Newer
Older
- name: Install required packages
pacman:
state: present
name:
- asciidoc
- highlight
- make
- sudo
- uwsgi-plugin-cgi
- python-poetry
- gcc
- pkg-config
- name: Install the cgit package
pacman:
state: present
name:
- cgit-aurweb
register: cgit
- name: Install the git package
pacman:
state: present
name:
- git
register: git
user: name="{{ aurweb_user }}" shell=/bin/bash createhome=yes
- name: Github SSH configuration tasks
when: aurweb_environment_type == "prod"
block:
- name: Install SSH key for mirroring to GitHub
copy: src=id_ed25519.vault dest={{ aur_user.home }}/.ssh/id_ed25519 owner={{ aur_user.name }} group={{ aur_user.name }} mode=0600
- name: Fetch host keys for github.com
command: ssh-keyscan github.com
args:
creates: "{{ aur_user.home }}/.ssh/known_hosts"
register: github_host_keys
- name: Write github.com host keys to the aur user's known_hosts
lineinfile: name={{ aur_user.home }}/.ssh/known_hosts create=yes line={{ item }} owner={{ aur_user.name }} group={{ aur_user.name }} mode=0644
loop: "{{ github_host_keys.stdout_lines }}"
when: github_host_keys.changed
- name: Create directory
file: path={{ aurweb_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: Receive valid signing keys
command: /usr/bin/gpg --keyserver keys.openpgp.org --recv {{ item }}
loop: '{{ aurweb_pgp_keys }}'
become: true
become_user: "{{ aurweb_user }}"
register: gpg
changed_when: "gpg.rc == 0"
- name: Aurweb git repo check
git: >
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
version={{ aurweb_version }}
verify_commit=true
gpg_whitelist='{{ aurweb_pgp_keys }}'
- name: Install AUR systemd service and timers
template: src={{ item.name }}.j2 dest=/etc/systemd/system/{{ item.name }} owner=root group=root mode=0644
- "{{ aurweb_services }}"
- "{{ aurweb_timers }}"
when: release.changed and (item.install is not defined or item.install)
- name: Stop AUR systemd services and timers
service: name={{ item.name }} enabled=yes state=stopped
- "{{ aurweb_services }}"
- "{{ aurweb_timers }}"
when: release.changed and (item.restart is not defined or item.restart)
- name: Clone aurweb repo
git: >
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
version={{ aurweb_version }}
verify_commit=true
gpg_whitelist='{{ aurweb_pgp_keys }}'
become: true
become_user: "{{ aurweb_user }}"
when: release.changed
- name: Create necessary directories
file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755
with_items:
- 'aurblup'
- 'sessions'
- 'uploads'
- name: Create aurweb conf dir
Jakub Klinkovský
committed
file: path={{ aurweb_conf_dir }} state=directory owner=root group=root mode=0755
- name: Copy aurweb configuration file
Jakub Klinkovský
committed
copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes owner=root group=root mode=0644
- name: Configure robots.txt
copy: src=robots.txt dest="{{ aurweb_dir }}/robots.txt" owner=root group=root mode=0644
- name: Install goaurrpc configuration
template: src=goaurrpc.conf.j2 dest=/etc/goaurrpc.conf owner=root group=root mode=0644
Jakub Klinkovský
committed
# Note: initdb needs the config
- name: Install custom aurweb configuration
Jakub Klinkovský
committed
template: src=config.j2 dest={{ aurweb_conf_dir }}/config owner=root group=root mode=0644
mysql_db: name="{{ aurweb_db }}" login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}" encoding=utf8
- name: Create aur db user
mysql_user: name={{ aurweb_db_user }} password={{ vault_aurweb_db_password }}
login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}"
priv="{{ aurweb_db }}.*:ALL"
- name: Install python modules # noqa no-changed-when
command: poetry install
args:
chdir: "{{ aurweb_dir }}"
environment:
POETRY_VIRTUALENVS_IN_PROJECT: "true"
# https://github.com/python-poetry/poetry/issues/1917
PYTHON_KEYRING_BACKEND: "keyring.backends.null.Keyring"
become: true
become_user: "{{ aurweb_user }}"
- name: Initialize the database # noqa no-changed-when
command: poetry run python -m aurweb.initdb
args:
chdir: "{{ aurweb_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: db_created.changed
- name: Run migrations # noqa no-changed-when
command: poetry run alembic upgrade head
args:
chdir: "{{ aurweb_dir }}"
environment:
become: true
become_user: "{{ aurweb_user }}"
when: release.changed or db_created.changed
- name: Install custom aurweb-git-auth wrapper script
template: src=aurweb-git-auth.sh.j2 dest=/usr/local/bin/aurweb-git-auth.sh owner=root group=root mode=0755
when: release.changed
- name: Install custom aurweb-git-serve wrapper script
template: src=aurweb-git-serve.sh.j2 dest=/usr/local/bin/aurweb-git-serve.sh owner=root group=root mode=0755
