diff --git a/.prettier.json b/.prettier.json deleted file mode 100644 index 9c76f6b..0000000 --- a/.prettier.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "singleQuote": true, - "printWidth": 90, - "tabWidth": 2, - "useTabs": false, - "bracketSpacing": true, - "parser": "yaml" -} - diff --git a/.prettier.yaml b/.prettier.yaml new file mode 100644 index 0000000..f0dcb15 --- /dev/null +++ b/.prettier.yaml @@ -0,0 +1,5 @@ +singleQuote: true, +printWidth: 90, +tabWidth: 2, +useTabs: false, +bracketSpacing: true, diff --git a/handlers.yml b/handlers.yml new file mode 100644 index 0000000..41a6078 --- /dev/null +++ b/handlers.yml @@ -0,0 +1,34 @@ +- name: restart gunicorn socket + systemd: + daemon-reload: true + name: gunicorn.socket + state: restarted + enabled: true + +- name: stop gunicorn service + systemd: + daemon-reload: true + name: gunicorn.service + state: stopped + enabled: false + +- name: restart pgbouncer + systemd: + daemon-reload: true + name: pgbouncer + state: restarted + enabled: true + +- name: restart celery + systemd: + daemon-reload: true + name: celery + state: restarted + enabled: true + +- name: restart celerybeat + systemd: + daemon-reload: true + name: celerybeat + state: restarted + enabled: true diff --git a/tasks/main.yml b/tasks/main.yml index 07aa770..1c4a502 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,151 +1,151 @@ - include_role: name: common - tasks_from: 'network.yml' + tasks_from: "network.yml" - include_role: name: common - tasks_from: 'host.yml' + tasks_from: "host.yml" - include_role: name: common - tasks_from: 'sudoers.yml' + tasks_from: "sudoers.yml" loop: - { - src: '../../templates/sudoers.j2', - dest: '/etc/sudoers.d/30-ansible-extra', + src: "../../templates/sudoers.j2", + dest: "/etc/sudoers.d/30-ansible-extra", } - name: install packages apt: - name: '{{ packages }}' + name: "{{ packages }}" state: present notify: - restart postfix - name: copy firewall templates template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: root - mode: '0600' + mode: "0600" loop: - - { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' } + - { src: "templates/nftables.j2", dest: "/etc/nftables.conf" } notify: restart nftables - name: copy memcached conf template: - src: 'templates/memcached.j2' - dest: '/etc/memcached.conf' + src: "templates/memcached.j2" + dest: "/etc/memcached.conf" owner: root group: root - mode: '0644' + mode: "0644" notify: restart memcached - name: add gitlab to known hosts - become_user: '{{ app_user }}' + become_user: "{{ app_user }}" known_hosts: - name: '{{ gitlab_domain }}' - key: '{{ gitlab_host_key }}' + name: "{{ gitlab_domain }}" + key: "{{ gitlab_host_key }}" - name: add gitlab pubkey authorized_key: user: ansible state: present - key: '{{ app_deploy_key }}' + key: "{{ app_deploy_key }}" - name: Add newsreader user user: - name: '{{ app_user }}' + name: "{{ app_user }}" create_home: yes shell: /bin/bash - name: create ssh dir file: - path: '/home/{{ app_user }}/.ssh' + path: "/home/{{ app_user }}/.ssh" state: directory - owner: '{{ app_user }}' - group: '{{ app_user }}' + owner: "{{ app_user }}" + group: "{{ app_user }}" mode: 0755 - name: create rabbitmq service override dir file: path: /etc/systemd/system/rabbitmq-server.service.d/ state: directory - mode: '0644' + mode: "0644" - name: copy rabbitmq configurations template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - mode: '{{ item.mode }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" loop: - { - src: 'templates/limits.j2', - dest: '/etc/systemd/system/rabbitmq-server.service.d/limits.conf', - mode: '0644', - group: 'root', - owner: 'root', + src: "templates/limits.j2", + dest: "/etc/systemd/system/rabbitmq-server.service.d/limits.conf", + mode: "0644", + group: "root", + owner: "root", } - { - src: 'rabbitmq.conf.j2', - dest: '/etc/rabbitmq/rabbitmq-env.conf', - mode: '0644', - group: 'rabbitmq', - owner: 'rabbitmq', + src: "rabbitmq.conf.j2", + dest: "/etc/rabbitmq/rabbitmq-env.conf", + mode: "0644", + group: "rabbitmq", + owner: "rabbitmq", } notify: restart rabbitmq - include_role: name: common - tasks_from: 'ssl.yml' + tasks_from: "ssl.yml" - include_role: name: common - tasks_from: 'nginx.yml' + tasks_from: "nginx.yml" - name: copy nginx config template: - src: 'templates/nginx.j2' - dest: '/etc/nginx/sites-available/newsreader' + src: "templates/nginx.j2" + dest: "/etc/nginx/sites-available/newsreader" owner: root group: root - mode: '0644' + mode: "0644" - name: link nginx config file: - src: '/etc/nginx/sites-available/newsreader' - dest: '/etc/nginx/sites-enabled/newsreader' + src: "/etc/nginx/sites-available/newsreader" + dest: "/etc/nginx/sites-enabled/newsreader" owner: root group: root - mode: '0777' + mode: "0777" state: link - name: copy nftables config template: - src: 'templates/nftables.j2' - dest: '/etc/nftables.conf' + src: "templates/nftables.j2" + dest: "/etc/nftables.conf" owner: root group: root - mode: '0600' + mode: "0600" notify: restart nftables - name: copy pgbouncer config template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: postgres group: postgres - mode: '{{ item.mode }}' + mode: "{{ item.mode }}" loop: - { - src: 'templates/pgbouncer.j2', - dest: '/etc/pgbouncer/pgbouncer.ini', - 'mode': '0640', + src: "templates/pgbouncer.j2", + dest: "/etc/pgbouncer/pgbouncer.ini", + "mode": "0640", } - { - src: 'templates/pgbouncer-users.j2', - dest: '/etc/pgbouncer/userlist.txt', - 'mode': '0640', + src: "templates/pgbouncer-users.j2", + dest: "/etc/pgbouncer/userlist.txt", + "mode": "0640", } - name: ensure pgbouncer is restarted diff --git a/tasks/poetry.yml b/tasks/poetry.yml index 065bb88..7dbb936 100644 --- a/tasks/poetry.yml +++ b/tasks/poetry.yml @@ -1,32 +1,32 @@ - name: include poetry tasks include_role: name: common - tasks_from: 'poetry.yml' + tasks_from: "poetry.yml" vars: - poetry_user: '{{ app_user }}' - poetry_dir: '/home/{{ app_user }}/.poetry' + poetry_user: "{{ app_user }}" + poetry_dir: "/home/{{ app_user }}/.poetry" - name: retrieve user $PATH - shell: 'echo $PATH' - become_user: '{{ app_user }}' + shell: "echo $PATH" + become_user: "{{ app_user }}" register: path_stats - name: set poetry user variables set_fact: - poetry_user_path: '{{ path_stats.stdout }}' + poetry_user_path: "{{ path_stats.stdout }}" - name: set default venv python version - become_user: '{{ app_user }}' - command: 'poetry env use python3.7' + become_user: "{{ app_user }}" + command: "poetry env use python3.7" args: - chdir: '{{ app_dir }}' + chdir: "{{ app_dir }}" environment: - PATH: '/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}' + PATH: "/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}" - name: install project dependencies - become_user: '{{ app_user }}' + become_user: "{{ app_user }}" command: 'poetry install --extras "sentry"' args: - chdir: '{{ app_dir }}' + chdir: "{{ app_dir }}" environment: - PATH: '/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}' + PATH: "/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}" diff --git a/tasks/project.yml b/tasks/project.yml index e0bfea4..a39b577 100644 --- a/tasks/project.yml +++ b/tasks/project.yml @@ -1,100 +1,100 @@ - name: install npm packages - become_user: '{{ app_user }}' + become_user: "{{ app_user }}" command: /usr/bin/npm install args: - chdir: '{{ app_dir }}' + chdir: "{{ app_dir }}" - name: build static files - become_user: '{{ app_user }}' + become_user: "{{ app_user }}" command: /usr/bin/npm run build:prod args: - chdir: '{{ app_dir }}' + chdir: "{{ app_dir }}" - name: run migrations - become_user: '{{ app_user }}' + become_user: "{{ app_user }}" django_manage: command: migrate - app_path: '{{ app_dir }}/src/' - virtualenv: '{{ app_dir }}/.venv' - settings: 'newsreader.conf.production' + app_path: "{{ app_dir }}/src/" + virtualenv: "{{ app_dir }}/.venv" + settings: "newsreader.conf.production" - name: collect static files - become_user: '{{ app_user }}' + become_user: "{{ app_user }}" django_manage: command: collectstatic - app_path: '{{ app_dir }}/src/' - virtualenv: '{{ app_dir }}/.venv' - settings: 'newsreader.conf.production' + app_path: "{{ app_dir }}/src/" + virtualenv: "{{ app_dir }}/.venv" + settings: "newsreader.conf.production" - name: setup env file template: - src: 'templates/env.j2' - dest: '{{ app_dir }}/.env' - owner: '{{ app_user }}' - group: '{{ app_user }}' + src: "templates/env.j2" + dest: "{{ app_dir }}/.env" + owner: "{{ app_user }}" + group: "{{ app_user }}" mode: 0600 - name: setup gunicorn service template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: root - mode: '{{ item.mode }}' + mode: "{{ item.mode }}" loop: - { - src: 'templates/gunicorn-socket.j2', - dest: '/etc/systemd/system/gunicorn.socket', - 'mode': '0644', + src: "templates/gunicorn-socket.j2", + dest: "/etc/systemd/system/gunicorn.socket", + "mode": "0644", } - { - src: 'templates/gunicorn.j2', - dest: '/etc/systemd/system/gunicorn.service', - 'mode': '0644', + src: "templates/gunicorn.j2", + dest: "/etc/systemd/system/gunicorn.service", + "mode": "0644", } notify: - restart gunicorn socket - stop gunicorn service - name: create conf dir - become_user: '{{ app_user }}' + become_user: "{{ app_user }}" file: - path: '/home/{{ app_user }}/.config/conf.d' + path: "/home/{{ app_user }}/.config/conf.d" state: directory - owner: '{{ app_user }}' - group: '{{ app_user }}' + owner: "{{ app_user }}" + group: "{{ app_user }}" mode: 0750 - name: create celery run dir file: path: /run/celery state: directory - owner: '{{ app_user }}' - group: '{{ app_user }}' + owner: "{{ app_user }}" + group: "{{ app_user }}" mode: 0755 - name: copy celery config template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: '{{ app_user }}' - group: '{{ app_user }}' - mode: '{{ item.mode }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ app_user }}" + group: "{{ app_user }}" + mode: "{{ item.mode }}" loop: - { - src: 'templates/celery.j2', - dest: '/etc/systemd/system/celery.service', - 'mode': '0644', + src: "templates/celery.j2", + dest: "/etc/systemd/system/celery.service", + "mode": "0644", } - { - src: 'templates/celerybeat.j2', - dest: '/etc/systemd/system/celerybeat.service', - 'mode': '0644', + src: "templates/celerybeat.j2", + dest: "/etc/systemd/system/celerybeat.service", + "mode": "0644", } - { - src: 'templates/celery.env.j2', - dest: '/home/newsreader/.config/conf.d/celery', - 'mode': '0640', + src: "templates/celery.env.j2", + dest: "/home/newsreader/.config/conf.d/celery", + "mode": "0640", } notify: - restart celery diff --git a/tasks/setup.yml b/tasks/setup.yml index 8d0047a..cbe5959 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,6 +1,6 @@ - name: create sites dir file: - path: '/srv/sites' + path: "/srv/sites" state: directory owner: root group: root @@ -8,17 +8,17 @@ - name: create project dir file: - path: '{{ app_dir }}' + path: "{{ app_dir }}" state: directory - owner: '{{ app_user }}' - group: '{{ app_user }}' + owner: "{{ app_user }}" + group: "{{ app_user }}" mode: 0755 - name: clone project - become_user: '{{ app_user }}' + become_user: "{{ app_user }}" git: - repo: 'https://git.fudiggity.nl/sonny/newsreader.git' - dest: '{{ app_dir }}' - version: '{{ app_branch }}' + repo: "https://git.fudiggity.nl/sonny/newsreader.git" + dest: "{{ app_dir }}" + version: "{{ app_branch }}" update: true force: true