sonny/newsreader-ansible
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add back handlers.yml

Browse source
This commit is contained in:
Sonny Bakker 2021-01-27 22:55:07 +01:00
parent ccab22dea3
commit cb3149926c
7 changed files with 162 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.prettier.json
View file

@ -1,9 +0,0 @@
{
"singleQuote": true,
"printWidth": 90,
"tabWidth": 2,
"useTabs": false,
"bracketSpacing": true,
"parser": "yaml"
}

5
.prettier.yaml Normal file
View file

@ -0,0 +1,5 @@
singleQuote: true,
printWidth: 90,
tabWidth: 2,
useTabs: false,
bracketSpacing: true,

34
handlers.yml Normal file
View file

@ -0,0 +1,34 @@
- name: restart gunicorn socket
systemd:
daemon-reload: true
name: gunicorn.socket
state: restarted
enabled: true
- name: stop gunicorn service
systemd:
daemon-reload: true
name: gunicorn.service
state: stopped
enabled: false
- name: restart pgbouncer
systemd:
daemon-reload: true
name: pgbouncer
state: restarted
enabled: true
- name: restart celery
systemd:
daemon-reload: true
name: celery
state: restarted
enabled: true
- name: restart celerybeat
systemd:
daemon-reload: true
name: celerybeat
state: restarted
enabled: true

114
tasks/main.yml
View file

@ -1,151 +1,151 @@
- include_role: - include_role:
name: common name: common
tasks_from: 'network.yml' tasks_from: "network.yml"
- include_role: - include_role:
name: common name: common
tasks_from: 'host.yml' tasks_from: "host.yml"
- include_role: - include_role:
name: common name: common
tasks_from: 'sudoers.yml' tasks_from: "sudoers.yml"
loop: loop:
- { - {
src: '../../templates/sudoers.j2', src: "../../templates/sudoers.j2",
dest: '/etc/sudoers.d/30-ansible-extra', dest: "/etc/sudoers.d/30-ansible-extra",
} }
- name: install packages - name: install packages
apt: apt:
name: '{{ packages }}' name: "{{ packages }}"
state: present state: present
notify: notify:
- restart postfix - restart postfix
- name: copy firewall templates - name: copy firewall templates
template: template:
src: '{{ item.src }}' src: "{{ item.src }}"
dest: '{{ item.dest }}' dest: "{{ item.dest }}"
owner: root owner: root
group: root group: root
mode: '0600' mode: "0600"
loop: loop:
- { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' } - { src: "templates/nftables.j2", dest: "/etc/nftables.conf" }
notify: restart nftables notify: restart nftables
- name: copy memcached conf - name: copy memcached conf
template: template:
src: 'templates/memcached.j2' src: "templates/memcached.j2"
dest: '/etc/memcached.conf' dest: "/etc/memcached.conf"
owner: root owner: root
group: root group: root
mode: '0644' mode: "0644"
notify: restart memcached notify: restart memcached
- name: add gitlab to known hosts - name: add gitlab to known hosts
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
known_hosts: known_hosts:
name: '{{ gitlab_domain }}' name: "{{ gitlab_domain }}"
key: '{{ gitlab_host_key }}' key: "{{ gitlab_host_key }}"
- name: add gitlab pubkey - name: add gitlab pubkey
authorized_key: authorized_key:
user: ansible user: ansible
state: present state: present
key: '{{ app_deploy_key }}' key: "{{ app_deploy_key }}"
- name: Add newsreader user - name: Add newsreader user
user: user:
name: '{{ app_user }}' name: "{{ app_user }}"
create_home: yes create_home: yes
shell: /bin/bash shell: /bin/bash
- name: create ssh dir - name: create ssh dir
file: file:
path: '/home/{{ app_user }}/.ssh' path: "/home/{{ app_user }}/.ssh"
state: directory state: directory
owner: '{{ app_user }}' owner: "{{ app_user }}"
group: '{{ app_user }}' group: "{{ app_user }}"
mode: 0755 mode: 0755
- name: create rabbitmq service override dir - name: create rabbitmq service override dir
file: file:
path: /etc/systemd/system/rabbitmq-server.service.d/ path: /etc/systemd/system/rabbitmq-server.service.d/
state: directory state: directory
mode: '0644' mode: "0644"
- name: copy rabbitmq configurations - name: copy rabbitmq configurations
template: template:
src: '{{ item.src }}' src: "{{ item.src }}"
dest: '{{ item.dest }}' dest: "{{ item.dest }}"
owner: '{{ item.owner }}' owner: "{{ item.owner }}"
group: '{{ item.group }}' group: "{{ item.group }}"
mode: '{{ item.mode }}' mode: "{{ item.mode }}"
loop: loop:
- { - {
src: 'templates/limits.j2', src: "templates/limits.j2",
dest: '/etc/systemd/system/rabbitmq-server.service.d/limits.conf', dest: "/etc/systemd/system/rabbitmq-server.service.d/limits.conf",
mode: '0644', mode: "0644",
group: 'root', group: "root",
owner: 'root', owner: "root",
} }
- { - {
src: 'rabbitmq.conf.j2', src: "rabbitmq.conf.j2",
dest: '/etc/rabbitmq/rabbitmq-env.conf', dest: "/etc/rabbitmq/rabbitmq-env.conf",
mode: '0644', mode: "0644",
group: 'rabbitmq', group: "rabbitmq",
owner: 'rabbitmq', owner: "rabbitmq",
} }
notify: restart rabbitmq notify: restart rabbitmq
- include_role: - include_role:
name: common name: common
tasks_from: 'ssl.yml' tasks_from: "ssl.yml"
- include_role: - include_role:
name: common name: common
tasks_from: 'nginx.yml' tasks_from: "nginx.yml"
- name: copy nginx config - name: copy nginx config
template: template:
src: 'templates/nginx.j2' src: "templates/nginx.j2"
dest: '/etc/nginx/sites-available/newsreader' dest: "/etc/nginx/sites-available/newsreader"
owner: root owner: root
group: root group: root
mode: '0644' mode: "0644"
- name: link nginx config - name: link nginx config
file: file:
src: '/etc/nginx/sites-available/newsreader' src: "/etc/nginx/sites-available/newsreader"
dest: '/etc/nginx/sites-enabled/newsreader' dest: "/etc/nginx/sites-enabled/newsreader"
owner: root owner: root
group: root group: root
mode: '0777' mode: "0777"
state: link state: link
- name: copy nftables config - name: copy nftables config
template: template:
src: 'templates/nftables.j2' src: "templates/nftables.j2"
dest: '/etc/nftables.conf' dest: "/etc/nftables.conf"
owner: root owner: root
group: root group: root
mode: '0600' mode: "0600"
notify: restart nftables notify: restart nftables
- name: copy pgbouncer config - name: copy pgbouncer config
template: template:
src: '{{ item.src }}' src: "{{ item.src }}"
dest: '{{ item.dest }}' dest: "{{ item.dest }}"
owner: postgres owner: postgres
group: postgres group: postgres
mode: '{{ item.mode }}' mode: "{{ item.mode }}"
loop: loop:
- { - {
src: 'templates/pgbouncer.j2', src: "templates/pgbouncer.j2",
dest: '/etc/pgbouncer/pgbouncer.ini', dest: "/etc/pgbouncer/pgbouncer.ini",
'mode': '0640', "mode": "0640",
} }
- { - {
src: 'templates/pgbouncer-users.j2', src: "templates/pgbouncer-users.j2",
dest: '/etc/pgbouncer/userlist.txt', dest: "/etc/pgbouncer/userlist.txt",
'mode': '0640', "mode": "0640",
} }
- name: ensure pgbouncer is restarted - name: ensure pgbouncer is restarted

26
tasks/poetry.yml
View file

@ -1,32 +1,32 @@
- name: include poetry tasks - name: include poetry tasks
include_role: include_role:
name: common name: common
tasks_from: 'poetry.yml' tasks_from: "poetry.yml"
vars: vars:
poetry_user: '{{ app_user }}' poetry_user: "{{ app_user }}"
poetry_dir: '/home/{{ app_user }}/.poetry' poetry_dir: "/home/{{ app_user }}/.poetry"
- name: retrieve user $PATH - name: retrieve user $PATH
shell: 'echo $PATH' shell: "echo $PATH"
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
register: path_stats register: path_stats
- name: set poetry user variables - name: set poetry user variables
set_fact: set_fact:
poetry_user_path: '{{ path_stats.stdout }}' poetry_user_path: "{{ path_stats.stdout }}"
- name: set default venv python version - name: set default venv python version
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
command: 'poetry env use python3.7' command: "poetry env use python3.7"
args: args:
chdir: '{{ app_dir }}' chdir: "{{ app_dir }}"
environment: environment:
PATH: '/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}' PATH: "/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}"
- name: install project dependencies - name: install project dependencies
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
command: 'poetry install --extras "sentry"' command: 'poetry install --extras "sentry"'
args: args:
chdir: '{{ app_dir }}' chdir: "{{ app_dir }}"
environment: environment:
PATH: '/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}' PATH: "/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}"

