Skip to content
Snippets Groups Projects
Verified Commit 26f289b7 authored by Evangelos Foutras's avatar Evangelos Foutras :smiley_cat:
Browse files

Capitalize the first letter of all task names 

ansible-lint 6.5.0 complains about:

  name: All names should start with an
        uppercase letter. (name[casing])
parent 19ee76d7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 217 additions and 217 deletions
playbooks/tasks/sync-ssh-hostkeys.yml
+ 8
8
View file @ 26f289b7
- name: fetch ssh hostkeys
- name: Fetch ssh hostkeys
hosts: all
gather_facts: false
tasks:
- name: fetch hostkey checksums
- name: Fetch hostkey checksums
shell: |
for type in sha256 md5; do
for file in /etc/ssh/ssh_host_*.pub; do
......@@ -13,7 +13,7 @@
register: ssh_hostkeys
changed_when: ssh_hostkeys | length > 0
- name: fetch known_hosts
- name: Fetch known_hosts
shell: |
set -eo pipefail
ssh-keyscan 127.0.0.1 2>/dev/null \
......@@ -26,10 +26,10 @@
register: known_hosts
changed_when: known_hosts | length > 0
- name: store hostkeys
- name: Store hostkeys
hosts: localhost
tasks:
- name: store hostkeys
- name: Store hostkeys
copy:
dest: "{{ playbook_dir }}/../../docs/ssh-hostkeys.txt"
content: |
......@@ -40,7 +40,7 @@
{% endfor %}
mode: preserve
- name: store known_hosts
- name: Store known_hosts
blockinfile:
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
block: |
......@@ -51,9 +51,9 @@
{% endfor %}
- name: upload known_hosts to all nodes
- name: Upload known_hosts to all nodes
hosts: all
tasks:
- name: upload known_hosts
- name: Upload known_hosts
copy: dest=/etc/ssh/ssh_known_hosts src="{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" owner=root group=root mode=0644
tags: ['upload-known-hosts']
playbooks/tasks/upgrade-servers.yml
+ 4
4
View file @ 26f289b7
- name: upgrade and reboot all hetzner servers
- name: Upgrade and reboot all hetzner servers
hosts: all,!kape_servers,!equinix_metal
max_fail_percentage: 0
serial: 20%
gather_facts: false
tasks:
- name: upgrade each host in this batch
- name: Upgrade each host in this batch
include_tasks: include/upgrade-server.yml
- name: upgrade and reboot all Kape and Equinix Metal servers
- name: Upgrade and reboot all Kape and Equinix Metal servers
hosts: kape_servers,equinix_metal
max_fail_percentage: 0
serial: 1
gather_facts: false
tasks:
- name: upgrade each host in this batch
- name: Upgrade each host in this batch
include_tasks: include/upgrade-server.yml
playbooks/wiki.archlinux.org.yml
+ 1
1
View file @ 26f289b7
- name: setup wiki.archlinux.org
- name: Setup wiki.archlinux.org
hosts: wiki.archlinux.org
remote_user: root
roles:
......
