Switch to docker setup

templates/celery.env.j2

@@ -1,30 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# Name of nodes to start
-CELERYD_NODES="worker1 worker2"
-
-CELERY_BIN="{{ app_dir }}/.venv/bin/celery"
-
-CELERY_APP="newsreader"
-
-# The scheduler to be used.
-# See https://docs.celeryproject.org/en/stable/userguide/configuration.html#beat-scheduler
-CELERY_SCHEDULER="django_celery_beat.schedulers:DatabaseScheduler"
-
-# How to call manage.py
-CELERYD_MULTI="multi"
-
-# Extra command-line arguments to the worker
-CELERYD_OPTS="--time-limit=300 --concurrency=8"
-
-# - %I will be replaced with the current child process index
-#   and is important when using the prefork pool to avoid race conditions.
-CELERYD_PID_FILE="/run/celery/%n.pid"
-
-CELERYD_LOG_LEVEL="INFO"
-CELERYD_LOG_FILE="/dev/null"
-
-# you may wish to add these options for Celery Beat
-CELERYBEAT_PID_FILE="/run/celery/beat.pid"
-
-DJANGO_SETTINGS_MODULE="newsreader.conf.production"

templates/celery.j2

@@ -1,25 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-[Unit]
-Description=Celery Service
-After=systemd-networkd-wait-online.service
-
-[Service]
-Type=forking
-User=newsreader
-Group=newsreader
-SyslogIdentifier=celery
-EnvironmentFile=/home/newsreader/.config/conf.d/celery
-RuntimeDirectory=celery
-WorkingDirectory={{ app_dir }}/src
-ExecStart=/bin/sh -c '${CELERY_BIN} multi start ${CELERYD_NODES} \
-  -A ${CELERY_APP} --pidfile=${CELERYD_PID_FILE} \
-  --loglevel=${CELERYD_LOG_LEVEL} --logfile=${CELERYD_LOG_FILE} ${CELERYD_OPTS}'
-ExecStop=/bin/sh -c '${CELERY_BIN} multi stopwait ${CELERYD_NODES} \
-  --pidfile=${CELERYD_PID_FILE}'
-ExecReload=/bin/sh -c '${CELERY_BIN} multi restart ${CELERYD_NODES} \
-  -A ${CELERY_APP} --pidfile=${CELERYD_PID_FILE} \
-  --loglevel=${CELERYD_LOG_LEVEL} --logfile=${CELERYD_LOG_FILE} ${CELERYD_OPTS}'
-
-[Install]
-WantedBy=multi-user.target

templates/celerybeat.j2

@@ -1,19 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-[Unit]
-Description=Celery Beat Service
-After=celery.service
-
-[Service]
-Type=simple
-User=newsreader
-Group=newsreader
-EnvironmentFile=/home/newsreader/.config/conf.d/celery
-RuntimeDirectory=celery
-WorkingDirectory={{ app_dir }}/src
-ExecStart=/bin/sh -c '${CELERY_BIN} beat  \
-  -A ${CELERY_APP} -S ${CELERY_SCHEDULER} --pidfile=${CELERYBEAT_PID_FILE} \
-  --loglevel=${CELERYD_LOG_LEVEL} --logfile=${CELERYD_LOG_FILE}'
-
-[Install]
-WantedBy=multi-user.target

templates/env.j2

@@ -1,27 +1,30 @@
-POSTGRES_HOST="{{ pgbouncer_listen_address }}"
-POSTGRES_PORT="{{ pgbouncer_port }}"
-POSTGRES_NAME="{{ pgbouncer_name }}"
-POSTGRES_USER="{{ pgbouncer_user }}"
-POSTGRES_PASSWORD="{{ pgbouncer_password }}"
+POSTGRES_HOST='{{ postgres_host }}'
+POSTGRES_PORT='{{ postgres_port }}'
+POSTGRES_DB='{{ postgres_db }}'
+POSTGRES_USER='{{ postgres_user }}'
+POSTGRES_PASSWORD='{{ postgres_password }}'
 
-DJANGO_SETTINGS_MODULE="{{ django_settings_module }}"
-DJANGO_SECRET_KEY="{{ django_secret_key }}"
+DJANGO_SETTINGS_MODULE='{{ django_settings_module }}'
+DJANGO_SECRET_KEY='{{ django_secret_key }}'
 
