56 lines
1.3 KiB
YAML
56 lines
1.3 KiB
YAML
---
|
|
- name: Set local facts
|
|
set_fact:
|
|
secure_download_dir: /var/cache/secure_download
|
|
|
|
- name: Copy webapp sources
|
|
synchronize:
|
|
src: checkouts/secure_download/
|
|
dest: /var/lib/secure_download/
|
|
group: no
|
|
owner: no
|
|
|
|
- name: Create secure download worker user and group
|
|
user:
|
|
name: uwsgi-secure-download
|
|
create_home: no
|
|
group: uwsgi
|
|
password: '!'
|
|
shell: /sbin/nologin
|
|
system: yes
|
|
|
|
- name: Template webapp config
|
|
template:
|
|
src: secure_download.cfg.j2
|
|
dest: /var/lib/secure_download/secure_download_prod.cfg
|
|
owner: uwsgi-secure-download
|
|
group: root
|
|
mode: 0660
|
|
|
|
- name: Copy uwsgi config
|
|
copy:
|
|
src: uwsgi-secure-download.ini
|
|
dest: /etc/uwsgi.d/secure-download.ini
|
|
owner: uwsgi-secure-download
|
|
group: uwsgi
|
|
mode: 440
|
|
|
|
- name: Enable uwsgi systemd socket
|
|
systemd:
|
|
daemon-reload: yes
|
|
name: uwsgi-app@secure-download.socket
|
|
enabled: yes
|
|
|
|
- name: Copy server dir tmpfiles.d config
|
|
template:
|
|
src: tmpfiles-secure-download.conf.j2
|
|
dest: /etc/tmpfiles.d/secure-download.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
register: sec_dl_tmpfiles_config
|
|
|
|
- name: Kick systemd tmpfiles service to create serve dir
|
|
command: systemd-tmpfiles --create
|
|
when: sec_dl_tmpfiles_config is changed
|
|
|