roles/acme_dns_challenge/handlers/main.yml
+ 1
1
View file @ 26f289b7
- name: restart powerdns
- name: Restart powerdns
service: name=pdns state=restarted
roles/acme_dns_challenge/tasks/main.yml
+ 9
9
View file @ 26f289b7
- name: install powerdns
- name: Install powerdns
pacman: name=powerdns state=present
- name: install PowerDNS configuration
- name: Install PowerDNS configuration
template: src={{ item.src }} dest=/etc/powerdns/{{ item.dest }} owner=root group=root mode=0644
loop:
- {src: pdns.conf.j2, dest: pdns.conf}
- {src: dnsupdate-policy.lua.j2, dest: dnsupdate-policy.lua}
notify: restart powerdns
- name: create directory for sqlite3 dbs
- name: Create directory for sqlite3 dbs
file: path=/var/lib/powerdns state=directory owner=powerdns group=powerdns mode=0755
- name: initialize sqlite3 database for _acme-challenge zones
- name: Initialize sqlite3 database for _acme-challenge zones
command: sqlite3 -init /usr/share/doc/powerdns/schema.sqlite3.sql /var/lib/powerdns/pdns.sqlite3 ""
become: true
become_user: powerdns
args:
creates: /var/lib/powerdns/pdns.sqlite3
- name: create _acme-challenge zones
- name: Create _acme-challenge zones
shell: |
pdnsutil create-zone _acme-challenge.{{ item }} {{ inventory_hostname }}
pdnsutil replace-rrset _acme-challenge.{{ item }} @ SOA "{{ inventory_hostname }}. root.archlinux.org. 0 10800 3600 604800 3600"
......@@ -27,18 +27,18 @@
become_user: powerdns
changed_when: false
- name: import TSIG key (for certbot)
- name: Import TSIG key (for certbot)
command: pdnsutil import-tsig-key {{ certbot_rfc2136_key }} {{ certbot_rfc2136_algorithm }} {{ certbot_rfc2136_secret }}
changed_when: false
- name: open powerdns ipv4 port for monitoring.archlinux.org
- name: Open powerdns ipv4 port for monitoring.archlinux.org
ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8081 accept"
tags:
- firewall
- name: open firewall hole
- name: Open firewall hole
ansible.posix.firewalld: service=dns permanent=true state=enabled immediate=yes
- name: start and enable powerdns
- name: Start and enable powerdns
systemd: name=pdns.service enabled=yes daemon_reload=yes state=started
roles/alertmanager/handlers/main.yml
+ 1
1
View file @ 26f289b7
- name: reload alertmanager
- name: Reload alertmanager
service: name=alertmanager state=reloaded
roles/alertmanager/tasks/main.yml
+ 3
3
View file @ 26f289b7
- name: install alertmanager server
- name: Install alertmanager server
pacman: name=alertmanager state=present
- name: install alertmanager configuration
- name: Install alertmanager configuration
template: src=alertmanager.yml.j2 dest=/etc/alertmanager/alertmanager.yml owner=root group=alertmanager mode=640
notify: reload alertmanager
- name: enable alertmanager server service
- name: Enable alertmanager server service
systemd: name=alertmanager enabled=yes daemon_reload=yes state=started
roles/arch_boxes_sync/tasks/main.yml
+ 4
4
View file @ 26f289b7
- name: install arch-boxes-sync.sh script dependencies
- name: Install arch-boxes-sync.sh script dependencies
pacman: name=curl,jq,unzip state=present
- name: install arch-boxes-sync.sh script
- name: Install arch-boxes-sync.sh script
copy: src=arch-boxes-sync.sh dest=/usr/local/bin/ owner=root group=root mode=0755
- name: install arch-boxes-sync.{service,timer}
- name: Install arch-boxes-sync.{service,timer}
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
loop:
- arch-boxes-sync.service
......@@ -12,5 +12,5 @@
notify:
- daemon reload
- name: start and enable arch-boxes-sync.timer
- name: Start and enable arch-boxes-sync.timer
systemd: name=arch-boxes-sync.timer enabled=yes daemon_reload=yes state=started
roles/archbuild/handlers/main.yml
+ 1
1
View file @ 26f289b7
- name: daemon reload
- name: Daemon reload
systemd:
daemon-reload: true
roles/archbuild/tasks/main.yml
+ 15
15
View file @ 26f289b7
- name: install archbuild
- name: Install archbuild
pacman:
name:
- base-devel
......@@ -16,7 +16,7 @@
- appstream-generator
state: present
- name: install archbuild scripts
- name: Install archbuild scripts
copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
with_items:
- mkpkg
......@@ -28,12 +28,12 @@
- clean-offload-build
- gitpkg
- name: install archbuild config files
- name: Install archbuild config files
copy: src={{ item }} dest=/usr/local/share/{{ item }} owner=root group=root mode=0644
with_items:
- elinks-pkgdiffrepo.conf
- name: install archbuild units
