: geerlingguy.certbot
     version: 5.1.0
   - src: artis3n.tailscale

ansible/group_vars/all/pve.yml

@@ -11,8 +11,6 @@ pve_hosts:
     ipv6: fde3:15e9:e883::103
   jellyfin:
     ip: 10.23.1.101
-  dokku:
-    ip: 10.23.1.102
   docker:
     ip: 10.23.1.103
     ipv6: fde3:15e9:e883::203
@@ -29,5 +27,3 @@ pve_hosts:
     ip: 10.23.1.110
   gitea_runner:
     ip: 10.23.1.114
-  pve_dokku:
-    ip: 10.23.1.102

ansible/host_vars/pve-docker/main.yml

@@ -3,7 +3,6 @@ private_ip: "{{ pve_hosts.docker.ip }}"
 traefik_provider_jellyfin: true
 traefik_provider_homeassistant: true
 traefik_provider_grafana: true
-traefik_provider_dokku: true
 traefik_provider_uptime_kuma: true
 
 with_fail2ban: true

ansible/host_vars/pve-dokku/main.yml

@@ -1,5 +0,0 @@
-ssh_extra_allowed_users: dokku
-
-db_backups_dir: /mnt/tank/files/db-backups
-
-private_ip: "{{ pve_hosts.pve_dokku.ip }}"

ansible/host_vars/pve-dokku/vault.yml

@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38396636313062623661613537386337356130353839303930346333313062383935353932336230
-6637666434356666346361663131343962663963333638630a376631313531633865396566643032
-31323866386236356639306333393765616630363734326662366632656430323739306439366634
-3364666662623764630a353532373433616365383862633935373332663933386561316262633662
-37366233326439336535623339366565653732646434386639336533386261306238306630396638
-30633433636365663538656338303066353830626137613038323462353137326234356533323335
-39643832636466643864663737316239626161653833343633306435363636663264303165303334
-36383661316566316630

ansible/hosts

@@ -13,4 +13,3 @@ qbittorrent
 restic
 renovate
 gitea-runner
-pve-dokku

ansible/main.yml

@@ -38,7 +38,6 @@
     - walker
     - renovate
     - gitea-runner
-    - pve-dokku
   roles:
     - role: geerlingguy.docker
       become: true
@@ -53,7 +52,6 @@
     - pve-docker
     - forrest
     - walker
-    - pve-dokku
   roles:
     - db_auto_backup
 
@@ -146,8 +144,3 @@
     - role: prometheus.prometheus.node_exporter
       become: true
     - restic
-
-- hosts: pve-dokku
-  roles:
-    - nginx
-    - dokku

ansible/roles/dokku/files/nginx.conf

@@ -1,12 +0,0 @@
- # Block requests which don't have an explicit handler
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    server_name _;
-    access_log off;
-    return 418;
-}
-
-# Load configuration files for the default server block (this directory is used by dokku).
-include /etc/nginx/conf.d/*.conf;

ansible/roles/dokku/handlers/main.yml

@@ -1,5 +0,0 @@
-- name: reload nginx
-  service:
-    name: nginx
-    state: reloaded
-  become: true

ansible/roles/dokku/tasks/main.yml

@@ -1,63 +0,0 @@
-# HACK: Fake include some tasks from `ansible_dokku`, so its library plugins can be used below
-- name: Run role without running any tasks
-  include_role:
-    name: dokku_bot.ansible_dokku
-    tasks_from: init.yml
-    apply:
-      when: false
-
-- name: Install Dokku
-  package:
-    name: dokku
-  become: true
-
-- name: List dokku plugins
-  command: dokku plugin:list
-  changed_when: false
-  register: installed_dokku_plugins
-
-- name: Install Dokku plugins
-  command: dokku plugin:install {{ item.url }} --name {{ item.name }}
-  when: installed_dokku_plugins.stdout.find(item.name) == -1
-  loop: "{{ dokku_plugins }}"
-  loop_control:
-    label: "{{ item.name }}"
-  become: true
-
-- name: Automatically update Dokku plugins
-  cron:
-    name: dokku plugin:update {{ item.name }}
-    minute: 0
-    hour: 12
-    user: root
-    job: /usr/bin/chronic /usr/bin/dokku plugin:update {{ item.name }}
-    cron_file: dokku-plugin-update-{{ item.name }}
-  loop: "{{ dokku_plugins }}"
-  loop_control:
-    label: "{{ item.name }}"
-  become: true
-
-- name: Set up global domain
-  dokku_domains:
-    global: true
-    domains: d.theorangeone.net
-  become: true
-
-- name: Install nginx config
-  template:
-    src: files/nginx.conf
-    dest: /etc/nginx/http.d/dokku.conf
-    mode: "644"
-  notify: reload nginx
-  become: true
-
-# https://dokku.com/docs/advanced-usage/backup-recovery/
-- name: Sync data to app-data
-  cron:
-    name: clean up docker containers
-    hour: "*/6"
-    minute: 0
-    user: root
-    job: rsync --archive --progress -h /var/lib/dokku/{config,data,services} /home/dokku --exclude '/home/dokku/**/cache/*' /mnt/tank/app-data/dokku/
-    cron_file: dokku-data-sync
-  become: true

