Fix Ansible script for production

This commit is contained in:
Yohann D'ANELLO 2020-09-04 22:37:18 +02:00
parent 4ddd763886
commit 0f47412c38
10 changed files with 14 additions and 164 deletions

View File

@ -1,18 +1,20 @@
#!/usr/bin/env ansible-playbook
---
- hosts: bde-nk20-beta.adh.crans.org
- hosts: bde-note.adh.crans.org
vars_prompt:
- name: DB_PASSWORD
prompt: "Password of the database"
private: yes
vars:
mirror: deb.debian.org
note:
server_name: bde-note.adh.crans.org
roles:
- 1-apt-basic
- 2-nk20
- 3-pip
- 4-nginx
- 5-certbot
- 4-certbot
- 5-nginx
- 6-psql
- 7-postinstall

View File

@ -1,5 +1,6 @@
[server]
bde-nk20-beta.adh.crans.org
bde-note.adh.crans.org
[all:vars]
ansible_python_interpreter=/usr/bin/python3

View File

@ -11,7 +11,7 @@
git:
repo: https://gitlab.crans.org/bde/nk20.git
dest: /var/www/note_kfet
version: beta
version: master
force: true
- name: Use default env vars (should be updated!)

View File

@ -1,44 +0,0 @@
---
- name: Install NGINX
apt:
name: nginx
register: pkg_result
retries: 3
until: pkg_result is succeeded
- name: Copy conf of Nginx
template:
src: "nginx_note.conf"
dest: /etc/nginx/sites-available/nginx_note.conf
mode: 0644
owner: www-data
group: www-data
- name: Enable Nginx site
file:
src: /etc/nginx/sites-available/nginx_note.conf
dest: /etc/nginx/sites-enabled/nginx_note.conf
owner: www-data
group: www-data
state: link
- name: Disable default Nginx site
file:
dest: /etc/nginx/sites-enabled/default
state: absent
- name: Copy conf of UWSGI
file:
src: /var/www/note_kfet/uwsgi_note.ini
dest: /etc/uwsgi/apps-enabled/uwsgi_note.ini
state: link
- name: Reload Nginx
systemd:
name: nginx
state: reloaded
- name: Restart UWSGI
systemd:
name: uwsgi
state: restarted

View File

@ -1,63 +0,0 @@
# the upstream component nginx needs to connect to
upstream note{
server unix:///var/www/note_kfet/note_kfet.sock; # file socket
}
# Redirect HTTP to nk20 HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://nk20-beta.crans.org$request_uri;
}
}
# Redirect all HTTPS to nk20 HTTPS
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
location / {
return 301 https://nk20-beta.crans.org$request_uri;
}
ssl_certificate /etc/letsencrypt/live/nk20-beta.crans.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nk20-beta.crans.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
# configuration of the server
server {
listen 443 ssl;
listen [::]:443 ssl;
# the port your site will be served on
# the domain name it will serve for
server_name nk20-beta.crans.org; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /var/www/note_kfet/media; # your Django project's media files - amend as required
}
location /static {
alias /var/www/note_kfet/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass note;
include /etc/nginx/uwsgi_params;
}
ssl_certificate /etc/letsencrypt/live/nk20-beta.crans.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nk20-beta.crans.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

View File

@ -1,21 +0,0 @@
---
- name: Install basic APT packages
apt:
update_cache: true
name:
- certbot
- python3-certbot-nginx
register: pkg_result
retries: 3
until: pkg_result is succeeded
- name: Create /etc/letsencrypt/conf.d
file:
path: /etc/letsencrypt/conf.d
state: directory
- name: Add Certbot configuration
template:
src: "letsencrypt/conf.d/nk20.ini.j2"
dest: "/etc/letsencrypt/conf.d/nk20.ini"
mode: 0644

View File

@ -1,20 +0,0 @@
{{ ansible_managed | comment }}
# To generate the certificate, please use the following command
# certbot --config /etc/letsencrypt/conf.d/nk20.ini certonly
# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
# Always use the staging/testing server
# server = https://acme-staging.api.letsencrypt.org/directory
# Uncomment and update to register with the specified e-mail address
email = notekfet2020@lists.crans.org
# Uncomment to use a text interface instead of ncurses
text = True
# Use DNS-01 challenge
authenticator = nginx

View File

@ -22,3 +22,9 @@
args:
chdir: /var/www/note_kfet
become_user: postgres
- name: Collect static files
command: /var/www/note_kfet/env/bin/python manage.py collectstatic --noinput
args:
chdir: /var/www/note_kfet
become_user: www-data

@ -1 +1 @@
Subproject commit 4e1bcd1808a24b532aa27bf2a119f6f8155af534
Subproject commit 525f091b0caddc69cb2da7eba545ab9609bb1bb0

View File

@ -154,17 +154,6 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% trans "Your e-mail address is not validated. Please check your mail inbox and click on the validation link." %}
</div>
{% endif %}
<div class="alert alert-warning alert-dismissible">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">&#215;</button>
Attention : la Note Kfet 2020 est en phase de beta. Des fonctionnalités pourront être rajoutées d'ici à la version
finale, et des bugs peuvent survenir. Pour tout problème, merci d'envoyer un mail à l'adresse
<a href="mailto:&#110;&#111;&#116;&#101;&#107;&#102;&#101;&#116;&#50;&#48;&#50;&#48;&commat;&#108;&#105;&#115;&#116;&#115;&period;&#99;&#114;&#97;&#110;&#115;&period;&#111;&#114;&#103;">
&#110;&#111;&#116;&#101;&#107;&#102;&#101;&#116;&#50;&#48;&#50;&#48;&commat;&#108;&#105;&#115;&#116;&#115;&period;&#99;&#114;&#97;&#110;&#115;&period;&#111;&#114;&#103;</a>,
ou bien levez une issue sur le dépôt <a href="https://gitlab.crans.org/bde/nk20/-/issues">Gitlab</a>,
ou encore posez un commentaire sur le <a href="https://pad.crans.org/p/todoNK20">pad</a>.<br><br>
Certaines données ont été anonymisées afin de limiter les fuites de données, et peuvent ne pas correspondre avec vos données réelles.
</div>
<div id="messages"></div>
{% block content %}
<p>Default content...</p>