jaseg/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix playbooks for clean re-deploy

Browse source
This commit is contained in:
jaseg 2021-12-07 16:53:18 +01:00
parent ab91420bb6
commit 591b7b8aac
14 changed files with 364 additions and 320 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitmodules vendored
View file

@ -13,3 +13,6 @@
[submodule "checkouts/vcd-render"]
path = checkouts/vcd-render
url = git@git.jaseg.de:vcd-render.git
[submodule "checkouts/gitolite-admin"]
path = checkouts/gitolite-admin
url = git@git.jaseg.de:gitolite-admin.git

4
bootstrap_arch_container.yml
View file

@ -13,9 +13,9 @@
- name: Download arch bootstrap image
get_url:
url: http://mirror.rackspace.com/archlinux/iso/2021.02.01/archlinux-bootstrap-2021.02.01-x86_64.tar.gz
url: http://mirror.rackspace.com/archlinux/iso/2021.12.01/archlinux-bootstrap-2021.12.01-x86_64.tar.gz
dest: /tmp/arch-bootstrap.tar.xz
checksum: sha256:90afa6b420f5d171de71fdd11fc4f10a4ef30fdf61e4f3733958bea7bdbc0fa9
checksum: sha256:d3d6d346001cd8a202fe5cc895897b54cc0edfc96790dd8d56888389d8a810e7
when: create_container is changed
- name: Create container image filesystem

1
checkouts/gitolite-admin Submodule

@ -0,0 +1 @@
Subproject commit ed4120795750731d9b05c5e24f09be5ad72ef216

2
inventory.yml
View file

@ -2,7 +2,7 @@
all:
hosts:
wendelstein:
ansible_host: wendelstein.jaseg.net
ansible_host: wendelstein.jaseg.de
ansible_ssh_identity_file: ~/.ssh/id_ed25519
ansible_user: root
ansible_python_interpreter: /usr/bin/python3

