113 lines
3.5 KiB
YAML
113 lines
3.5 KiB
YAML
---
|
|
|
|
- hosts: afpyros
|
|
vars:
|
|
nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjZQkU+su6uDOq8zllDP/j6Wg7puNHG8eZMVBgP8Ady"
|
|
tasks:
|
|
- name: Basic setup
|
|
include_role: name=common
|
|
|
|
- name: Setup afpyro.afpy.org
|
|
include_role: name=nginx
|
|
vars:
|
|
nginx_owner: afpyro-afpy-org
|
|
nginx_domain: afpyro.afpy.org
|
|
nginx_certificates: [afpyro.afpy.org]
|
|
nginx_conf: |
|
|
server
|
|
{
|
|
listen [::]:80; listen 80;
|
|
server_name afpyro.afpy.org;
|
|
access_log /var/log/nginx/afpyro.afpy.org-access.log;
|
|
error_log /var/log/nginx/afpyro.afpy.org-error.log;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server
|
|
{
|
|
listen [::]:443 ssl; listen 443 ssl;
|
|
server_name afpyro.afpy.org;
|
|
access_log /var/log/nginx/afpyro.afpy.org-access.log;
|
|
error_log /var/log/nginx/afpyro.afpy.org-error.log;
|
|
root /var/www/afpyro.afpy.org/;
|
|
include snippets/letsencrypt-afpyro.afpy.org.conf;
|
|
|
|
location /static/
|
|
{
|
|
alias /home/afpyro-afpy-org/src/static/;
|
|
}
|
|
|
|
location /_static/
|
|
{
|
|
alias /home/afpyro-afpy-org/src/docs/_build/html/_static/;
|
|
}
|
|
|
|
location /
|
|
{
|
|
include proxy_params;
|
|
proxy_pass http://unix:/run/afpyro-afpy-org/website.sock;
|
|
}
|
|
}
|
|
|
|
- name: afpyro user can reload own website
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
state: present
|
|
regexp: '^afpyro-afpy-org '
|
|
line: "afpyro-afpy-org ALL = NOPASSWD: /bin/systemctl restart afpyro-afpy-org.service"
|
|
validate: /usr/sbin/visudo -cf %s
|
|
|
|
- name: Initial clone
|
|
become: true
|
|
become_user: afpyro-afpy-org
|
|
git:
|
|
repo: https://github.com/AFPy/siteafpyro
|
|
dest: /home/afpyro-afpy-org/src/
|
|
update: no
|
|
|
|
- name: pip install AFPyro requirements
|
|
become: true
|
|
become_user: afpyro-afpy-org
|
|
pip:
|
|
requirements: /home/afpyro-afpy-org/src/requirements.txt
|
|
virtualenv_command: /usr/bin/python3 -m venv
|
|
virtualenv: "/home/afpyro-afpy-org/venv/"
|
|
|
|
- name: Compile HTML pages
|
|
become: true
|
|
become_user: afpyro-afpy-org
|
|
command: make html SPHINXBUILD=/home/afpyro-afpy-org/venv/bin/sphinx-build
|
|
args:
|
|
chdir: /home/afpyro-afpy-org/src/docs/
|
|
creates: /home/afpyro-afpy-org/src/docs/build/html/
|
|
|
|
- name: systemd afpy.org service
|
|
copy:
|
|
dest: /etc/systemd/system/afpyro-afpy-org.service
|
|
content: |
|
|
[Unit]
|
|
Description=AFPyro website
|
|
After=network.target
|
|
|
|
[Service]
|
|
PIDFile=/run/afpyro-afpy-org/website.pid
|
|
User=afpyro-afpy-org
|
|
Group=afpyro-afpy-org
|
|
RuntimeDirectory=afpyro-afpy-org
|
|
WorkingDirectory=/home/afpyro-afpy-org/src/
|
|
ExecStart=/home/afpyro-afpy-org/venv/bin/gunicorn -w 2 \
|
|
--pid /run/afpyro-afpy-org/website.pid \
|
|
--bind unix:/run/afpyro-afpy-org/website.sock afpyro:app
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
ExecStop=/bin/kill -s TERM $MAINPID
|
|
PrivateTmp=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
- name: AFPyro is started and running
|
|
service:
|
|
name: afpyro-afpy-org
|
|
state: started
|
|
enabled: true
|