aur-dev: New playbook for aurweb sandbox

Playbook allows us to provision an aurweb sandbox host. Signed-off-by: moson <moson@archlinux.org>

aur-dev: New playbook for aurweb sandbox
9b117be6 · Mario Oenning · aa15bd3a · 9b117be6 · 9b117be6 · 9b117be6
Verified Commit 9b117be6 authored 1 year ago by Mario Oenning
--- a/playbooks/aur-dev.archlinux.org.yml
+++ b/playbooks/aur-dev.archlinux.org.yml
+- name: Setup aur development host
+  hosts: '{{ aurdev_fqdn|default("none") }}'
+  remote_user: root
+  roles:
+    - { role: common, enable_zram_swap: true }
+    - { role: firewalld }
+    - { role: sshd }
+    - { role: root_ssh }
+    - { role: certbot }
+    - { role: nginx }
+    - { role: mariadb, mariadb_innodb_buffer_pool_size: '1G' }
+    - { role: sudo }
+    - { role: redis }
+    - { role: uwsgi }
+    - { role: aurweb, aurweb_domain: "{{ aurdev_fqdn }}", aurweb_environment_type: 'dev' }
+    - { role: fail2ban }
+
+  pre_tasks:
+    - name: Upgrade and reboot
+      include_tasks: tasks/include/upgrade-server.yml
--- a/roles/aurweb/defaults/main.yml
+++ b/roles/aurweb/defaults/main.yml
@@ -26,6 +26,7 @@ aurweb_window_length: '86400'
 aurweb_memcached_memory: 2048

 aurweb_workers: 4
+aurweb_environment_type: 'prod'

 # aurweb timers and services are installed and restarted by default,
 # unless .install and .restart are explicitly set to "false"
@@ -37,7 +38,7 @@ aurweb_timers:
  - { name: "aurweb-popupdate.timer" }
  - { name: "aurweb-tuvotereminder.timer" }
  - { name: "aurweb-usermaint.timer" }
-  - { name: "aurweb-github-mirror.timer" }
+  - { name: "aurweb-github-mirror.timer", install: "{{ aurweb_environment_type == 'prod' }}", restart: "{{ aurweb_environment_type == 'prod' }}" }

 aurweb_services:
  - { name: "aurweb-git.service", restart: false }
@@ -47,6 +48,6 @@ aurweb_services:
  - { name: "aurweb-popupdate.service", restart: false }
  - { name: "aurweb-tuvotereminder.service", restart: false }
  - { name: "aurweb-usermaint.service", restart: false }
-  - { name: "aurweb-github-mirror.service", restart: false }
+  - { name: "aurweb-github-mirror.service", install: "{{ aurweb_environment_type == 'prod' }}", restart: false }
  - { name: "aurweb.service" }
  - { name: "goaurrpc.service", install: false }
--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@@ -32,22 +32,22 @@
  user: name="{{ aurweb_user }}" shell=/bin/bash createhome=yes
  register: aur_user

- name: Create .ssh for the aur user
-  file: path={{ aur_user.home }}/.ssh state=directory owner={{ aur_user.name }} group={{ aur_user.name }} mode=0700
-
- name: Install SSH key for mirroring to GitHub
-  copy: src=id_ed25519.vault dest={{ aur_user.home }}/.ssh/id_ed25519 owner={{ aur_user.name }} group={{ aur_user.name }} mode=0600
-
- name: Fetch host keys for github.com
-  command: ssh-keyscan github.com
-  args:
-    creates: "{{ aur_user.home }}/.ssh/known_hosts"
-  register: github_host_keys
-
- name: Write github.com host keys to the aur user's known_hosts
-  lineinfile: name={{ aur_user.home }}/.ssh/known_hosts create=yes line={{ item }} owner={{ aur_user.name }} group={{ aur_user.name }} mode=0644
-  loop: "{{ github_host_keys.stdout_lines }}"
-  when: github_host_keys.changed
+- name: Github SSH configuration tasks
+  when: aurweb_environment_type == "prod"
+  block:
+    - name: Install SSH key for mirroring to GitHub
+      copy: src=id_ed25519.vault dest={{ aur_user.home }}/.ssh/id_ed25519 owner={{ aur_user.name }} group={{ aur_user.name }} mode=0600
+
+    - name: Fetch host keys for github.com
+      command: ssh-keyscan github.com
+      args:
+        creates: "{{ aur_user.home }}/.ssh/known_hosts"
+      register: github_host_keys
+
+    - name: Write github.com host keys to the aur user's known_hosts
+      lineinfile: name={{ aur_user.home }}/.ssh/known_hosts create=yes line={{ item }} owner={{ aur_user.name }} group={{ aur_user.name }} mode=0644
+      loop: "{{ github_host_keys.stdout_lines }}"
+      when: github_host_keys.changed

 - name: Create directory
  file: path={{ aurweb_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
@@ -293,3 +293,39 @@
    - "{{ aurweb_services }}"
    - "{{ aurweb_timers }}"
  when: release.changed and (item.restart is not defined or item.restart)
+
+- name: Generate and import dummy data
+  when: aurweb_environment_type == "dev"
+  block:
+    - name: Install packages for dummy data generation
+      pacman:
+        state: present
+        name:
+          - words
+          - fortune-mod
+
+    - name: Create data dir
+      file:
+        path: "{{ aurweb_dir }}/data"
+        state: directory
+        mode: "0755"
+      become: true
+      become_user: "{{ aurweb_user }}"
+
+    - name: Generate dummy data
+      command: poetry run schema/gendummydata.py data/dummy.sql
+      register: generated_data
+      args:
+        chdir: "{{ aurweb_dir }}"
+        creates: "{{ aurweb_dir }}/data/dummy.sql"
+      become: true
+      become_user: "{{ aurweb_user }}"
+
+    - name: Import dummy data
+      mysql_db:
+        name: "{{ aurweb_db }}"
+        login_host: "{{ aurweb_db_host }}"
+        login_password: "{{ vault_mariadb_users.root }}"
+        state: import
+        target: "{{ aurweb_dir }}/data/dummy.sql"
+      when: generated_data.changed
--- a/roles/aurweb/templates/config.j2
+++ b/roles/aurweb/templates/config.j2
@@ -63,6 +63,9 @@ pkgnames-repo = {{ aurweb_dir }}/pkgnames.git

 [notifications]
 notify-cmd = aurweb-notify
+{% if aurweb_environment_type == "dev" %}
+sendmail = {{ aurweb_dir }}/util/sendmail
+{% endif %}
 {# Gitlab project and token used for traceback reports. #}
 gitlab-instance = {{ vault_aurweb_gitlab_instance }}
 error-project = {{ vault_aurweb_error_project }}

--- a/roles/aurweb/templates/nginx.d.conf.j2
+++ b/roles/aurweb/templates/nginx.d.conf.j2
@@ -15,6 +15,9 @@ limit_req_zone $binary_remote_addr zone=aurweblimit:10m rate=20r/s;

 limit_req_status 429;

+# needed for long server names (dev box)
+server_names_hash_bucket_size 128;
+
 server {
    listen       80;
    listen       [::]:80;