From 5d70a809c25c4e2517399c17ae48eb3deddb8a53 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Tue, 21 Jul 2020 22:36:37 +0200 Subject: [PATCH] :wrench: Better Ansible script --- ansible/base.yml | 4 +++- ansible/roles/1-apt-basic/tasks/main.yml | 1 + ansible/roles/4-nginx/tasks/main.yml | 23 +++++++++--------- ansible/roles/5-certbot/tasks/main.yml | 21 ++++++++++++++++ .../templates/letsencrypt/conf.d/nk20.ini.j2 | 20 ++++++++++++++++ .../roles/{5-psql => 6-psql}/tasks/main.yml | 12 ---------- ansible/roles/7-postinstall/tasks/main.yml | 24 +++++++++++++++++++ 7 files changed, 81 insertions(+), 24 deletions(-) create mode 100644 ansible/roles/5-certbot/tasks/main.yml create mode 100644 ansible/roles/5-certbot/templates/letsencrypt/conf.d/nk20.ini.j2 rename ansible/roles/{5-psql => 6-psql}/tasks/main.yml (60%) create mode 100644 ansible/roles/7-postinstall/tasks/main.yml diff --git a/ansible/base.yml b/ansible/base.yml index 16f7ec1e..d3845f27 100755 --- a/ansible/base.yml +++ b/ansible/base.yml @@ -7,4 +7,6 @@ - 2-nk20 - 3-pip - 4-nginx - - 5-psql + - 5-certbot + - 6-psql + - 7-postinstall diff --git a/ansible/roles/1-apt-basic/tasks/main.yml b/ansible/roles/1-apt-basic/tasks/main.yml index 7627743e..eba6e5c3 100644 --- a/ansible/roles/1-apt-basic/tasks/main.yml +++ b/ansible/roles/1-apt-basic/tasks/main.yml @@ -12,6 +12,7 @@ - python3-venv - git - acl + - gettext - texlive-latex-extra - texlive-fonts-extra - texlive-lang-french diff --git a/ansible/roles/4-nginx/tasks/main.yml b/ansible/roles/4-nginx/tasks/main.yml index 807a84e1..427fe1df 100644 --- a/ansible/roles/4-nginx/tasks/main.yml +++ b/ansible/roles/4-nginx/tasks/main.yml @@ -1,20 +1,21 @@ --- -- name: Copy example conf of Nginx - command: cp /var/www/note_kfet/nginx_note.conf_example /var/www/note_kfet/nginx_note.conf +- name: Copy conf of Nginx + template: + src: "nginx_note.conf" + dest: /etc/nginx/sites-available/nginx_note.conf + mode: 0644 + owner: www-data + group: www-data -- name: Update Nginx conf - replace: - path: /var/www/note_kfet/nginx_note.conf - regexp: 'note.example.org' - replace: 'bde-nk20-beta.adh.crans.org' - -- name: Copy conf to Nginx +- name: Enable Nginx site file: - src: /var/www/note_kfet/nginx_note.conf + src: /etc/nginx/sites-available/nginx_note.conf dest: /etc/nginx/sites-enabled/nginx_note.conf + owner: www-data + group: www-data state: link -- name: Copy conf to UWSGI +- name: Copy conf of UWSGI file: src: /var/www/note_kfet/uwsgi_note.ini dest: /etc/uwsgi/apps-enabled/uwsgi_note.ini diff --git a/ansible/roles/5-certbot/tasks/main.yml b/ansible/roles/5-certbot/tasks/main.yml new file mode 100644 index 00000000..52bc0d67 --- /dev/null +++ b/ansible/roles/5-certbot/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Install basic APT packages + apt: + update_cache: true + name: + - certbot + - python3-certbot-nginx + register: pkg_result + retries: 3 + until: pkg_result is succeeded + +- name: Create /etc/letsencrypt/conf.d + file: + path: /etc/letsencrypt/conf.d + state: directory + +- name: Add Certbot configuration + template: + src: "letsencrypt/conf.d/nk20.ini.j2" + dest: "/etc/letsencrypt/conf.d/nk20.ini" + mode: 0644 diff --git a/ansible/roles/5-certbot/templates/letsencrypt/conf.d/nk20.ini.j2 b/ansible/roles/5-certbot/templates/letsencrypt/conf.d/nk20.ini.j2 new file mode 100644 index 00000000..b02abf5a --- /dev/null +++ b/ansible/roles/5-certbot/templates/letsencrypt/conf.d/nk20.ini.j2 @@ -0,0 +1,20 @@ +{{ ansible_managed | comment }} + +# To generate the certificate, please use the following command +# certbot --config /etc/letsencrypt/conf.d/nk20.ini certonly + +# Use a 4096 bit RSA key instead of 2048 +rsa-key-size = 4096 + +# Always use the staging/testing server +# server = https://acme-staging.api.letsencrypt.org/directory + +# Uncomment and update to register with the specified e-mail address +email = notekfet2020@lists.crans.org + +# Uncomment to use a text interface instead of ncurses +text = True + +# Use DNS-01 challenge +authenticator = nginx + diff --git a/ansible/roles/5-psql/tasks/main.yml b/ansible/roles/6-psql/tasks/main.yml similarity index 60% rename from ansible/roles/5-psql/tasks/main.yml rename to ansible/roles/6-psql/tasks/main.yml index 2939b257..ba313ee1 100644 --- a/ansible/roles/5-psql/tasks/main.yml +++ b/ansible/roles/6-psql/tasks/main.yml @@ -25,15 +25,3 @@ name: note_db owner: note become_user: postgres - -- name: Make Django migrations - command: /var/www/note_kfet/env/bin/python manage.py makemigrations - args: - chdir: /var/www/note_kfet - become_user: www-data - -- name: Migrate Django database - command: /var/www/note_kfet/env/bin/python manage.py migrate - args: - chdir: /var/www/note_kfet - become_user: www-data diff --git a/ansible/roles/7-postinstall/tasks/main.yml b/ansible/roles/7-postinstall/tasks/main.yml new file mode 100644 index 00000000..b1615a0b --- /dev/null +++ b/ansible/roles/7-postinstall/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Make Django migrations + command: /var/www/note_kfet/env/bin/python manage.py makemigrations + args: + chdir: /var/www/note_kfet + become_user: www-data + +- name: Migrate Django database + command: /var/www/note_kfet/env/bin/python manage.py migrate + args: + chdir: /var/www/note_kfet + become_user: www-data + +- name: Compile messages + command: /var/www/note_kfet/env/bin/python manage.py compilemessages + args: + chdir: /var/www/note_kfet + become_user: www-data + +- name: Install initial fixtures + command: /var/www/note_kfet/env/bin/python manage.py loaddata initial + args: + chdir: /var/www/note_kfet + become_user: www-data