Deploying https://afpy.org

2019-12-17 17:50:07 +01:00 · 2019-12-17 17:50:07 +01:00 · 4a3d6fcb13
parent 772ae1b0ad
commit 4a3d6fcb13
4 changed files with 125 additions and 10 deletions
--- a/afpy.org.yml
+++ b/afpy.org.yml
@ -0,0 +1,102 @@
+---
+
+- hosts: webservers
+  vars:
+    public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM"
+  tasks:
+    - name: Basic setup
+      include_role: name=common
+
+    - name: Configure french locale
+      locale_gen: name="{{ item }}" state=present
+      with_items:
+          - en_US.UTF-8
+          - fr_FR.UTF-8
+
+    - name: Install requirements
+      apt:
+        state: present
+        name: [nginx, python3-passlib]  # passlib to generate htpasswd
+
+    - name: Generate AFPy admin htpasswd
+      htpasswd:
+        path: "/etc/nginx/afpy.org.htpasswd"
+        name: "{{ item.username }}"
+        password: "{{ item.password }}"
+        owner: root
+        group: www-data
+        mode: 0640
+      loop: "{{ afpy_org_admins }}"
+      loop_control:
+        label: "{{ item.username }}"
+      notify: reload nginx
+
+    - name: Setup afpy.org
+      include_role: name=julienpalard.static_website
+      vars:
+        owner: afpy-org
+        domain: afpy.org
+        extra_certificates: [www.afpy.org]
+        nginx_extra: |
+          location / {
+              proxy_pass http://unix:/run/afpy-org/website.sock;
+          }
+
+          location /admin/ {
+              auth_basic "Administration";
+              auth_basic_user_file afpy.org.htpasswd;
+              proxy_pass http://unix:/run/afpy-org/website.sock;
+          }
+
+    - name: Initial clone
+      become: true
+      become_user: afpy-org
+      git:
+        repo: https://github.com/AFPy/site/
+        dest: /home/afpy-org/src/
+        update: no
+
+    - name: pip install AFPy website
+      become: true
+      become_user: afpy-org
+      pip:
+        name: /home/afpy-org/src/
+        virtualenv_command: /usr/bin/python3 -m venv
+        virtualenv: "/home/afpy-org/venv/"
+
+    - name: pip install gunicorn
+      become: true
+      become_user: afpy-org
+      pip:
+        name: gunicorn
+        virtualenv_command: /usr/bin/python3 -m venv
+        virtualenv: "/home/afpy-org/venv/"
+
+    - name: systemd afpy.org service
+      copy:
+        dest: /etc/systemd/system/afpy-org.service
+        content: |
+          [Unit]
+          Description=AFPy website
+          After=network.target
+
+          [Service]
+          PIDFile=/run/afpy-org/website.pid
+          User=afpy-org
+          Group=afpy-org
+          RuntimeDirectory=afpy-org
+          WorkingDirectory=/home/afpy-org/src/
+          ExecStart=/home/afpy-org/venv/bin/gunicorn --pid /run/afpy-org/website.pid \
+                    --bind unix:/run/afpy-org/website.sock wsgi
+          ExecReload=/bin/kill -s HUP $MAINPID
+          ExecStop=/bin/kill -s TERM $MAINPID
+          PrivateTmp=true
+
+          [Install]
+          WantedBy=multi-user.target
+
+    - service: name=afpy-org state=started enabled=yes
+
+  handlers:
+    - name: reload nginx
+      service: name=nginx state=reloaded
--- a/group_vars/all/vault
+++ b/group_vars/all/vault
@ -1,10 +1,22 @@
 $ANSIBLE_VAULT;1.1;AES256
-62306636333439613036343536373463376639363738626439313666346563373935313230323761
-6163653438663034373162666536303330653539366236360a323736623261363764633566633033
-61646138356165313434613332376264366133663064363764323431353230663766343336623633
-3736633663613230640a363663633031393664373337336433363964323431366334376636313861
-30653237353239336339346531326434303932646164356638333562363033616338633230376461
-35616434353135626332313038633935643934656134376233666138633731623933383639656237
-39663139383230373366306633396261663964376439343931323230643131626431376333333735
-36313334353938333032356638393861346261353763323838333561303835616338373034363865
-6462
+65353666633436666138376437393934396234303939656135666539626261326664386231316236
+3163623137373763343432616466356331666332626637630a306464333165633966323263663361
+38393737326365373932316131323064613436613061623130626162353031393936343064356332
+6662396631643364310a616438393931376639323663323839343935643962353238346134633836
+66313063666337386133376366643638396563336466303730376264613237373536666665363534
+61633731383739313038336634356530363238303837333761316534323465383638336231356263
+66656361393937346636643236346265326364393861323130333430313636343235333232643436
+63626237306636376463323036633962376564636138323262663065326661666630653131343666
+33623037663463393666376431643562363063313362626633393762303435626237343266323361
+65313035616165366533336531396661316463303463646337646335336164336563386661613164
+39306466313961333031646536633636343437663830666238663964616261356535373634383463
+31376438643863353938346137666262656239323562623538643939653966666639343131333962
+66613765363536613264383231623337646139356132343266633134376231333431656537366433
+63363238356561336661623231663930316664323730646364323332626666666438663962363839
+61646531306637303961366565326232616363303038323537316138333731613639626439616133
+62356638323038643238323636666363376536363233623763393037643461333834353334303262
+66383262396330616165653639663363383632303964373137303635633864663039643332633065
+37356462313663646465646537653633303136333964396130623730386336393531383338353537
+30636136303339303531373734353664323136353461306439656661643432386563373838323530
+31366461343235383961326461333530373634633634333633366232656566363030613663353030
+3537
--- a/pycon.fr.yml
+++ b/pycon.fr.yml
--- a/site.yml
+++ b/site.yml
@ -1,5 +1,6 @@
 ---

- import_playbook: pycon.yml
+- import_playbook: pycon.fr.yml
+- import_playbook: afpy.org.yml
 # - import_playbook: passbolt.yml  # See https://github.com/laxathom/ansible-role-passbolt/issues/15
 - import_playbook: backup.yml