mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
harden-fluxbb-more
infrastructure/roles/flyspray/tasks/main.yml
Evangelos Foutras 578b781966
Capitalize the handler name in handler invocations 
Fixes: 26f289b72bfb ("Capitalize the first letter of all task names")
2022-08-29 21:46:39 +03:00

94 lines
3.1 KiB
YAML
Raw Permalink Blame History

- name: Run maintenance mode
include_role:
name: maintenance
vars:
service_name: "Bugtracker"
service_domain: "{{ flyspray_domain }}"
service_alternate_domains: []
service_nginx_conf: "{{ flyspray_nginx_conf }}"
when: maintenance is defined
- name: Install git
pacman: name=git state=present
- name: Make flyspray user
user: name="{{ flyspray_user }}" shell=/bin/false home="{{ flyspray_dir }}" createhome=no
register: user_created
- name: Fix home permissions
file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}" mode=0755
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ flyspray_domain }}"]
- name: Set up nginx
template: src=nginx.d.conf.j2 dest="{{ flyspray_nginx_conf }}" owner=root group=root mode=644
notify:
- Reload nginx
when: maintenance is not defined
tags: ['nginx']
- name: Install nginx migrated-tasks.map
copy: src=migrated-tasks.map dest=/etc/nginx/maps/ owner=root group=root mode=0644
- name: Make nginx log dir
file: path=/var/log/nginx/{{ flyspray_domain }} state=directory owner=root group=root mode=0755
- name: Create setup dir with write permissions
file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=755
when: not user_created.changed
- name: Clone flyspray repo
git:
repo: https://gitlab.archlinux.org/archlinux/flyspray.git
version: "{{ flyspray_commit }}"
dest: "{{ flyspray_dir }}"
become: true
become_user: "{{ flyspray_user }}"
register: release
- name: Take away setup dir write permissions
file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=000
- name: Configure flyspray
template: src=flyspray.conf.php.j2 dest=/srv/http/flyspray/flyspray.conf.php owner="{{ flyspray_user }}" group="{{ flyspray_user }}" mode=0660
register: config
no_log: true
- name: Create flyspray db
mysql_db: name="{{ flyspray_db }}" login_host="{{ flyspray_db_host }}" login_password="{{ vault_mariadb_users.root }}"
register: db_created
- name: Create flyspray db user
mysql_user: name={{ flyspray_db_user }} password={{ vault_flyspray_db_password }}
login_host="{{ flyspray_db_host }}" login_password="{{ vault_mariadb_users.root }}"
priv="{{ flyspray_db }}.*:ALL"
no_log: true
- name: Configure php-fpm
template:
src=php-fpm.conf.j2 dest="/etc/php7/php-fpm.d/{{ flyspray_user }}.conf"
owner=root group=root mode=0644
notify:
- Restart php-fpm7@flyspray
- name: Install fail2ban register ban filter
template: src=fail2ban.filter.j2 dest=/etc/fail2ban/filter.d/nginx-flyspray-register.local owner=root group=root mode=0644
notify:
- Restart fail2ban
tags:
- fail2ban
- name: Install fail2ban register ban jail
template: src=fail2ban.jail.j2 dest=/etc/fail2ban/jail.d/nginx-flyspray-register.local owner=root group=root mode=0644
notify:
- Restart fail2ban
tags:
- fail2ban
- name: Start and enable systemd socket
service: name=php-fpm7@flyspray.socket state=started enabled=true
View Git Blame Copy Permalink