-EMAIL_HOST="{{ email_host }}"
-EMAIL_PORT="{{ email_port }}"
-EMAIL_HOST_USER="{{ email_user }}"
-EMAIL_HOST_PASSWORD="{{ email_password }}"
+NGINX_HTTP_PORT='{{ nginx_http_port }}'
+
+# TODO: setup email configuration
+EMAIL_HOST='{{ email_host }}'
+EMAIL_PORT='{{ email_port }}'
+EMAIL_HOST_USER='{{ email_user }}'
+EMAIL_HOST_PASSWORD='{{ email_password }}'
 EMAIL_USE_TLS={{ email_tls }}
 EMAIL_USE_SSL={{ email_ssl }}
-EMAIL_DEFAULT_FROM="{{ email_user }}"
+EMAIL_DEFAULT_FROM='{{ email_user }}'
 
-REDDIT_CLIENT_ID="{{ reddit_client_id }}"
-REDDIT_CLIENT_SECRET="{{ reddit_client_secret }}"
-REDDIT_CALLBACK_URL="{{ reddit_callback_url }}"
+REDDIT_CLIENT_ID='{{ reddit_client_id }}'
+REDDIT_CLIENT_SECRET='{{ reddit_client_secret }}'
+REDDIT_CALLBACK_URL='{{ reddit_callback_url }}'
 
-TWITTER_CONSUMER_ID="{{ twitter_client_id }}"
-TWITTER_CONSUMER_SECRET="{{ twitter_client_secret }}"
-TWITTER_REDIRECT_URL="{{ twitter_redirect_url }}"
+TWITTER_CONSUMER_ID='{{ twitter_client_id }}'
+TWITTER_CONSUMER_SECRET='{{ twitter_client_secret }}'
+TWITTER_REDIRECT_URL='{{ twitter_redirect_url }}'
 
-SENTRY_DSN="{{ sentry_dsn }}"
-ADMINS="{{ admins }}"
+SENTRY_DSN='{{ sentry_dsn }}'
+ADMINS='{{ admins }}'

templates/gunicorn-socket.j2

@@ -1,11 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-[Unit]
-Description=Gunicorn socket
-
-[Socket]
-ListenStream=/run/gunicorn.sock
-User=www-data
-
-[Install]
-WantedBy=sockets.target

templates/gunicorn.j2

@@ -1,19 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-[Unit]
-Description=Gunicorn daemon
-Requires=gunicorn.socket
-After=network.target
-
-[Service]
-User=newsreader
-Group=www-data
-EnvironmentFile={{ app_dir }}/.env
-WorkingDirectory={{ app_dir }}/src
-ExecStart={{ app_dir }}/.venv/bin/gunicorn \
-					--workers 3 \
-					--bind unix:/run/gunicorn.sock \
-					newsreader.wsgi:application
-
-[Install]
-WantedBy=multi-user.target

templates/limits.j2

@@ -1,6 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# see https://www.rabbitmq.com/install-debian.html#kernel-resource-limits
-#
-[Service]
-LimitNOFILE=64000

templates/memcached.j2

@@ -1,52 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# memcached default config file
-# 2003 - Jay Bonci <jaybonci@debian.org>
-# This configuration file is read by the start-memcached script provided as
-# part of the Debian GNU/Linux distribution.
-
-# Run memcached as a daemon. This command is implied, and is not needed for the
-# daemon to run. See the README.Debian that comes with this package for more
-# information.
--d
-
-# Log memcached's output to /var/log/memcached
-logfile /var/log/memcached.log
-
-# Be verbose
-# -v
-
-# Be even more verbose (print client commands as well)
-# -vv
-
-# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
-# Note that the daemon will grow to this size, but does not start out holding this much
-# memory
--m 64
-
-# Default connection port is 11211
--p 11211
-
-# Run the daemon as root. The start-memcached will default to running as root if no
-# -u command is present in this config file
--u memcache
-
-# Specify which IP address to listen on. The default is to listen on all IP addresses
-# This parameter is one of the only security measures that memcached has, so make sure
-# it's listening on a firewalled interface.
--l 127.0.0.1
-
-# Limit the number of simultaneous incoming connections. The daemon default is 1024
-# -c 1024
-
-# Lock down all paged memory. Consult with the README and homepage before you do this
-# -k
-
-# Return error when memory is exhausted (rather than removing items)
-# -M
-
-# Maximize core file limit
-# -r
-
-# Use a pidfile
--P /var/run/memcached/memcached.pid