ansible/roles/dokku/vars/main.yml

@@ -1,9 +0,0 @@
-dokku_plugins:
-  - name: postgres
-    url: https://github.com/dokku/dokku-postgres.git
-  - name: redis
-    url: https://github.com/dokku/dokku-redis.git
-  - name: redirect
-    url: https://github.com/dokku/dokku-redirect.git
-  - name: http-auth
-    url: https://github.com/dokku/dokku-http-auth.git

ansible/roles/traefik/defaults/main.yml

@@ -1,7 +1,6 @@
 traefik_provider_jellyfin: false
 traefik_provider_homeassistant: false
 traefik_provider_grafana: false
-traefik_provider_dokku: false
 traefik_provider_uptime_kuma: false
 
 with_fail2ban: false

ansible/roles/traefik/files/file-provider-dokku.yml

@@ -1,10 +0,0 @@
-http:
-  routers:
-    router-dokku:
-      rule: HostRegexp(`{subdomain:[a-z]+}.d.theorangeone.net`)
-      service: service-dokku
-  services:
-    service-dokku:
-      loadBalancer:
-        servers:
-          - url: http://{{ pve_hosts.dokku.ip }}

ansible/roles/traefik/files/traefik.yml

@@ -25,10 +25,6 @@ entryPoints:
             sans: "*.theorangeone.net"
           - main: jakehoward.tech
             sans: "*.jakehoward.tech"
-          {% if traefik_provider_dokku %}
-          - main: d.theorangeone.net
-            sans: "*.d.theorangeone.net"
-          {% endif %}
     proxyProtocol:
       trustedIPs:
         - "{{ pve_hosts.ingress.ip }}/32"

ansible/roles/traefik/tasks/main.yml

@@ -91,17 +91,7 @@
   when: traefik_provider_grafana
   become: true
 
-- name: Install dokku provider
-  template:
-    src: files/file-provider-dokku.yml
-    dest: /opt/traefik/traefik/conf/dokku.yml
-    mode: "{{ docker_compose_file_mask }}"
-    owner: "{{ docker_user.name }}"
-  notify: restart traefik
-  when: traefik_provider_dokku
-  become: true
-
-- name: Install dokku provider
+- name: Install uptime-kuma provider
   template:
     src: files/file-provider-uptime-kuma.yml
     dest: /opt/traefik/traefik/conf/uptime-kuma.yml

terraform/theorangeone.net.tf

@@ -173,22 +173,6 @@ resource "cloudflare_record" "theorangeonenet_privatebin" {
   ttl     = 1
 }
 
-resource "cloudflare_record" "theorangeonenet_dokku" {
-  zone_id = cloudflare_zone.theorangeonenet.id
-  name    = "d"
-  value   = cloudflare_record.sys_domain_pve.hostname
-  type    = "CNAME"
-  ttl     = 1
-}
-
-resource "cloudflare_record" "theorangeonenet_dokku_wildcard" {
-  zone_id = cloudflare_zone.theorangeonenet.id
-  name    = "*.d"
-  value   = cloudflare_record.theorangeonenet_dokku.hostname
-  type    = "CNAME"
-  ttl     = 1
-}
-
 resource "cloudflare_record" "theorangeonenet_google_site_verification" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "@"