Commit e858fc67 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧 Committed by Jelle van der Waa
Browse files

migrate planet.archlinux.org to archweb

Archweb now supports a planet alternative and the old planet software
was Python2 and not maintained anymore.
parent b7b5bdbe
......@@ -155,7 +155,6 @@ The following steps should be used to update our managed servers:
#### Services
- wiki (wiki.archlinux.org)
- planet (planet.archlinux.org)
- bugs (bugs.archlinux.org)
- archweb
- patchwork
......
......@@ -25,7 +25,6 @@
- { role: borg-client, tags: ["borg"] }
- { role: certbot }
- { role: nginx, tags: ["nginx"] }
- { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
- { role: spampd, tags: ["mail", "spampd"] }
- { role: unbound, tags: ["mail", "unbound"] }
- { role: postfix, postfix_relayhost: "orion.archlinux.org", postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail", "postfix"] }
......
---
archweb_dir: '/srv/http/archweb'
archweb_domain: 'www.archlinux.org'
archweb_alternate_domains: ['archlinux.org', 'master-key.archlinux.org', 'dev.archlinux.org', 'packages.archlinux.org', 'ipxe.archlinux.org']
archweb_alternate_domains: ['archlinux.org', 'master-key.archlinux.org', 'dev.archlinux.org', 'packages.archlinux.org', 'ipxe.archlinux.org', 'planet.archlinux.org']
archweb_domains_redirects:
'archlinux.org': '$request_uri'
'master-key.archlinux.org': '/master-keys'
'dev.archlinux.org': '/'
'packages.archlinux.org': '/packages$request_uri'
'planet.archlinux.org': '/planet$request_uri'
archweb_domains_templates:
'ipxe.archlinux.org': 'ipxe.archlinux.org.j2'
archweb_allowed_hosts: ["{{ archweb_domain }}", 'ipxe.archlinux.org']
archweb_nginx_conf: '/etc/nginx/nginx.d/archweb.conf'
archweb_repository: 'https://github.com/archlinux/archweb.git'
archweb_version: release_2020-02-13
archweb_version: 5f9b0bd41e269b8ad1c7ea977769d72df6d46b28
archweb_pgp_key: ['E499C79F53C96A54E572FEE1C06086337C50773E']
archweb_site: true
archweb_mirrorcheck: false
......
[Unit]
Description=planet
[Timer]
OnBootSec=15min
OnUnitActiveSec=1h
[Install]
WantedBy=timers.target
---
- name: install git, python2, libxslt
pacman: name=git,python2,libxslt state=present
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=0644
notify:
- reload nginx
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=root group=root mode=0755
- name: clone planet git repo
git: dest={{ planet_dir }} repo=https://git.archlinux.org/vhosts/planet.archlinux.org.git
- name: make cache and output dirs
file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=0755
with_items:
- cache
- output
- name: fix permissions for themes
file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=0755
with_items:
- archlinux
- common
- name: install systemd timer
copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=0644
- name: install systemd unit file
template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=0644
- name: reload systemd
command: systemctl daemon-reload
- name: activate systemd timer
service: name={{ item }} enabled=yes state=started
with_items:
- planet.timer
server {
listen 80;
listen [::]:80;
server_name {{ planet_domain }};
access_log /var/log/nginx/{{ planet_domain }}/access.log reduced;
error_log /var/log/nginx/{{ planet_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ planet_domain }};
access_log /var/log/nginx/{{ planet_domain }}/access.log reduced;
error_log /var/log/nginx/{{ planet_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ planet_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ planet_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ planet_domain }}/chain.pem;
root {{ planet_dir }}/archplanet/output;
autoindex on;
}
[Unit]
Description=planet
[Service]
Type=oneshot
User=http
ExecStart=/usr/bin/python2 planet.py archplanet/config.ini
WorkingDirectory={{ planet_dir }}
NoNewPrivileges=yes
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
......@@ -23,7 +23,6 @@ unit_whitelist_regexes = [
r'opendkim.service',
r'php-fpm.service',
r'php-fpm@.*.service',
r'planet.service',
r'postfix.service',
r'postfwd.service',
r'postgresql.service',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment