142 lines
4.1 KiB
YAML
142 lines
4.1 KiB
YAML
---
|
|
|
|
- name: Setup nginx
|
|
include_role: name=nginx
|
|
vars:
|
|
nginx_owner: "{{ pasteque_user }}"
|
|
nginx_domain: "{{ pasteque_host }}"
|
|
nginx_certificates: ["{{ pasteque_host }}"]
|
|
nginx_conf: |
|
|
server
|
|
{
|
|
listen [::]:80; listen 80;
|
|
server_name {{ pasteque_host }};
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server
|
|
{
|
|
listen [::]:443 ssl http2; listen 443 ssl http2;
|
|
server_name {{ pasteque_host }};
|
|
include snippets/letsencrypt-{{ pasteque_host }}.conf;
|
|
|
|
add_header Content-Security-Policy "default-src 'self'";
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
charset utf-8;
|
|
|
|
location /::/static
|
|
{
|
|
alias /home/{{ pasteque_user }}/static/;
|
|
expires 30d;
|
|
}
|
|
|
|
location /
|
|
{
|
|
proxy_pass http://unix:/run/{{ pasteque_user }}/pasteque.sock;
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
|
|
- name: Clone pasteque
|
|
become: true
|
|
become_user: "{{ pasteque_user }}"
|
|
notify: restart pasteque
|
|
git:
|
|
repo: https://git.afpy.org/AFPy/pasteque
|
|
dest: "/home/{{ pasteque_user }}/src/"
|
|
update: yes
|
|
|
|
- name: Setup or upgrade venv
|
|
become: true
|
|
become_user: "{{ pasteque_user }}"
|
|
command: python3 -m venv --upgrade-deps "/home/{{ pasteque_user }}/venv"
|
|
changed_when: False
|
|
|
|
- name: Install gunicorn in venv
|
|
become: true
|
|
become_user: "{{ pasteque_user }}"
|
|
pip:
|
|
name: gunicorn
|
|
virtualenv_command: "/usr/bin/python3 -m venv"
|
|
virtualenv: "/home/{{ pasteque_user }}/venv/"
|
|
|
|
- name: Install dependencies in venv
|
|
become: true
|
|
become_user: "{{ pasteque_user }}"
|
|
notify: restart pasteque
|
|
pip:
|
|
requirements: "/home/{{ pasteque_user }}/src/requirements.txt"
|
|
virtualenv_command: "/usr/bin/python3 -m venv"
|
|
virtualenv: "/home/{{ pasteque_user }}/venv/"
|
|
|
|
- name: Create static/ directory
|
|
file:
|
|
path: /home/{{ pasteque_user }}/static/
|
|
state: directory
|
|
owner: "{{ pasteque_user }}"
|
|
group: "{{ pasteque_user }}"
|
|
mode: 0755
|
|
|
|
- name: Configure Pasteque
|
|
notify: restart pasteque
|
|
copy:
|
|
dest: "/home/{{ pasteque_user }}/src/local_settings.py"
|
|
content: |
|
|
DISPLAY_NAME = '{{ pasteque_display_name }}'
|
|
SECRET_KEY = '{{ pasteque_secret }}'
|
|
ALLOWED_HOSTS = ['{{ pasteque_host }}']
|
|
TIME_ZONE = 'Europe/Paris'
|
|
LANGUAGE_CODE = 'en-US'
|
|
DEBUG = False
|
|
COMPRESS_ENABLED = False
|
|
STATIC_ROOT = "/home/{{ pasteque_user }}/static/"
|
|
ADMINS = (("mdk", "julien+pafpy@palard.fr"),)
|
|
|
|
|
|
- name: Migrate db
|
|
become: true
|
|
become_user: "{{ pasteque_user }}"
|
|
notify: restart pasteque
|
|
command: "/home/{{ pasteque_user }}/venv/bin/python manage.py migrate"
|
|
args:
|
|
chdir: "/home/{{ pasteque_user }}/src"
|
|
register: migrate_result
|
|
changed_when: '" Applying " in migrate_result.stdout'
|
|
|
|
- name: Collectstatic
|
|
become: true
|
|
become_user: "{{ pasteque_user }}"
|
|
notify: restart pasteque
|
|
command: "/home/{{ pasteque_user }}/venv/bin/python manage.py collectstatic --noinput"
|
|
args:
|
|
chdir: "/home/{{ pasteque_user }}/src"
|
|
register: collectstatic_result
|
|
changed_when: '"Copying " in collectstatic_result.stdout'
|
|
|
|
- name: Configure systemd
|
|
notify: restart pasteque
|
|
copy:
|
|
dest: /etc/systemd/system/pasteque.service
|
|
content: |
|
|
[Unit]
|
|
Description=Le pastebin de l'AFPy
|
|
After=network.target
|
|
|
|
[Service]
|
|
User={{ pasteque_user }}
|
|
Group={{ pasteque_user }}
|
|
RuntimeDirectory={{ pasteque_user }}
|
|
WorkingDirectory=/home/{{ pasteque_user }}//src/
|
|
ExecStart=/home/{{ pasteque_user }}/venv/bin/gunicorn -t 120 -w 1 --bind unix:/run/{{ pasteque_user }}/pasteque.sock webtools.wsgi
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
- name: Start pasteque
|
|
service: name=pasteque enabled=yes state=started daemon_reload=yes
|