Initial file structure refactor

2021-01-27 22:40:26 +01:00 · 2021-01-27 22:40:26 +01:00 · ccab22dea3
commit ccab22dea3
parent fe72523a5a
31 changed files with 369 additions and 427 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,155 @@
+- include_role:
+    name: common
+    tasks_from: 'network.yml'
+- include_role:
+    name: common
+    tasks_from: 'host.yml'
+- include_role:
+    name: common
+    tasks_from: 'sudoers.yml'
+  loop:
+    - {
+        src: '../../templates/sudoers.j2',
+        dest: '/etc/sudoers.d/30-ansible-extra',
+      }
+
+- name: install packages
+  apt:
+    name: '{{ packages }}'
+    state: present
+  notify:
+    - restart postfix
+
+- name: copy firewall templates
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: root
+    mode: '0600'
+  loop:
+    - { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' }
+  notify: restart nftables
+
+- name: copy memcached conf
+  template:
+    src: 'templates/memcached.j2'
+    dest: '/etc/memcached.conf'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart memcached
+
+- name: add gitlab to known hosts
+  become_user: '{{ app_user }}'
+  known_hosts:
+    name: '{{ gitlab_domain }}'
+    key: '{{ gitlab_host_key }}'
+
+- name: add gitlab pubkey
+  authorized_key:
+    user: ansible
+    state: present
+    key: '{{ app_deploy_key }}'
+
+- name: Add newsreader user
+  user:
+    name: '{{ app_user }}'
+    create_home: yes
+    shell: /bin/bash
+
+- name: create ssh dir
+  file:
+    path: '/home/{{ app_user }}/.ssh'
+    state: directory
+    owner: '{{ app_user }}'
+    group: '{{ app_user }}'
+    mode: 0755
+
+- name: create rabbitmq service override dir
+  file:
+    path: /etc/systemd/system/rabbitmq-server.service.d/
+    state: directory
+    mode: '0644'
+
+- name: copy rabbitmq configurations
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: '{{ item.owner }}'
+    group: '{{ item.group }}'
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/limits.j2',
+        dest: '/etc/systemd/system/rabbitmq-server.service.d/limits.conf',
+        mode: '0644',
+        group: 'root',
+        owner: 'root',
+      }
+    - {
+        src: 'rabbitmq.conf.j2',
+        dest: '/etc/rabbitmq/rabbitmq-env.conf',
+        mode: '0644',
+        group: 'rabbitmq',
+        owner: 'rabbitmq',
+      }
+  notify: restart rabbitmq
+
+- include_role:
+    name: common
+    tasks_from: 'ssl.yml'
+- include_role:
+    name: common
+    tasks_from: 'nginx.yml'
+
+- name: copy nginx config
+  template:
+    src: 'templates/nginx.j2'
+    dest: '/etc/nginx/sites-available/newsreader'
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: link nginx config
+  file:
+    src: '/etc/nginx/sites-available/newsreader'
+    dest: '/etc/nginx/sites-enabled/newsreader'
+    owner: root
+    group: root
+    mode: '0777'
+    state: link
+
+- name: copy nftables config
+  template:
+    src: 'templates/nftables.j2'
+    dest: '/etc/nftables.conf'
+    owner: root
+    group: root
+    mode: '0600'
+  notify: restart nftables
+
+- name: copy pgbouncer config
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: postgres
+    group: postgres
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/pgbouncer.j2',
+        dest: '/etc/pgbouncer/pgbouncer.ini',
+        'mode': '0640',
+      }
+    - {
+        src: 'templates/pgbouncer-users.j2',
+        dest: '/etc/pgbouncer/userlist.txt',
+        'mode': '0640',
+      }
+
+- name: ensure pgbouncer is restarted
+  systemd:
+    name: pgbouncer
+    state: restarted
+    enabled: true
--- a/tasks/poetry.yml
+++ b/tasks/poetry.yml
@ -0,0 +1,32 @@
+- name: include poetry tasks
+  include_role:
+    name: common
+    tasks_from: 'poetry.yml'
+  vars:
