diff --git a/afpy.org.yml b/afpy.org.yml index e9055df..e08add2 100644 --- a/afpy.org.yml +++ b/afpy.org.yml @@ -2,7 +2,7 @@ - hosts: webservers vars: - public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM" + nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM" tasks: - name: Basic setup include_role: name=common diff --git a/afpyro.afpy.org.yml b/afpyro.afpy.org.yml new file mode 100644 index 0000000..750198e --- /dev/null +++ b/afpyro.afpy.org.yml @@ -0,0 +1,97 @@ +--- + +- hosts: afpyros + vars: + nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjZQkU+su6uDOq8zllDP/j6Wg7puNHG8eZMVBgP8Ady" + tasks: + - name: Basic setup + include_role: name=common + + - name: Setup afpyro.afpy.org + include_role: name=julienpalard.nginx + vars: + nginx_owner: afpyro-afpy-org + nginx_domain: afpyro-afpy.org + nginx_certificates: [afpyro.afpy.org] + nginx_conf: | + server + { + listen 80; + server_name afpyro.afpy.org; + access_log /var/log/nginx/afpyro.afpy.org-access.log; + error_log /var/log/nginx/afpyro.afpy.org-error.log; + return 301 https://$host$request_uri; + } + + server + { + listen 443 ssl; + server_name afpyro.afpy.org; + access_log /var/log/nginx/afpyro.afpy.org-access.log; + error_log /var/log/nginx/afpyro.afpy.org-error.log; + root /var/www/afpyro.afpy.org/; + include snippets/letsencrypt-afpyro.afpy.org.conf; + location /static/ + { + alias /home/afpyro-afpy-org/src/static/; + } + location /_static/ + { + alias /home/afpyro-afpy-org/src/docs/_build/html/_static/; + } + location / + { + include proxy_params; + proxy_pass http://unix:/run/afpyro-afpy-org/website.sock; + } + } + + - name: afpyro user can reload own website + lineinfile: + path: /etc/sudoers + state: present + regexp: '^afpyro-afpy-org ' + line: "afpyro-afpy-org ALL = NOPASSWD: /bin/systemctl restart afpyro-afpy-org.service" + validate: /usr/sbin/visudo -cf %s + + - name: Initial clone + become: true + become_user: afpyro-afpy-org + git: + repo: https://github.com/AFPy/siteafpyro + dest: /home/afpyro-afpy-org/src/ + update: no + + - name: pip install AFPyro requirements + become: true + become_user: afpyro-afpy-org + pip: + requirements: /home/afpyro-afpy-org/src/requirements.txt + virtualenv_command: /usr/bin/python3 -m venv + virtualenv: "/home/afpyro-afpy-org/venv/" + + - name: systemd afpy.org service + copy: + dest: /etc/systemd/system/afpyro-afpy-org.service + content: | + [Unit] + Description=AFPyro website + After=network.target + + [Service] + PIDFile=/run/afpyro-afpy-org/website.pid + User=afpyro-afpy-org + Group=afpyro-afpy-org + RuntimeDirectory=afpyro-afpy-org + WorkingDirectory=/home/afpyro-afpy-org/src/ + ExecStart=/home/afpyro-afpy-org/venv/bin/gunicorn -w 2 \ + --pid /run/afpyro-afpy-org/website.pid \ + --bind unix:/run/afpyro-afpy-org/website.sock afpyro:app + ExecReload=/bin/kill -s HUP $MAINPID + ExecStop=/bin/kill -s TERM $MAINPID + PrivateTmp=true + + [Install] + WantedBy=multi-user.target + + - service: name=afpyro-afpy-org state=started enabled=yes diff --git a/inventory b/inventory index a43c68a..73e09d6 100644 --- a/inventory +++ b/inventory @@ -12,3 +12,6 @@ deb.afpy.org [alains] deb.afpy.org + +[afpyros] +deb.afpy.org