From e1406014c36dd03691d952eb020a7a345f094b8b Mon Sep 17 00:00:00 2001
From: Sven-Hendrik Haase <svenstaro@gmail.com>
Date: Wed, 29 Jun 2016 03:38:13 +0200
Subject: [PATCH] Add planet role to apollo for planet.archlinux.org

---
 playbooks/apollo.yml                     | 12 ++++---
 roles/planet/files/planet.timer          |  9 ++++++
 roles/planet/tasks/main.yml              | 41 ++++++++++++++++++++++++
 roles/planet/templates/nginx.d.conf.j2   | 32 ++++++++++++++++++
 roles/planet/templates/planet.service.j2 |  8 +++++
 5 files changed, 97 insertions(+), 5 deletions(-)
 create mode 100644 roles/planet/files/planet.timer
 create mode 100644 roles/planet/tasks/main.yml
 create mode 100644 roles/planet/templates/nginx.d.conf.j2
 create mode 100644 roles/planet/templates/planet.service.j2

diff --git a/playbooks/apollo.yml b/playbooks/apollo.yml
index 6ec64faee..b244b5702 100644
--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -4,8 +4,10 @@
   hosts: apollo
   remote_user: root
   roles:
-    - common
-    - tools
-    - sshd
-    - root_ssh
-    - { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup" }
+    - { role: common, tags: ['common'] }
+    - { role: tools, tags: ['tools'] }
+    - { role: sshd, tags: ['sshd'] }
+    - { role: root_ssh, tags: ['root_ssh'] }
+    - { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup", tags: ["borg"] }
+    - { role: nginx, letsencrypt_validation_dir: "/var/lib/letsencrypt", tags: ["nginx"] }
+    - { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
diff --git a/roles/planet/files/planet.timer b/roles/planet/files/planet.timer
new file mode 100644
index 000000000..452d99c89
--- /dev/null
+++ b/roles/planet/files/planet.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=planet
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=1h
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml
new file mode 100644
index 000000000..d4db25116
--- /dev/null
+++ b/roles/planet/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+
+- name: install git, python2, libxslt
+  pacman: name=git,python2,libxslt state=present
+
+- name: set up nginx
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=644
+  notify:
+    - restart nginx
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=http group=log mode=755
+
+- name: clone planet git repo
+  git: dest={{ planet_dir }} repo=https://git.archlinux.org/vhosts/planet.archlinux.org.git
+
+- name: make cache and output dirs
+  file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=755
+  with_items:
+    - cache
+    - output
+
+- name: fix permissions for themes
+  file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=755
+  with_items:
+    - archlinux
+    - common
+
+- name: install systemd timer
+  copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=644
+
+- name: install systemd unit file
+  template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=644
+
+- name: reload systemd
+  command: systemctl daemon-reload
+
+- name: activate systemd timer
+  service: name={{ item }} enabled=yes state=started
+  with_items:
+    - planet.timer
diff --git a/roles/planet/templates/nginx.d.conf.j2 b/roles/planet/templates/nginx.d.conf.j2
new file mode 100644
index 000000000..d388a912a
--- /dev/null
+++ b/roles/planet/templates/nginx.d.conf.j2
@@ -0,0 +1,32 @@
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ planet_domain }};
+
+    access_log   /var/log/nginx/{{ planet_domain }}/access.log;
+    error_log    /var/log/nginx/{{ planet_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        rewrite ^(.*) https://$server_name$1 permanent;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ planet_domain }};
+
+    access_log   /var/log/nginx/{{ planet_domain }}/access.log;
+    error_log    /var/log/nginx/{{ planet_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ planet_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ planet_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ planet_domain }}/chain.pem;
+    include snippets/sslsettings.conf;
+
+    root         {{ planet_dir }}/archplanet/output;
+
+    autoindex on;
+}
diff --git a/roles/planet/templates/planet.service.j2 b/roles/planet/templates/planet.service.j2
new file mode 100644
index 000000000..46329344c
--- /dev/null
+++ b/roles/planet/templates/planet.service.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=planet
+
+[Service]
+Type=oneshot
+User=http
+ExecStart=/usr/bin/python2 planet.py archplanet/config.ini
+WorkingDirectory={{ planet_dir }}
-- 
GitLab