396
nginx.conf
View file

@ -38,51 +38,51 @@ http {
server {
listen 80;
listen [::]:80;
server_name .jaseg.net;
server_name .jaseg.de;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name gerbolyze.jaseg.net;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/gerbolyze.jaseg.net/privkey.pem";
ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_stapling on;
ssl_stapling_verify on;
resolver 67.207.67.2 67.207.67.3 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=86400";
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ^~ /static/ {
root /var/lib/gerboweb;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/gerboweb.socket;
}
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name gerbolyze.jaseg.net;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem";
# ssl_certificate_key "/etc/letsencrypt/live/gerbolyze.jaseg.net/privkey.pem";
# ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
# include /etc/letsencrypt/options-ssl-nginx.conf;
#
# ssl_stapling on;
# ssl_stapling_verify on;
#
# resolver 67.207.67.2 67.207.67.3 valid=300s;
# resolver_timeout 10s;
#
# add_header Strict-Transport-Security "max-age=86400";
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location ^~ /static/ {
# root /var/lib/gerboweb;
# }
#
# location / {
# include uwsgi_params;
# uwsgi_pass unix:/run/uwsgi/gerboweb.socket;
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# root /usr/share/nginx/html;
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# }
server {
listen 443 ssl http2;
@ -188,170 +188,170 @@ http {
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name kochbuch.jaseg.net;
root /usr/share/nginx/html;
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name kochbuch.jaseg.de;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/letsencrypt/live/kochbuch.jaseg.de/fullchain.pem";
# ssl_certificate_key "/etc/letsencrypt/live/kochbuch.jaseg.de/privkey.pem";
# ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
# include /etc/letsencrypt/options-ssl-nginx.conf;
#
# ssl_stapling on;
# ssl_stapling_verify on;
#
# resolver 67.207.67.2 67.207.67.3 valid=300s;
# resolver_timeout 10s;
#
# add_header Strict-Transport-Security "max-age=86400";
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# auth_basic "blubb";
# auth_basic_user_file /etc/nginx/kochbuch.htpasswd;
# root /var/www/kochbuch.jaseg.de;
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# root /usr/share/nginx/html;
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# }
ssl_certificate "/etc/letsencrypt/live/kochbuch.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/kochbuch.jaseg.net/privkey.pem";
ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
include /etc/letsencrypt/options-ssl-nginx.conf;
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name pogojig.jaseg.net;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/letsencrypt/live/pogojig.jaseg.net/fullchain.pem";
# ssl_certificate_key "/etc/letsencrypt/live/pogojig.jaseg.net/privkey.pem";
# ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
# include /etc/letsencrypt/options-ssl-nginx.conf;
#
# ssl_stapling on;
# ssl_stapling_verify on;
#
# resolver 67.207.67.2 67.207.67.3 valid=300s;
# resolver_timeout 10s;
# client_max_body_size 10M;
#
# add_header Strict-Transport-Security "max-age=86400";
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location ^~ /pogospace/ {
# root /var/lib/pogojig/pogospace;
# }
#
# location / {
# include uwsgi_params;
# uwsgi_pass unix:/run/uwsgi/pogojig.socket;
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# root /usr/share/nginx/html;
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# }
ssl_stapling on;
ssl_stapling_verify on;
resolver 67.207.67.2 67.207.67.3 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=86400";
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
auth_basic "blubb";
auth_basic_user_file /etc/nginx/kochbuch.htpasswd;
root /var/www/kochbuch.jaseg.net;
}
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name tracespace.jaseg.net;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/letsencrypt/live/tracespace.jaseg.net/fullchain.pem";
# ssl_certificate_key "/etc/letsencrypt/live/tracespace.jaseg.net/privkey.pem";
# ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
# include /etc/letsencrypt/options-ssl-nginx.conf;
#
# ssl_stapling on;
# ssl_stapling_verify on;
#
# resolver 67.207.67.2 67.207.67.3 valid=300s;
# resolver_timeout 10s;
#
# add_header Strict-Transport-Security "max-age=86400";
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# root /var/www/tracespace.jaseg.net;
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# root /usr/share/nginx/html;
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# }
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name openjscad.jaseg.net;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/letsencrypt/live/openjscad.jaseg.net/fullchain.pem";
# ssl_certificate_key "/etc/letsencrypt/live/openjscad.jaseg.net/privkey.pem";
# ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
# include /etc/letsencrypt/options-ssl-nginx.conf;
#
# ssl_stapling on;
# ssl_stapling_verify on;
#
# resolver 67.207.67.2 67.207.67.3 valid=300s;
# resolver_timeout 10s;
#
# add_header Strict-Transport-Security "max-age=86400";
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# root /var/www/openjscad.jaseg.net;
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# root /usr/share/nginx/html;
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# }
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pogojig.jaseg.net;
server_name vcdrender.jaseg.de;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/pogojig.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/pogojig.jaseg.net/privkey.pem";
ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_stapling on;
ssl_stapling_verify on;
resolver 67.207.67.2 67.207.67.3 valid=300s;
resolver_timeout 10s;
client_max_body_size 10M;
add_header Strict-Transport-Security "max-age=86400";
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ^~ /pogospace/ {
root /var/lib/pogojig/pogospace;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/pogojig.socket;
}
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tracespace.jaseg.net;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/tracespace.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/tracespace.jaseg.net/privkey.pem";
ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_stapling on;
ssl_stapling_verify on;
resolver 67.207.67.2 67.207.67.3 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=86400";
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
root /var/www/tracespace.jaseg.net;
}
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name openjscad.jaseg.net;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/openjscad.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/openjscad.jaseg.net/privkey.pem";
ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_stapling on;
ssl_stapling_verify on;
resolver 67.207.67.2 67.207.67.3 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=86400";
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
root /var/www/openjscad.jaseg.net;
}
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name vcdrender.jaseg.net;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/vcdrender.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/vcdrender.jaseg.net/privkey.pem";
ssl_certificate "/etc/letsencrypt/live/vcdrender.jaseg.de/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/vcdrender.jaseg.de/privkey.pem";
ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
include /etc/letsencrypt/options-ssl-nginx.conf;