templates/nftables.j2

@@ -1,19 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# vim:set ts=2 sw=2 et:
-
-flush ruleset
-
-table inet filter {
-	chain input {
-		type filter hook input priority 0; policy drop;
-
-		# accept any localhost traffic
-		iif lo accept
-
-		# accept traffic originated from us
-		ct state { established, related } accept
-
-		tcp dport { 22, 80, 443 } accept
-	}
-}

templates/nginx.j2

@@ -1,30 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-server {
-	listen 80;
-	server_name {{ hostname }};
-	return 301 https://$server_name$request_uri;
-}
-
-server {
-	listen 443 ssl;
-	server_name {{ hostname }};
-
-	ssl_certificate /etc/ssl/{{ app_name }}/{{ app_name }}.crt;
-	ssl_certificate_key /etc/ssl/{{ app_name }}/local.pem;
-
-	access_log /var/log/nginx/{{ app_name }}.log;
-	error_log /var/log/nginx/{{ app_name }}.log;
-
-	location /static/ {
-		root /srv/sites/newsreader;
-	}
-
-	location / {
-		include proxy_params;
-
-		proxy_redirect off;
-
-		proxy_pass http://unix:/run/gunicorn.sock;
-	}
-}

templates/pgbouncer-users.j2

@@ -1 +0,0 @@
-"{{ pgbouncer_user }}" "{{ pgbouncer_password }}"

