1
0
mirror of https://gitlab.crans.org/bde/nk20 synced 2024-12-22 23:42:25 +00:00

Rework on Ansible config, this is now more universal

This commit is contained in:
Yohann D'ANELLO 2020-09-06 10:32:52 +02:00
parent 2a824cadf6
commit 1a28e876b8
10 changed files with 90 additions and 35 deletions

View File

@ -1,15 +1,13 @@
#!/usr/bin/env ansible-playbook
---
- hosts: bde-note.adh.crans.org
- hosts: server
vars_prompt:
- name: DB_PASSWORD
prompt: "Password of the database"
prompt: "Password of the database (leave it blank if this is a reinstallation)"
private: yes
vars:
mirror: deb.debian.org
note:
server_name: note.crans.org
roles:
- 1-apt-basic
- 2-nk20

View File

@ -0,0 +1,5 @@
---
note:
server_name: note-beta.crans.org
git_branch: beta
cron_enabled: true

View File

@ -0,0 +1,5 @@
---
note:
server_name: note.crans.org
git_branch: master
cron_enabled: true

View File

@ -0,0 +1,5 @@
---
note:
server_name: note-dev.crans.org
git_branch: beta
cron_enabled: false

View File

@ -1,4 +1,5 @@
[server]
bde3-virt.adh.crans.org
bde-nk20-beta.adh.crans.org
bde-note.adh.crans.org

View File

@ -11,7 +11,7 @@
git:
repo: https://gitlab.crans.org/bde/nk20.git
dest: /var/www/note_kfet
version: master
version: "{{ note.git_branch }}"
force: true
- name: Use default env vars (should be updated!)
@ -30,6 +30,7 @@
group: www-data
- name: Setup cron jobs
when: "note.cron_enabled"
template:
src: note.cron.j2
dest: /etc/cron.d/note

View File

@ -1,22 +0,0 @@
# {{ ansible_managed }}
# Les cronjobs dont a besoin la Note Kfet
# m h dom mon dow user command
# Envoyer les mails en attente
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail >> /var/www/note_kfet/cron_mail.log
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred >> /var/www/note_kfet/cron_mail_deferred.log
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 >> /var/www/note_kfet/cron_mail_purge.log
# Faire une sauvegarde de la base de données
00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db
# Vérifier la cohérence de la base et mailer en cas de problème
00 4 * * * root cd /var/www/note_kfet && env/bin/python manage.py check_consistency --sum-all --check-all --mail
# Mettre à jour le wiki (modification sans (dé)validation, activités passées)
#30 5 * * * root cd /var/www/note_kfet && env/bin/python manage.py refresh_activities --raw --comment refresh
# Spammer les gens en négatif
00 5 * * 2 root cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --spam
# Envoyer le rapport mensuel aux trésoriers et respos info
00 8 6 * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --report
# Envoyer les rapports aux gens
55 6 * * * root cd /var/www/note_kfet && env/bin/python manage.py send_reports
# Envoyer les rapports aux gens
00 9 * * * root cd /var/www/note_kfet && env/bin/python manage.py refresh_highlighted_buttons

View File

@ -0,0 +1 @@
../../../../note.cron

View File

@ -0,0 +1,63 @@
# the upstream component nginx needs to connect to
upstream note{
server unix:///var/www/note_kfet/note_kfet.sock; # file socket
}
# Redirect HTTP to nk20 HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://{{ note.server_name }}$request_uri;
}
}
# Redirect all HTTPS to nk20 HTTPS
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
location / {
return 301 https://{{ note.server_name }}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
# configuration of the server
server {
listen 443 ssl;
listen [::]:443 ssl;
# the port your site will be served on
# the domain name it will serve for
server_name {{ note.server_name }}; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /var/www/note_kfet/media; # your Django project's media files - amend as required
}
location /static {
alias /var/www/note_kfet/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass note;
include /etc/nginx/uwsgi_params;
}
ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

View File

@ -10,17 +10,15 @@
retries: 3
until: pkg_result is succeeded
- name: Install Psycopg2
pip:
name: psycopg2-binary
- name: Create role note
when: "DB_PASSWORD|bool" # If the password is not defined, skip the installation
postgresql_user:
name: note
password: "{{ DB_PASSWORD }}"
become_user: postgres
- name: Create NK20 database
when: "DB_PASSWORD|bool"
postgresql_db:
name: note_db
owner: note

View File

@ -1,11 +1,11 @@
# Attention, il faut *copier* ce fichier dans /etc/cron.d, owner root:root et droits 644
{{ ansible_managed }}
# Les cronjobs dont a besoin la Note Kfet
# m h dom mon dow user command
# Envoyer les mails en attente
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail -c 1
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred -c 1
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 -c 1
# Faire une sauvegarde de la base de données
00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db
# Vérifier la cohérence de la base et mailer en cas de problème