- name: Install archbuild units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- clean-chroots.timer
......@@ -47,33 +47,33 @@
notify:
- daemon reload
- name: install archbuild unit
- name: Install archbuild unit
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- var-lib-archbuild.mount
notify:
- daemon reload
- name: install archbuild user units
- name: Install archbuild user units
copy: src={{ item }} dest=/etc/systemd/user/{{ item }} owner=root group=root mode=0644
with_items:
- mkpkg@.timer
- mkpkg@.service
- name: install user-.slice snippet
- name: Install user-.slice snippet
copy: src=user-.slice.d dest=/etc/systemd/system owner=root group=root mode=0644
- name: start and enable archbuild mounts
- name: Start and enable archbuild mounts
service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }}
with_items:
- var-lib-archbuild.mount
- name: start and enable archbuilddest mount
- name: Start and enable archbuilddest mount
service: name={{ item }} enabled=yes state=started
with_items:
- var-lib-archbuilddest.mount
- name: create archbuilddest
- name: Create archbuilddest
file:
state: directory
path: '/var/lib/{{ "/".join(item) }}'
......@@ -84,7 +84,7 @@
- [archbuilddest]
- [srcdest]
- name: set acl on archbuilddest
- name: Set acl on archbuilddest
acl:
name: '/var/lib/archbuilddest/{{ item[0] }}'
state: present
......@@ -104,18 +104,18 @@
'default:other::r-x',
'default:mask::rwx']
- name: start and enable archbuild units
- name: Start and enable archbuild units
service: name={{ item }} enabled=yes state=started
with_items:
- clean-chroots.timer
- clean-dests.timer
- clean-offload-build.timer
- name: install makepkg.conf
- name: Install makepkg.conf
template: src=makepkg.conf.j2 dest=/etc/makepkg.conf owner=root group=root mode=0644
- name: install archbuild sudoers config
- name: Install archbuild sudoers config
copy: src=sudoers dest=/etc/sudoers.d/archbuild owner=root group=root mode=0440
- name: install gitconfig
- name: Install gitconfig
copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644
roles/archive/tasks/main.yml
+ 11
11
View file @ 26f289b7
- name: install archivetools package
- name: Install archivetools package
pacman: name=archivetools state=present
- name: make archive dir
- name: Make archive dir
file:
path: "{{ archive_dir }}"
state: directory
......@@ -9,7 +9,7 @@
group: archive
mode: 0755
- name: setup archive configuration
- name: Setup archive configuration
template:
src: archive.conf.j2
dest: /etc/archive.conf
......@@ -17,34 +17,34 @@
group: root
mode: 0644
- name: setup archive timer
- name: Setup archive timer
systemd: name=archive.timer enabled=yes state=started
- name: setup archive-hardlink timer
- name: Setup archive-hardlink timer
systemd: name=archive-hardlink.timer enabled=yes state=started
- name: install internet archive packages
- name: Install internet archive packages
pacman: name=python-internetarchive,python-xtarfile state=present
- name: create archive user
- name: Create archive user
user: name={{ archive_user_name }} shell=/bin/false home="{{ archive_user_home }}" createhome=yes
- name: configure archive.org client
- name: Configure archive.org client
command: ia configure --username={{ vault_archive_username }} --password={{ vault_archive_password }} creates={{ archive_user_home }}/.config/ia.ini
become: true
become_user: "{{ archive_user_name }}"
- name: clone archive uploader code
- name: Clone archive uploader code
git: repo=https://github.com/archlinux/arch-historical-archive.git dest="{{ archive_repo }}" version="{{ archive_uploader_version }}"
become: true
become_user: "{{ archive_user_name }}"
- name: install system service
- name: Install system service
template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
loop:
- archive-uploader.service
- archive-uploader.timer
- name: start uploader timer
- name: Start uploader timer
systemd:
name: archive-uploader.timer
enabled: true
......
roles/archive_web/tasks/main.yml
+ 3
3
View file @ 26f289b7
- name: create ssl cert
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ archive_domain }}"]
- name: set up nginx
- name: Set up nginx
template:
src: nginx.d.conf.j2
dest: /etc/nginx/nginx.d/archive.conf
......@@ -15,7 +15,7 @@
- reload nginx
tags: ['nginx']
- name: make nginx log dir
- name: Make nginx log dir
file:
path: /var/log/nginx/{{ archive_domain }}
state: directory
......