templates/pgbouncer.j2

@@ -1,359 +0,0 @@
-;; {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-;;
-;; database name = connect string
-;;
-;; connect string params:
-;;   dbname= host= port= user= password= auth_user=
-;;   client_encoding= datestyle= timezone=
-;;   pool_size= reserve_pool= max_db_connections=
-;;   pool_mode= connect_query= application_name=
-[databases]
-newsreader = host={{ postgres_host }} port={{ postgres_port }} dbname={{ postgres_db }} user={{ postgres_user }} password={{ postgres_password }}
-
-;; foodb over Unix socket
-;foodb =
-
-;; redirect bardb to bazdb on localhost
-;bardb = host=localhost dbname=bazdb
-
-;; access to dest database will go with single user
-;forcedb = host=localhost port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1'
-
-;; use custom pool sizes
-;nondefaultdb = pool_size=50 reserve_pool=10
-
-;; use auth_user with auth_query if user not present in auth_file
-;; auth_user must exist in auth_file
-; foodb = auth_user=bar
-
-;; fallback connect string
-;* = host=testserver
-
-;; User-specific configuration
-[users]
-
-;user1 = pool_mode=transaction max_user_connections=10
-
-;; Configuration section
-[pgbouncer]
-
-;;;
-;;; Administrative settings
-;;;
-
-logfile = /var/log/postgresql/pgbouncer.log
-pidfile = /var/run/postgresql/pgbouncer.pid
-
-;;;
-;;; Where to wait for clients
-;;;
-
-;; IP address or * which means all IPs
-listen_addr = {{ pgbouncer_listen_address }}
-listen_port = {{ pgbouncer_port }}
-
-;; Unix socket is also used for -R.
-;; On Debian it should be /var/run/postgresql
-;unix_socket_dir = /tmp
-;unix_socket_mode = 0777
-;unix_socket_group =
-unix_socket_dir = /var/run/postgresql
-
-;;;
-;;; TLS settings for accepting clients
-;;;
-
-;; disable, allow, require, verify-ca, verify-full
-;client_tls_sslmode = disable
-
-;; Path to file that contains trusted CA certs
-;client_tls_ca_file = <system default>
-
-;; Private key and cert to present to clients.
-;; Required for accepting TLS connections from clients.
-;client_tls_key_file =
-;client_tls_cert_file =
-
-;; fast, normal, secure, legacy, <ciphersuite string>
-;client_tls_ciphers = fast
-
-;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
-;client_tls_protocols = secure
-
-;; none, auto, legacy
-;client_tls_dheparams = auto
-
-;; none, auto, <curve name>
-;client_tls_ecdhcurve = auto
-
-;;;
-;;; TLS settings for connecting to backend databases
-;;;
-
-;; disable, allow, require, verify-ca, verify-full
-server_tls_sslmode = require
-
-;; Path to that contains trusted CA certs
-;server_tls_ca_file = <system default>
-
-;; Private key and cert to present to backend.
-;; Needed only if backend server require client cert.
-;server_tls_key_file =
-;server_tls_cert_file =
-
-;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
-;server_tls_protocols = secure
-
-;; fast, normal, secure, legacy, <ciphersuite string>
-;server_tls_ciphers = fast
-
-;;;
-;;; Authentication settings
-;;;
-
-;; any, trust, plain, md5, cert, hba, pam
-auth_type = trust
-auth_file = /etc/pgbouncer/userlist.txt
-
-;; Path to HBA-style auth config
-;auth_hba_file =
-
-;; Query to use to fetch password from database.  Result
-;; must have 2 columns - username and password hash.
-;auth_query = SELECT usename, passwd FROM pg_shadow WHERE usename=$1
-
-;;;
-;;; Users allowed into database 'pgbouncer'
-;;;
-
-;; comma-separated list of users who are allowed to change settings
-;admin_users = user2, someadmin, otheradmin
-
-;; comma-separated list of users who are just allowed to use SHOW command
-;stats_users = stats, root
-
-;;;
-;;; Pooler personality questions
-;;;
-
-;; When server connection is released back to pool:
-;;   session      - after client disconnects (default)
-;;   transaction  - after transaction finishes
-;;   statement    - after statement finishes
-;pool_mode = session
-
-;; Query for cleaning connection immediately after releasing from
-;; client.  No need to put ROLLBACK here, pgbouncer does not reuse
-;; connections where transaction is left open.
-;server_reset_query = DISCARD ALL
-
-;; Whether server_reset_query should run in all pooling modes.  If it
-;; is off, server_reset_query is used only for session-pooling.
-;server_reset_query_always = 0
-
-;; Comma-separated list of parameters to ignore when given in startup
-;; packet.  Newer JDBC versions require the extra_float_digits here.
-;ignore_startup_parameters = extra_float_digits
-
-;; When taking idle server into use, this query is run first.
-;server_check_query = select 1
-
-;; If server was used more recently that this many seconds ago,
-; skip the check query.  Value 0 may or may not run in immediately.
-;server_check_delay = 30
-
-;; Close servers in session pooling mode after a RECONNECT, RELOAD,
-;; etc. when they are idle instead of at the end of the session.
-;server_fast_close = 0
-
-;; Use <appname - host> as application_name on server.
-;application_name_add_host = 0
-
-;; Period for updating aggregated stats.
-;stats_period = 60
-
-;;;
-;;; Connection limits
-;;;
-
-;; Total number of clients that can connect
-;max_client_conn = 100
-
-;; Default pool size.  20 is good number when transaction pooling
-;; is in use, in session pooling it needs to be the number of
-;; max clients you want to handle at any moment
-;default_pool_size = 20
-
-;; Minimum number of server connections to keep in pool.
-;min_pool_size = 0
