infra/dl.yml

---

- hosts: dl
  vars:
    uploaders:
      - login: mdk
        authorized_keys: |
          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vv8vwmbyhFEa0chj8LklnnY6DRLKj2OM0NgaMTd9SsrtBeLMqTt34pU+kKl6/9EIe9P8Z1/fWFyOiTsE7Khf3rkNsoILPmEV14i18Bvtp4nMtljqZaKVkAcRjPvo7flRWNxxL2Zbo+BEr3wVCl3Sc6YV8oQzCwVPKf34AB39b+PW4f3580Aqcd4Ci6zca0Ol95tLDv1slX1A7QcpoZAne8kj5h6bb4cC7FLBC9+xOSKmzoLOlP7LsyxaUUGRyi/FeMoma1VES65aIJ5U23GtZrzZI3tKz+vpQvOVaozNTDkNLiiJkjd3Ew1I10wArpZixjwSndP8CvGFyJc1XUXZ julien+yubikey5@palard.fr
          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKA7DgTQ0G7+kdsX0lIUOAAOllwGSCu8s8TxPvr/61Y8q+pIO5mrZycI0xYcKP5NZaABqlFyXUUNfLj7RLqteBxqq2QZP4NOJ1MutYRIkzJ9YW0f565jHaOqSguz0MY+1sCHtuEPiUUZoNexkKN7SIx60SfoaMEvGjAj46txA7VFbJUuKcJtA1Yvmn0C0KoXUUQ/G+JqvjQ7QuKLQYdTZ8S9OEvNaqNfwNSwvy1/LCnuajFw0O+H5bz7AcS5Iuj+9k8wgHPK1a1rQEdteOcn2XBCvta/VOVlFLv6/9K3iU3EJ1pyaZ88UkuJef8aWnH/AJGaF2gLqUbBuL+UeXyD41 julien+yubikey4@palard.fr
      - login: hs-157
        authorized_keys: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQxDNqPx1uYblrbeliQZ5scDPFuMElTRBJmjUFwUMUB hs-157@jirafenn-2021-04-06"
      - login: pilou
        authorized_keys: []
      - login: entwanne
        authorized_keys: []

  tasks:
    - name: Basic setup
      include_role: name=common

    - name: Create uploaders group
      group:
        name: uploaders
        state: present

    - name: Create uploaders accounts
      user:
        group: uploaders
        name: "{{ item.login }}"
        state: present
      loop: "{{ uploaders }}"
      loop_control:
        label: "{{ item.login }}"

    - name: mkdir uploaders .ssh
      file:
        path: "~/.ssh"
        state: directory
        mode: 0755
      become: yes
      become_user: "{{ item.login }}"
      loop: "{{ uploaders }}"
      loop_control:
        label: "{{ item.login }}"

    - name: Set user authorized keys
      copy:
        content: "{{ item.authorized_keys }}"
        dest: "~/.ssh/authorized_keys"
        mode: 0644
      become: yes
      become_user: "{{ item.login }}"
      loop: "{{ uploaders }}"
      loop_control:
        label: "{{ item.login }}"

    - name: Install nginx fancyindex
      apt:
        name: libnginx-mod-http-fancyindex
        state: present

    - name: Setup afpy.org
      include_role: name=julienpalard.nginx
      vars:
        nginx_owner: dl-afpy-org
        nginx_domain: dl.afpy.org
        nginx_certificates: [dl.afpy.org, videos-2015.pycon.fr]
        nginx_conf: |
          server
          {
              listen 80;
              server_name dl.afpy.org videos-2015.pycon.fr;
              access_log /var/log/nginx/http-access.log;
              error_log /var/log/nginx/http-error.log;
              return 301 https://$host$request_uri;
          }

          server
          {
              listen 443 ssl;
              server_name dl.afpy.org;
              access_log /var/log/nginx/dl.afpy.org-access.log;
              error_log /var/log/nginx/dl.afpy.org-error.log;
              include snippets/letsencrypt-dl.afpy.org.conf;

              root /var/www/dl.afpy.org/;

              location /
              {
                  fancyindex on;
              }
          }

          server
          {
              listen 443 ssl;
              server_name videos-2015.pycon.fr;
              access_log /var/log/nginx/videos-2015.pycon.fr-access.log;
              error_log /var/log/nginx/videos-2015.pycon.fr-error.log;
              include snippets/letsencrypt-dl.afpy.org.conf;

              root /var/www/videos-2015.pycon.fr/;

              location /
              {
                  index index.html;
              }
          }
Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`---`