155
playbook.yml
View file

@ -1,34 +1,34 @@
- name: DNS setup
hosts: localhost
tags: dns
module_defaults:
inwx:
username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}"
password: "{{lookup('ini', 'pass section=inwx file=credentials.ini')}}"
vars:
subdomains:
- git.jaseg.net
- git.jaseg.de
- blog.jaseg.net
- blog.jaseg.de
- kochbuch.jaseg.net
- gerbolyze.jaseg.net
- tracespace.jaseg.net
- openjscad.jaseg.net
- pogojig.jaseg.net
- automation.jaseg.de
- dyndns.jaseg.de
fastmail_domains:
- jaseg.net
- jaseg.de
tasks:
- name: Gather wendelstein facts
setup:
delegate_to: wendelstein
delegate_facts: True
- name: Setup DNS
include_tasks: dns.yml
#- name: DNS setup
# hosts: localhost
# tags: dns
# module_defaults:
# inwx:
# username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}"
# password: "{{lookup('ini', 'pass section=inwx file=credentials.ini')}}"
# vars:
# subdomains:
# - git.jaseg.net
# - git.jaseg.de
# - blog.jaseg.net
# - blog.jaseg.de
# - kochbuch.jaseg.net
# - gerbolyze.jaseg.net
# - tracespace.jaseg.net
# - openjscad.jaseg.net
# - pogojig.jaseg.net
# - automation.jaseg.de
# - dyndns.jaseg.de
# fastmail_domains:
# - jaseg.net
# - jaseg.de
# tasks:
# - name: Gather wendelstein facts
# setup:
# delegate_to: wendelstein
# delegate_facts: True
#
# - name: Setup DNS
# include_tasks: dns.yml
- name: Wendelstein setup
@ -37,7 +37,7 @@
- name: Set hostname
tags: setup
hostname:
name: wendelstein.jaseg.net
name: wendelstein.jaseg.de
- name: Install common admin tools
tags: setup
@ -48,7 +48,7 @@
- name: Install host requisites
tags: setup
dnf:
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd,python3-virtualenv
state: latest
- name: Disable password-based root login
@ -82,17 +82,17 @@
enabled: yes
state: started
- name: Create containers
tags: setup
include_tasks:
file: setup_containers.yml
apply:
tags: setup
vars:
containers:
- gerboweb
- clippy
- pogojig
# - name: Create containers
# tags: setup
# include_tasks:
# file: setup_containers.yml
# apply:
# tags: setup
# vars:
# containers:
# - gerboweb
# - clippy
# - pogojig
- name: Setup web server
tags: www
@ -101,19 +101,19 @@
apply:
tags: www
- name: Setup gerboweb
tags: gerboweb
include_tasks:
file: setup_gerboweb.yml
apply:
tags: gerboweb
# - name: Setup gerboweb
# tags: gerboweb
# include_tasks:
# file: setup_gerboweb.yml
# apply:
# tags: gerboweb
- name: Setup clippy
tags: clippy
include_tasks:
file: setup_clippy.yml
apply:
tags: clippy
# - name: Setup clippy
# tags: clippy
# include_tasks:
# file: setup_clippy.yml
# apply:
# tags: clippy
- name: Setup secure download
tags: secure-download
@ -122,26 +122,26 @@
apply:
tags: secure-download
- name: Setup tracespace
tags: pogojig
include_tasks:
file: setup_tracespace.yml
apply:
tags: pogojig
# - name: Setup tracespace
# tags: pogojig
# include_tasks:
# file: setup_tracespace.yml
# apply:
# tags: pogojig
- name: Setup openjscad
tags: pogojig
include_tasks:
file: setup_openjscad.yml
apply:
tags: pogojig
# - name: Setup openjscad
# tags: pogojig
# include_tasks:
# file: setup_openjscad.yml
# apply:
# tags: pogojig
- name: Setup pogojig
tags: pogojig
include_tasks:
file: setup_pogojig.yml
apply:
tags: pogojig
# - name: Setup pogojig
# tags: pogojig
# include_tasks:
# file: setup_pogojig.yml
# apply:
# tags: pogojig
- name: Setup notification proxy
tags: notification-proxy
@ -164,3 +164,10 @@
file: setup_dyndns.yml
apply:
tags: dyndns
- name: Setup vcd-to-8-segment-svg render thingy for TUD's WS2021 LE course
tags: vcdrender
include_tasks:
file: setup_vcd_render.yml
apply:
tags: vcdrender