roles/archmanweb/tasks/main.yml
+ 19
19
View file @ 26f289b7
- name: create ssl cert
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ archmanweb_domain }}"]
when: 'archmanweb_domain is defined'
- name: install required packages
- name: Install required packages
pacman:
state: present
name:
......@@ -22,24 +22,24 @@
- make
- sassc
- name: make archmanweb user
- name: Make archmanweb user
user: name=archmanweb shell=/bin/false home="{{ archmanweb_dir }}"
- name: fix home permissions
- name: Fix home permissions
file: state=directory owner=archmanweb group=archmanweb mode=0755 path="{{ archmanweb_dir }}"
- name: set archmanweb groups
- name: Set archmanweb groups
user: name=archmanweb groups=uwsgi
- name: set up nginx
- name: Set up nginx
template: src=nginx.d.conf.j2 dest="{{ archmanweb_nginx_conf }}" owner=root group=root mode=644
notify: reload nginx
tags: ['nginx']
- name: make nginx log dir
- name: Make nginx log dir
file: path=/var/log/nginx/{{ archmanweb_domain }} state=directory owner=root group=root mode=0755
- name: clone archmanweb repo
- name: Clone archmanweb repo
git: >
repo={{ archmanweb_repository }}
dest="{{ archmanweb_dir }}/repo"
......@@ -51,7 +51,7 @@
become_user: archmanweb
register: release
- name: build archlinux-common-style
- name: Build archlinux-common-style
command:
cmd: make SASS=sassc
chdir: "{{ archmanweb_dir }}/repo/archlinux-common-style"
......@@ -59,27 +59,27 @@
become_user: archmanweb
when: release.changed or archmanweb_forced_deploy
- name: configure archmanweb
- name: Configure archmanweb
template: src=local_settings.py.j2 dest={{ archmanweb_dir }}/repo/local_settings.py owner=archmanweb group=archmanweb mode=0660
register: config
no_log: true
- name: copy robots.txt
- name: Copy robots.txt
copy: src=robots.txt dest="{{ archmanweb_dir }}/repo/robots.txt" owner=root group=root mode=0644
- name: create archmanweb db user
- name: Create archmanweb db user
postgresql_user: name={{ archmanweb_db_user }} password={{ vault_archmanweb_db_password }} login_host="{{ archmanweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
no_log: true
- name: create archmanweb db
- name: Create archmanweb db
postgresql_db: name="{{ archmanweb_db }}" login_host="{{ archmanweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ archmanweb_db_user }}"
register: db_created
- name: add pg_trgm extension to the archmanweb db
- name: Add pg_trgm extension to the archmanweb db
postgresql_ext: name="pg_trgm" db="{{ archmanweb_db }}" login_host="{{ archmanweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}"
when: db_created.changed or archmanweb_forced_deploy
- name: run Django management tasks
- name: Run Django management tasks
django_manage: app_path="{{ archmanweb_dir }}/repo" command="{{ item }}"
with_items:
- migrate
......@@ -89,18 +89,18 @@
become_user: archmanweb
when: db_created.changed or release.changed or config.changed or archmanweb_forced_deploy
- name: configure UWSGI for archmanweb
- name: Configure UWSGI for archmanweb
template: src=archmanweb.ini.j2 dest=/etc/uwsgi/vassals/archmanweb.ini owner=archmanweb group=http mode=0640
- name: deploy new release
- name: Deploy new release
file: path=/etc/uwsgi/vassals/archmanweb.ini state=touch owner=archmanweb group=http mode=0640
when: release.changed or config.changed or archmanweb_forced_deploy
- name: install systemd units
- name: Install systemd units
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items:
- archmanweb_update.service
- archmanweb_update.timer
- name: start and enable archmanweb update timer
- name: Start and enable archmanweb update timer
systemd: name="archmanweb_update.timer" enabled=yes state=started daemon_reload=yes
roles/archusers/tasks/main.yml
+ 8
8
View file @ 26f289b7
- name: create Arch Linux-specific groups
- name: Create Arch Linux-specific groups
group: name="{{ item }}" state=present system=no
with_items: "{{ arch_groups }}"
- name: filter arch_users for users with non-matching hosts
- name: Filter arch_users for users with non-matching hosts
set_fact: arch_users_filtered="{{ (arch_users_filtered | default([])) + [ item ] }}"
when: item.value.hosts is not defined or inventory_hostname in item.value.hosts
with_dict: "{{ arch_users }}"
- name: create Arch Linux-specific users
- name: Create Arch Linux-specific users
user:
name: "{{ item.key }}"
group: users
......@@ -19,25 +19,25 @@
state: present
loop: "{{ arch_users_filtered }}"
- name: create .ssh directory
- name: Create .ssh directory
file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
loop: "{{ arch_users_filtered }}"
- name: configure ssh keys
- name: Configure ssh keys
template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
when: item.value.ssh_key is defined
loop: "{{ arch_users_filtered }}"
- name: remove ssh keys if undefined
- name: Remove ssh keys if undefined
file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
when: item.value.ssh_key is not defined
loop: "{{ arch_users_filtered }}"
- name: get list of remote users
- name: Get list of remote users
find: paths="/home" file_type="directory"
register: all_users
- name: disable ssh keys of disabled users
- name: Disable ssh keys of disabled users
file: path="/home/{{ item }}/.ssh/authorized_keys" state=absent
when:
- item not in (arch_users_filtered | map(attribute='key'))
......
