---
- name: install required packages
pacman:
state: present
name:
- asciidoc
- highlight
- make
- php-memcached
- pyalpm
- python-alembic
- python-bleach
- python-markdown
- python-mysql-connector
- python-pygit2
- python-srcinfo
- sudo
- uwsgi-plugin-cgi
- name: install the cgit package
pacman:
state: present
name:
- cgit-aurweb
register: cgit
- name: install the git package
pacman:
state: present
name:
- git
register: git
- name: make aur user
user: name="{{ aurweb_user }}" shell=/bin/bash createhome=yes
- name: Create directory
file: path={{ aurweb_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: clone aurweb repo
git: >
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
version={{ aurweb_version }}
become: true
become_user: "{{ aurweb_user }}"
register: release
- name: clone Trusted User documentation repo
git: >
repo={{ tubylaws_repository }}
dest="{{ aurweb_dir }}/tu-bylaws"
version={{ tubylaws_version }}
become: true
become_user: "{{ aurweb_user }}"
register: tubylaws_release
- name: create necessary directories
file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755
with_items:
- 'aurblup'
- 'sessions'
- 'uploads'
- 'web/html/trusted-user'
- name: create aurweb conf dir
file: path={{ aurweb_conf_dir }} state=directory owner=root group=root mode=0755
- name: copy aurweb configuration file
copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes owner=root group=root mode=0644
# Note: initdb needs the config
- name: install custom aurweb configuration
template: src=config.j2 dest={{ aurweb_conf_dir }}/config owner=root group=root mode=0644
- name: create aur db
mysql_db: name="{{ aurweb_db }}" login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}" encoding=utf8
register: db_created
no_log: true
- name: create aur db user
mysql_user: name={{ aurweb_db_user }} password={{ vault_aurweb_db_password }}
login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}"
priv="{{ aurweb_db }}.*:ALL"
no_log: true
- name: initialize the database
command: python -m aurweb.initdb
args:
chdir: "{{ aurweb_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: db_created.changed
- name: run migrations
command: alembic upgrade head
args:
chdir: "{{ aurweb_dir }}"
environment:
- PYTHONPATH: .
become: true
become_user: "{{ aurweb_user }}"
when: release.changed or db_created.changed
- name: Check python module availability
command: "python3 -c 'import aurweb'"
ignore_errors: yes
register: aurweb_installed
tags:
- skip_ansible_lint
- name: Install python module
command: "python3 setup.py install --install-scripts=/usr/local/bin"
args:
chdir: "{{ aurweb_dir }}"
when: release.changed or aurweb_installed.rc != 0
- name: Generate HTML documentation
make:
chdir: "{{ aurweb_dir }}/doc"
become: true
become_user: "{{ aurweb_user }}"
- name: Generate Translations
make:
chdir: "{{ aurweb_dir }}/po"
target: "install"
become: true
become_user: "{{ aurweb_user }}"
- name: Generate Trusted User documentation
make:
chdir: "{{ aurweb_dir }}/tu-bylaws"
become: true
become_user: "{{ aurweb_user }}"
when: tubylaws_release.changed
- name: Install Trusted User documentation
copy: src={{ aurweb_dir }}/tu-bylaws/tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/tu-bylaws.html remote_src=yes owner={{ aurweb_user }} group=http mode=0644
when: tubylaws_release.changed
- name: Install Trusted User documentation symlink
file: src=tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/TUbylaws.html state=link owner={{ aurweb_user }} group=http mode=0644
when: tubylaws_release.changed
- name: set up nginx
template: src=nginx.d.conf.j2 dest={{ aurweb_nginx_conf }} owner=root group=root mode=644
notify: reload nginx
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ aurweb_domain }} state=directory owner=root group=root mode=0755
- name: configure php-fpm
template:
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ aurweb_user }}.conf"
owner=root group=root mode=0644
notify:
- restart php-fpm@{{ aurweb_user }}
- name: start and enable systemd socket
service: name=php-fpm@{{ aurweb_user }}.socket state=started enabled=true
- name: install cgit configuration
template: src=cgitrc.j2 dest="{{ aurweb_conf_dir }}/cgitrc" owner=root group=root mode=0644
- name: configure cgit uwsgi service
template: src=cgit.ini.j2 dest=/etc/uwsgi/vassals/cgit.ini owner={{ aurweb_user }} group=http mode=0644
- name: deploy new cgit release
become: true
become_user: "{{ aurweb_user }}"
file: path=/etc/uwsgi/vassals/cgit.ini state=touch owner=root group=root mode=0644
when: cgit.changed
- name: configure smartgit uwsgi service
template: src=smartgit.ini.j2 dest=/etc/uwsgi/vassals/smartgit.ini owner={{ aurweb_user }} group=http mode=0644
- name: deploy new smartgit release
become: true
become_user: "{{ aurweb_user }}"
file:
path: /etc/uwsgi/vassals/smartgit.ini
state: touch
owner: "{{ aurweb_user }}"
group: http
mode: 0644
when: git.changed
- name: create git repo dir
file: path={{ aurweb_git_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: init git directory
command: git init --bare {{ aurweb_git_dir }}
args:
creates: "{{ aurweb_git_dir }}/HEAD"
become: true
become_user: "{{ aurweb_user }}"
tags:
- skip_ansible_lint
- name: save hideRefs setting on var
command: git config --local --get-all transfer.hideRefs
register: git_config
args:
chdir: "{{ aurweb_git_dir }}"
failed_when: git_config.rc == 2 # FIXME: does not work.
tags:
- skip_ansible_lint
- name: configure git tranfser.hideRefs
command: git config --local transfer.hideRefs '^refs/'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: git_config.stdout.find('^refs/') == -1
tags:
- skip_ansible_lint
- name: configure git transfer.hideRefs second
command: git config --local --add transfer.hideRefs '!refs/'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: git_config.stdout.find('!refs/') == -1
tags:
- skip_ansible_lint
- name: configure git transfer.hideRefs third
command: git config --local --add transfer.hideRefs '!HEAD'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{ aurweb_user }}"
when: git_config.stdout.find('!HEAD') == -1
tags:
- skip_ansible_lint
- name: create symlink for git hook
file:
src: "{{ aurweb_git_hook }}"
dest: "{{ aurweb_git_dir }}/hooks/update"
owner: root
group: root
mode: 0755
state: link
- name: install AUR systemd service and timers
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- aurweb-git.service
- aurweb-git.timer
- aurweb-aurblup.service
- aurweb-aurblup.timer
- aurweb-memcached.service
- aurweb-mkpkglists.service
- aurweb-mkpkglists.timer
- aurweb-pkgmaint.service
- aurweb-pkgmaint.timer
- aurweb-popupdate.service
- aurweb-popupdate.timer
- aurweb-tuvotereminder.service
- aurweb-tuvotereminder.timer
- aurweb-usermaint.service
- aurweb-usermaint.timer
- name: start and enable AUR systemd services and timers
service: name={{ item }} enabled=yes state=started
with_items:
- aurweb-git.timer
- aurweb-aurblup.timer
- aurweb-memcached.service
- aurweb-mkpkglists.timer
- aurweb-pkgmaint.timer
- aurweb-popupdate.timer
- aurweb-tuvotereminder.timer
- aurweb-usermaint.timer
- name: configure sshd
template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
notify:
- restart sshd