142 lines
4.4 KiB
YAML
142 lines
4.4 KiB
YAML
---
|
|
|
|
- hosts: ctfd
|
|
vars:
|
|
domain: ctf.eqy.fr
|
|
owner: ctfd
|
|
version: master
|
|
home: "/home/ctfd"
|
|
letsencrypt_email: julien@palard.fr
|
|
secret_key: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
34396134346435343464653766663833643061666164323337646137636631643930326633333239
|
|
3433333563366461646665643739383466343465663733650a326533316138366336333231616162
|
|
62623562346561663936303861363863626336343437333164343063323533353432653766356334
|
|
6138343864666637660a383165356630363533376562323663353636373636613035636339626631
|
|
31643062353434333534333130636237396365633662343964666134333833373439363833323062
|
|
3032666163643162613766306437356438653538333163346531
|
|
tasks:
|
|
- name: Create user
|
|
user:
|
|
name: "{{ owner }}"
|
|
home: "{{ home }}"
|
|
|
|
- name: Clone ctfd
|
|
git:
|
|
repo: https://github.com/CTFd/CTFd
|
|
dest: "{{ home }}/CTFd/"
|
|
become: true
|
|
become_user: "{{ owner }}"
|
|
|
|
- name: Setup secret key
|
|
copy:
|
|
content: "{{ secret_key }}"
|
|
dest: "{{ home }}/CTFd/.ctfd_secret_key"
|
|
|
|
- name: Configure nginx
|
|
include_role: name=nginx
|
|
vars:
|
|
nginx_domain: "{{ domain }}"
|
|
nginx_certificates:
|
|
- "{{ domain }}"
|
|
nginx_owner: "{{ owner }}"
|
|
nginx_conf: |
|
|
server
|
|
{
|
|
listen 80;
|
|
server_name {{ domain }};
|
|
access_log /var/log/nginx/{{ domain }}-access.log;
|
|
error_log /var/log/nginx/{{ domain }}-error.log;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server
|
|
{
|
|
listen 443 ssl;
|
|
server_name {{ domain }};
|
|
access_log /var/log/nginx/{{ domain }}-access.log;
|
|
error_log /var/log/nginx/{{ domain }}-error.log;
|
|
include snippets/letsencrypt-{{ domain }}.conf;
|
|
|
|
add_header X-Frame-Options DENY;
|
|
|
|
charset utf-8;
|
|
|
|
location /
|
|
{
|
|
proxy_pass http://unix:{{ home }}/ctfd.sock;
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
|
|
- name: Install requirements
|
|
pip:
|
|
requirements: "{{ home }}/CTFd/requirements.txt"
|
|
virtualenv_command: "/usr/bin/python3 -m venv"
|
|
virtualenv: "{{ home }}/venv/"
|
|
become: true
|
|
become_user: "{{ owner }}"
|
|
|
|
- name: Install MariaDB
|
|
# CTFd can run on SQLite but with migration issues
|
|
# See #1988.
|
|
package:
|
|
state: present
|
|
name:
|
|
- mariadb-server
|
|
- python3-pymysql
|
|
|
|
- name: MariaDB database
|
|
community.mysql.mysql_db:
|
|
name: ctfd
|
|
state: present
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
|
|
- name: MariaDB user
|
|
community.mysql.mysql_user:
|
|
state: present
|
|
name: ctfd
|
|
priv: 'ctfd.*:ALL'
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
|
|
- name: Configure CTFd to use MariaDB
|
|
lineinfile:
|
|
path: '/home/ctfd/CTFd/CTFd/config.ini'
|
|
regex: '^DATABASE_URL'
|
|
line: 'DATABASE_URL = mysql+pymysql://ctfd@/ctfd?unix_socket=/run/mysqld/mysqld.sock'
|
|
notify: Restart CTFd
|
|
|
|
- name: Configure systemd
|
|
copy:
|
|
dest: "/etc/systemd/system/{{ domain }}.service"
|
|
content: |
|
|
[Unit]
|
|
Description=CTFd ({{ domain }})
|
|
After=network.target
|
|
|
|
[Service]
|
|
PIDFile={{ home }}/gunicorn.pid
|
|
User={{ owner }}
|
|
Group={{ owner }}
|
|
RuntimeDirectory=pasteque
|
|
WorkingDirectory={{ home }}/CTFd/
|
|
ExecStart={{ home }}/venv/bin/gunicorn --worker-class gevent -w6 -t 120 --pid {{ home }}/gunicorn.pid \
|
|
--bind unix:{{ home }}/ctfd.sock wsgi:app
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
ExecStop=/bin/kill -s TERM $MAINPID
|
|
PrivateTmp=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
- name: Start CTFd
|
|
service: name="{{ domain }}" enabled=no state=stopped daemon_reload=yes
|
|
|
|
handlers:
|
|
- name: Restart CTFd
|
|
service: name=ctf.eqy.fr state=restarted
|