infra/pydocteur.afpy.org.yml

---

- hosts: webservers
  tasks:
    - name: Basic setup
      include_role: name=common

    - name: Install irker
      apt:
        name: irker
        state: present

    - name: Setup pydocteur.afpy.org
      include_role: name=nginx
      vars:
        nginx_owner: pydocteur-afpy-org
        nginx_domain: pydocteur.afpy.org
        nginx_certificates: [pydocteur.afpy.org]
        nginx_public_deploy_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPqZ20aNdTDrePRQT0obzUF0yn/o3cWEFwaf/MtAOmVxpJZiTZzaikU58qLVaTxfZpULMf2yIB9a1v0FhUOHde30+FFyxuGCMmV9lHT7wA4TS3Ucqj2kqzV2Qby/3IjxI41MXpbIFBj7K7TaJKfCPb2ToAuxbyiSiLXDre+xpSfR8qNAz1nObJPR/NbrJRzHnLywml1b7j1kPbbGfUvh3jtMa9a9eN3xotxGsLM8Da+R86xagC6lChJqxzM2zlsqXMhwnf/ntNAIJC6CpVpwdKTF6S8VIVC2UyB9oMnP43B1ijAETuNYG/nm4nE5IkQ14SiiQyRqdfX7+y5Pt2BfOxwVEedvcdAHZIj3v0fDr+23lf2AXR2v9V2JWT0BVLSJ6s2DHrumXkbS+XQkJWjxSZUUN7zg+J/+sPRrYERo+wIzLxXGGycrRgmQKLH6OJIy2/n/L8KtZfvxm6u90WIHu6RYTU9rqvzoqtEImDegOtzPqDFsljm8simginlqQo5gk= pydocteur"
        nginx_conf: |
          server
          {
              listen [::]:80; listen 80;
              server_name pydocteur.afpy.org;
              return 301 https://$host$request_uri;
          }

          server
          {
              listen [::]:443 ssl http2; listen 443 ssl http2;
              server_name pydocteur.afpy.org;
              include snippets/letsencrypt-pydocteur.afpy.org.conf;
              location /
              {
                  include proxy_params;
                  proxy_pass http://unix:/home/pydocteur-afpy-org/wsgi.sock;
              }
          }          

    - name: PyDocTeur have its own systemd user daemon started at boot
      command:
        cmd: loginctl enable-linger pydocteur-afpy-org
        creates: "/var/lib/systemd/linger/pydocteur-afpy-org"

    - name: Initial clone
      become: true
      become_user: pydocteur-afpy-org
      git:
        repo: https://github.com/AFPy/PyDocTeur/
        dest: /home/pydocteur-afpy-org/src/
        update: no

    - name: pip install requirements
      become: true
      become_user: pydocteur-afpy-org
      pip:
        requirements: /home/pydocteur-afpy-org/src/requirements.txt
        virtualenv_command: /usr/bin/python3 -m venv
        virtualenv: "/home/pydocteur-afpy-org/venv/"

    - name: pip install gunicorn and irker-handler
      become: true
      become_user: pydocteur-afpy-org
      pip:
        name: [gunicorn, irker-handler]
        virtualenv_command: /usr/bin/python3 -m venv
        virtualenv: "/home/pydocteur-afpy-org/venv/"

    - name: systemd user directory
      file:
        path: /home/pydocteur-afpy-org/.local/share/systemd/user/
        state: directory

    - name: systemd pydocteur.afpy.org service
      copy:
        dest: /home/pydocteur-afpy-org/.local/share/systemd/user/pydocteur.service
        content: |
          [Unit]
          Description=PyDocTeur Github hook
          After=network.target

          [Service]
          PIDFile=/home/pydocteur-afpy-org/service.pid
          WorkingDirectory=/home/pydocteur-afpy-org/src/
          ExecStart=/home/pydocteur-afpy-org/venv/bin/gunicorn \
                    --workers 1 \
                    --pid /home/pydocteur-afpy-org/service.pid \
                    --bind unix:/home/pydocteur-afpy-org/wsgi.sock \
                    wsgi

          ExecReload=/bin/kill -s HUP $MAINPID
          ExecStop=/bin/kill -s TERM $MAINPID
          PrivateTmp=true

          [Install]
          WantedBy=multi-user.target          

    - name: Configure PyDocTeur
      copy:
        content: |
          {{ vault_pydocteur_env }}
          LOGGING=/home/pydocteur-afpy-org/logging.yml          
        dest: /home/pydocteur-afpy-org/src/.env


    - name: Configure PyDocTeur logging
      notify: restart pydocteur
      copy:
        dest: /home/pydocteur-afpy-org/logging.yml
        content: |
          ---

          version: 1
          disable_existing_loggers: false
          handlers:
            stderr:
              class: logging.StreamHandler
              stream: ext://sys.stderr
              level: DEBUG
            email:
              class: logging.handlers.SMTPHandler
              mailhost: 127.0.0.1
              fromaddr: pydocteur@afpy.org
              toaddrs: [afpy-web@lists.afpy.org]
              subject: PyDocTeur Exception
              level: ERROR
            irc:
              class: irker_handler.IrkerHandler
              to: irc://irc.libera.chat/python-docs-fr
              level: WARNING
          loggers:
            gunicorn.error:
              level: INFO
              handlers: [stderr, email]
            pydocteur:
              level: DEBUG
              handlers: [irc, stderr, email]
            urllib3:
              level: INFO
              handlers: [stderr]
            reqests:
              level: INFO
              handlers: [stderr]
            github:
              level: INFO
              handlers: [stderr]          


    - name: Start PyDocTeur
      become: true
      become_user: pydocteur-afpy-org
      systemd:
        daemon_reload: yes
        scope: user
        state: started
        name: pydocteur

  handlers:
    - name: restart pydocteur
      become: true
      become_user: pydocteur-afpy-org
      systemd:
        daemon_reload: yes
        scope: user
        state: restarted
        name: pydocteur

    - name: reload nginx
      service: name=nginx state=reloaded