+    poetry_user: '{{ app_user }}'
+    poetry_dir: '/home/{{ app_user }}/.poetry'
+
+- name: retrieve user $PATH
+  shell: 'echo $PATH'
+  become_user: '{{ app_user }}'
+  register: path_stats
+
+- name: set poetry user variables
+  set_fact:
+    poetry_user_path: '{{ path_stats.stdout }}'
+
+- name: set default venv python version
+  become_user: '{{ app_user }}'
+  command: 'poetry env use python3.7'
+  args:
+    chdir: '{{ app_dir }}'
+  environment:
+    PATH: '/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}'
+
+- name: install project dependencies
+  become_user: '{{ app_user }}'
+  command: 'poetry install --extras "sentry"'
+  args:
+    chdir: '{{ app_dir }}'
+  environment:
+    PATH: '/home/{{ app_user }}/.local/bin:{{ poetry_user_path }}'
--- a/tasks/project.yml
+++ b/tasks/project.yml
@ -0,0 +1,101 @@
+- name: install npm packages
+  become_user: '{{ app_user }}'
+  command: /usr/bin/npm install
+  args:
+    chdir: '{{ app_dir }}'
+
+- name: build static files
+  become_user: '{{ app_user }}'
+  command: /usr/bin/npm run build:prod
+  args:
+    chdir: '{{ app_dir }}'
+
+- name: run migrations
+  become_user: '{{ app_user }}'
+  django_manage:
+    command: migrate
+    app_path: '{{ app_dir }}/src/'
+    virtualenv: '{{ app_dir }}/.venv'
+    settings: 'newsreader.conf.production'
+
+- name: collect static files
+  become_user: '{{ app_user }}'
+  django_manage:
+    command: collectstatic
+    app_path: '{{ app_dir }}/src/'
+    virtualenv: '{{ app_dir }}/.venv'
+    settings: 'newsreader.conf.production'
+
+- name: setup env file
+  template:
+    src: 'templates/env.j2'
+    dest: '{{ app_dir }}/.env'
+    owner: '{{ app_user }}'
+    group: '{{ app_user }}'
+    mode: 0600
+
+- name: setup gunicorn service
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: root
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/gunicorn-socket.j2',
+        dest: '/etc/systemd/system/gunicorn.socket',
+        'mode': '0644',
+      }
+    - {
+        src: 'templates/gunicorn.j2',
+        dest: '/etc/systemd/system/gunicorn.service',
+        'mode': '0644',
+      }
+  notify:
+    - restart gunicorn socket
+    - stop gunicorn service
+
+- name: create conf dir
+  become_user: '{{ app_user }}'
+  file:
+    path: '/home/{{ app_user }}/.config/conf.d'
+    state: directory
+    owner: '{{ app_user }}'
+    group: '{{ app_user }}'
+    mode: 0750
+
+- name: create celery run dir
+  file:
+    path: /run/celery
+    state: directory
+    owner: '{{ app_user }}'
+    group: '{{ app_user }}'
+    mode: 0755
+
+- name: copy celery config
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: '{{ app_user }}'
+    group: '{{ app_user }}'
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/celery.j2',
+        dest: '/etc/systemd/system/celery.service',
+        'mode': '0644',
+      }
+    - {
+        src: 'templates/celerybeat.j2',
+        dest: '/etc/systemd/system/celerybeat.service',
+        'mode': '0644',
+      }
+    - {
+        src: 'templates/celery.env.j2',
+        dest: '/home/newsreader/.config/conf.d/celery',
+        'mode': '0640',
+      }
+  notify:
+    - restart celery
+    - restart celerybeat
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@ -0,0 +1,24 @@
+- name: create sites dir
+  file:
+    path: '/srv/sites'
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: create project dir
+  file:
+    path: '{{ app_dir }}'
+    state: directory
+    owner: '{{ app_user }}'
+    group: '{{ app_user }}'
+    mode: 0755
+
+- name: clone project
+  become_user: '{{ app_user }}'
+  git:
+    repo: 'https://git.fudiggity.nl/sonny/newsreader.git'
+    dest: '{{ app_dir }}'
+    version: '{{ app_branch }}'
+    update: true
+    force: true