Verified Commit 4058d521 authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

group_vars: Added the archweb_db_password.

roles/archweb: Nginx deployment, domain variable and other improvements.
parent fa18869e
$ANSIBLE_VAULT;1.1;AES256
32336337623936643161653739636138303332326366363963393436396465633137616266653463
3663343535306333323332366338623463363030663534630a326336333065633333333230663130
32656537326537313336343136316338346464386237626230663236343865336562363562363739
6163396332343032340a653739353436656139396336623539643431366462363164646361336436
36316238336535323864383537613964373666656465636562613530356566303139383230643761
65663030323464623230626330633538303436363664383839623334333837666435323466666638
64353061613234373966636266613763366364386334323333663933616534333937396539376562
38623139323463336363
61373130666134363630336235326331396634393437353839653163313238633833353661613662
3562663866666337656161663330383665643839626139300a376437613930303562623264363664
63323236383034616566316334323439663166636361333338383536333866323437306264623363
3362663536623735320a313434643866363336346636303431306230383665663566636530666432
38333932353535646666626637363431316631356439623134336439396631323162613432323137
64653534616263623139373561306461353739613963303639636139386131383861363338313636
30653234643865343833663835663662383636353535623063333162356533643430306134326239
39343462623962643830623131326138353865306137343137333338323738373666623361336332
66386334376537313162373564386534656135343266303239333662643938653330616638333337
6437383736313733663062663230663530633361376633373631
......@@ -4,28 +4,36 @@
pacman: name=git,memcached,python2,python2-virtualenv,uwsgi-plugin-python2 state=present
- name: make archweb user
user: name=archweb shell=/bin/false home="{{ archweb_home }}" createhome=no groups=uwsgi
user: name=archweb shell=/bin/false home="{{ archweb_dir }}" createhome=no groups=uwsgi
- name: fix home permissions
file: state=directory owner=archweb group=archweb path="{{ archweb_home }}"
file: state=directory owner=archweb group=archweb path="{{ archweb_dir }}"
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/archweb.conf owner=root group=root mode=644
notify:
- restart nginx
- name: make nginx log dir
file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=http group=log mode=755
- name: clone archweb repo
git: repo=git://git.archlinux.org/archweb.git dest="{{ archweb_home }}"
git: repo=git://git.archlinux.org/archweb.git dest="{{ archweb_dir }}"
become: true
become_user: archweb
- name: make virtualenv
command: virtualenv2 "{{ archweb_home }}"/env creates="{{ archweb_home }}/env/bin/python"
command: virtualenv2 "{{ archweb_dir }}"/env creates="{{ archweb_dir }}/env/bin/python"
become: true
become_user: archweb
- name: install stuff into virtualenv
pip: requirements="{{ archweb_home }}/requirements_prod.txt" virtualenv="{{ archweb_home }}/env"
pip: requirements="{{ archweb_dir }}/requirements_prod.txt" virtualenv="{{ archweb_dir }}/env"
become: true
become_user: archweb
- name: fix home permissions
file: state=directory owner=archweb group=archweb path="{{ archweb_home }}"
file: state=directory owner=archweb group=archweb path="{{ archweb_dir }}"
- name: copy archweb services
copy: src="{{ item }}" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
......
# Django settings for archlinux project.
## Debug settings
DEBUG = False
TEMPLATE_DEBUG = False
## Notification admins
ADMINS = (
('Archweb Bugs', 'dan@archlinux.org'),
)
SERVER_EMAIL = 'archweb@archlinux.org'
## Database settings
DATABASES = {
'default': {
'ENGINE' : 'django.db.backends.postgresql_psycopg2',
'PORT' : 5432,
'NAME' : 'archweb',
'USER' : 'archweb_update',
'PASSWORD': '{{ postgres_users.archweb_update }}',
'HOST' : 'gudrun.archlinux.org',
'OPTIONS' : {
'autocommit': True,
'application_name': 'archweb',
'sslmode': 'require',
}
'USER' : 'archweb',
'PASSWORD': '{{ archweb_db_password }}',
'OPTIONS' : {'autocommit': True, 'application_name': 'archweb'},
},
}
## Define cache settings
CACHES = {
'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
## Make this unique, and don't share it with anybody.
SECRET_KEY = '{{ archweb_secret_key }}'
## Use secure session cookies? Make this true if you want all
## logged-in actions to take place over HTTPS only. If developing
## locally, you will want to use False.
SESSION_COOKIE_SECURE = True
## static files URL
STATIC_URL = '/static/'
STATIC_URL = 'https://d11xdyzr0div58.cloudfront.net/static/'
## location for saving dev pictures
MEDIA_ROOT = '/srv/http/vhosts/archlinux.org/img'
## web url for serving image files
MEDIA_URL = '/img/'
MEDIA_URL = 'https://d11xdyzr0div58.cloudfront.net/img/'
# Make this unique, and don't share it with anybody.
SECRET_KEY = {{ archweb_secret_key }}
# Hostnames we allow this site to be served under
ALLOWED_HOSTS = ['{{ archweb_domain }}']
## Cache settings
CACHE_BACKEND = 'memcached://gudrun.archlinux.org:11211'
CACHE_MIDDLEWARE_SECONDS = 300
CACHE_MIDDLEWARE_KEY_PREFIX = 'arch'
## CDN settings
CDN_ENABLED = True
# vim: set ts=4 sw=4 et:
upstream archweb {
server unix:///run/uwsgi/archweb.sock;
}
server {
listen 80;
listen [::]:80;
server_name {{ archweb_domain }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://$server_name$1 permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ archweb_domain }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ archweb_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location / {
include uwsgi_params;
uwsgi_pass archweb;
}
}
[uwsgi]
project = archweb
base = /srv/http/archweb
chdir = %(base)
home = /srv/http/archweb
module = %(project).wsgi
master = true
processes = 4
threads = 2
reload-on-rss = 600
socket = /run/uwsgi/%(project).sock
chown-socket = root:nginx
chmod-socket = 660
vacuum = true
logto = /var/log/archweb.log
plugins = python2
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment