From 4a3d6fcb13c214a3e7eb70d0157e231e1a0c5e91 Mon Sep 17 00:00:00 2001 From: Julien Palard Date: Tue, 17 Dec 2019 17:50:07 +0100 Subject: [PATCH] Deploying https://afpy.org --- afpy.org.yml | 102 ++++++++++++++++++++++++++++++++++++++ group_vars/all/vault | 30 +++++++---- pycon.yml => pycon.fr.yml | 0 site.yml | 3 +- 4 files changed, 125 insertions(+), 10 deletions(-) create mode 100644 afpy.org.yml rename pycon.yml => pycon.fr.yml (100%) diff --git a/afpy.org.yml b/afpy.org.yml new file mode 100644 index 0000000..74942bc --- /dev/null +++ b/afpy.org.yml @@ -0,0 +1,102 @@ +--- + +- hosts: webservers + vars: + public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM" + tasks: + - name: Basic setup + include_role: name=common + + - name: Configure french locale + locale_gen: name="{{ item }}" state=present + with_items: + - en_US.UTF-8 + - fr_FR.UTF-8 + + - name: Install requirements + apt: + state: present + name: [nginx, python3-passlib] # passlib to generate htpasswd + + - name: Generate AFPy admin htpasswd + htpasswd: + path: "/etc/nginx/afpy.org.htpasswd" + name: "{{ item.username }}" + password: "{{ item.password }}" + owner: root + group: www-data + mode: 0640 + loop: "{{ afpy_org_admins }}" + loop_control: + label: "{{ item.username }}" + notify: reload nginx + + - name: Setup afpy.org + include_role: name=julienpalard.static_website + vars: + owner: afpy-org + domain: afpy.org + extra_certificates: [www.afpy.org] + nginx_extra: | + location / { + proxy_pass http://unix:/run/afpy-org/website.sock; + } + + location /admin/ { + auth_basic "Administration"; + auth_basic_user_file afpy.org.htpasswd; + proxy_pass http://unix:/run/afpy-org/website.sock; + } + + - name: Initial clone + become: true + become_user: afpy-org + git: + repo: https://github.com/AFPy/site/ + dest: /home/afpy-org/src/ + update: no + + - name: pip install AFPy website + become: true + become_user: afpy-org + pip: + name: /home/afpy-org/src/ + virtualenv_command: /usr/bin/python3 -m venv + virtualenv: "/home/afpy-org/venv/" + + - name: pip install gunicorn + become: true + become_user: afpy-org + pip: + name: gunicorn + virtualenv_command: /usr/bin/python3 -m venv + virtualenv: "/home/afpy-org/venv/" + + - name: systemd afpy.org service + copy: + dest: /etc/systemd/system/afpy-org.service + content: | + [Unit] + Description=AFPy website + After=network.target + + [Service] + PIDFile=/run/afpy-org/website.pid + User=afpy-org + Group=afpy-org + RuntimeDirectory=afpy-org + WorkingDirectory=/home/afpy-org/src/ + ExecStart=/home/afpy-org/venv/bin/gunicorn --pid /run/afpy-org/website.pid \ + --bind unix:/run/afpy-org/website.sock wsgi + ExecReload=/bin/kill -s HUP $MAINPID + ExecStop=/bin/kill -s TERM $MAINPID + PrivateTmp=true + + [Install] + WantedBy=multi-user.target + + - service: name=afpy-org state=started enabled=yes + + handlers: + - name: reload nginx + service: name=nginx state=reloaded diff --git a/group_vars/all/vault b/group_vars/all/vault index 323bfbf..38558ed 100644 --- a/group_vars/all/vault +++ b/group_vars/all/vault @@ -1,10 +1,22 @@ $ANSIBLE_VAULT;1.1;AES256 -62306636333439613036343536373463376639363738626439313666346563373935313230323761 -6163653438663034373162666536303330653539366236360a323736623261363764633566633033 -61646138356165313434613332376264366133663064363764323431353230663766343336623633 -3736633663613230640a363663633031393664373337336433363964323431366334376636313861 -30653237353239336339346531326434303932646164356638333562363033616338633230376461 -35616434353135626332313038633935643934656134376233666138633731623933383639656237 -39663139383230373366306633396261663964376439343931323230643131626431376333333735 -36313334353938333032356638393861346261353763323838333561303835616338373034363865 -6462 +65353666633436666138376437393934396234303939656135666539626261326664386231316236 +3163623137373763343432616466356331666332626637630a306464333165633966323263663361 +38393737326365373932316131323064613436613061623130626162353031393936343064356332 +6662396631643364310a616438393931376639323663323839343935643962353238346134633836 +66313063666337386133376366643638396563336466303730376264613237373536666665363534 +61633731383739313038336634356530363238303837333761316534323465383638336231356263 +66656361393937346636643236346265326364393861323130333430313636343235333232643436 +63626237306636376463323036633962376564636138323262663065326661666630653131343666 +33623037663463393666376431643562363063313362626633393762303435626237343266323361 +65313035616165366533336531396661316463303463646337646335336164336563386661613164 +39306466313961333031646536633636343437663830666238663964616261356535373634383463 +31376438643863353938346137666262656239323562623538643939653966666639343131333962 +66613765363536613264383231623337646139356132343266633134376231333431656537366433 +63363238356561336661623231663930316664323730646364323332626666666438663962363839 +61646531306637303961366565326232616363303038323537316138333731613639626439616133 +62356638323038643238323636666363376536363233623763393037643461333834353334303262 +66383262396330616165653639663363383632303964373137303635633864663039643332633065 +37356462313663646465646537653633303136333964396130623730386336393531383338353537 +30636136303339303531373734353664323136353461306439656661643432386563373838323530 +31366461343235383961326461333530373634633634333633366232656566363030613663353030 +3537 diff --git a/pycon.yml b/pycon.fr.yml similarity index 100% rename from pycon.yml rename to pycon.fr.yml diff --git a/site.yml b/site.yml index 8effa9f..8e15d36 100644 --- a/site.yml +++ b/site.yml @@ -1,5 +1,6 @@ --- -- import_playbook: pycon.yml +- import_playbook: pycon.fr.yml +- import_playbook: afpy.org.yml # - import_playbook: passbolt.yml # See https://github.com/laxathom/ansible-role-passbolt/issues/15 - import_playbook: backup.yml