roles/archweb/handlers/main.yml
+ 2
2
View file @ 26f289b7
- name: daemon reload
- name: Daemon reload
systemd:
daemon-reload: true
- name: restart archweb memcached
- name: Restart archweb memcached
service: name=archweb-memcached state=restarted
roles/archweb/tasks/main.yml
+ 52
52
View file @ 26f289b7
- name: run maintenance mode
- name: Run maintenance mode
include_role:
name: maintenance
vars:
......@@ -9,41 +9,41 @@
service_nginx_template: "maintenance-nginx.d.conf.j2"
when: maintenance is defined and archweb_site
- name: install required packages
- name: Install required packages
pacman: name=git,python-setuptools,python-psycopg2,llvm-libs,uwsgi-plugin-python state=present
- name: make archweb user
- name: Make archweb user
user: name=archweb shell=/bin/false home="{{ archweb_dir }}" createhome=no
- name: fix home permissions
- name: Fix home permissions
file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"
- name: set archweb groups
- name: Set archweb groups
user: name=archweb groups=uwsgi
when: archweb_site|bool
- name: create ssl cert
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: "{{ [archweb_domain] + archweb_alternate_domains }}"
when: archweb_site|bool and maintenance is not defined
- name: set up nginx
- name: Set up nginx
template: src=nginx.d.conf.j2 dest="{{ archweb_nginx_conf }}" owner=root group=root mode=644
notify: reload nginx
when: archweb_site|bool and maintenance is not defined
tags: ['nginx']
- name: make nginx log dir
- name: Make nginx log dir
file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=root mode=0755
when: archweb_site|bool
- name: make rsync iso dir
- name: Make rsync iso dir
file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb mode=0755
when: archweb_site|bool
- name: clone archweb repo
- name: Clone archweb repo
git: >
repo={{ archweb_repository }}
dest="{{ archweb_dir }}"
......@@ -54,36 +54,36 @@
become_user: archweb
register: release
- name: make virtualenv
- name: Make virtualenv
command: python -m venv --system-site-packages "{{ archweb_dir }}"/env creates="{{ archweb_dir }}/env/bin/python"
become: true
become_user: archweb
- name: install stuff into virtualenv
- name: Install stuff into virtualenv
pip: requirements="{{ archweb_dir }}/requirements_prod.txt" virtualenv="{{ archweb_dir }}/env"
become: true
become_user: archweb
register: virtualenv
- name: create media dir
- name: Create media dir
file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}/media"
when: archweb_site|bool
- name: fix home permissions
- name: Fix home permissions
file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"
- name: make archlinux.org dir
- name: Make archlinux.org dir
file: path="{{ archweb_dir }}/archlinux.org" state=directory owner=archweb group=archweb mode=0755
- name: configure robots.txt
- name: Configure robots.txt
copy: src=robots.txt dest="{{ archweb_dir }}/archlinux.org/robots.txt" owner=root group=root mode=0644
- name: configure archweb
- name: Configure archweb
template: src=local_settings.py.j2 dest={{ archweb_dir }}/local_settings.py owner=archweb group=archweb mode=0660
register: config
no_log: true
- name: create archweb db users
- name: Create archweb db users
postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
no_log: true
when: archweb_site or archweb_services
......@@ -93,18 +93,18 @@
- { user: "{{ archweb_db_dbscripts_user }}", password: "{{ vault_archweb_db_dbscripts_password }}" }
- { user: "{{ archweb_db_backup_user }}", password: "{{ vault_archweb_db_backup_password }}" }
- name: create archweb db
- name: Create archweb db
postgresql_db: name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
when: archweb_site or archweb_services
register: db_created
- name: django migrate
- name: Django migrate
django_manage: app_path="{{ archweb_dir }}" command=migrate virtualenv="{{ archweb_dir }}/env"
become: true
become_user: archweb
when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
- name: db privileges for archweb users
- name: DB privileges for archweb users
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
privs=CONNECT roles="{{ item }}" type=database
when: archweb_site or archweb_services
......@@ -113,7 +113,7 @@
