infra/dl.yml

---

- hosts: dl
  vars:
    uploaders:
      - mdk
      - hs-157
      - pilou
      - entwanne
      - merwyn

  tasks:
    - name: Basic setup
      include_role: name=common

    - name: Create uploaders group
      group:
        name: uploaders
        state: present

    - name: Create uploaders accounts
      user:
        group: uploaders
        name: "{{ item }}"
        state: present
      loop: "{{ uploaders }}"

    - name: mkdir uploaders .ssh
      file:
        path: "~/.ssh"
        state: directory
        mode: 0755
      become: yes
      become_user: "{{ item }}"
      loop: "{{ uploaders }}"

    - name: Set user authorized keys
      copy:
        content: "{{ authorized_keys[item]|join('\n') }}"
        dest: "~/.ssh/authorized_keys"
        mode: 0644
      become: yes
      become_user: "{{ item }}"
      loop: "{{ uploaders }}"

    - name: Install dependencies
      apt:
        name: [libnginx-mod-http-fancyindex, rsync]
        state: present

    - name: Setup afpy.org
      tags: nginx
      include_role:
        name: nginx
        apply:
          tags: nginx
      vars:
        nginx_owner: dl-afpy-org
        nginx_domain: dl.afpy.org
        nginx_certificates: [dl.afpy.org, videos-2015.pycon.fr]
        nginx_conf: |
          server
          {
              listen [::]:80; listen 80;
              server_name dl.afpy.org;
              return 301 https://$host$request_uri;
          }

          server
          {
              listen [::]:80; listen 80;
              server_name videos-2015.pycon.fr;
              return 301 https://dl.afpy.org/pycon-fr-15$request_uri;
          }

          server
          {
              listen [::]:443 ssl http2; listen 443 ssl http2;
              server_name videos-2015.pycon.fr;
              include snippets/letsencrypt-dl.afpy.org.conf;
              return 301 https://dl.afpy.org/pycon-fr-15$request_uri;
          }

          server
          {
              listen [::]:443 ssl http2; listen 443 ssl http2;
              server_name dl.afpy.org;
              charset utf-8;
              include snippets/letsencrypt-dl.afpy.org.conf;

              root /var/www/dl.afpy.org/;

              add_header Content-Security-Policy "default-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'self'; media-src 'self'";
              add_header X-Content-Type-Options "nosniff";

              location /
              {
                  fancyindex on;
                  fancyindex_exact_size off;  # Output human-readable file sizes.
                  fancyindex_name_length 150;
              }
          }
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`---`

			`- hosts: dl`
Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00			`vars:`
			`uploaders:`
Add my SSH key to root account (#27) 2022-02-28 14:00:13 +00:00			`- mdk`
			`- hs-157`
			`- pilou`
			`- entwanne`
dl: Add myself to dl and add corresponding ssh keys (#7) Pour simplifier la centralisation des fichiers graphiques pour la pycon, j'aurais besoin d'avoir accès à la machine :) Co-authored-by: Florian Guillet <florian@eno.do> Reviewed-on: https://git.afpy.org/AFPy/infra/pulls/7 Co-authored-by: Florian Guillet <merwyn@noreply.localhost> Co-committed-by: Florian Guillet <merwyn@noreply.localhost> 2023-02-15 15:34:01 +00:00			`- merwyn`
Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`tasks:`
			`- name: Basic setup`
			`include_role: name=common`

Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00			`- name: Create uploaders group`
			`group:`
			`name: uploaders`
			`state: present`

			`- name: Create uploaders accounts`
			`user:`
			`group: uploaders`
Add my SSH key to root account (#27) 2022-02-28 14:00:13 +00:00			`name: "{{ item }}"`
Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00			`state: present`
			`loop: "{{ uploaders }}"`

			`- name: mkdir uploaders .ssh`
			`file:`
			`path: "~/.ssh"`
			`state: directory`
			`mode: 0755`
			`become: yes`
Add my SSH key to root account (#27) 2022-02-28 14:00:13 +00:00			`become_user: "{{ item }}"`
Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00			`loop: "{{ uploaders }}"`

