mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-05 10:36:03 +02:00
4112bdf9fd
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
273 lines
11 KiB
YAML
273 lines
11 KiB
YAML
---
|
|
- name: run maintenance mode
|
|
include_role:
|
|
name: maintenance
|
|
vars:
|
|
service_name: "site"
|
|
service_domain: "{{ archweb_domain }}"
|
|
service_alternate_domains: "{{ archweb_alternate_domains }}"
|
|
service_nginx_conf: "{{ archweb_nginx_conf }}"
|
|
service_nginx_template: "maintenance-nginx.d.conf.j2"
|
|
when: maintenance is defined and archweb_site
|
|
|
|
- name: install required packages
|
|
pacman: name=git,python-setuptools,python-psycopg2,llvm-libs,uwsgi-plugin-python state=present
|
|
|
|
- name: make archweb user
|
|
user: name=archweb shell=/bin/false home="{{ archweb_dir }}" createhome=no
|
|
|
|
- name: fix home permissions
|
|
file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"
|
|
|
|
- name: set archweb groups
|
|
user: name=archweb groups=uwsgi
|
|
when: archweb_site|bool
|
|
|
|
- name: set up nginx
|
|
template: src=nginx.d.conf.j2 dest="{{ archweb_nginx_conf }}" owner=root group=root mode=644
|
|
notify: reload nginx
|
|
when: archweb_site|bool and maintenance is not defined
|
|
tags: ['nginx']
|
|
|
|
- name: make nginx log dir
|
|
file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=root mode=0755
|
|
when: archweb_site|bool
|
|
|
|
- name: make rsync iso dir
|
|
file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb mode=0755
|
|
when: archweb_site|bool
|
|
|
|
- name: clone archweb repo
|
|
git: >
|
|
repo={{ archweb_repository }}
|
|
dest="{{ archweb_dir }}"
|
|
version={{ archweb_version }}
|
|
verify_commit=true
|
|
gpg_whitelist={{ archweb_pgp_key }}
|
|
become: true
|
|
become_user: archweb
|
|
register: release
|
|
|
|
- name: make virtualenv
|
|
command: python -m venv --system-site-packages "{{ archweb_dir }}"/env creates="{{ archweb_dir }}/env/bin/python"
|
|
become: true
|
|
become_user: archweb
|
|
|
|
- name: install stuff into virtualenv
|
|
pip: requirements="{{ archweb_dir }}/requirements_prod.txt" virtualenv="{{ archweb_dir }}/env"
|
|
become: true
|
|
become_user: archweb
|
|
register: virtualenv
|
|
|
|
- name: create media dir
|
|
file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}/media"
|
|
when: archweb_site|bool
|
|
|
|
- name: fix home permissions
|
|
file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"
|
|
|
|
- name: configure archweb
|
|
template: src=local_settings.py.j2 dest={{ archweb_dir }}/local_settings.py owner=archweb group=archweb mode=0660
|
|
register: config
|
|
no_log: true
|
|
|
|
- name: create archweb db users
|
|
postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
|
|
no_log: true
|
|
when: archweb_site or archweb_services
|
|
with_items:
|
|
- { user: "{{ archweb_db_site_user }}", password: "{{ vault_archweb_db_site_password }}" }
|
|
- { user: "{{ archweb_db_services_user }}", password: "{{ vault_archweb_db_services_password }}" }
|
|
- { user: "{{ archweb_db_dbscripts_user }}", password: "{{ vault_archweb_db_dbscripts_password }}" }
|
|
- { user: "{{ archweb_db_backup_user }}", password: "{{ vault_archweb_db_backup_password }}" }
|
|
|
|
- name: create archweb db
|
|
postgresql_db: name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
|
|
when: archweb_site or archweb_services
|
|
register: db_created
|
|
|
|
- name: django migrate
|
|
django_manage: app_path="{{ archweb_dir }}" command=migrate virtualenv="{{ archweb_dir }}/env"
|
|
become: true
|
|
become_user: archweb
|
|
when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
|
|
|
|
- name: db privileges for archweb users
|
|
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
|
|
privs=CONNECT roles="{{ item }}" type=database
|
|
when: archweb_site or archweb_services
|
|
with_items:
|
|
- "{{ archweb_db_services_user }}"
|
|
- "{{ archweb_db_dbscripts_user }}"
|
|
- "{{ archweb_db_backup_user }}"
|
|
|
|
- name: table privileges for archweb users
|
|
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
|
|
privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
|
|
when: archweb_site or archweb_services
|
|
with_items:
|
|
- { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_table_objs }}" }
|
|
- { user: "{{ archweb_db_dbscripts_user }}", objs: "{{ archweb_db_dbscripts_table_objs }}" }
|
|
- { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" }
|
|
|
|
- name: sequence privileges for archweb users
|
|
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
|
|
privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
|
|
when: archweb_site or archweb_services
|
|
with_items:
|
|
- { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_sequence_objs }}" }
|
|
- { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_sequence_objs }}" }
|
|
|
|
- name: django collectstatic
|
|
django_manage: app_path="{{ archweb_dir }}" command=collectstatic virtualenv="{{ archweb_dir }}/env"
|
|
become: true
|
|
become_user: archweb
|
|
when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
|
|
|
|
- name: install reporead service
|
|