- "{{ archweb_db_dbscripts_user }}"
- "{{ archweb_db_backup_user }}"
- name: table privileges for archweb users
- name: Table privileges for archweb users
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
when: archweb_site or archweb_services
......@@ -122,7 +122,7 @@
- { user: "{{ archweb_db_dbscripts_user }}", objs: "{{ archweb_db_dbscripts_table_objs }}" }
- { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" }
- name: sequence privileges for archweb users
- name: Sequence privileges for archweb users
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
when: archweb_site or archweb_services
......@@ -130,25 +130,25 @@
- { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_sequence_objs }}" }
- { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_sequence_objs }}" }
- name: django collectstatic
- name: Django collectstatic
django_manage: app_path="{{ archweb_dir }}" command=collectstatic virtualenv="{{ archweb_dir }}/env"
become: true
become_user: archweb
when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
- name: install reporead service
- name: Install reporead service
template: src="archweb-reporead.service.j2" dest="/etc/systemd/system/archweb-reporead.service" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_services or archweb_reporead
- name: install readlinks service
- name: Install readlinks service
template: src="archweb-readlinks.service.j2" dest="/etc/systemd/system/archweb-readlinks.service" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_services or archweb_reporead
- name: install mirrorcheck service and timer
- name: Install mirrorcheck service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items:
- archweb-mirrorcheck.service
......@@ -157,7 +157,7 @@
- daemon reload
when: archweb_services or archweb_mirrorcheck
- name: install mirrorresolv service and timer
- name: Install mirrorresolv service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items:
- archweb-mirrorresolv.service
......@@ -166,7 +166,7 @@
- daemon reload
when: archweb_services or archweb_mirrorresolv
- name: install populate_signoffs service and timer
- name: Install populate_signoffs service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items:
- archweb-populate_signoffs.service
......@@ -175,7 +175,7 @@
- daemon reload
when: archweb_services or archweb_populate_signoffs
- name: install planet service and timer
- name: Install planet service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items:
- archweb-planet.service
......@@ -184,7 +184,7 @@
- daemon reload
when: archweb_planet
- name: install rebuilderd status service and timer
- name: Install rebuilderd status service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items:
- archweb-rebuilderd.service
......@@ -193,27 +193,27 @@
- daemon reload
when: archweb_site
- name: install pgp_import service
- name: Install pgp_import service
template: src="archweb-pgp_import.service.j2" dest="/etc/systemd/system/archweb-pgp_import.service" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_services or archweb_pgp_import
- name: create pacman.d hooks dir
- name: Create pacman.d hooks dir
file: state=directory owner=root group=root mode=0750 path="/etc/pacman.d/hooks"
when: archweb_services or archweb_pgp_import
- name: install pgp_import hook
- name: Install pgp_import hook
template: src="archweb-pgp_import-pacman-hook.j2" dest="/etc/pacman.d/hooks/archweb-pgp_import.hook" owner=root group=root mode=0644
when: archweb_services or archweb_pgp_import
- name: install archweb memcached service
- name: Install archweb memcached service
template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_site|bool
- name: install archweb rsync iso service and timer
- name: Install archweb rsync iso service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items:
- archweb-rsync_iso.service
......@@ -222,16 +222,16 @@
- daemon reload
when: archweb_site|bool
- name: deploy archweb
- name: Deploy archweb
template: src=archweb.ini.j2 dest=/etc/uwsgi/vassals/archweb.ini owner=archweb group=http mode=0640
when: archweb_site|bool
- name: deploy new release
- name: Deploy new release
file: path=/etc/uwsgi/vassals/archweb.ini state=touch owner=archweb group=http mode=0640
