Misc changes. Move up to fedora 30, add gerbolyze, secure download

setup_secure_download.yml

@@ -0,0 +1,57 @@
+---
+- name: Set local facts
+  set_fact:
+    secure_download_dir: /var/cache/secure_download
+
+- name: Copy webapp sources
+  synchronize:
+    # FIXME: make this path configurable
+      src: ~/secure_download/
+      dest: /var/lib/secure_download/
+      group: no
+      owner: no
+
+- name: Create secure download worker user and group
+  user:
+      name: uwsgi-secure-download
+      create_home: no
+      group: uwsgi
+      password: '!'
+      shell: /sbin/nologin
+      system: yes
+
+- name: Template webapp config
+  template:
+    src: secure_download.cfg.j2
+    dest: /var/lib/secure_download/secure_download_prod.cfg
+    owner: uwsgi-secure-download
+    group: root
+    mode: 0660
+
+- name: Copy uwsgi config
+  copy:
+      src: uwsgi-secure-download.ini
+      dest: /etc/uwsgi.d/secure-download.ini
+      owner: uwsgi-secure-download
+      group: uwsgi
+      mode: 440
+
+- name: Enable uwsgi systemd socket
+  systemd:
+      daemon-reload: yes
+      name: uwsgi-app@secure-download.socket
+      enabled: yes
+
+- name: Copy server dir tmpfiles.d config
+  template:
+      src: tmpfiles-secure-download.conf.j2
+      dest: /etc/tmpfiles.d/secure-download.conf
+      owner: root
+      group: root
+      mode: 0644
+  register: sec_dl_tmpfiles_config
+
+- name: Kick systemd tmpfiles service to create serve dir
+  command: systemd-tmpfiles --create
+  when: sec_dl_tmpfiles_config is changed
+