sonny/newsreader-ansible
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add back handlers.yml

Browse source
This commit is contained in:
Sonny Bakker 2021-01-27 22:55:07 +01:00
parent ccab22dea3
commit cb3149926c
7 changed files with 162 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.prettier.json
View file

@ -1,9 +0,0 @@
{
"singleQuote": true,
"printWidth": 90,
"tabWidth": 2,
"useTabs": false,
"bracketSpacing": true,
"parser": "yaml"
}

5
.prettier.yaml Normal file
View file

@ -0,0 +1,5 @@
singleQuote: true,
printWidth: 90,
tabWidth: 2,
useTabs: false,
bracketSpacing: true,

34
handlers.yml Normal file
View file

@ -0,0 +1,34 @@
- name: restart gunicorn socket
systemd:
daemon-reload: true
name: gunicorn.socket
state: restarted
enabled: true
- name: stop gunicorn service
systemd:
daemon-reload: true
name: gunicorn.service
state: stopped
enabled: false
- name: restart pgbouncer
systemd:
daemon-reload: true
name: pgbouncer
state: restarted
enabled: true
- name: restart celery
systemd:
daemon-reload: true
name: celery
state: restarted
enabled: true
- name: restart celerybeat
systemd:
daemon-reload: true
name: celerybeat
state: restarted
enabled: true

114
tasks/main.yml
View file

@ -1,151 +1,151 @@
- include_role:
name: common
tasks_from: 'network.yml'
tasks_from: "network.yml"
- include_role:
name: common
tasks_from: 'host.yml'
tasks_from: "host.yml"
- include_role:
name: common
tasks_from: 'sudoers.yml'
tasks_from: "sudoers.yml"
loop:
- {
src: '../../templates/sudoers.j2',
dest: '/etc/sudoers.d/30-ansible-extra',
src: "../../templates/sudoers.j2",
dest: "/etc/sudoers.d/30-ansible-extra",
}
- name: install packages
apt:
name: '{{ packages }}'
name: "{{ packages }}"
state: present
notify:
- restart postfix
- name: copy firewall templates
template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0600'
mode: "0600"
loop:
- { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' }
- { src: "templates/nftables.j2", dest: "/etc/nftables.conf" }
notify: restart nftables
- name: copy memcached conf
template:
src: 'templates/memcached.j2'
dest: '/etc/memcached.conf'
src: "templates/memcached.j2"
dest: "/etc/memcached.conf"
owner: root
group: root
mode: '0644'
mode: "0644"
notify: restart memcached
- name: add gitlab to known hosts
become_user: '{{ app_user }}'
become_user: "{{ app_user }}"
known_hosts:
name: '{{ gitlab_domain }}'
key: '{{ gitlab_host_key }}'
name: "{{ gitlab_domain }}"
key: "{{ gitlab_host_key }}"
- name: add gitlab pubkey
authorized_key:
user: ansible
state: present
key: '{{ app_deploy_key }}'
key: "{{ app_deploy_key }}"
- name: Add newsreader user
user:
name: '{{ app_user }}'
name: "{{ app_user }}"
create_home: yes
shell: /bin/bash
- name: create ssh dir
file:
path: '/home/{{ app_user }}/.ssh'
path: "/home/{{ app_user }}/.ssh"
state: directory
owner: '{{ app_user }}'
group: '{{ app_user }}'
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: 0755
- name: create rabbitmq service override dir
file:
path: /etc/systemd/system/rabbitmq-server.service.d/
state: directory
mode: '0644'
mode: "0644"
- name: copy rabbitmq configurations
template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '{{ item.mode }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
loop:
- {
src: 'templates/limits.j2',
dest: '/etc/systemd/system/rabbitmq-server.service.d/limits.conf',
mode: '0644',
group: 'root',
owner: 'root',
src: "templates/limits.j2",
dest: "/etc/systemd/system/rabbitmq-server.service.d/limits.conf",
mode: "0644",
group: "root",
owner: "root",
}
- {
src: 'rabbitmq.conf.j2',
dest: '/etc/rabbitmq/rabbitmq-env.conf',
mode: '0644',
group: 'rabbitmq',
owner: 'rabbitmq',
src: "rabbitmq.conf.j2",
dest: "/etc/rabbitmq/rabbitmq-env.conf",
mode: "0644",
group: "rabbitmq",
owner: "rabbitmq",
}
notify: restart rabbitmq
- include_role:
name: common
tasks_from: 'ssl.yml'
tasks_from: "ssl.yml"
- include_role:
name: common
tasks_from: 'nginx.yml'
tasks_from: "nginx.yml"
- name: copy nginx config
template:
src: 'templates/nginx.j2'
dest: '/etc/nginx/sites-available/newsreader'
src: "templates/nginx.j2"
dest: "/etc/nginx/sites-available/newsreader"
owner: root
group: root
mode: '0644'
mode: "0644"
- name: link nginx config
file:
src: '/etc/nginx/sites-available/newsreader'
dest: '/etc/nginx/sites-enabled/newsreader'
src: "/etc/nginx/sites-available/newsreader"
dest: "/etc/nginx/sites-enabled/newsreader"
owner: root
group: root
mode: '0777'
mode: "0777"
state: link
- name: copy nftables config
template:
src: 'templates/nftables.j2'
dest: '/etc/nftables.conf'
src: "templates/nftables.j2"
dest: "/etc/nftables.conf"
owner: root
group: root
mode: '0600'
mode: "0600"
notify: restart nftables
- name: copy pgbouncer config
template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: postgres
group: postgres
mode: '{{ item.mode }}'
mode: "{{ item.mode }}"
loop:
- {
src: 'templates/pgbouncer.j2',
dest: '/etc/pgbouncer/pgbouncer.ini',
'mode': '0640',
src: "templates/pgbouncer.j2",
dest: "/etc/pgbouncer/pgbouncer.ini",
"mode": "0640",
}
- {
src: 'templates/pgbouncer-users.j2',
dest: '/etc/pgbouncer/userlist.txt',
'mode': '0640',
src: "templates/pgbouncer-users.j2",
dest: "/etc/pgbouncer/userlist.txt",
"mode": "0640",
}
- name: ensure pgbouncer is restarted

