From f2906f55232b42496dcc68b00ae823baa4187447 Mon Sep 17 00:00:00 2001 From: Julien Palard Date: Wed, 18 Dec 2019 17:14:53 +0100 Subject: [PATCH] logs.afpy.org --- afpy.org.yml | 16 ++------ logs.afpy.org.yml | 94 +++++++++++++++++++++++++++++++++++++++++++++++ site.yml | 1 + 3 files changed, 98 insertions(+), 13 deletions(-) create mode 100644 logs.afpy.org.yml diff --git a/afpy.org.yml b/afpy.org.yml index 1971ac5..53908c4 100644 --- a/afpy.org.yml +++ b/afpy.org.yml @@ -13,16 +13,6 @@ - en_US.UTF-8 - fr_FR.UTF-8 - - name: Setup logs.afpy.org - include_role: name=julienpalard.nginx - vars: - nginx_owner: logs-afpy-org - nginx_domain: logs.afpy.org - nginx_certificates: [logs.afpy.org] - nginx_path: /var/www/logs.afpy.org/ - nginx_public_deploy_key: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8BxBkDeX8exqUzvU813yOUx7mu1Ax5cfntFJo8a80CZ4m/jKNXwqd5eW7Vp6hVNvKuKcb58SgUzQ/Yl2AaMqF2KMD+aAwSYaqtJCFVYG+zjpGhQuxvQVKb9Pvdu9clpRHAYUw9bD/GG2YLdaryLqr54XCF6h/bCc6gHcj/UhByoQJwCbkBTCvCzHHEOe+Je2RAQc5nDWACXffO1LduHtjDvRH5wpnfubYy96fLfwFhFNNvci4vRxKA0JTFlU5URds5Y+Uk5pH+yRzN3DBZhdXTg5w2Ox9d+Xd5NxpInMiHJzI+Ldax7DolYXEFx5ZT+gSOo3VOzvo6fjHYEp2LALOQ== gawel@boiboite" - - - name: Install requirements apt: state: present @@ -51,7 +41,7 @@ server { listen 80; - server_name .afpy.org; + server_name www.afpy.org afpy.org; access_log /var/log/nginx/afpy.org-access.log; error_log /var/log/nginx/afpy.org-error.log; return 301 https://$host$request_uri; @@ -60,7 +50,7 @@ server { listen 443 ssl; - server_name .afpy.org; + server_name www.afpy.org afpy.org; access_log /var/log/nginx/afpy.org-access.log; error_log /var/log/nginx/afpy.org-error.log; root /var/www/afpy.org/; @@ -116,7 +106,7 @@ lineinfile: path: /etc/sudoers state: present - regexp: afpy-org + regexp: '^afpy-org ' line: "afpy-org ALL = NOPASSWD: /bin/systemctl restart afpy-org.service" validate: /usr/sbin/visudo -cf %s diff --git a/logs.afpy.org.yml b/logs.afpy.org.yml new file mode 100644 index 0000000..acc2148 --- /dev/null +++ b/logs.afpy.org.yml @@ -0,0 +1,94 @@ +--- + +- hosts: webservers + tasks: + - name: Basic setup + include_role: name=common + + - name: Setup logs.afpy.org + include_role: name=julienpalard.nginx + vars: + nginx_owner: logs-afpy-org + nginx_domain: logs.afpy.org + nginx_certificates: [logs.afpy.org] + nginx_path: /var/www/logs.afpy.org/ + nginx_public_deploy_key: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8BxBkDeX8exqUzvU813yOUx7mu1Ax5cfntFJo8a80CZ4m/jKNXwqd5eW7Vp6hVNvKuKcb58SgUzQ/Yl2AaMqF2KMD+aAwSYaqtJCFVYG+zjpGhQuxvQVKb9Pvdu9clpRHAYUw9bD/GG2YLdaryLqr54XCF6h/bCc6gHcj/UhByoQJwCbkBTCvCzHHEOe+Je2RAQc5nDWACXffO1LduHtjDvRH5wpnfubYy96fLfwFhFNNvci4vRxKA0JTFlU5URds5Y+Uk5pH+yRzN3DBZhdXTg5w2Ox9d+Xd5NxpInMiHJzI+Ldax7DolYXEFx5ZT+gSOo3VOzvo6fjHYEp2LALOQ== gawel@boiboite" + nginx_conf: | + server + { + listen 80; + server_name logs.afpy.org; + access_log /var/log/nginx/logs.afpy.org-access.log; + error_log /var/log/nginx/logs.afpy.org-error.log; + return 301 https://$host$request_uri; + } + + server + { + listen 443 ssl; + server_name logs.afpy.org; + access_log /var/log/nginx/logs.afpy.org-access.log; + error_log /var/log/nginx/logs.afpy.org-error.log; + root /var/www/logs.afpy.org/; + include snippets/letsencrypt-logs.afpy.org.conf; + location / + { + include proxy_params; + proxy_pass http://unix:/run/logs-afpy-org/website.sock; + } + } + + - name: logs-afpy-org user can reload own website + lineinfile: + path: /etc/sudoers + state: present + regexp: '^logs-afpy-org ' + line: "logs-afpy-org ALL = NOPASSWD: /bin/systemctl restart logs-afpy-org.service" + validate: /usr/sbin/visudo -cf %s + + - name: Initial clone + become: true + become_user: logs-afpy-org + git: + repo: https://github.com/AFPy/AfpyLogs/ + dest: /home/logs-afpy-org/src/ + update: no + + - name: pip install logs.afpy.org website + become: true + become_user: logs-afpy-org + pip: + name: /home/logs-afpy-org/src/ + virtualenv_command: /usr/bin/python3 -m venv + virtualenv: "/home/logs-afpy-org/venv/" + + - name: systemd logs.afpy.org service + copy: + dest: /etc/systemd/system/logs-afpy-org.service + content: | + [Unit] + Description=IRC Logs website + After=network.target + + [Service] + PIDFile=/run/logs-afpy-org/website.pid + User=logs-afpy-org + Group=logs-afpy-org + RuntimeDirectory=logs-afpy-org + WorkingDirectory=/home/logs-afpy-org/src/ + ExecStart=/home/logs-afpy-org/venv/bin/gunicorn -w 2 \ + --pid /run/logs-afpy-org/website.pid \ + --bind unix:/run/logs-afpy-org/website.sock \ + --paste deploy.ini + ExecReload=/bin/kill -s HUP $MAINPID + ExecStop=/bin/kill -s TERM $MAINPID + PrivateTmp=true + + [Install] + WantedBy=multi-user.target + + - service: name=logs-afpy-org state=started enabled=yes + + handlers: + - name: reload nginx + service: name=nginx state=reloaded diff --git a/site.yml b/site.yml index a3bbec8..b8c8f3b 100644 --- a/site.yml +++ b/site.yml @@ -3,6 +3,7 @@ - import_playbook: common.yml - import_playbook: pycon.fr.yml - import_playbook: afpy.org.yml +- import_playbook: logs.afpy.org.yml # - import_playbook: passbolt.yml # See https://github.com/laxathom/ansible-role-passbolt/issues/15 - import_playbook: backup.yml - import_playbook: autoconfig.yml