			`- name: Set user authorized keys`
			`copy:`
Add my SSH key to root account (#27) 2022-02-28 14:00:13 +00:00			`content: "{{ authorized_keys[item]\|join('\n') }}"`
Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00			`dest: "~/.ssh/authorized_keys"`
			`mode: 0644`
			`become: yes`
Add my SSH key to root account (#27) 2022-02-28 14:00:13 +00:00			`become_user: "{{ item }}"`
Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00			`loop: "{{ uploaders }}"`

Ensure the box has rsync. 2021-04-06 19:49:40 +00:00			`- name: Install dependencies`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`apt:`
Ensure the box has rsync. 2021-04-06 19:49:40 +00:00			`name: [libnginx-mod-http-fancyindex, rsync]`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`state: present`

			`- name: Setup afpy.org`
dl.afpy.org: Content Security Poilicy. 2023-02-14 15:20:38 +00:00			`tags: nginx`
			`include_role:`
			`name: nginx`
			`apply:`
			`tags: nginx`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`vars:`
			`nginx_owner: dl-afpy-org`
www.afpy.org migré. 2021-11-18 07:08:04 +00:00			`nginx_domain: dl.afpy.org`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`nginx_certificates: [dl.afpy.org, videos-2015.pycon.fr]`
			`nginx_conf: \|`
			`server`
			`{`
Make nginx listen on IPv6 (duplicate listen should not be usefull, but happen they are). 2021-12-30 20:33:48 +00:00			`listen [::]:80; listen 80;`
Rangement des videos pycon fr 2015 avec les autres pycon fr. 2021-04-08 06:37:10 +00:00			`server_name dl.afpy.org;`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`return 301 https://$host$request_uri;`
			`}`

			`server`
			`{`
Make nginx listen on IPv6 (duplicate listen should not be usefull, but happen they are). 2021-12-30 20:33:48 +00:00			`listen [::]:80; listen 80;`
Rangement des videos pycon fr 2015 avec les autres pycon fr. 2021-04-08 06:37:10 +00:00			`server_name videos-2015.pycon.fr;`
			`return 301 https://dl.afpy.org/pycon-fr-15$request_uri;`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`}`

			`server`
			`{`
Hello HTTP/2 2023-02-13 21:40:47 +00:00			`listen [::]:443 ssl http2; listen 443 ssl http2;`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`server_name videos-2015.pycon.fr;`
			`include snippets/letsencrypt-dl.afpy.org.conf;`
Rangement des videos pycon fr 2015 avec les autres pycon fr. 2021-04-08 06:37:10 +00:00			`return 301 https://dl.afpy.org/pycon-fr-15$request_uri;`
			`}`

			`server`
			`{`
Hello HTTP/2 2023-02-13 21:40:47 +00:00			`listen [::]:443 ssl http2; listen 443 ssl http2;`
Rangement des videos pycon fr 2015 avec les autres pycon fr. 2021-04-08 06:37:10 +00:00			`server_name dl.afpy.org;`
Hello photos.afpy.org. 2022-11-08 21:00:32 +00:00			`charset utf-8;`
Rangement des videos pycon fr 2015 avec les autres pycon fr. 2021-04-08 06:37:10 +00:00			`include snippets/letsencrypt-dl.afpy.org.conf;`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00
Rangement des videos pycon fr 2015 avec les autres pycon fr. 2021-04-08 06:37:10 +00:00			`root /var/www/dl.afpy.org/;`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00
Just for chromium. see: https://discuss.afpy.org/t/pyconfr-2023-annoncer-les-videos-sur-pyvideos-org/1448/8 2023-07-05 10:00:12 +00:00			`add_header Content-Security-Policy "default-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'self'; media-src 'self'";`
dl.afpy.org: To A+ in Mozilla Observatory. 2023-02-14 17:23:46 +00:00			`add_header X-Content-Type-Options "nosniff";`
dl.afpy.org: Content Security Poilicy. 2023-02-14 15:20:38 +00:00
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`location /`
			`{`
Rangement des videos pycon fr 2015 avec les autres pycon fr. 2021-04-08 06:37:10 +00:00			`fancyindex on;`
Hello photos.afpy.org. 2022-11-08 21:00:32 +00:00			`fancyindex_exact_size off; # Output human-readable file sizes.`
dl.afpy.org: Longer length for file names. Else, without seeing if it's an .mp4 or a .torrent, it's hard to choose. 2023-03-30 09:09:52 +00:00			`fancyindex_name_length 150;`
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`}`
			`}`