template: src="archweb-reporead.service.j2" dest="/etc/systemd/system/archweb-reporead.service" owner=root group=root mode=0644
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_services or archweb_reporead
|
|
|
|
- name: install mirrorcheck service and timer
|
|
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- archweb-mirrorcheck.service
|
|
- archweb-mirrorcheck.timer
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_services or archweb_mirrorcheck
|
|
|
|
- name: install mirrorresolv service and timer
|
|
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- archweb-mirrorresolv.service
|
|
- archweb-mirrorresolv.timer
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_services or archweb_mirrorresolv
|
|
|
|
- name: install populate_signoffs service and timer
|
|
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- archweb-populate_signoffs.service
|
|
- archweb-populate_signoffs.timer
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_services or archweb_populate_signoffs
|
|
|
|
- name: install planet service and timer
|
|
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- archweb-planet.service
|
|
- archweb-planet.timer
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_planet
|
|
|
|
- name: install rebuilderd status service and timer
|
|
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- archweb-rebuilderd.service
|
|
- archweb-rebuilderd.timer
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_site
|
|
|
|
- name: install pgp_import service
|
|
template: src="archweb-pgp_import.service.j2" dest="/etc/systemd/system/archweb-pgp_import.service" owner=root group=root mode=0644
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_services or archweb_pgp_import
|
|
|
|
- name: create pacman.d hooks dir
|
|
file: state=directory owner=root group=root mode=0750 path="/etc/pacman.d/hooks"
|
|
when: archweb_services or archweb_pgp_import
|
|
|
|
- name: install pgp_import hook
|
|
template: src="archweb-pgp_import-pacman-hook.j2" dest="/etc/pacman.d/hooks/archweb-pgp_import.hook" owner=root group=root mode=0644
|
|
when: archweb_services or archweb_pgp_import
|
|
|
|
- name: install archweb memcached service
|
|
template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_site|bool
|
|
|
|
- name: install archweb rsync iso service and timer
|
|
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- archweb-rsync_iso.service
|
|
- archweb-rsync_iso.timer
|
|
notify:
|
|
- daemon reload
|
|
when: archweb_site|bool
|
|
|
|
- name: deploy archweb
|
|
template: src=archweb.ini.j2 dest=/etc/uwsgi/vassals/archweb.ini owner=archweb group=http mode=0640
|
|
when: archweb_site|bool
|
|
|
|
- name: deploy new release
|
|
file: path=/etc/uwsgi/vassals/archweb.ini state=touch owner=archweb group=http mode=0640
|
|
when: archweb_site and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
|
|
notify: restart archweb memcached
|
|
|
|
- name: start and enable archweb memcached service and archweb-rsync_iso timer
|
|
systemd:
|
|
name: "{{ item }}"
|
|
enabled: true
|
|
state: started
|
|
daemon_reload: true
|
|
with_items:
|
|
- archweb-memcached.service
|
|
- archweb-rsync_iso.timer
|
|
when: archweb_site|bool
|
|
|
|
- name: start and enable archweb reporead service
|
|
service: name="archweb-reporead.service" enabled=yes state=started
|
|
when: archweb_services or archweb_reporead
|
|
|
|
- name: restart archweb reporead service
|
|
service: name="archweb-reporead.service" state=restarted
|
|
when: archweb_services or archweb_reporead and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
|
|
|
|
- name: start and enable archweb mirrorcheck timer
|
|
service: name="archweb-mirrorcheck.timer" enabled=yes state=started
|
|
when: archweb_services or archweb_mirrorcheck
|
|
|
|
- name: start and enable archweb mirrorresolv timer
|
|
service: name="archweb-mirrorresolv.timer" enabled=yes state=started
|
|
when: archweb_services or archweb_mirrorresolv
|
|
|
|
- name: start and enable archweb populate_signoffs timer
|
|
service: name="archweb-populate_signoffs.timer" enabled=yes state=started
|
|
when: archweb_services or archweb_populate_signoffs
|
|
|
|
- name: start and enable archweb planet timer
|
|
service: name="archweb-planet.timer" enabled=yes state=started
|
|
when: archweb_planet
|
|
|
|
- name: start and enable archweb rebulderd update timer
|
|
service: name="archweb-rebuilderd.timer" enabled=yes state=started
|
|
when: archweb_site
|
|
|
|
- name: install donation import wrapper script
|
|
template: src=donor_import_wrapper.sh.j2 dest=/usr/local/bin/donor_import_wrapper.sh owner=root group=root mode=0755
|
|
|
|
- name: install sudoer rights for fetchmail to call archweb django scripts
|
|
template: src=sudoers-fetchmail-archweb.j2 dest=/etc/sudoers.d/fetchmail-archweb owner=root group=root mode=0440
|
|
|
|
- name: create retro dir
|
|
file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_retro_dir }}"
|
|
when: archweb_site|bool
|
|
|
|
- name: clone archweb-retro repo
|
|
git:
|
|
repo: "{{ archweb_retro_repository }}"
|
|
dest: "{{ archweb_retro_dir }}"
|
|
version: "{{ archweb_retro_commit_hash }}"
|
|
become: true
|
|
become_user: archweb
|
|
when: archweb_site|bool
|