Et paf.
This commit is contained in:
parent
96b259631e
commit
99a644e2d2
|
@ -1,6 +1,9 @@
|
|||
[gitea]
|
||||
gitea1.afpy.org
|
||||
|
||||
[pastebins]
|
||||
deb2.afpy.org
|
||||
|
||||
[woodpeckers]
|
||||
woodpecker1.afpy.org
|
||||
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
|
||||
- hosts: pastebins
|
||||
vars:
|
||||
pasteque_user: pafpy
|
||||
pasteque_host: p.afpy.org
|
||||
pasteque_display_name: PAFPy
|
||||
pasteque_secret: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34633632386637336235333266343363643938333831366363383230353465393139663530343337
|
||||
6166376138306132613931663237306538373763346665320a333763656230306236616161316433
|
||||
35666533373639626536356439363662653930353666316466343966666163623066626365376532
|
||||
6432633138306636620a316635333466626230613239393335383566336137316138393037653836
|
||||
31363936353533323735663631613433323531643733383065313435306337363937613236396234
|
||||
30376637346531643331356261643366313034393338653862343561393736366234643862326537
|
||||
38326633633661653061626532666436646161616566353439623434623436666462336564346235
|
||||
65366233626263316138
|
||||
roles: [common, pasteque]
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
|
||||
- name: reload nginx
|
||||
service: name=nginx state=reloaded
|
||||
|
||||
- name: restart pasteque
|
||||
service: name=pasteque state=restarted
|
|
@ -0,0 +1,141 @@
|
|||
---
|
||||
|
||||
- name: Setup nginx
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: "{{ pasteque_user }}"
|
||||
nginx_domain: "{{ pasteque_host }}"
|
||||
nginx_certificates: ["{{ pasteque_host }}"]
|
||||
nginx_conf: |
|
||||
server
|
||||
{
|
||||
listen [::]:80; listen 80;
|
||||
server_name {{ pasteque_host }};
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen [::]:443 ssl http2; listen 443 ssl http2;
|
||||
server_name {{ pasteque_host }};
|
||||
include snippets/letsencrypt-{{ pasteque_host }}.conf;
|
||||
|
||||
add_header Content-Security-Policy "default-src 'self'";
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
charset utf-8;
|
||||
|
||||
location /::/static
|
||||
{
|
||||
alias /home/{{ pasteque_user }}/static/;
|
||||
expires 30d;
|
||||
}
|
||||
|
||||
location /
|
||||
{
|
||||
proxy_pass http://unix:/run/{{ pasteque_user }}/pasteque.sock;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
- name: Clone pasteque
|
||||
become: true
|
||||
become_user: "{{ pasteque_user }}"
|
||||
notify: restart pasteque
|
||||
git:
|
||||
repo: https://git.afpy.org/AFPy/pasteque
|
||||
dest: "/home/{{ pasteque_user }}/src/"
|
||||
update: yes
|
||||
|
||||
- name: Setup or upgrade venv
|
||||
become: true
|
||||
become_user: "{{ pasteque_user }}"
|
||||
command: python3 -m venv --upgrade-deps "/home/{{ pasteque_user }}/venv"
|
||||
changed_when: False
|
||||
|
||||
- name: Install gunicorn in venv
|
||||
become: true
|
||||
become_user: "{{ pasteque_user }}"
|
||||
pip:
|
||||
name: gunicorn
|
||||
virtualenv_command: "/usr/bin/python3 -m venv"
|
||||
virtualenv: "/home/{{ pasteque_user }}/venv/"
|
||||
|
||||
- name: Install dependencies in venv
|
||||
become: true
|
||||
become_user: "{{ pasteque_user }}"
|
||||
notify: restart pasteque
|
||||
pip:
|
||||
requirements: "/home/{{ pasteque_user }}/src/requirements.txt"
|
||||
virtualenv_command: "/usr/bin/python3 -m venv"
|
||||
virtualenv: "/home/{{ pasteque_user }}/venv/"
|
||||
|
||||
- name: Create static/ directory
|
||||
file:
|
||||
path: /home/{{ pasteque_user }}/static/
|
||||
state: directory
|
||||
owner: "{{ pasteque_user }}"
|
||||
group: "{{ pasteque_user }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Configure Pasteque
|
||||
notify: restart pasteque
|
||||
copy:
|
||||
dest: "/home/{{ pasteque_user }}/src/local_settings.py"
|
||||
content: |
|
||||
DISPLAY_NAME = '{{ pasteque_display_name }}'
|
||||
SECRET_KEY = '{{ pasteque_secret }}'
|
||||
ALLOWED_HOSTS = ['{{ pasteque_host }}']
|
||||
TIME_ZONE = 'Europe/Paris'
|
||||
LANGUAGE_CODE = 'en-US'
|
||||
DEBUG = False
|
||||
COMPRESS_ENABLED = False
|
||||
STATIC_ROOT = "/home/{{ pasteque_user }}/static/"
|
||||
ADMINS = (("mdk", "julien+pafpy@palard.fr"),)
|
||||
|
||||
|
||||
- name: Migrate db
|
||||
become: true
|
||||
become_user: "{{ pasteque_user }}"
|
||||
notify: restart pasteque
|
||||
command: "/home/{{ pasteque_user }}/venv/bin/python manage.py migrate"
|
||||
args:
|
||||
chdir: "/home/{{ pasteque_user }}/src"
|
||||
register: migrate_result
|
||||
changed_when: '" Applying " in migrate_result.stdout'
|
||||
|
||||
- name: Collectstatic
|
||||
become: true
|
||||
become_user: "{{ pasteque_user }}"
|
||||
notify: restart pasteque
|
||||
command: "/home/{{ pasteque_user }}/venv/bin/python manage.py collectstatic --noinput"
|
||||
args:
|
||||
chdir: "/home/{{ pasteque_user }}/src"
|
||||
register: collectstatic_result
|
||||
changed_when: '"Copying " in collectstatic_result.stdout'
|
||||
|
||||
- name: Configure systemd
|
||||
notify: restart pasteque
|
||||
copy:
|
||||
dest: /etc/systemd/system/pasteque.service
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Le pastebin de l'AFPy
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User={{ pasteque_user }}
|
||||
Group={{ pasteque_user }}
|
||||
RuntimeDirectory={{ pasteque_user }}
|
||||
WorkingDirectory=/home/{{ pasteque_user }}//src/
|
||||
ExecStart=/home/{{ pasteque_user }}/venv/bin/gunicorn -t 120 -w 1 --bind unix:/run/{{ pasteque_user }}/pasteque.sock webtools.wsgi
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- name: Start pasteque
|
||||
service: name=pasteque enabled=yes state=started daemon_reload=yes
|
Loading…
Reference in New Issue