6
setup_dyndns.yml
View file

@ -11,6 +11,12 @@
group: root
mode: 0644
- name: Disable systemd-resolved
systemd:
name: systemd-resolved.service
enabled: no
state: stopped
- name: Enable and launch nsd systemd service
systemd:
name: nsd.service

71
setup_git.yml
View file

@ -1,6 +1,10 @@
- name: Set local facts
set_fact:
gitolite_ssh_key: ~/.ssh/id_ed25519.gitolite
- name: Install host requisites
dnf:
name: cgit,gitolite3,python3-pygments,python3-docutils,nodejs-markdown,python3-markdown
name: cgit,gitolite3,python3-pygments,python3-docutils,python3-markdown
state: latest
- name: Copy cgit logo
@ -47,6 +51,7 @@
daemon-reload: yes
name: uwsgi-app@cgit.socket
enabled: yes
state: started
- name: Check if gitolite ssh config exists
stat:
@ -57,7 +62,7 @@
block:
- name: Copy gitolite admin pubkey
copy:
src: ~/.ssh/id_ed25519.gitolite.pub
src: "{{gitolite_ssh_key}}.pub"
dest: /tmp/jaseg-gitolite.pub
owner: gitolite3
group: gitolite3
@ -90,16 +95,6 @@
groups: gitolite3
append: yes
- name: Allow cgit uwsgi user to access gitolite repos
file:
path: /var/lib/gitolite3/repositories
mode: 0750
- name: Allow cgit uwsgi user to gitolite repo list
file:
path: /var/lib/gitolite3/projects.list
mode: 0640
- name: Copy gitolite rc
copy:
src: gitolite.rc
@ -108,6 +103,30 @@
group: gitolite3
mode: 0600
- name: Query system user account info
getent:
database: passwd
key: gitolite3
- name: Create git alias user
user:
name: git
create_home: no
group: gitolite3
password: '!'
comment: Alias for gitolite3 user
shell: "{{ getent_passwd['gitolite3'][5] }}"
system: yes
non_unique: yes
home: "{{ getent_passwd['gitolite3'][4] }}"
uid: "{{ getent_passwd['gitolite3'][1] }}"
- name: Upload gitolite-admin repo
command: env "GIT_SSH_COMMAND=ssh -i {{gitolite_ssh_key}}" git push --force git@{{ansible_hostname}}:gitolite-admin.git master
args:
chdir: checkouts/gitolite-admin
delegate_to: localhost
- name: Create gitolite hook dir
file:
path: /var/lib/gitolite3/local/hooks/repo-specific
@ -132,27 +151,19 @@
group: gitolite3
mode: 0570
- name: Query system user account info
getent:
database: passwd
key: gitolite3
- name: Create git alias user
user:
name: git
create_home: no
group: gitolite3
password: '!'
comment: Alias for gitolite3 user
shell: "{{ getent_passwd['gitolite3'][5] }}"
system: yes
non_unique: yes
home: "{{ getent_passwd['gitolite3'][4] }}"
uid: "{{ getent_passwd['gitolite3'][1] }}"
- name: Hack to fix cgit handling for restructuredtext readmes
file:
src: /usr/bin/rst2html
dest: /usr/bin/rst2html.py
state: link
- name: Allow cgit uwsgi user to access gitolite repos
file:
path: /var/lib/gitolite3/repositories
mode: 0750
- name: Allow cgit uwsgi user to gitolite repo list
file:
path: /var/lib/gitolite3/projects.list
mode: 0640

