Add planet role to apollo for planet.archlinux.org

playbooks/apollo.yml

@@ -4,8 +4,10 @@
   hosts: apollo
   remote_user: root
   roles:
-    - common
-    - tools
-    - sshd
-    - root_ssh
-    - { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup" }
+    - { role: common, tags: ['common'] }
+    - { role: tools, tags: ['tools'] }
+    - { role: sshd, tags: ['sshd'] }
+    - { role: root_ssh, tags: ['root_ssh'] }
+    - { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup", tags: ["borg"] }
+    - { role: nginx, letsencrypt_validation_dir: "/var/lib/letsencrypt", tags: ["nginx"] }
+    - { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }

roles/planet/files/planet.timer

+[Unit]
+Description=planet
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=1h
+
+[Install]
+WantedBy=timers.target

roles/planet/tasks/main.yml

+---
+
+- name: install git, python2, libxslt
+  pacman: name=git,python2,libxslt state=present
+
+- name: set up nginx
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=644
+  notify:
+    - restart nginx
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=http group=log mode=755
+
+- name: clone planet git repo
+  git: dest={{ planet_dir }} repo=https://git.archlinux.org/vhosts/planet.archlinux.org.git
+
+- name: make cache and output dirs
+  file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=755
+  with_items:
+    - cache
+    - output
+
+- name: fix permissions for themes
+  file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=755
+  with_items:
+    - archlinux
+    - common
+
+- name: install systemd timer
+  copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=644
+
+- name: install systemd unit file
+  template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=644
+
+- name: reload systemd
+  command: systemctl daemon-reload
+
+- name: activate systemd timer
+  service: name={{ item }} enabled=yes state=started
+  with_items:
+    - planet.timer

roles/planet/templates/nginx.d.conf.j2

+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ planet_domain }};
+
+    access_log   /var/log/nginx/{{ planet_domain }}/access.log;
+    error_log    /var/log/nginx/{{ planet_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        rewrite ^(.*) https://$server_name$1 permanent;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ planet_domain }};
+
+    access_log   /var/log/nginx/{{ planet_domain }}/access.log;
+    error_log    /var/log/nginx/{{ planet_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ planet_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ planet_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ planet_domain }}/chain.pem;
+    include snippets/sslsettings.conf;
+
+    root         {{ planet_dir }}/archplanet/output;
+
+    autoindex on;
+}

roles/planet/templates/planet.service.j2

+[Unit]
+Description=planet
+
+[Service]
+Type=oneshot
+User=http
+ExecStart=/usr/bin/python2 planet.py archplanet/config.ini
+WorkingDirectory={{ planet_dir }}