90
tasks/project.yml
View file

@ -1,100 +1,100 @@
- name: install npm packages - name: install npm packages
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
command: /usr/bin/npm install command: /usr/bin/npm install
args: args:
chdir: '{{ app_dir }}' chdir: "{{ app_dir }}"
- name: build static files - name: build static files
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
command: /usr/bin/npm run build:prod command: /usr/bin/npm run build:prod
args: args:
chdir: '{{ app_dir }}' chdir: "{{ app_dir }}"
- name: run migrations - name: run migrations
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
django_manage: django_manage:
command: migrate command: migrate
app_path: '{{ app_dir }}/src/' app_path: "{{ app_dir }}/src/"
virtualenv: '{{ app_dir }}/.venv' virtualenv: "{{ app_dir }}/.venv"
settings: 'newsreader.conf.production' settings: "newsreader.conf.production"
- name: collect static files - name: collect static files
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
django_manage: django_manage:
command: collectstatic command: collectstatic
app_path: '{{ app_dir }}/src/' app_path: "{{ app_dir }}/src/"
virtualenv: '{{ app_dir }}/.venv' virtualenv: "{{ app_dir }}/.venv"
settings: 'newsreader.conf.production' settings: "newsreader.conf.production"
- name: setup env file - name: setup env file
template: template:
src: 'templates/env.j2' src: "templates/env.j2"
dest: '{{ app_dir }}/.env' dest: "{{ app_dir }}/.env"
owner: '{{ app_user }}' owner: "{{ app_user }}"
group: '{{ app_user }}' group: "{{ app_user }}"
mode: 0600 mode: 0600
- name: setup gunicorn service - name: setup gunicorn service
template: template:
src: '{{ item.src }}' src: "{{ item.src }}"
dest: '{{ item.dest }}' dest: "{{ item.dest }}"
owner: root owner: root
group: root group: root
mode: '{{ item.mode }}' mode: "{{ item.mode }}"
loop: loop:
- { - {
src: 'templates/gunicorn-socket.j2', src: "templates/gunicorn-socket.j2",
dest: '/etc/systemd/system/gunicorn.socket', dest: "/etc/systemd/system/gunicorn.socket",
'mode': '0644', "mode": "0644",
} }
- { - {
src: 'templates/gunicorn.j2', src: "templates/gunicorn.j2",
dest: '/etc/systemd/system/gunicorn.service', dest: "/etc/systemd/system/gunicorn.service",
'mode': '0644', "mode": "0644",
} }
notify: notify:
- restart gunicorn socket - restart gunicorn socket
- stop gunicorn service - stop gunicorn service
- name: create conf dir - name: create conf dir
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
file: file:
path: '/home/{{ app_user }}/.config/conf.d' path: "/home/{{ app_user }}/.config/conf.d"
state: directory state: directory
owner: '{{ app_user }}' owner: "{{ app_user }}"
group: '{{ app_user }}' group: "{{ app_user }}"
mode: 0750 mode: 0750
- name: create celery run dir - name: create celery run dir
file: file:
path: /run/celery path: /run/celery
state: directory state: directory
owner: '{{ app_user }}' owner: "{{ app_user }}"
group: '{{ app_user }}' group: "{{ app_user }}"
mode: 0755 mode: 0755
- name: copy celery config - name: copy celery config
template: template:
src: '{{ item.src }}' src: "{{ item.src }}"
dest: '{{ item.dest }}' dest: "{{ item.dest }}"
owner: '{{ app_user }}' owner: "{{ app_user }}"
group: '{{ app_user }}' group: "{{ app_user }}"
mode: '{{ item.mode }}' mode: "{{ item.mode }}"
loop: loop:
- { - {
src: 'templates/celery.j2', src: "templates/celery.j2",
dest: '/etc/systemd/system/celery.service', dest: "/etc/systemd/system/celery.service",
'mode': '0644', "mode": "0644",
} }
- { - {
src: 'templates/celerybeat.j2', src: "templates/celerybeat.j2",
dest: '/etc/systemd/system/celerybeat.service', dest: "/etc/systemd/system/celerybeat.service",
'mode': '0644', "mode": "0644",
} }
- { - {
src: 'templates/celery.env.j2', src: "templates/celery.env.j2",
dest: '/home/newsreader/.config/conf.d/celery', dest: "/home/newsreader/.config/conf.d/celery",
'mode': '0640', "mode": "0640",
} }
notify: notify:
- restart celery - restart celery

16
tasks/setup.yml
View file

@ -1,6 +1,6 @@
- name: create sites dir - name: create sites dir
file: file:
path: '/srv/sites' path: "/srv/sites"
state: directory state: directory
owner: root owner: root
group: root group: root
@ -8,17 +8,17 @@
- name: create project dir - name: create project dir
file: file:
path: '{{ app_dir }}' path: "{{ app_dir }}"
state: directory state: directory
owner: '{{ app_user }}' owner: "{{ app_user }}"
group: '{{ app_user }}' group: "{{ app_user }}"
mode: 0755 mode: 0755
- name: clone project - name: clone project
become_user: '{{ app_user }}' become_user: "{{ app_user }}"
git: git:
repo: 'https://git.fudiggity.nl/sonny/newsreader.git' repo: "https://git.fudiggity.nl/sonny/newsreader.git"
dest: '{{ app_dir }}' dest: "{{ app_dir }}"
version: '{{ app_branch }}' version: "{{ app_branch }}"
update: true update: true
force: true force: true