mirror of https://gitlab.crans.org/bde/nk20
Rework on Ansible config, this is now more universal
This commit is contained in:
parent
2a824cadf6
commit
1a28e876b8
|
@ -1,15 +1,13 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
|
|
||||||
- hosts: bde-note.adh.crans.org
|
- hosts: server
|
||||||
vars_prompt:
|
vars_prompt:
|
||||||
- name: DB_PASSWORD
|
- name: DB_PASSWORD
|
||||||
prompt: "Password of the database"
|
prompt: "Password of the database (leave it blank if this is a reinstallation)"
|
||||||
private: yes
|
private: yes
|
||||||
vars:
|
vars:
|
||||||
mirror: deb.debian.org
|
mirror: deb.debian.org
|
||||||
note:
|
|
||||||
server_name: note.crans.org
|
|
||||||
roles:
|
roles:
|
||||||
- 1-apt-basic
|
- 1-apt-basic
|
||||||
- 2-nk20
|
- 2-nk20
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
note:
|
||||||
|
server_name: note-beta.crans.org
|
||||||
|
git_branch: beta
|
||||||
|
cron_enabled: true
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
note:
|
||||||
|
server_name: note.crans.org
|
||||||
|
git_branch: master
|
||||||
|
cron_enabled: true
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
note:
|
||||||
|
server_name: note-dev.crans.org
|
||||||
|
git_branch: beta
|
||||||
|
cron_enabled: false
|
|
@ -1,4 +1,5 @@
|
||||||
[server]
|
[server]
|
||||||
|
bde3-virt.adh.crans.org
|
||||||
bde-nk20-beta.adh.crans.org
|
bde-nk20-beta.adh.crans.org
|
||||||
bde-note.adh.crans.org
|
bde-note.adh.crans.org
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
git:
|
git:
|
||||||
repo: https://gitlab.crans.org/bde/nk20.git
|
repo: https://gitlab.crans.org/bde/nk20.git
|
||||||
dest: /var/www/note_kfet
|
dest: /var/www/note_kfet
|
||||||
version: master
|
version: "{{ note.git_branch }}"
|
||||||
force: true
|
force: true
|
||||||
|
|
||||||
- name: Use default env vars (should be updated!)
|
- name: Use default env vars (should be updated!)
|
||||||
|
@ -30,6 +30,7 @@
|
||||||
group: www-data
|
group: www-data
|
||||||
|
|
||||||
- name: Setup cron jobs
|
- name: Setup cron jobs
|
||||||
|
when: "note.cron_enabled"
|
||||||
template:
|
template:
|
||||||
src: note.cron.j2
|
src: note.cron.j2
|
||||||
dest: /etc/cron.d/note
|
dest: /etc/cron.d/note
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
# Les cronjobs dont a besoin la Note Kfet
|
|
||||||
|
|
||||||
# m h dom mon dow user command
|
|
||||||
# Envoyer les mails en attente
|
|
||||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail >> /var/www/note_kfet/cron_mail.log
|
|
||||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred >> /var/www/note_kfet/cron_mail_deferred.log
|
|
||||||
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 >> /var/www/note_kfet/cron_mail_purge.log
|
|
||||||
# Faire une sauvegarde de la base de données
|
|
||||||
00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db
|
|
||||||
# Vérifier la cohérence de la base et mailer en cas de problème
|
|
||||||
00 4 * * * root cd /var/www/note_kfet && env/bin/python manage.py check_consistency --sum-all --check-all --mail
|
|
||||||
# Mettre à jour le wiki (modification sans (dé)validation, activités passées)
|
|
||||||
#30 5 * * * root cd /var/www/note_kfet && env/bin/python manage.py refresh_activities --raw --comment refresh
|
|
||||||
# Spammer les gens en négatif
|
|
||||||
00 5 * * 2 root cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --spam
|
|
||||||
# Envoyer le rapport mensuel aux trésoriers et respos info
|
|
||||||
00 8 6 * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --report
|
|
||||||
# Envoyer les rapports aux gens
|
|
||||||
55 6 * * * root cd /var/www/note_kfet && env/bin/python manage.py send_reports
|
|
||||||
# Envoyer les rapports aux gens
|
|
||||||
