Et paf.
This commit is contained in:
parent
96b259631e
commit
99a644e2d2
|
@ -1,6 +1,9 @@
|
||||||
[gitea]
|
[gitea]
|
||||||
gitea1.afpy.org
|
gitea1.afpy.org
|
||||||
|
|
||||||
|
[pastebins]
|
||||||
|
deb2.afpy.org
|
||||||
|
|
||||||
[woodpeckers]
|
[woodpeckers]
|
||||||
woodpecker1.afpy.org
|
woodpecker1.afpy.org
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- hosts: pastebins
|
||||||
|
vars:
|
||||||
|
pasteque_user: pafpy
|
||||||
|
pasteque_host: p.afpy.org
|
||||||
|
pasteque_display_name: PAFPy
|
||||||
|
pasteque_secret: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
34633632386637336235333266343363643938333831366363383230353465393139663530343337
|
||||||
|
6166376138306132613931663237306538373763346665320a333763656230306236616161316433
|
||||||
|
35666533373639626536356439363662653930353666316466343966666163623066626365376532
|
||||||
|
6432633138306636620a316635333466626230613239393335383566336137316138393037653836
|
||||||
|
31363936353533323735663631613433323531643733383065313435306337363937613236396234
|
||||||
|
30376637346531643331356261643366313034393338653862343561393736366234643862326537
|
||||||
|
38326633633661653061626532666436646161616566353439623434623436666462336564346235
|
||||||
|
65366233626263316138
|
||||||
|
roles: [common, pasteque]
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: reload nginx
|
||||||
|
service: name=nginx state=reloaded
|
||||||
|
|
||||||
|
- name: restart pasteque
|
||||||
|
service: name=pasteque state=restarted
|
|
@ -0,0 +1,141 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Setup nginx
|
||||||
|
include_role: name=nginx
|
||||||
|
vars:
|
||||||
|
nginx_owner: "{{ pasteque_user }}"
|
||||||
|
nginx_domain: "{{ pasteque_host }}"
|
||||||
|
nginx_certificates: ["{{ pasteque_host }}"]
|
||||||
|
nginx_conf: |
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen [::]:80; listen 80;
|
||||||
|
server_name {{ pasteque_host }};
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen [::]:443 ssl http2; listen 443 ssl http2;
|
||||||
|
server_name {{ pasteque_host }};
|
||||||
|
include snippets/letsencrypt-{{ pasteque_host }}.conf;
|
||||||
|
|
||||||
|
add_header Content-Security-Policy "default-src 'self'";
|
||||||
|
add_header X-Frame-Options DENY;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
location /::/static
|
||||||
|
{
|
||||||
|
alias /home/{{ pasteque_user }}/static/;
|
||||||
|
expires 30d;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /
|
||||||
|
{
|
||||||
|
proxy_pass http://unix:/run/{{ pasteque_user }}/pasteque.sock;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: Clone pasteque
|
||||||
|
become: true
|
||||||
|
become_user: "{{ pasteque_user }}"
|
||||||
|
notify: restart pasteque
|
||||||
|
git:
|
||||||
|
repo: https://git.afpy.org/AFPy/pasteque
|
||||||
|
dest: "/home/{{ pasteque_user }}/src/"
|
||||||
|
update: yes
|
||||||
|
|
||||||
|
- name: Setup or upgrade venv
|
||||||
|
become: true
|
||||||
|
become_user: "{{ pasteque_user }}"
|
||||||
|
command: python3 -m venv --upgrade-deps "/home/{{ pasteque_user }}/venv"
|
||||||
|
changed_when: False
