mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-12-22 23:42:25 +00:00
Rework on Ansible config, this is now more universal
This commit is contained in:
parent
2a824cadf6
commit
1a28e876b8
@ -1,15 +1,13 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
|
||||
- hosts: bde-note.adh.crans.org
|
||||
- hosts: server
|
||||
vars_prompt:
|
||||
- name: DB_PASSWORD
|
||||
prompt: "Password of the database"
|
||||
prompt: "Password of the database (leave it blank if this is a reinstallation)"
|
||||
private: yes
|
||||
vars:
|
||||
mirror: deb.debian.org
|
||||
note:
|
||||
server_name: note.crans.org
|
||||
roles:
|
||||
- 1-apt-basic
|
||||
- 2-nk20
|
||||
|
5
ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
Normal file
5
ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
note:
|
||||
server_name: note-beta.crans.org
|
||||
git_branch: beta
|
||||
cron_enabled: true
|
5
ansible/host_vars/bde-note.adh.crans.org.yml
Normal file
5
ansible/host_vars/bde-note.adh.crans.org.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
note:
|
||||
server_name: note.crans.org
|
||||
git_branch: master
|
||||
cron_enabled: true
|
5
ansible/host_vars/bde3-virt.adh.crans.org.yml
Normal file
5
ansible/host_vars/bde3-virt.adh.crans.org.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
note:
|
||||
server_name: note-dev.crans.org
|
||||
git_branch: beta
|
||||
cron_enabled: false
|
@ -1,4 +1,5 @@
|
||||
[server]
|
||||
bde3-virt.adh.crans.org
|
||||
bde-nk20-beta.adh.crans.org
|
||||
bde-note.adh.crans.org
|
||||
|
||||
|
@ -11,7 +11,7 @@
|
||||
git:
|
||||
repo: https://gitlab.crans.org/bde/nk20.git
|
||||
dest: /var/www/note_kfet
|
||||
version: master
|
||||
version: "{{ note.git_branch }}"
|
||||
force: true
|
||||
|
||||
- name: Use default env vars (should be updated!)
|
||||
@ -30,6 +30,7 @@
|
||||
group: www-data
|
||||
|
||||
- name: Setup cron jobs
|
||||
when: "note.cron_enabled"
|
||||
template:
|
||||
src: note.cron.j2
|
||||
dest: /etc/cron.d/note
|
||||
|
@ -1,22 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
# Les cronjobs dont a besoin la Note Kfet
|
||||
|
||||
# m h dom mon dow user command
|
||||
# Envoyer les mails en attente
|
||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail >> /var/www/note_kfet/cron_mail.log
|
||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred >> /var/www/note_kfet/cron_mail_deferred.log
|
||||
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 >> /var/www/note_kfet/cron_mail_purge.log
|
||||
# Faire une sauvegarde de la base de données
|
||||
00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db
|
||||
# Vérifier la cohérence de la base et mailer en cas de problème
|
||||
00 4 * * * root cd /var/www/note_kfet && env/bin/python manage.py check_consistency --sum-all --check-all --mail
|
||||
# Mettre à jour le wiki (modification sans (dé)validation, activités passées)
|
||||
#30 5 * * * root cd /var/www/note_kfet && env/bin/python manage.py refresh_activities --raw --comment refresh
|
||||
# Spammer les gens en négatif
|
||||
00 5 * * 2 root cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --spam
|
||||
# Envoyer le rapport mensuel aux trésoriers et respos info
|
||||
00 8 6 * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --report
|
||||
# Envoyer les rapports aux gens
|
||||
55 6 * * * root cd /var/www/note_kfet && env/bin/python manage.py send_reports
|
||||
# Envoyer les rapports aux gens
|
||||
00 9 * * * root cd /var/www/note_kfet && env/bin/python manage.py refresh_highlighted_buttons
|
1
ansible/roles/2-nk20/templates/note.cron.j2
Symbolic link
1
ansible/roles/2-nk20/templates/note.cron.j2
Symbolic link
@ -0,0 +1 @@
|
||||
../../../../note.cron
|
63
ansible/roles/5-nginx/templates/nginx_note.conf
Normal file
63
ansible/roles/5-nginx/templates/nginx_note.conf
Normal file
@ -0,0 +1,63 @@
|
||||
# the upstream component nginx needs to connect to
|
||||
upstream note{
|
||||
server unix:///var/www/note_kfet/note_kfet.sock; # file socket
|
||||
}
|
||||
|
||||
# Redirect HTTP to nk20 HTTPS
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
location / {
|
||||
return 301 https://{{ note.server_name }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# Redirect all HTTPS to nk20 HTTPS
|
||||
server {
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
|
||||
location / {
|
||||
return 301 https://{{ note.server_name }}$request_uri;
|
||||
}
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
}
|
||||
|
||||
# configuration of the server
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
# the port your site will be served on
|
||||
# the domain name it will serve for
|
||||
server_name {{ note.server_name }}; # substitute your machine's IP address or FQDN
|
||||
charset utf-8;
|
||||
|
||||
# max upload size
|
||||
client_max_body_size 75M; # adjust to taste
|
||||
|
||||
# Django media
|
||||
location /media {
|
||||
alias /var/www/note_kfet/media; # your Django project's media files - amend as required
|
||||
}
|
||||
|
||||
location /static {
|
||||
alias /var/www/note_kfet/static; # your Django project's static files - amend as required
|
||||
}
|
||||
|
||||
# Finally, send all non-media requests to the Django server.
|
||||
location / {
|
||||
uwsgi_pass note;
|
||||
include /etc/nginx/uwsgi_params;
|
||||
}
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
}
|
@ -10,17 +10,15 @@
|
||||
retries: 3
|
||||
until: pkg_result is succeeded
|
||||
|
||||
- name: Install Psycopg2
|
||||
pip:
|
||||
name: psycopg2-binary
|
||||
|
||||
- name: Create role note
|
||||
when: "DB_PASSWORD|bool" # If the password is not defined, skip the installation
|
||||
postgresql_user:
|
||||
name: note
|
||||
password: "{{ DB_PASSWORD }}"
|
||||
become_user: postgres
|
||||
|
||||
- name: Create NK20 database
|
||||
when: "DB_PASSWORD|bool"
|
||||
postgresql_db:
|
||||
name: note_db
|
||||
owner: note
|
||||
|
@ -1,11 +1,11 @@
|
||||
# Attention, il faut *copier* ce fichier dans /etc/cron.d, owner root:root et droits 644
|
||||
{{ ansible_managed }}
|
||||
# Les cronjobs dont a besoin la Note Kfet
|
||||
|
||||
# m h dom mon dow user command
|
||||
# Envoyer les mails en attente
|
||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail
|
||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred
|
||||
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7
|
||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail -c 1
|
||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred -c 1
|
||||
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 -c 1
|
||||
# Faire une sauvegarde de la base de données
|
||||
00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db
|
||||
# Vérifier la cohérence de la base et mailer en cas de problème
|
||||
|
Loading…
Reference in New Issue
Block a user