00 9 * * * root cd /var/www/note_kfet && env/bin/python manage.py refresh_highlighted_buttons
|
|
|
@ -0,0 +1 @@
|
||||||
|
../../../../note.cron
|
|
@ -0,0 +1,63 @@
|
||||||
|
# the upstream component nginx needs to connect to
|
||||||
|
upstream note{
|
||||||
|
server unix:///var/www/note_kfet/note_kfet.sock; # file socket
|
||||||
|
}
|
||||||
|
|
||||||
|
# Redirect HTTP to nk20 HTTPS
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://{{ note.server_name }}$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Redirect all HTTPS to nk20 HTTPS
|
||||||
|
server {
|
||||||
|
listen 443 ssl default_server;
|
||||||
|
listen [::]:443 ssl default_server;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://{{ note.server_name }}$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||||
|
}
|
||||||
|
|
||||||
|
# configuration of the server
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
|
# the port your site will be served on
|
||||||
|
# the domain name it will serve for
|
||||||
|
server_name {{ note.server_name }}; # substitute your machine's IP address or FQDN
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
# max upload size
|
||||||
|
client_max_body_size 75M; # adjust to taste
|
||||||
|
|
||||||
|
# Django media
|
||||||
|
location /media {
|
||||||
|
alias /var/www/note_kfet/media; # your Django project's media files - amend as required
|
||||||
|
}
|
||||||
|
|
||||||
|
location /static {
|
||||||
|
alias /var/www/note_kfet/static; # your Django project's static files - amend as required
|
||||||
|
}
|
||||||
|
|
||||||
|
# Finally, send all non-media requests to the Django server.
|
||||||
|
location / {
|
||||||
|
uwsgi_pass note;
|
||||||
|
include /etc/nginx/uwsgi_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||||
|
}
|
|
@ -10,17 +10,15 @@
|
||||||
retries: 3
|
retries: 3
|
||||||
until: pkg_result is succeeded
|
until: pkg_result is succeeded
|
||||||
|
|
||||||
- name: Install Psycopg2
|
|
||||||
pip:
|
|
||||||
name: psycopg2-binary
|
|
||||||
|
|
||||||
- name: Create role note
|
- name: Create role note
|
||||||
|
when: "DB_PASSWORD|bool" # If the password is not defined, skip the installation
|
||||||
postgresql_user:
|
postgresql_user:
|
||||||
name: note
|
name: note
|
||||||
password: "{{ DB_PASSWORD }}"
|
password: "{{ DB_PASSWORD }}"
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
|
||||||
- name: Create NK20 database
|
- name: Create NK20 database
|
||||||
|
when: "DB_PASSWORD|bool"
|
||||||
postgresql_db:
|
postgresql_db:
|
||||||
name: note_db
|
name: note_db
|
||||||
owner: note
|
owner: note
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
# Attention, il faut *copier* ce fichier dans /etc/cron.d, owner root:root et droits 644
|
{{ ansible_managed }}
|
||||||
# Les cronjobs dont a besoin la Note Kfet
|
# Les cronjobs dont a besoin la Note Kfet
|
||||||
|
|
||||||
# m h dom mon dow user command
|
# m h dom mon dow user command
|
||||||
# Envoyer les mails en attente
|
# Envoyer les mails en attente
|
||||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail
|
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail -c 1
|
||||||
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred
|
* * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred -c 1
|
||||||
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7
|
00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 -c 1
|
||||||
# Faire une sauvegarde de la base de données
|
# Faire une sauvegarde de la base de données
|
||||||
00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db
|
00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db
|
||||||
# Vérifier la cohérence de la base et mailer en cas de problème
|
# Vérifier la cohérence de la base et mailer en cas de problème
|
||||||
|
|
Loading…
Reference in New Issue