From 99a644e2d2f4136bbf2a97746474f22fc1a35aa8 Mon Sep 17 00:00:00 2001 From: Julien Palard Date: Sun, 7 May 2023 15:30:50 +0200 Subject: [PATCH] Et paf. --- inventory | 3 + pafpy.yml | 18 ++++ roles/pasteque/handlers/main.yml | 7 ++ roles/pasteque/tasks/main.yml | 141 ++++++++++++++++++++++++++++ roles/pasteque/templates/nginx.conf | 0 5 files changed, 169 insertions(+) create mode 100644 pafpy.yml create mode 100644 roles/pasteque/handlers/main.yml create mode 100644 roles/pasteque/tasks/main.yml create mode 100644 roles/pasteque/templates/nginx.conf diff --git a/inventory b/inventory index 8233fda..d1b5ae3 100644 --- a/inventory +++ b/inventory @@ -1,6 +1,9 @@ [gitea] gitea1.afpy.org +[pastebins] +deb2.afpy.org + [woodpeckers] woodpecker1.afpy.org diff --git a/pafpy.yml b/pafpy.yml new file mode 100644 index 0000000..37275f5 --- /dev/null +++ b/pafpy.yml @@ -0,0 +1,18 @@ +--- + +- hosts: pastebins + vars: + pasteque_user: pafpy + pasteque_host: p.afpy.org + pasteque_display_name: PAFPy + pasteque_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34633632386637336235333266343363643938333831366363383230353465393139663530343337 + 6166376138306132613931663237306538373763346665320a333763656230306236616161316433 + 35666533373639626536356439363662653930353666316466343966666163623066626365376532 + 6432633138306636620a316635333466626230613239393335383566336137316138393037653836 + 31363936353533323735663631613433323531643733383065313435306337363937613236396234 + 30376637346531643331356261643366313034393338653862343561393736366234643862326537 + 38326633633661653061626532666436646161616566353439623434623436666462336564346235 + 65366233626263316138 + roles: [common, pasteque] diff --git a/roles/pasteque/handlers/main.yml b/roles/pasteque/handlers/main.yml new file mode 100644 index 0000000..cb2c9b7 --- /dev/null +++ b/roles/pasteque/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: reload nginx + service: name=nginx state=reloaded + +- name: restart pasteque + service: name=pasteque state=restarted diff --git a/roles/pasteque/tasks/main.yml b/roles/pasteque/tasks/main.yml new file mode 100644 index 0000000..944867c --- /dev/null +++ b/roles/pasteque/tasks/main.yml @@ -0,0 +1,141 @@ +--- + +- name: Setup nginx + include_role: name=nginx + vars: + nginx_owner: "{{ pasteque_user }}" + nginx_domain: "{{ pasteque_host }}" + nginx_certificates: ["{{ pasteque_host }}"] + nginx_conf: | + server + { + listen [::]:80; listen 80; + server_name {{ pasteque_host }}; + return 301 https://$host$request_uri; + } + + server + { + listen [::]:443 ssl http2; listen 443 ssl http2; + server_name {{ pasteque_host }}; + include snippets/letsencrypt-{{ pasteque_host }}.conf; + + add_header Content-Security-Policy "default-src 'self'"; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + charset utf-8; + + location /::/static + { + alias /home/{{ pasteque_user }}/static/; + expires 30d; + } + + location / + { + proxy_pass http://unix:/run/{{ pasteque_user }}/pasteque.sock; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + +- name: Clone pasteque + become: true + become_user: "{{ pasteque_user }}" + notify: restart pasteque + git: + repo: https://git.afpy.org/AFPy/pasteque + dest: "/home/{{ pasteque_user }}/src/" + update: yes + +- name: Setup or upgrade venv + become: true + become_user: "{{ pasteque_user }}" + command: python3 -m venv --upgrade-deps "/home/{{ pasteque_user }}/venv" + changed_when: False + +- name: Install gunicorn in venv + become: true + become_user: "{{ pasteque_user }}" + pip: + name: gunicorn + virtualenv_command: "/usr/bin/python3 -m venv" + virtualenv: "/home/{{ pasteque_user }}/venv/" + +- name: Install dependencies in venv + become: true + become_user: "{{ pasteque_user }}" + notify: restart pasteque + pip: + requirements: "/home/{{ pasteque_user }}/src/requirements.txt" + virtualenv_command: "/usr/bin/python3 -m venv" + virtualenv: "/home/{{ pasteque_user }}/venv/" + +- name: Create static/ directory + file: + path: /home/{{ pasteque_user }}/static/ + state: directory + owner: "{{ pasteque_user }}" + group: "{{ pasteque_user }}" + mode: 0755 + +- name: Configure Pasteque + notify: restart pasteque + copy: + dest: "/home/{{ pasteque_user }}/src/local_settings.py" + content: | + DISPLAY_NAME = '{{ pasteque_display_name }}' + SECRET_KEY = '{{ pasteque_secret }}' + ALLOWED_HOSTS = ['{{ pasteque_host }}'] + TIME_ZONE = 'Europe/Paris' + LANGUAGE_CODE = 'en-US' + DEBUG = False + COMPRESS_ENABLED = False + STATIC_ROOT = "/home/{{ pasteque_user }}/static/" + ADMINS = (("mdk", "julien+pafpy@palard.fr"),) + + +- name: Migrate db + become: true + become_user: "{{ pasteque_user }}" + notify: restart pasteque + command: "/home/{{ pasteque_user }}/venv/bin/python manage.py migrate" + args: + chdir: "/home/{{ pasteque_user }}/src" + register: migrate_result + changed_when: '" Applying " in migrate_result.stdout' + +- name: Collectstatic + become: true + become_user: "{{ pasteque_user }}" + notify: restart pasteque + command: "/home/{{ pasteque_user }}/venv/bin/python manage.py collectstatic --noinput" + args: + chdir: "/home/{{ pasteque_user }}/src" + register: collectstatic_result + changed_when: '"Copying " in collectstatic_result.stdout' + +- name: Configure systemd + notify: restart pasteque + copy: + dest: /etc/systemd/system/pasteque.service + content: | + [Unit] + Description=Le pastebin de l'AFPy + After=network.target + + [Service] + User={{ pasteque_user }} + Group={{ pasteque_user }} + RuntimeDirectory={{ pasteque_user }} + WorkingDirectory=/home/{{ pasteque_user }}//src/ + ExecStart=/home/{{ pasteque_user }}/venv/bin/gunicorn -t 120 -w 1 --bind unix:/run/{{ pasteque_user }}/pasteque.sock webtools.wsgi + + [Install] + WantedBy=multi-user.target + +- name: Start pasteque + service: name=pasteque enabled=yes state=started daemon_reload=yes diff --git a/roles/pasteque/templates/nginx.conf b/roles/pasteque/templates/nginx.conf new file mode 100644 index 0000000..e69de29