Et paf.

inventory

@@ -1,6 +1,9 @@
 [gitea]
 gitea1.afpy.org
 
+[pastebins]
+deb2.afpy.org
+
 [woodpeckers]
 woodpecker1.afpy.org
 

pafpy.yml

@@ -0,0 +1,18 @@
+---
+
+- hosts: pastebins
+  vars:
+    pasteque_user: pafpy
+    pasteque_host: p.afpy.org
+    pasteque_display_name: PAFPy
+    pasteque_secret: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      34633632386637336235333266343363643938333831366363383230353465393139663530343337
+      6166376138306132613931663237306538373763346665320a333763656230306236616161316433
+      35666533373639626536356439363662653930353666316466343966666163623066626365376532
+      6432633138306636620a316635333466626230613239393335383566336137316138393037653836
+      31363936353533323735663631613433323531643733383065313435306337363937613236396234
+      30376637346531643331356261643366313034393338653862343561393736366234643862326537
+      38326633633661653061626532666436646161616566353439623434623436666462336564346235
+      65366233626263316138
+  roles: [common, pasteque]

roles/pasteque/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: reload nginx
+  service: name=nginx state=reloaded
+
+- name: restart pasteque
+  service: name=pasteque state=restarted

roles/pasteque/tasks/main.yml

@@ -0,0 +1,141 @@
+---
+
+- name: Setup nginx
+  include_role: name=nginx
+  vars:
+    nginx_owner: "{{ pasteque_user }}"
+    nginx_domain: "{{ pasteque_host }}"
+    nginx_certificates: ["{{ pasteque_host }}"]
+    nginx_conf: |
+      server
+      {
+          listen [::]:80; listen 80;
+          server_name {{ pasteque_host }};
+          return 301 https://$host$request_uri;
+      }
+
+      server
+      {
+          listen [::]:443 ssl http2; listen 443 ssl http2;
+          server_name {{ pasteque_host }};
+          include snippets/letsencrypt-{{ pasteque_host }}.conf;
+
+          add_header Content-Security-Policy "default-src 'self'";
+          add_header X-Frame-Options DENY;
+          add_header X-XSS-Protection "1; mode=block";
+          charset utf-8;
+
+          location /::/static
+          {
+              alias /home/{{ pasteque_user }}/static/;
+              expires 30d;
+          }
+
+          location /
+          {
+              proxy_pass http://unix:/run/{{ pasteque_user }}/pasteque.sock;
+              proxy_redirect off;
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+              proxy_set_header X-Forwarded-Proto $scheme;
+          }
+      }
+
+- name: Clone pasteque
+  become: true
+  become_user: "{{ pasteque_user }}"
+  notify: restart pasteque
+  git:
+    repo: https://git.afpy.org/AFPy/pasteque
+    dest: "/home/{{ pasteque_user }}/src/"
+    update: yes
+
+- name: Setup or upgrade venv
+  become: true
+  become_user: "{{ pasteque_user }}"
+  command: python3 -m venv --upgrade-deps "/home/{{ pasteque_user }}/venv"
+  changed_when: False
+
+- name: Install gunicorn in venv
+  become: true
+  become_user: "{{ pasteque_user }}"
+  pip:
+    name: gunicorn
+    virtualenv_command: "/usr/bin/python3 -m venv"
+    virtualenv: "/home/{{ pasteque_user }}/venv/"
+
+- name: Install dependencies in venv
+  become: true
+  become_user: "{{ pasteque_user }}"
+  notify: restart pasteque
+  pip:
+    requirements: "/home/{{ pasteque_user }}/src/requirements.txt"
+    virtualenv_command: "/usr/bin/python3 -m venv"
+    virtualenv: "/home/{{ pasteque_user }}/venv/"
+
+- name: Create static/ directory
+  file:
+    path: /home/{{ pasteque_user }}/static/
+    state: directory
+    owner: "{{ pasteque_user }}"
+    group: "{{ pasteque_user }}"
+    mode: 0755
+
+- name: Configure Pasteque
+  notify: restart pasteque
+  copy:
+    dest: "/home/{{ pasteque_user }}/src/local_settings.py"
+    content: |
+      DISPLAY_NAME = '{{ pasteque_display_name }}'
+      SECRET_KEY = '{{ pasteque_secret }}'
+      ALLOWED_HOSTS = ['{{ pasteque_host }}']
+      TIME_ZONE = 'Europe/Paris'
+      LANGUAGE_CODE = 'en-US'
+      DEBUG = False
+      COMPRESS_ENABLED = False
+      STATIC_ROOT = "/home/{{ pasteque_user }}/static/"
+      ADMINS = (("mdk", "julien+pafpy@palard.fr"),)
+
+
+- name: Migrate db
+  become: true
+  become_user: "{{ pasteque_user }}"
+  notify: restart pasteque
+  command: "/home/{{ pasteque_user }}/venv/bin/python manage.py migrate"
+  args:
+    chdir: "/home/{{ pasteque_user }}/src"
+  register: migrate_result
+  changed_when: '"  Applying " in migrate_result.stdout'
+
+- name: Collectstatic
+  become: true
+  become_user: "{{ pasteque_user }}"
+  notify: restart pasteque
+  command: "/home/{{ pasteque_user }}/venv/bin/python manage.py collectstatic --noinput"
+  args:
+    chdir: "/home/{{ pasteque_user }}/src"
+  register: collectstatic_result
+  changed_when: '"Copying " in collectstatic_result.stdout'
+
+- name: Configure systemd
+  notify: restart pasteque
+  copy:
+    dest: /etc/systemd/system/pasteque.service
+    content: |
+      [Unit]
+      Description=Le pastebin de l'AFPy
+      After=network.target
+
+      [Service]
+      User={{ pasteque_user }}
+      Group={{ pasteque_user }}
+      RuntimeDirectory={{ pasteque_user }}
+      WorkingDirectory=/home/{{ pasteque_user }}//src/
+      ExecStart=/home/{{ pasteque_user }}/venv/bin/gunicorn -t 120 -w 1 --bind unix:/run/{{ pasteque_user }}/pasteque.sock webtools.wsgi
+
+      [Install]
+      WantedBy=multi-user.target
+
+- name: Start pasteque
+  service: name=pasteque enabled=yes state=started daemon_reload=yes