--- - name: Setup nginx include_role: name=nginx vars: nginx_owner: "{{ pasteque_user }}" nginx_domain: "{{ pasteque_host }}" nginx_certificates: ["{{ pasteque_host }}"] nginx_conf: | server { listen [::]:80; listen 80; server_name {{ pasteque_host }}; return 301 https://$host$request_uri; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name {{ pasteque_host }}; include snippets/letsencrypt-{{ pasteque_host }}.conf; add_header Content-Security-Policy "default-src 'self'"; add_header X-Frame-Options DENY; add_header X-XSS-Protection "1; mode=block"; charset utf-8; location /::/static { alias /home/{{ pasteque_user }}/static/; expires 30d; } location / { proxy_pass http://unix:/run/{{ pasteque_user }}/pasteque.sock; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } - name: Clone pasteque become: true become_user: "{{ pasteque_user }}" notify: restart pasteque git: repo: https://git.afpy.org/AFPy/pasteque dest: "/home/{{ pasteque_user }}/src/" update: yes - name: Setup or upgrade venv become: true become_user: "{{ pasteque_user }}" command: python3 -m venv --upgrade-deps "/home/{{ pasteque_user }}/venv" changed_when: False - name: Install gunicorn in venv become: true become_user: "{{ pasteque_user }}" pip: name: gunicorn virtualenv_command: "/usr/bin/python3 -m venv" virtualenv: "/home/{{ pasteque_user }}/venv/" - name: Install dependencies in venv become: true become_user: "{{ pasteque_user }}" notify: restart pasteque pip: requirements: "/home/{{ pasteque_user }}/src/requirements.txt" virtualenv_command: "/usr/bin/python3 -m venv" virtualenv: "/home/{{ pasteque_user }}/venv/" - name: Create static/ directory file: path: /home/{{ pasteque_user }}/static/ state: directory owner: "{{ pasteque_user }}" group: "{{ pasteque_user }}" mode: 0755 - name: Configure Pasteque notify: restart pasteque copy: dest: "/home/{{ pasteque_user }}/src/local_settings.py" content: | DISPLAY_NAME = '{{ pasteque_display_name }}' SECRET_KEY = '{{ pasteque_secret }}' ALLOWED_HOSTS = ['{{ pasteque_host }}'] TIME_ZONE = 'Europe/Paris' LANGUAGE_CODE = 'en-US' DEBUG = False COMPRESS_ENABLED = False STATIC_ROOT = "/home/{{ pasteque_user }}/static/" ADMINS = (("mdk", "julien+pafpy@palard.fr"),) - name: Migrate db become: true become_user: "{{ pasteque_user }}" notify: restart pasteque command: "/home/{{ pasteque_user }}/venv/bin/python manage.py migrate" args: chdir: "/home/{{ pasteque_user }}/src" register: migrate_result changed_when: '" Applying " in migrate_result.stdout' - name: Collectstatic become: true become_user: "{{ pasteque_user }}" notify: restart pasteque command: "/home/{{ pasteque_user }}/venv/bin/python manage.py collectstatic --noinput" args: chdir: "/home/{{ pasteque_user }}/src" register: collectstatic_result changed_when: '"Copying " in collectstatic_result.stdout' - name: Configure systemd notify: restart pasteque copy: dest: /etc/systemd/system/pasteque.service content: | [Unit] Description=Le pastebin de l'AFPy After=network.target [Service] User={{ pasteque_user }} Group={{ pasteque_user }} RuntimeDirectory={{ pasteque_user }} WorkingDirectory=/home/{{ pasteque_user }}//src/ ExecStart=/home/{{ pasteque_user }}/venv/bin/gunicorn -t 120 -w 1 --bind unix:/run/{{ pasteque_user }}/pasteque.sock webtools.wsgi [Install] WantedBy=multi-user.target - name: Start pasteque service: name=pasteque enabled=yes state=started daemon_reload=yes