Verified Commit e1406014 authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Add planet role to apollo for planet.archlinux.org

parent a9f543ce
......@@ -4,8 +4,10 @@
hosts: apollo
remote_user: root
roles:
- common
- tools
- sshd
- root_ssh
- { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup" }
- { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] }
- { role: sshd, tags: ['sshd'] }
- { role: root_ssh, tags: ['root_ssh'] }
- { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup", tags: ["borg"] }
- { role: nginx, letsencrypt_validation_dir: "/var/lib/letsencrypt", tags: ["nginx"] }
- { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
[Unit]
Description=planet
[Timer]
OnBootSec=15min
OnUnitActiveSec=1h
[Install]
WantedBy=timers.target
---
- name: install git, python2, libxslt
pacman: name=git,python2,libxslt state=present
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=644
notify:
- restart nginx
- name: make nginx log dir
file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=http group=log mode=755
- name: clone planet git repo
git: dest={{ planet_dir }} repo=https://git.archlinux.org/vhosts/planet.archlinux.org.git
- name: make cache and output dirs
file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=755
with_items:
- cache
- output
- name: fix permissions for themes
file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=755
with_items:
- archlinux
- common
- name: install systemd timer
copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=644
- name: install systemd unit file
template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=644
- name: reload systemd
command: systemctl daemon-reload
- name: activate systemd timer
service: name={{ item }} enabled=yes state=started
with_items:
- planet.timer
server {
listen 80;
listen [::]:80;
server_name {{ planet_domain }};
access_log /var/log/nginx/{{ planet_domain }}/access.log;
error_log /var/log/nginx/{{ planet_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://$server_name$1 permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ planet_domain }};
access_log /var/log/nginx/{{ planet_domain }}/access.log;
error_log /var/log/nginx/{{ planet_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ planet_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ planet_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ planet_domain }}/chain.pem;
include snippets/sslsettings.conf;
root {{ planet_dir }}/archplanet/output;
autoindex on;
}
[Unit]
Description=planet
[Service]
Type=oneshot
User=http
ExecStart=/usr/bin/python2 planet.py archplanet/config.ini
WorkingDirectory={{ planet_dir }}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment