diff --git a/ctfd.yml b/ctfd.yml deleted file mode 100644 index 024d15b..0000000 --- a/ctfd.yml +++ /dev/null @@ -1,141 +0,0 @@ ---- - -- hosts: ctfd - vars: - domain: ctf.eqy.fr - owner: ctfd - version: master - home: "/home/ctfd" - letsencrypt_email: julien@palard.fr - secret_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34396134346435343464653766663833643061666164323337646137636631643930326633333239 - 3433333563366461646665643739383466343465663733650a326533316138366336333231616162 - 62623562346561663936303861363863626336343437333164343063323533353432653766356334 - 6138343864666637660a383165356630363533376562323663353636373636613035636339626631 - 31643062353434333534333130636237396365633662343964666134333833373439363833323062 - 3032666163643162613766306437356438653538333163346531 - tasks: - - name: Create user - user: - name: "{{ owner }}" - home: "{{ home }}" - - - name: Clone ctfd - git: - repo: https://github.com/CTFd/CTFd - dest: "{{ home }}/CTFd/" - become: true - become_user: "{{ owner }}" - - - name: Setup secret key - copy: - content: "{{ secret_key }}" - dest: "{{ home }}/CTFd/.ctfd_secret_key" - - - name: Configure nginx - include_role: name=nginx - vars: - nginx_domain: "{{ domain }}" - nginx_certificates: - - "{{ domain }}" - nginx_owner: "{{ owner }}" - nginx_conf: | - server - { - listen 80; - server_name {{ domain }}; - access_log /var/log/nginx/{{ domain }}-access.log; - error_log /var/log/nginx/{{ domain }}-error.log; - return 301 https://$host$request_uri; - } - - server - { - listen 443 ssl; - server_name {{ domain }}; - access_log /var/log/nginx/{{ domain }}-access.log; - error_log /var/log/nginx/{{ domain }}-error.log; - include snippets/letsencrypt-{{ domain }}.conf; - - add_header X-Frame-Options DENY; - - charset utf-8; - - location / - { - proxy_pass http://unix:{{ home }}/ctfd.sock; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - } - - - name: Install requirements - pip: - requirements: "{{ home }}/CTFd/requirements.txt" - virtualenv_command: "/usr/bin/python3 -m venv" - virtualenv: "{{ home }}/venv/" - become: true - become_user: "{{ owner }}" - - - name: Install MariaDB - # CTFd can run on SQLite but with migration issues - # See #1988. - package: - state: present - name: - - mariadb-server - - python3-pymysql - - - name: MariaDB database - community.mysql.mysql_db: - name: ctfd - state: present - login_unix_socket: /run/mysqld/mysqld.sock - - - name: MariaDB user - community.mysql.mysql_user: - state: present - name: ctfd - priv: 'ctfd.*:ALL' - login_unix_socket: /run/mysqld/mysqld.sock - - - name: Configure CTFd to use MariaDB - lineinfile: - path: '/home/ctfd/CTFd/CTFd/config.ini' - regex: '^DATABASE_URL' - line: 'DATABASE_URL = mysql+pymysql://ctfd@/ctfd?unix_socket=/run/mysqld/mysqld.sock' - notify: Restart CTFd - - - name: Configure systemd - copy: - dest: "/etc/systemd/system/{{ domain }}.service" - content: | - [Unit] - Description=CTFd ({{ domain }}) - After=network.target - - [Service] - PIDFile={{ home }}/gunicorn.pid - User={{ owner }} - Group={{ owner }} - RuntimeDirectory=pasteque - WorkingDirectory={{ home }}/CTFd/ - ExecStart={{ home }}/venv/bin/gunicorn --worker-class gevent -w6 -t 120 --pid {{ home }}/gunicorn.pid \ - --bind unix:{{ home }}/ctfd.sock wsgi:app - ExecReload=/bin/kill -s HUP $MAINPID - ExecStop=/bin/kill -s TERM $MAINPID - PrivateTmp=true - - [Install] - WantedBy=multi-user.target - - - name: Start CTFd - service: name="{{ domain }}" enabled=no state=stopped daemon_reload=yes - - handlers: - - name: Restart CTFd - service: name=ctf.eqy.fr state=restarted