2
setup_secure_download.yml
View file

@ -5,7 +5,7 @@
- name: Copy webapp sources
synchronize:
src: checkouts/secure_download/
src: checkouts/secure-download/
dest: /var/lib/secure_download/
group: no
owner: no

21
setup_vcd_render.yml
View file

@ -3,6 +3,11 @@
set_fact:
vcdrender_cache: /var/cache/vcd-render
- name: Install host requisites
dnf:
name: python3-lxml
state: latest
- name: Copy webapp sources
synchronize:
src: checkouts/vcd-render/
@ -11,6 +16,15 @@
group: no
owner: no
- name: Setup webapp python requirements
pip:
name:
- beautifulsoup4
- flask
- vcdvcd
virtualenv: /var/lib/vcd-render/venv
virtualenv_site_packages: true
- name: Create uwsgi worker user and group
user:
name: uwsgi-vcdrender
@ -23,8 +37,8 @@
- name: Template webapp config
template:
src: vcdrender.cfg.j2
dest: /var/lib/pogojig/pogojig_prod.cfg
owner: uwsgi-pogojig
dest: /var/lib/vcd-render/vcdrender_prod.cfg
owner: uwsgi-vcdrender
group: root
mode: 0660
@ -41,6 +55,7 @@
daemon-reload: yes
name: uwsgi-app@vcdrender.socket
enabled: yes
state: started
# FIXME the socket doesn't seem to work properly
- name: Enable uwsgi systemd service
@ -49,7 +64,7 @@
name: uwsgi-app@vcdrender.service
enabled: yes
- name: Copy pogojig cache dir tmpfiles.d config
- name: Copy vcdrender cache dir tmpfiles.d config
template:
src: tmpfiles-vcdrender.conf.j2
dest: /etc/tmpfiles.d/vcdrender.conf

16
setup_webserver.yml
View file

@ -20,8 +20,8 @@
- git.jaseg.de
- blog.jaseg.de
- kochbuch.jaseg.net
- tracespace.jaseg.net
- openjscad.jaseg.net
# - tracespace.jaseg.net
# - openjscad.jaseg.net
- automation.jaseg.de
- name: Create blog content dir
@ -61,15 +61,15 @@
- git.jaseg.de
- blog.jaseg.net
- blog.jaseg.de
- kochbuch.jaseg.net
- kochbuch.jaseg.de
- gerbolyze.jaseg.net
- tracespace.jaseg.net
- openjscad.jaseg.net
- pogojig.jaseg.net
- automation.jaseg.de
- dyndns.jaseg.de
- vcdrender.jaseg.de
# - kochbuch.jaseg.de
# - kochbuch.jaseg.net
# - gerbolyze.jaseg.net
# - tracespace.jaseg.net
# - openjscad.jaseg.net
# - pogojig.jaseg.net
- name: Copy final nginx config
copy:

2
tmpfiles-secure-download.conf.j2
View file

@ -1 +1 @@
d {{secure_download_dir}} 770 uwsgi-download uwsgi 45d
d {{secure_download_dir}} 770 uwsgi-secure-download uwsgi 45d

3
uwsgi-vcdrender.ini
View file

@ -5,6 +5,7 @@ die-on-idle = False
manage-script-name = True
plugins = python3
chdir = /var/lib/vcd-render
mount = /=pogojig:app
mount = /=8seg_vcd_render:app
env = VCD8SEG_SETTINGS=vcdrender_prod.cfg
home = /var/lib/vcd-render/venv

2
vcdrender.cfg.j2
View file

@ -1,2 +1,2 @@
SECRET_KEY="{{lookup('password', 'vcdrender_flask_secret.txt length=32')}}"
UPLOAD_PATH="{{pogojig_cache}}/upload"
UPLOAD_PATH="{{vcdrender_cache}}/upload"