mirror of https://gitlab.crans.org/bde/nk20
Fix Ansible script for production
This commit is contained in:
parent
4ddd763886
commit
0f47412c38
|
@ -1,18 +1,20 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
|
|
||||||
- hosts: bde-nk20-beta.adh.crans.org
|
- hosts: bde-note.adh.crans.org
|
||||||
vars_prompt:
|
vars_prompt:
|
||||||
- name: DB_PASSWORD
|
- name: DB_PASSWORD
|
||||||
prompt: "Password of the database"
|
prompt: "Password of the database"
|
||||||
private: yes
|
private: yes
|
||||||
vars:
|
vars:
|
||||||
mirror: deb.debian.org
|
mirror: deb.debian.org
|
||||||
|
note:
|
||||||
|
server_name: bde-note.adh.crans.org
|
||||||
roles:
|
roles:
|
||||||
- 1-apt-basic
|
- 1-apt-basic
|
||||||
- 2-nk20
|
- 2-nk20
|
||||||
- 3-pip
|
- 3-pip
|
||||||
- 4-nginx
|
- 4-certbot
|
||||||
- 5-certbot
|
- 5-nginx
|
||||||
- 6-psql
|
- 6-psql
|
||||||
- 7-postinstall
|
- 7-postinstall
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
[server]
|
[server]
|
||||||
bde-nk20-beta.adh.crans.org
|
bde-nk20-beta.adh.crans.org
|
||||||
|
bde-note.adh.crans.org
|
||||||
|
|
||||||
[all:vars]
|
[all:vars]
|
||||||
ansible_python_interpreter=/usr/bin/python3
|
ansible_python_interpreter=/usr/bin/python3
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
git:
|
git:
|
||||||
repo: https://gitlab.crans.org/bde/nk20.git
|
repo: https://gitlab.crans.org/bde/nk20.git
|
||||||
dest: /var/www/note_kfet
|
dest: /var/www/note_kfet
|
||||||
version: beta
|
version: master
|
||||||
force: true
|
force: true
|
||||||
|
|
||||||
- name: Use default env vars (should be updated!)
|
- name: Use default env vars (should be updated!)
|
||||||
|
|
|
@ -1,44 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install NGINX
|
|
||||||
apt:
|
|
||||||
name: nginx
|
|
||||||
register: pkg_result
|
|
||||||
retries: 3
|
|
||||||
until: pkg_result is succeeded
|
|
||||||
|
|
||||||
- name: Copy conf of Nginx
|
|
||||||
template:
|
|
||||||
src: "nginx_note.conf"
|
|
||||||
dest: /etc/nginx/sites-available/nginx_note.conf
|
|
||||||
mode: 0644
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
|
|
||||||
- name: Enable Nginx site
|
|
||||||
file:
|
|
||||||
src: /etc/nginx/sites-available/nginx_note.conf
|
|
||||||
dest: /etc/nginx/sites-enabled/nginx_note.conf
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
state: link
|
|
||||||
|
|
||||||
- name: Disable default Nginx site
|
|
||||||
file:
|
|
||||||
dest: /etc/nginx/sites-enabled/default
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Copy conf of UWSGI
|
|
||||||
file:
|
|
||||||
src: /var/www/note_kfet/uwsgi_note.ini
|
|
||||||
dest: /etc/uwsgi/apps-enabled/uwsgi_note.ini
|
|
||||||
state: link
|
|
||||||
|
|
||||||
- name: Reload Nginx
|
|
||||||
systemd:
|
|
||||||
name: nginx
|
|
||||||
state: reloaded
|
|
||||||
|
|
||||||
- name: Restart UWSGI
|
|
||||||
systemd:
|
|
||||||
name: uwsgi
|
|
||||||
state: restarted
|
|
|
@ -1,63 +0,0 @@
|
||||||
# the upstream component nginx needs to connect to
|
|
||||||
upstream note{
|
|
||||||
server unix:///var/www/note_kfet/note_kfet.sock; # file socket
|
|
||||||
}
|
|
||||||
|
|
||||||
# Redirect HTTP to nk20 HTTPS
|
|
||||||
server {
|
|
||||||
listen 80 default_server;
|
|
||||||
listen [::]:80 default_server;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
return 301 https://nk20-beta.crans.org$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Redirect all HTTPS to nk20 HTTPS
|
|
||||||
server {
|
|
||||||
listen 443 ssl default_server;
|
|
||||||
listen [::]:443 ssl default_server;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
return 301 https://nk20-beta.crans.org$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/nk20-beta.crans.org/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/nk20-beta.crans.org/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
||||||
}
|
|
||||||
|
|
||||||
# configuration of the server
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
|
|
||||||
# the port your site will be served on
|
|
||||||
# the domain name it will serve for
|
|
||||||
server_name nk20-beta.crans.org; # substitute your machine's IP address or FQDN
|
|
||||||
charset utf-8;
|
|
||||||
|
|
||||||
# max upload size
|
|
||||||
client_max_body_size 75M; # adjust to taste
|
|
||||||
|
|
||||||
# Django media
|
|
||||||
location /media {
|
|
||||||
alias /var/www/note_kfet/media; # your Django project's media files - amend as required
|
|
||||||
}
|
|
||||||
|
|
||||||
location /static {
|
|
||||||
alias /var/www/note_kfet/static; # your Django project's static files - amend as required
