mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
aur_robots.txt
infrastructure/roles/aurweb/tasks/main.yml
Jelle van der Waa 8691ab7394
Disallow scraping the search results on the AUR 
As the queries for searching are the most 'heavy' queries we can
disallow bots to scrape through all search results. Archweb uses the
same robots.txt rules for disallowing indexing search results.
2020-09-02 21:53:48 +02:00

270 lines
7.9 KiB
YAML
Raw Permalink Blame History

---
- name: install required packages
pacman:
state: present
name:
- asciidoc
- highlight
- make
- php-memcached
- pyalpm
- python-alembic
- python-bleach
- python-markdown
- python-mysql-connector
- python-pygit2
- python-srcinfo
- sudo
- uwsgi-plugin-cgi
- name: install the cgit package
pacman:
state: present
name:
- cgit-aurweb
register: cgit
- name: install the git package
pacman:
state: present
name:
- git
register: git
- name: make aur user
user: name="{{ aurweb_user }}" shell=/bin/bash createhome=yes
- name: Create directory
file: path={{ aurweb_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: clone aurweb repo
git: >
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
version={{ aurweb_version }}
become: true
become_user: "{{ aurweb_user }}"
register: release
- name: clone Trusted User documentation repo
git: >
repo={{ tubylaws_repository }}
dest="{{ aurweb_dir }}/tu-bylaws"
version={{ tubylaws_version }}
become: true
become_user: "{{ aurweb_user }}"
register: tubylaws_release
- name: create necessary directories
file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755
with_items:
- 'aurblup'
- 'sessions'
- 'uploads'
- 'web/html/trusted-user'
- name: create aur db
mysql_db: name="{{ aurweb_db }}" login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}" encoding=utf8
register: db_created
no_log: true
- name: create aur db user
mysql_user: name={{ aurweb_db_user }} password={{ vault_aurweb_db_password }}
login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}"
priv="{{ aurweb_db }}.*:ALL"
no_log: true
- name: initialize the database
command: python aurweb/initdb.py
args:
chdir: "{{ aurweb_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: db_created.changed
- name: run migrations
command: alembic upgrade head
args:
chdir: "{{ aurweb_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: release.changed or db_created.changed
- name: create aurweb conf dir
file: path={{ aurweb_conf_dir }} state=directory owner=root group=root mode=0755
- name: copy aurweb configuration file
copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes owner=root group=root mode=0644
- name: install custom aurweb configuration
template: src=config.j2 dest={{ aurweb_conf_dir }}/config owner=root group=root mode=0644
- name: Install python module
command: "python3 setup.py install --install-scripts=/usr/local/bin"
args:
chdir: "{{ aurweb_dir }}"
creates: /usr/local/bin/aurweb-*
- name: Generate HTML documentation
make:
chdir: "{{ aurweb_dir }}/doc"
become: true
become_user: "{{ aurweb_user }}"
- name: Generate Translations
make:
chdir: "{{ aurweb_dir }}/po"
target: "install"
become: true
become_user: "{{ aurweb_user }}"
- name: Generate Trusted User documentation
make:
chdir: "{{ aurweb_dir }}/tu-bylaws"
become: true
become_user: "{{ aurweb_user }}"
when: tubylaws_release.changed
- name: Install Trusted User documentation
copy: src={{ aurweb_dir }}/tu-bylaws/tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/tu-bylaws.html remote_src=yes owner={{ aurweb_user }} group=http mode=0644
when: tubylaws_release.changed
- name: Install Trusted User documentation symlink
file: src=tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/TUbylaws.html state=link owner={{ aurweb_user }} group=http mode=0644
when: tubylaws_release.changed
- name: set up nginx
template: src=nginx.d.conf.j2 dest={{ aurweb_nginx_conf }} owner=root group=root mode=644
notify: reload nginx
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ aurweb_domain }} state=directory owner=root group=root mode=0755
- name: configure robots.txt
copy: src=robots.txt dest="{{ aurweb_dir }}/robots.txt" owner=aur group=http mode=0644
- name: configure php-fpm
template:
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ aurweb_user }}.conf"
owner=root group=root mode=0644
notify:
- restart php-fpm@{{ aurweb_user }}
- name: start and enable systemd socket
service: name=php-fpm@{{ aurweb_user }}.socket state=started enabled=true
- name: install cgit configuration
template: src=cgitrc.j2 dest="{{ aurweb_conf_dir }}/cgitrc" owner=root group=root mode=0644
- name: configure cgit uwsgi service
template: src=cgit.ini.j2 dest=/etc/uwsgi/vassals/cgit.ini owner={{ aurweb_user }} group=http mode=0644
- name: deploy new cgit release
become: true
become_user: "{{ aurweb_user }}"
file: path=/etc/uwsgi/vassals/cgit.ini state=touch owner=root group=root mode=0644
when: cgit.changed
- name: configure smartgit uwsgi service
template: src=smartgit.ini.j2 dest=/etc/uwsgi/vassals/smartgit.ini owner={{ aurweb_user }} group=http mode=0644
- name: deploy new smartgit release
become: true
become_user: "{{ aurweb_user }}"
file: path=/etc/uwsgi/vassals/smartgit.ini state=touch mode=preserve
when: git.changed
- name: create git repo dir
file: path={{ aurweb_git_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: init git directory
command: git init --bare {{ aurweb_git_dir }}
args:
creates: "{{ aurweb_git_dir }}/HEAD"
become: true
become_user: "{{ aurweb_user }}"
tags:
- skip_ansible_lint
- name: save hideRefs setting on var
command: git config --local --get-all transfer.hideRefs
register: git_config
args:
chdir: "{{ aurweb_git_dir }}"
failed_when: git_config.rc == 2 # FIXME: does not work.
tags:
- skip_ansible_lint
- name: configure git tranfser.hideRefs
command: git config --local transfer.hideRefs '^refs/'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: git_config.stdout.find('^refs/') == -1
tags:
- skip_ansible_lint
- name: configure git transfer.hideRefs second
command: git config --local --add transfer.hideRefs '!refs/'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: git_config.stdout.find('!refs/') == -1
tags:
- skip_ansible_lint
- name: configure git transfer.hideRefs third
command: git config --local --add transfer.hideRefs '!HEAD'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: git_config.stdout.find('!HEAD') == -1
tags:
- skip_ansible_lint
- name: create symlink for git hook
file:
src: "{{ aurweb_git_hook }}"
dest: "{{ aurweb_git_dir }}/hooks/update"
owner: root
group: root
mode: 0755
state: link
- name: install AUR systemd service and timers
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- aurweb-git.service
- aurweb-git.timer
- aurweb-aurblup.service
- aurweb-aurblup.timer
- aurweb-memcached.service
- aurweb-mkpkglists.service
- aurweb-mkpkglists.timer
- aurweb-pkgmaint.service
- aurweb-pkgmaint.timer
- aurweb-popupdate.service
- aurweb-popupdate.timer
- aurweb-tuvotereminder.service
- aurweb-tuvotereminder.timer
- name: start and enable AUR systemd services and timers
service: name={{ item }} enabled=yes state=started
with_items:
- aurweb-git.timer
- aurweb-aurblup.timer
- aurweb-memcached.service
- aurweb-mkpkglists.timer
- aurweb-pkgmaint.timer
- aurweb-popupdate.timer
- aurweb-tuvotereminder.timer
- name: configure sshd
template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
notify:
- restart sshd
View Git Blame Copy Permalink