|
||||||
|
|
||||||
|
- name: Install gunicorn in venv
|
||||||
|
become: true
|
||||||
|
become_user: "{{ pasteque_user }}"
|
||||||
|
pip:
|
||||||
|
name: gunicorn
|
||||||
|
virtualenv_command: "/usr/bin/python3 -m venv"
|
||||||
|
virtualenv: "/home/{{ pasteque_user }}/venv/"
|
||||||
|
|
||||||
|
- name: Install dependencies in venv
|
||||||
|
become: true
|
||||||
|
become_user: "{{ pasteque_user }}"
|
||||||
|
notify: restart pasteque
|
||||||
|
pip:
|
||||||
|
requirements: "/home/{{ pasteque_user }}/src/requirements.txt"
|
||||||
|
virtualenv_command: "/usr/bin/python3 -m venv"
|
||||||
|
virtualenv: "/home/{{ pasteque_user }}/venv/"
|
||||||
|
|
||||||
|
- name: Create static/ directory
|
||||||
|
file:
|
||||||
|
path: /home/{{ pasteque_user }}/static/
|
||||||
|
state: directory
|
||||||
|
owner: "{{ pasteque_user }}"
|
||||||
|
group: "{{ pasteque_user }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Configure Pasteque
|
||||||
|
notify: restart pasteque
|
||||||
|
copy:
|
||||||
|
dest: "/home/{{ pasteque_user }}/src/local_settings.py"
|
||||||
|
content: |
|
||||||
|
DISPLAY_NAME = '{{ pasteque_display_name }}'
|
||||||
|
SECRET_KEY = '{{ pasteque_secret }}'
|
||||||
|
ALLOWED_HOSTS = ['{{ pasteque_host }}']
|
||||||
|
TIME_ZONE = 'Europe/Paris'
|
||||||
|
LANGUAGE_CODE = 'en-US'
|
||||||
|
DEBUG = False
|
||||||
|
COMPRESS_ENABLED = False
|
||||||
|
STATIC_ROOT = "/home/{{ pasteque_user }}/static/"
|
||||||
|
ADMINS = (("mdk", "julien+pafpy@palard.fr"),)
|
||||||
|
|
||||||
|
|
||||||
|
- name: Migrate db
|
||||||
|
become: true
|
||||||
|
become_user: "{{ pasteque_user }}"
|
||||||
|
notify: restart pasteque
|
||||||
|
command: "/home/{{ pasteque_user }}/venv/bin/python manage.py migrate"
|
||||||
|
args:
|
||||||
|
chdir: "/home/{{ pasteque_user }}/src"
|
||||||
|
register: migrate_result
|
||||||
|
changed_when: '" Applying " in migrate_result.stdout'
|
||||||
|
|
||||||
|
- name: Collectstatic
|
||||||
|
become: true
|
||||||
|
become_user: "{{ pasteque_user }}"
|
||||||
|
notify: restart pasteque
|
||||||
|
command: "/home/{{ pasteque_user }}/venv/bin/python manage.py collectstatic --noinput"
|
||||||
|
args:
|
||||||
|
chdir: "/home/{{ pasteque_user }}/src"
|
||||||
|
register: collectstatic_result
|
||||||
|
changed_when: '"Copying " in collectstatic_result.stdout'
|
||||||
|
|
||||||
|
- name: Configure systemd
|
||||||
|
notify: restart pasteque
|
||||||
|
copy:
|
||||||
|
dest: /etc/systemd/system/pasteque.service
|
||||||
|
content: |
|
||||||
|
[Unit]
|
||||||
|
Description=Le pastebin de l'AFPy
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User={{ pasteque_user }}
|
||||||
|
Group={{ pasteque_user }}
|
||||||
|
RuntimeDirectory={{ pasteque_user }}
|
||||||
|
WorkingDirectory=/home/{{ pasteque_user }}//src/
|
||||||
|
ExecStart=/home/{{ pasteque_user }}/venv/bin/gunicorn -t 120 -w 1 --bind unix:/run/{{ pasteque_user }}/pasteque.sock webtools.wsgi
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
- name: Start pasteque
|
||||||
|
service: name=pasteque enabled=yes state=started daemon_reload=yes
|
Loading…
Reference in New Issue