-
-; how many additional connection to allow in case of trouble
-;reserve_pool_size = 0
-
-;; If a clients needs to wait more than this many seconds, use reserve
-;; pool.
-;reserve_pool_timeout = 5
-
-;; Maximum number of server connections for a database
-;max_db_connections = 0
-
-;; Maximum number of server connections for a user
-;max_user_connections = 0
-
-;; If off, then server connections are reused in LIFO manner
-;server_round_robin = 0
-
-;;;
-;;; Logging
-;;;
-
-;; Syslog settings
-;syslog = 0
-;syslog_facility = daemon
-;syslog_ident = pgbouncer
-
-;; log if client connects or server connection is made
-;log_connections = 1
-
-;; log if and why connection was closed
-;log_disconnections = 1
-
-;; log error messages pooler sends to clients
-;log_pooler_errors = 1
-
-;; write aggregated stats into log
-;log_stats = 1
-
-;; Logging verbosity.  Same as -v switch on command line.
-;verbose = 0
-
-;;;
-;;; Timeouts
-;;;
-
-;; Close server connection if its been connected longer.
-;server_lifetime = 3600
-
-;; Close server connection if its not been used in this time.  Allows
-;; to clean unnecessary connections from pool after peak.
-;server_idle_timeout = 600
-
-;; Cancel connection attempt if server does not answer takes longer.
-;server_connect_timeout = 15
-
-;; If server login failed (server_connect_timeout or auth failure)
-;; then wait this many second.
-;server_login_retry = 15
-
-;; Dangerous.  Server connection is closed if query does not return in
-;; this time.  Should be used to survive network problems, _not_ as
-;; statement_timeout. (default: 0)
-;query_timeout = 0
-
-;; Dangerous.  Client connection is closed if the query is not
-;; assigned to a server in this time.  Should be used to limit the
-;; number of queued queries in case of a database or network
-;; failure. (default: 120)
-;query_wait_timeout = 120
-
-;; Dangerous.  Client connection is closed if no activity in this
-;; time.  Should be used to survive network problems. (default: 0)
-;client_idle_timeout = 0
-
-;; Disconnect clients who have not managed to log in after connecting
-;; in this many seconds.
-;client_login_timeout = 60
-
-;; Clean automatically created database entries (via "*") if they stay
-;; unused in this many seconds.
-; autodb_idle_timeout = 3600
-
-;; Close connections which are in "IDLE in transaction" state longer
-;; than this many seconds.
-;idle_transaction_timeout = 0
-
-;; How long SUSPEND/-R waits for buffer flush before closing
-;; connection.
-;suspend_timeout = 10
-
-;;;
-;;; Low-level tuning options
-;;;
-
-;; buffer for streaming packets
-;pkt_buf = 4096
-
-;; man 2 listen
-;listen_backlog = 128
-
-;; Max number pkt_buf to process in one event loop.
-;sbuf_loopcnt = 5
-
-;; Maximum PostgreSQL protocol packet size.
-;max_packet_size = 2147483647
-
-;; Set SO_REUSEPORT socket option
-;so_reuseport = 0
-
-;; networking options, for info: man 7 tcp
-
-;; Linux: Notify program about new connection only if there is also
-;; data received.  (Seconds to wait.)  On Linux the default is 45, on
-;; other OS'es 0.
-;tcp_defer_accept = 0
-
-;; In-kernel buffer size (Linux default: 4096)
-;tcp_socket_buffer = 0
-
-;; whether tcp keepalive should be turned on (0/1)
-;tcp_keepalive = 1
-
-;; The following options are Linux-specific.  They also require
-;; tcp_keepalive=1.
-
-;; Count of keepalive packets
-;tcp_keepcnt = 0
-
-;; How long the connection can be idle before sending keepalive
-;; packets
-;tcp_keepidle = 0
-
-;; The time between individual keepalive probes
-;tcp_keepintvl = 0
-
-;; How long may transmitted data remain unacknowledged before TCP
-;; connection is closed (in milliseconds)
-;tcp_user_timeout = 0
-
-;; DNS lookup caching time
-;dns_max_ttl = 15
-
-;; DNS zone SOA lookup period
-;dns_zone_check_period = 0
-
-;; DNS negative result caching time
-;dns_nxdomain_ttl = 15
-
-;; Custom resolv.conf file, to set custom DNS servers or other options
-;; (default: empty = use OS settings)
-;resolv_conf = /etc/pgbouncer/resolv.conf
-
-;;;
-;;; Random stuff
-;;;
-
-;; Hackish security feature.  Helps against SQL injection: when PQexec
-;; is disabled, multi-statement cannot be made.
-;disable_pqexec = 0
-
-;; Config file to use for next RELOAD/SIGHUP
-;; By default contains config file from command line.
-;conffile
-
-;; Windows service name to register as.  job_name is alias for
-;; service_name, used by some Skytools scripts.
-;service_name = pgbouncer
-;job_name = pgbouncer
-
-;; Read additional config from other file
-;%include /etc/pgbouncer/pgbouncer-other.ini

templates/rabbitmq.conf.j2

@@ -1,18 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# Defaults to rabbit. This can be useful if you want to run more than one node
-# per machine - RABBITMQ_NODENAME should be unique per erlang-node-and-machine
-# combination. See the clustering on a single machine guide for details:
-# http://www.rabbitmq.com/clustering.html#single-machine
-#NODENAME=rabbit
-
-# By default RabbitMQ will bind to all interfaces, on IPv4 and IPv6 if
-# available. Set this if you only want to bind to one network interface or#
-# address family.
-#NODE_IP_ADDRESS=127.0.0.1
-
-# Defaults to 5672.
-#NODE_PORT=5672
-
-# Fix rabbitmq name resolution
-HOSTNAME=localhost

templates/sudoers.j2

@@ -1,3 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-ansible ALL = (newsreader:newsreader) NOPASSWD: ALL