1
0
forked from infra/ansible

Begin work on directory-self-service role.

This commit is contained in:
Markus 2017-03-20 16:54:01 +01:00
parent 1b587c0eec
commit bc270519b0
8 changed files with 131 additions and 0 deletions

View File

@ -0,0 +1,15 @@
[Unit]
Description=%i uWSGI app
After=syslog.target
[Service]
ExecStart=/usr/bin/uwsgi \
--ini /etc/uwsgi/apps-available/%i.ini \
--socket /var/run/uwsgi/%i.socket
User=www-data
Group=www-data
Restart=on-failure
KillSignal=SIGQUIT
Type=notify
StandardError=syslog
NotifyAccess=all

View File

@ -0,0 +1,11 @@
[Unit]
Description=Socket for uWSGI app %i
[Socket]
ListenStream=/var/run/uwsgi/%i.socket
SocketUser=www-data
SocketGroup=www-data
SocketMode=0660
[Install]
WantedBy=sockets.target

View File

@ -0,0 +1,6 @@
[uwsgi]
chdir = /var/www/dss
wsgi-file = index.py
callable = app
processes = 4
threads = 2

View File

@ -0,0 +1,4 @@
---
- name: Restart nginx
service: name=nginx state=restarted

5
roles/dss/meta/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
dependencies:
- { role: certmgr }
- { role: nginx, nginx_ssl: True }

41
roles/dss/tasks/main.yml Normal file
View File

@ -0,0 +1,41 @@
---
- name: Install dependencies
apt: name={{ item }} state=present
with_items:
- python-flask
- python-flaskext.wtf
- python-ldap
- python-passlib
- python-redis
- redis-server
- uwsgi
#- name: Install bk-dss
# git: repo=https://github.com/moepman/bk-diss.git dest=/var/www/dss depth=1 version=b1e0035e83dcf533610423a1cf4374e6c6dbf3d8
# TODO Configure bk-dss
# TODO Configure redis
#- name: Configure uwsgi service
# copy: src={{ item }} dest=/etc/{{ item }}
# with_items:
# - uwsgi/apps-available/dss.ini
# - systemd/system/uwsgi-app@.socket
# - systemd/system/uwsgi-app@.service
# notify: Restart uwsgi-app@dss
#- name: Configure certificate manager for dss
# template: src=certs.j2 dest=/etc/acme/domains.d/{{ dss_domain }}.conf
#- name: Configure vhost
# template: src=vhost.j2 dest=/etc/nginx/sites-available/dss
# notify: Restart nginx
#- name: Enable vhost
# file: src=/etc/nginx/sites-available/dss dest=/etc/nginx/sites-enabled/dss state=link
# notify: Restart nginx
#- name: Start uwsgi
# service: name=uwsgi-app@dss state=started enabled=yes

View File

@ -0,0 +1,15 @@
---
{{ dss_domain }}:
- path: /etc/nginx/ssl/{{ dss_domain }}.key
user: root
group: root
perm: '400'
format: key
action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ dss_domain }}.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/usr/sbin/service nginx restart'

View File

@ -0,0 +1,34 @@
server {
listen 80;
listen [::]:80;
server_name {{ dss_domain }};
location /.well-known/acme-challenge {
default_type "text/plain";
alias /var/www/acme-challenge;
}
location / {
return 301 https://{{ dss_domain }}$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ dss_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ dss_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ dss_domain }}.crt;
root /var/www/dss/;
uwsgi_pass /var/run/uwsgi/dss.socket;
include uwsgi_params;
location /static {
root /var/www/dss/;
}
}