🔧 Better Ansible script

2025-11-04 09:12:11 +01:00 · 2020-07-21 22:36:37 +02:00
parent 4761d46696
commit 5d70a809c2
7 changed files with 81 additions and 24 deletions
--- a/ansible/base.yml
+++ b/ansible/base.yml
@@ -7,4 +7,6 @@
    - 2-nk20
    - 3-pip
    - 4-nginx
-    - 5-psql
+    - 5-certbot
    - 6-psql
    - 7-postinstall
--- a/ansible/roles/1-apt-basic/tasks/main.yml
+++ b/ansible/roles/1-apt-basic/tasks/main.yml
@@ -12,6 +12,7 @@
      - python3-venv
      - git
      - acl
      - gettext
      - texlive-latex-extra
      - texlive-fonts-extra
      - texlive-lang-french
--- a/ansible/roles/4-nginx/tasks/main.yml
+++ b/ansible/roles/4-nginx/tasks/main.yml
@@ -1,20 +1,21 @@
 ---
- name: Copy example conf of Nginx
+- name: Copy conf of Nginx
-  command: cp /var/www/note_kfet/nginx_note.conf_example /var/www/note_kfet/nginx_note.conf
+  template:
    src: "nginx_note.conf"
    dest: /etc/nginx/sites-available/nginx_note.conf
    mode: 0644
    owner: www-data
    group: www-data
- name: Update Nginx conf
+- name: Enable Nginx site
  replace:
    path: /var/www/note_kfet/nginx_note.conf
    regexp: 'note.example.org'
    replace: 'bde-nk20-beta.adh.crans.org'
 - name: Copy conf to Nginx
  file:
-    src: /var/www/note_kfet/nginx_note.conf
+    src: /etc/nginx/sites-available/nginx_note.conf
    dest: /etc/nginx/sites-enabled/nginx_note.conf
    owner: www-data
    group: www-data
    state: link
- name: Copy conf to UWSGI
+- name: Copy conf of UWSGI
  file:
    src: /var/www/note_kfet/uwsgi_note.ini
    dest: /etc/uwsgi/apps-enabled/uwsgi_note.ini
--- a/ansible/roles/5-certbot/tasks/main.yml
+++ b/ansible/roles/5-certbot/tasks/main.yml
@@ -0,0 +1,21 @@
 ---
 - name: Install basic APT packages
  apt:
    update_cache: true
    name:
      - certbot
      - python3-certbot-nginx
  register: pkg_result
  retries: 3
  until: pkg_result is succeeded
 - name: Create /etc/letsencrypt/conf.d
  file:
    path: /etc/letsencrypt/conf.d
    state: directory
 - name: Add Certbot configuration
  template:
    src: "letsencrypt/conf.d/nk20.ini.j2"
    dest: "/etc/letsencrypt/conf.d/nk20.ini"
    mode: 0644
--- a/ansible/roles/5-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
+++ b/ansible/roles/5-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
@@ -0,0 +1,20 @@
 {{ ansible_managed | comment }}
 # To generate the certificate, please use the following command
 # certbot --config /etc/letsencrypt/conf.d/nk20.ini certonly
 # Use a 4096 bit RSA key instead of 2048
 rsa-key-size = 4096
 # Always use the staging/testing server
 # server = https://acme-staging.api.letsencrypt.org/directory
 # Uncomment and update to register with the specified e-mail address
 email = notekfet2020@lists.crans.org
 # Uncomment to use a text interface instead of ncurses
 text = True
 # Use DNS-01 challenge
 authenticator = nginx
--- a/ansible/roles/6-psql/tasks/main.yml
+++ b/ansible/roles/6-psql/tasks/main.yml
@@ -25,15 +25,3 @@
    name: note_db
    owner: note
  become_user: postgres
 - name: Make Django migrations
  command: /var/www/note_kfet/env/bin/python manage.py makemigrations
  args:
    chdir: /var/www/note_kfet
  become_user: www-data
 - name: Migrate Django database
  command: /var/www/note_kfet/env/bin/python manage.py migrate
  args:
    chdir: /var/www/note_kfet
  become_user: www-data
--- a/ansible/roles/7-postinstall/tasks/main.yml
+++ b/ansible/roles/7-postinstall/tasks/main.yml
@@ -0,0 +1,24 @@
 ---
 - name: Make Django migrations
  command: /var/www/note_kfet/env/bin/python manage.py makemigrations
  args:
    chdir: /var/www/note_kfet
  become_user: www-data
 - name: Migrate Django database
  command: /var/www/note_kfet/env/bin/python manage.py migrate
  args:
    chdir: /var/www/note_kfet
  become_user: www-data
 - name: Compile messages
  command: /var/www/note_kfet/env/bin/python manage.py compilemessages
  args:
    chdir: /var/www/note_kfet
  become_user: www-data
 - name: Install initial fixtures
  command: /var/www/note_kfet/env/bin/python manage.py loaddata initial
  args:
    chdir: /var/www/note_kfet
  become_user: www-data