felix
/
ansible-role-isso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial commit

master
Felix 2019-03-30 23:01:54 +01:00
commit ad04c2acd7
10 changed files with 272 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
defaults/main.yml 100644
View File

@ -0,0 +1,11 @@
---
isso_user: "isso"
isso_user_home: "/home/{{ isso_user }}"
isso_dbpath: "{{ isso_user_home }}/dbs/isso-comments.db"
isso_virtualenv: "{{isso_user_home}}/.virtualenvs/py36"
isso_log_dir: "/var/log/isso"
isso_hosts: http://localhost
isso_admin_password: changeme
isso_moderation_purge_after: '364d'
isso_server_listen: 'http://0.0.0.0:80/'

31
tasks/folders.yml 100644
View File

@ -0,0 +1,31 @@
---
- name: Chown isso user directory
file:
state: directory
owner: "{{isso_user}}"
group: "{{isso_user}}"
mode: 0711
path: "{{isso_user_home}}"
- name: Create isso directories
file:
path: "{{isso_user_home}}/dbs/"
state: directory
owner: "{{isso_user}}"
group: "{{isso_user}}"
mode: 0770
tags:
- install
- folders
- name: Create isso log directory
file:
path: "{{isso_log_dir}}"
state: directory
owner: "{{isso_user}}"
group: "{{isso_user}}"
mode: 0770
tags:
- install
- folders

24
tasks/isso-user.yml 100644
View File

@ -0,0 +1,24 @@
---
- name: Check if isso user exists
getent:
database: passwd
key: isso
fail_key: false
register: isso_user_already
ignore_errors: true
tags:
- install
- isso-user
- name: Create user for isso
user:
name: "isso"
comment: "User for isso"
home: "/home/isso/"
state: present
when: isso_user_already != true
ignore_errors: true
tags:
- install
- isso-user

36
tasks/isso.yml 100644
View File

@ -0,0 +1,36 @@
---
- name: Install isso config
template:
src: "isso.cfg.j2"
dest: "{{isso_user_home}}/isso.cfg"
owner: "{{isso_user}}"
group: "{{isso_user}}"
mode: 0640
tags:
- install
- update
- isso
- name: Install isso gunicorn service
template:
src: "gunicorn-isso.service"
dest: "/etc/systemd/system/gunicorn-isso.service"
owner: "root"
group: "root"
mode: 0644
tags:
- install
- update
- isso
- name: Enable and start gunicorn isso service
systemd:
name: gunicorn-isso
state: restarted
enabled: true
daemon_reload: true
tags:
- install
- update
- isso

26
tasks/main.yml 100644
View File

@ -0,0 +1,26 @@
---
- name: isso-user tasks
include_tasks: isso-user.yml
tags:
- isso-user
- name: folders tasks
include_tasks: folders.yml
tags:
- folders
- name: python tasks
include_tasks: python.yml
tags:
- python
- name: isso tasks
include_tasks: isso.yml
tags:
- isso
- name: nginx tasks
include_tasks: nginx.yml
tags:
- nginx

13
tasks/nginx.yml 100644
View File

@ -0,0 +1,13 @@
---
- name: Install isso nginx config
template:
src: "isso-nginx.conf.j2"
dest: "/etc/nginx/sites-enabled/dual/{{isso_domain}}"
owner: "{{nginx_user}}"
group: "{{nginx_user}}"
mode: 0644
tags:
- install
- update
- nginx

36
tasks/python.yml 100644
View File

@ -0,0 +1,36 @@
---
- name: Install python
become: true
apt: name="{{packages}}" state=present
# TODO: Update to python3.7 when it makes sense
vars:
packages:
- python3-virtualenv
- python3.6-dev
- python-setuptools
- python3-setuptools
- virtualenv
- python3-virtualenv
tags:
- install
- python
- name: Install python virtualenv with gunicorn and isso packages
become: true
become_user: isso
become_method: sudo
pip:
name: "{{packages}}"
virtualenv: "{{isso_virtualenv}}"
virtualenv_command: virtualenv
# TODO: Update to python3.7 when it makes sense
virtualenv_python: python3.6
virtualenv_site_packages: false
vars:
packages:
- isso
- gunicorn
tags:
- install
- python

18
templates/gunicorn-isso.service 100644
View File

@ -0,0 +1,18 @@
[Unit]
Description = Isso commenting system via gunicorn
After = network.target
[Service]
User = {{isso_user}}
Group = {{isso_user}}
WorkingDirectory = {{isso_user_home}}
Environment=ISSO_SETTINGS={{isso_user_home}}/isso.cfg
Environment=VIRTUAL_ENV={{isso_virtualenv}}
Environment=PATH=$VIRTUAL_ENV/bin:$PATH
ExecStart = {{isso_virtualenv}}/bin/gunicorn -b localhost:{{isso_server_port}} -w 2 --preload isso.run --error-logfile {{isso_log_dir}}/error.log
ExecReload = /bin/kill -s HUP $MAINPID
ExecStop = /bin/kill -s TERM $MAINPID
PrivateTmp=true
[Install]
WantedBy = multi-user.target

37
templates/isso-nginx.conf.j2 100644
View File

@ -0,0 +1,37 @@
server {
listen 80;
listen [::]:80;
server_name {{isso_domain}};
include /etc/nginx/snippets/acme-challenge.conf;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{isso_domain}};
ssl_certificate /etc/dehydrated/certs/{{isso_domain}}/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/{{isso_domain}}/privkey.pem;
include /etc/nginx/snippets/tls.conf;
access_log /var/log/nginx/{{isso_domain}}.access.log timed_combined;
error_log /var/log/nginx/{{isso_domain}}.error.log;
include /etc/nginx/snippets/acme-challenge.conf;
include /etc/nginx/snippets/spam.conf;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
include /etc/nginx/snippets/proxy.conf;
proxy_pass http://127.0.0.1:{{isso_server_port|default('8080')}};
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
}
}

40
templates/isso.cfg.j2 100644
View File

@ -0,0 +1,40 @@
# Isso configuration file
[general]
dbpath = {{ isso_dbpath|default('/srv/www/dbs/isso-comments.db') }}
# For docker:
#dbpath = /isso/database.db
host =
{% for host in isso_hosts %}
{{ host }}
{% endfor %}
#notify = smtp
[admin]
# New since 12.x or so
#admin_password = changeme
enabled = true
password = {{isso_admin_password}}
[moderation]
enabled = true
purge-after = {{ isso_moderation_purge_after|default('364d') }}
[guard]
enabled = true
ratelimit = 2
direct-reply = 3
reply-to-self = true
require-author = true
require-email = false
[markup]
#options = superscript, quote, highlight
allowed-attributes = align
[server]
listen = {{ isso_server_listen|default('http://0.0.0.0:80/') }}
# vim: set filetype=ini