|
|
||||||
}
|
|
||||||
|
|
||||||
# Finally, send all non-media requests to the Django server.
|
|
||||||
location / {
|
|
||||||
uwsgi_pass note;
|
|
||||||
include /etc/nginx/uwsgi_params;
|
|
||||||
}
|
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/nk20-beta.crans.org/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/nk20-beta.crans.org/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
||||||
}
|
|
|
@ -1,21 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install basic APT packages
|
|
||||||
apt:
|
|
||||||
update_cache: true
|
|
||||||
name:
|
|
||||||
- certbot
|
|
||||||
- python3-certbot-nginx
|
|
||||||
register: pkg_result
|
|
||||||
retries: 3
|
|
||||||
until: pkg_result is succeeded
|
|
||||||
|
|
||||||
- name: Create /etc/letsencrypt/conf.d
|
|
||||||
file:
|
|
||||||
path: /etc/letsencrypt/conf.d
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Add Certbot configuration
|
|
||||||
template:
|
|
||||||
src: "letsencrypt/conf.d/nk20.ini.j2"
|
|
||||||
dest: "/etc/letsencrypt/conf.d/nk20.ini"
|
|
||||||
mode: 0644
|
|
|
@ -1,20 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
# To generate the certificate, please use the following command
|
|
||||||
# certbot --config /etc/letsencrypt/conf.d/nk20.ini certonly
|
|
||||||
|
|
||||||
# Use a 4096 bit RSA key instead of 2048
|
|
||||||
rsa-key-size = 4096
|
|
||||||
|
|
||||||
# Always use the staging/testing server
|
|
||||||
# server = https://acme-staging.api.letsencrypt.org/directory
|
|
||||||
|
|
||||||
# Uncomment and update to register with the specified e-mail address
|
|
||||||
email = notekfet2020@lists.crans.org
|
|
||||||
|
|
||||||
# Uncomment to use a text interface instead of ncurses
|
|
||||||
text = True
|
|
||||||
|
|
||||||
# Use DNS-01 challenge
|
|
||||||
authenticator = nginx
|
|
||||||
|
|
|
@ -22,3 +22,9 @@
|
||||||
args:
|
args:
|
||||||
chdir: /var/www/note_kfet
|
chdir: /var/www/note_kfet
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Collect static files
|
||||||
|
command: /var/www/note_kfet/env/bin/python manage.py collectstatic --noinput
|
||||||
|
args:
|
||||||
|
chdir: /var/www/note_kfet
|
||||||
|
become_user: www-data
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 4e1bcd1808a24b532aa27bf2a119f6f8155af534
|
Subproject commit 525f091b0caddc69cb2da7eba545ab9609bb1bb0
|
|
@ -154,17 +154,6 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
{% trans "Your e-mail address is not validated. Please check your mail inbox and click on the validation link." %}
|
{% trans "Your e-mail address is not validated. Please check your mail inbox and click on the validation link." %}
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<div class="alert alert-warning alert-dismissible">
|
|
||||||
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
|
|
||||||
Attention : la Note Kfet 2020 est en phase de beta. Des fonctionnalités pourront être rajoutées d'ici à la version
|
|
||||||
finale, et des bugs peuvent survenir. Pour tout problème, merci d'envoyer un mail à l'adresse
|
|
||||||
<a href="mailto:notekfet2020@lists.crans.org">
|
|
||||||
notekfet2020@lists.crans.org</a>,
|
|
||||||
ou bien levez une issue sur le dépôt <a href="https://gitlab.crans.org/bde/nk20/-/issues">Gitlab</a>,
|
|
||||||
ou encore posez un commentaire sur le <a href="https://pad.crans.org/p/todoNK20">pad</a>.<br><br>
|
|
||||||
|
|
||||||
Certaines données ont été anonymisées afin de limiter les fuites de données, et peuvent ne pas correspondre avec vos données réelles.
|
|
||||||
</div>
|
|
||||||
<div id="messages"></div>
|
<div id="messages"></div>
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<p>Default content...</p>
|
<p>Default content...</p>
|
||||||
|
|
Loading…
Reference in New Issue