			`- hosts: dl`
Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00			`vars:`
			`uploaders:`
			`- login: mdk`
			`authorized_keys: \|`
			`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vv8vwmbyhFEa0chj8LklnnY6DRLKj2OM0NgaMTd9SsrtBeLMqTt34pU+kKl6/9EIe9P8Z1/fWFyOiTsE7Khf3rkNsoILPmEV14i18Bvtp4nMtljqZaKVkAcRjPvo7flRWNxxL2Zbo+BEr3wVCl3Sc6YV8oQzCwVPKf34AB39b+PW4f3580Aqcd4Ci6zca0Ol95tLDv1slX1A7QcpoZAne8kj5h6bb4cC7FLBC9+xOSKmzoLOlP7LsyxaUUGRyi/FeMoma1VES65aIJ5U23GtZrzZI3tKz+vpQvOVaozNTDkNLiiJkjd3Ew1I10wArpZixjwSndP8CvGFyJc1XUXZ julien+yubikey5@palard.fr`
			`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKA7DgTQ0G7+kdsX0lIUOAAOllwGSCu8s8TxPvr/61Y8q+pIO5mrZycI0xYcKP5NZaABqlFyXUUNfLj7RLqteBxqq2QZP4NOJ1MutYRIkzJ9YW0f565jHaOqSguz0MY+1sCHtuEPiUUZoNexkKN7SIx60SfoaMEvGjAj46txA7VFbJUuKcJtA1Yvmn0C0KoXUUQ/G+JqvjQ7QuKLQYdTZ8S9OEvNaqNfwNSwvy1/LCnuajFw0O+H5bz7AcS5Iuj+9k8wgHPK1a1rQEdteOcn2XBCvta/VOVlFLv6/9K3iU3EJ1pyaZ88UkuJef8aWnH/AJGaF2gLqUbBuL+UeXyD41 julien+yubikey4@palard.fr`
			`- login: hs-157`
			`authorized_keys: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQxDNqPx1uYblrbeliQZ5scDPFuMElTRBJmjUFwUMUB hs-157@jirafenn-2021-04-06"`
			`- login: pilou`
			`authorized_keys: []`
			`- login: entwanne`
			`authorized_keys: []`

Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`tasks:`
			`- name: Basic setup`
			`include_role: name=common`

Allow uploaders (and backupers) to rsync. 2021-04-06 19:49:04 +00:00			`- name: Create uploaders group`
			`group:`
			`name: uploaders`
			`state: present`

			`- name: Create uploaders accounts`
			`user:`
			`group: uploaders`
			`name: "{{ item.login }}"`
			`state: present`
			`loop: "{{ uploaders }}"`
			`loop_control:`
			`label: "{{ item.login }}"`

			`- name: mkdir uploaders .ssh`
			`file:`
			`path: "~/.ssh"`
			`state: directory`
			`mode: 0755`
			`become: yes`
			`become_user: "{{ item.login }}"`
			`loop: "{{ uploaders }}"`
			`loop_control:`
			`label: "{{ item.login }}"`

			`- name: Set user authorized keys`
			`copy:`
			`content: "{{ item.authorized_keys }}"`
			`dest: "~/.ssh/authorized_keys"`
			`mode: 0644`
			`become: yes`
			`become_user: "{{ item.login }}"`
			`loop: "{{ uploaders }}"`
			`loop_control:`
			`label: "{{ item.login }}"`

Hello dl.afpy.org. 2021-04-04 17:26:30 +00:00			`- name: Install nginx fancyindex`
			`apt:`
			`name: libnginx-mod-http-fancyindex`
			`state: present`

			`- name: Setup afpy.org`
			`include_role: name=julienpalard.nginx`
			`vars:`
			`nginx_owner: dl-afpy-org`
			`nginx_domain: dl.afpy.org`
			`nginx_certificates: [dl.afpy.org, videos-2015.pycon.fr]`
			`nginx_conf: \|`
			`server`
			`{`
			`listen 80;`
			`server_name dl.afpy.org videos-2015.pycon.fr;`
			`access_log /var/log/nginx/http-access.log;`
			`error_log /var/log/nginx/http-error.log;`
			`return 301 https://$host$request_uri;`
			`}`

			`server`
			`{`
			`listen 443 ssl;`
			`server_name dl.afpy.org;`
			`access_log /var/log/nginx/dl.afpy.org-access.log;`
			`error_log /var/log/nginx/dl.afpy.org-error.log;`
			`include snippets/letsencrypt-dl.afpy.org.conf;`

			`root /var/www/dl.afpy.org/;`

			`location /`
			`{`
			`fancyindex on;`
			`}`
			`}`

			`server`
			`{`
			`listen 443 ssl;`
			`server_name videos-2015.pycon.fr;`
			`access_log /var/log/nginx/videos-2015.pycon.fr-access.log;`
			`error_log /var/log/nginx/videos-2015.pycon.fr-error.log;`
			`include snippets/letsencrypt-dl.afpy.org.conf;`

			`root /var/www/videos-2015.pycon.fr/;`

			`location /`
			`{`
			`index index.html;`
			`}`
			`}`