26
tasks/poetry.yml
View file

@ -1,32 +1,32 @@
- name: include poetry tasks
include_role:
name: common
tasks_from: 'poetry.yml'
tasks_from: "poetry.yml"
vars:
poetry_user: '{{ app_user }}'
poetry_dir: '/home/{{ app_user }}/.poetry'
poetry_user: "{{ app_user }}"
poetry_dir: "/home/{{ app_user }}/.poetry"
- name: retrieve user $PATH
shell: 'echo $PATH'
become_user: '{{ app_user }}'
shell: "echo $PATH"
become_user: "{{ app_user }}"
register: path_stats
- name: set poetry user variables
set_fact:
poetry_user_path: '{{ path_stats.stdout }}'
poetry_user_path: "{{ path_stats.stdout }}"
- name: set default venv python version
become_user: '{{ app_user }}'
command: 'poetry env use python3.7'
become_user: "{{ app_user }}"
command: "poetry env use python3.7"
args:
chdir: '{{ app_dir }}'
chdir: "{{ app_dir }}"
environment:
PATH: '/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}'
PATH: "/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}"
- name: install project dependencies
become_user: '{{ app_user }}'
become_user: "{{ app_user }}"
command: 'poetry install --extras "sentry"'
args:
chdir: '{{ app_dir }}'
chdir: "{{ app_dir }}"
environment:
PATH: '/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}'
PATH: "/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}"