when: release.changed
- name: Install custom aurweb-git-update wrapper script
template: src=aurweb-git-update.sh.j2 dest=/usr/local/bin/aurweb-git-update.sh owner=root group=root mode=0755
when: release.changed
# - name: Install aurweb-git-gc script
# template: src=aurweb-git-gc.sh.j2 dest=/usr/local/bin/aurweb-git-gc.sh owner=root group=root mode=0755
# when: release.changed
- name: Generate HTML documentation
make:
- name: Generate Translations
make:
chdir: "{{ aurweb_dir }}/po"
target: "install"
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ aurweb_domain }}"]
template: src=nginx.d.conf.j2 dest={{ aurweb_nginx_conf }} owner=root group=http mode=640
notify: Reload nginx
- name: Make nginx log dir
file: path=/var/log/nginx/{{ aurweb_domain }} state=directory owner=root group=root mode=0755
- name: Install cgit configuration
template: src=cgitrc.j2 dest="{{ aurweb_conf_dir }}/cgitrc" owner=root group=root mode=0644
- name: Configure cgit uwsgi service
template: src=cgit.ini.j2 dest=/etc/uwsgi/vassals/cgit.ini owner={{ aurweb_user }} group=http mode=0644
- name: Deploy new cgit release
become: true
become_user: "{{ aurweb_user }}"
file: path=/etc/uwsgi/vassals/cgit.ini state=touch owner={{ aurweb_user }} group=http mode=0644
- name: Configure smartgit uwsgi service
template: src=smartgit.ini.j2 dest=/etc/uwsgi/vassals/smartgit.ini owner={{ aurweb_user }} group=http mode=0644
- name: Deploy new smartgit release
become: true
become_user: "{{ aurweb_user }}"
file:
path: /etc/uwsgi/vassals/smartgit.ini
state: touch
owner: "{{ aurweb_user }}"
group: http
- name: Create git repo dir
file: path={{ aurweb_git_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: Init git directory # noqa command-instead-of-module
command: git init --bare {{ aurweb_git_dir }}
args:
creates: "{{ aurweb_git_dir }}/HEAD"
become: true
- name: Save hideRefs setting on var # noqa command-instead-of-module no-changed-when
command: git config --file config --get-all transfer.hideRefs
register: git_config
args:
chdir: "{{ aurweb_git_dir }}"
failed_when: git_config.rc == 2 # FIXME: does not work.
- name: Configure git tranfser.hideRefs # noqa command-instead-of-module no-changed-when
command: git config --local transfer.hideRefs '^refs/'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
when: git_config.stdout.find('^refs/') == -1
- name: Configure git transfer.hideRefs second # noqa command-instead-of-module no-changed-when
command: git config --local --add transfer.hideRefs '!refs/'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
when: git_config.stdout.find('!refs/') == -1
- name: Configure git transfer.hideRefs third # noqa command-instead-of-module no-changed-when
command: git config --local --add transfer.hideRefs '!HEAD'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
when: git_config.stdout.find('!HEAD') == -1
- name: Set git-receive-pack to explicitly check all received objects # noqa command-instead-of-module no-changed-when
command: git config --local receive.fsckobjects true
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{ aurweb_user }}"
- name: Link custom aurweb-git-update wrapper to hooks/update
file:
src: /usr/local/bin/aurweb-git-update.sh
dest: "{{ aurweb_dir }}/aur.git/hooks/update"
state: link
when: release.changed
- name: Configure sshd
template: src=aurweb_config.j2 dest=/etc/ssh/sshd_config.d/aurweb.conf owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
- name: Start and enable AUR systemd services and timers
systemd: name={{ item.name }} enabled=yes state=started daemon_reload=yes
- "{{ aurweb_services }}"
- "{{ aurweb_timers }}"
when: release.changed and (item.restart is not defined or item.restart)
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
- name: Generate and import dummy data
when: aurweb_environment_type == "dev"
block:
- name: Install packages for dummy data generation
pacman:
state: present
name:
- words
- fortune-mod
- name: Create data dir
file:
path: "{{ aurweb_dir }}/data"
state: directory
mode: "0755"
become: true
become_user: "{{ aurweb_user }}"
- name: Generate dummy data
command: poetry run schema/gendummydata.py data/dummy.sql
register: generated_data
args:
chdir: "{{ aurweb_dir }}"
creates: "{{ aurweb_dir }}/data/dummy.sql"
become: true
become_user: "{{ aurweb_user }}"
- name: Import dummy data
mysql_db:
name: "{{ aurweb_db }}"
login_host: "{{ aurweb_db_host }}"
login_password: "{{ vault_mariadb_users.root }}"
state: import
target: "{{ aurweb_dir }}/data/dummy.sql"
when: generated_data.changed