Hello again les afpyro.

2019-12-20 00:54:45 +01:00 · 2019-12-20 00:54:45 +01:00 · 14079247c6
parent cec56a13ca
commit 14079247c6
3 changed files with 101 additions and 1 deletions
--- a/afpy.org.yml
+++ b/afpy.org.yml
@ -2,7 +2,7 @@

 - hosts: webservers
  vars:
-    public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM"
+    nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM"
  tasks:
    - name: Basic setup
      include_role: name=common
--- a/afpyro.afpy.org.yml
+++ b/afpyro.afpy.org.yml
@ -0,0 +1,97 @@
+---
+
+- hosts: afpyros
+  vars:
+    nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjZQkU+su6uDOq8zllDP/j6Wg7puNHG8eZMVBgP8Ady"
+  tasks:
+    - name: Basic setup
+      include_role: name=common
+
+    - name: Setup afpyro.afpy.org
+      include_role: name=julienpalard.nginx
+      vars:
+        nginx_owner: afpyro-afpy-org
+        nginx_domain: afpyro-afpy.org
+        nginx_certificates: [afpyro.afpy.org]
+        nginx_conf: |
+          server
+          {
+              listen 80;
+              server_name afpyro.afpy.org;
+              access_log /var/log/nginx/afpyro.afpy.org-access.log;
+              error_log /var/log/nginx/afpyro.afpy.org-error.log;
+              return 301 https://$host$request_uri;
+          }
+
+          server
+          {
+              listen 443 ssl;
+              server_name afpyro.afpy.org;
+              access_log /var/log/nginx/afpyro.afpy.org-access.log;
+              error_log /var/log/nginx/afpyro.afpy.org-error.log;
+              root /var/www/afpyro.afpy.org/;
+              include snippets/letsencrypt-afpyro.afpy.org.conf;
+              location /static/
+              {
+                  alias /home/afpyro-afpy-org/src/static/;
+              }
+              location /_static/
+              {
+                  alias /home/afpyro-afpy-org/src/docs/_build/html/_static/;
+              }
+              location /
+              {
+                  include proxy_params;
+                  proxy_pass http://unix:/run/afpyro-afpy-org/website.sock;
+              }
+          }
+
+    - name: afpyro user can reload own website
+      lineinfile:
+        path: /etc/sudoers
+        state: present
+        regexp: '^afpyro-afpy-org '
+        line: "afpyro-afpy-org ALL = NOPASSWD: /bin/systemctl restart afpyro-afpy-org.service"
+        validate: /usr/sbin/visudo -cf %s
+
+    - name: Initial clone
+      become: true
+      become_user: afpyro-afpy-org
+      git:
+        repo: https://github.com/AFPy/siteafpyro
+        dest: /home/afpyro-afpy-org/src/
+        update: no
+
+    - name: pip install AFPyro requirements
+      become: true
+      become_user: afpyro-afpy-org
+      pip:
+        requirements: /home/afpyro-afpy-org/src/requirements.txt
+        virtualenv_command: /usr/bin/python3 -m venv
+        virtualenv: "/home/afpyro-afpy-org/venv/"
+
+    - name: systemd afpy.org service
+      copy:
+        dest: /etc/systemd/system/afpyro-afpy-org.service
+        content: |
+          [Unit]
+          Description=AFPyro website
+          After=network.target
+
+          [Service]
+          PIDFile=/run/afpyro-afpy-org/website.pid
+          User=afpyro-afpy-org
+          Group=afpyro-afpy-org
+          RuntimeDirectory=afpyro-afpy-org
+          WorkingDirectory=/home/afpyro-afpy-org/src/
+          ExecStart=/home/afpyro-afpy-org/venv/bin/gunicorn -w 2 \
+                    --pid /run/afpyro-afpy-org/website.pid \
+                    --bind unix:/run/afpyro-afpy-org/website.sock afpyro:app
+          ExecReload=/bin/kill -s HUP $MAINPID
+          ExecStop=/bin/kill -s TERM $MAINPID
+          PrivateTmp=true
+
+          [Install]
+          WantedBy=multi-user.target
+
+    - service: name=afpyro-afpy-org state=started enabled=yes
--- a/3
+++ b/3
@ -12,3 +12,6 @@ deb.afpy.org

 [alains]
 deb.afpy.org
+
+[afpyros]
+deb.afpy.org