90
tasks/project.yml
View file

@ -1,100 +1,100 @@
- name: install npm packages
become_user: '{{ app_user }}'
become_user: "{{ app_user }}"
command: /usr/bin/npm install
args:
chdir: '{{ app_dir }}'
chdir: "{{ app_dir }}"
- name: build static files
become_user: '{{ app_user }}'
become_user: "{{ app_user }}"
command: /usr/bin/npm run build:prod
args:
chdir: '{{ app_dir }}'
chdir: "{{ app_dir }}"
- name: run migrations
become_user: '{{ app_user }}'
become_user: "{{ app_user }}"
django_manage:
command: migrate
app_path: '{{ app_dir }}/src/'
virtualenv: '{{ app_dir }}/.venv'
settings: 'newsreader.conf.production'
app_path: "{{ app_dir }}/src/"
virtualenv: "{{ app_dir }}/.venv"
settings: "newsreader.conf.production"
- name: collect static files
become_user: '{{ app_user }}'
become_user: "{{ app_user }}"
django_manage:
command: collectstatic
app_path: '{{ app_dir }}/src/'
virtualenv: '{{ app_dir }}/.venv'
settings: 'newsreader.conf.production'
app_path: "{{ app_dir }}/src/"
virtualenv: "{{ app_dir }}/.venv"
settings: "newsreader.conf.production"
- name: setup env file
template:
src: 'templates/env.j2'
dest: '{{ app_dir }}/.env'
owner: '{{ app_user }}'
group: '{{ app_user }}'
src: "templates/env.j2"
dest: "{{ app_dir }}/.env"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: 0600
- name: setup gunicorn service
template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '{{ item.mode }}'
mode: "{{ item.mode }}"
loop:
- {
src: 'templates/gunicorn-socket.j2',
dest: '/etc/systemd/system/gunicorn.socket',
'mode': '0644',
src: "templates/gunicorn-socket.j2",
dest: "/etc/systemd/system/gunicorn.socket",
"mode": "0644",
}
- {
src: 'templates/gunicorn.j2',
dest: '/etc/systemd/system/gunicorn.service',
'mode': '0644',
src: "templates/gunicorn.j2",
dest: "/etc/systemd/system/gunicorn.service",
"mode": "0644",
}
notify:
- restart gunicorn socket
- stop gunicorn service
- name: create conf dir
become_user: '{{ app_user }}'
become_user: "{{ app_user }}"
file:
path: '/home/{{ app_user }}/.config/conf.d'
path: "/home/{{ app_user }}/.config/conf.d"
state: directory
owner: '{{ app_user }}'
group: '{{ app_user }}'
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: 0750
- name: create celery run dir
file:
path: /run/celery
state: directory
owner: '{{ app_user }}'
group: '{{ app_user }}'
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: 0755
- name: copy celery config
template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: '{{ app_user }}'
group: '{{ app_user }}'
mode: '{{ item.mode }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "{{ item.mode }}"
loop:
- {
src: 'templates/celery.j2',
dest: '/etc/systemd/system/celery.service',
'mode': '0644',
src: "templates/celery.j2",
dest: "/etc/systemd/system/celery.service",
"mode": "0644",
}
- {
src: 'templates/celerybeat.j2',
dest: '/etc/systemd/system/celerybeat.service',
'mode': '0644',
src: "templates/celerybeat.j2",
dest: "/etc/systemd/system/celerybeat.service",
"mode": "0644",
}
- {
src: 'templates/celery.env.j2',
dest: '/home/newsreader/.config/conf.d/celery',
'mode': '0640',
src: "templates/celery.env.j2",
dest: "/home/newsreader/.config/conf.d/celery",
"mode": "0640",
}
notify:
- restart celery

16
tasks/setup.yml
View file

@ -1,6 +1,6 @@
- name: create sites dir
file:
path: '/srv/sites'
path: "/srv/sites"
state: directory
owner: root
group: root
@ -8,17 +8,17 @@
- name: create project dir
file:
path: '{{ app_dir }}'
path: "{{ app_dir }}"
state: directory
owner: '{{ app_user }}'
group: '{{ app_user }}'
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: 0755
- name: clone project
become_user: '{{ app_user }}'
become_user: "{{ app_user }}"
git:
repo: 'https://git.fudiggity.nl/sonny/newsreader.git'
dest: '{{ app_dir }}'
version: '{{ app_branch }}'
repo: "https://git.fudiggity.nl/sonny/newsreader.git"
dest: "{{ app_dir }}"
version: "{{ app_branch }}"
update: true
force: true