when: archweb_site and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
notify: restart archweb memcached
- name: start and enable archweb memcached service and archweb-rsync_iso timer
- name: Start and enable archweb memcached service and archweb-rsync_iso timer
systemd:
name: "{{ item }}"
enabled: true
......@@ -242,55 +242,55 @@
- archweb-rsync_iso.timer
when: archweb_site|bool
- name: start and enable archweb reporead service
- name: Start and enable archweb reporead service
service: name="archweb-reporead.service" enabled=yes state=started
when: archweb_services or archweb_reporead
- name: restart archweb reporead service
- name: Restart archweb reporead service
service: name="archweb-reporead.service" state=restarted
when: archweb_services or archweb_reporead and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
- name: start and enable archweb readlinks service
- name: Start and enable archweb readlinks service
service: name="archweb-readlinks.service" enabled=yes state=started
when: archweb_services or archweb_reporead
- name: restart archweb readlinks service
- name: Restart archweb readlinks service
service: name="archweb-readlinks.service" state=restarted
when: archweb_services or archweb_reporead and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
- name: start and enable archweb mirrorcheck timer
- name: Start and enable archweb mirrorcheck timer
service: name="archweb-mirrorcheck.timer" enabled=yes state=started
when: archweb_services or archweb_mirrorcheck
- name: start and enable archweb mirrorresolv timer
- name: Start and enable archweb mirrorresolv timer
service: name="archweb-mirrorresolv.timer" enabled=yes state=started
when: archweb_services or archweb_mirrorresolv
- name: start and enable archweb populate_signoffs timer
- name: Start and enable archweb populate_signoffs timer
service: name="archweb-populate_signoffs.timer" enabled=yes state=started
when: archweb_services or archweb_populate_signoffs
- name: start and enable archweb planet timer
- name: Start and enable archweb planet timer
service: name="archweb-planet.timer" enabled=yes state=started
when: archweb_planet
- name: start and enable archweb rebulderd update timer
- name: Start and enable archweb rebulderd update timer
service: name="archweb-rebuilderd.timer" enabled=yes state=started
when: archweb_site
- name: install donation import wrapper script
- name: Install donation import wrapper script
template: src=donor_import_wrapper.sh.j2 dest=/usr/local/bin/donor_import_wrapper.sh owner=root group=root mode=0755
when: archweb_site
- name: install sudoer rights for fetchmail to call archweb django scripts
- name: Install sudoer rights for fetchmail to call archweb django scripts
template: src=sudoers-fetchmail-archweb.j2 dest=/etc/sudoers.d/fetchmail-archweb owner=root group=root mode=0440
when: archweb_site
- name: create retro dir
- name: Create retro dir
file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_retro_dir }}"
when: archweb_site|bool
- name: clone archweb-retro repo
- name: Clone archweb-retro repo
git:
repo: "{{ archweb_retro_repository }}"
dest: "{{ archweb_retro_dir }}"
......
roles/archwiki/handlers/main.yml
+ 4
4
View file @ 26f289b7
- name: restart php-fpm@archwiki
- name: Restart php-fpm@archwiki
service: name=php-fpm@{{ archwiki_user }} state=restarted
- name: run wiki updatescript
- name: Run wiki updatescript
command: php {{ archwiki_dir }}/public/maintenance/update.php --quick
become: true
become_user: "{{ archwiki_user }}"
......@@ -11,7 +11,7 @@
# otherwise nginx will spit errors into the log until it is restarted (even
# reload is not enough).
# reference: https://stackoverflow.com/a/6896903
- name: purge nginx cache
- name: Purge nginx cache
command: find /var/lib/nginx/cache -type f -delete
# The MediaWiki file cache can be invalidated by deleting the files in the
......@@ -20,5 +20,5 @@
# being set to true). References:
# - https://www.mediawiki.org/wiki/Manual:File_cache
# - https://www.mediawiki.org/wiki/Manual:$wgInvalidateCacheOnLocalSettingsChange
- name: invalidate MediaWiki file cache
- name: Invalidate MediaWiki file cache
file: path="{{ archwiki_dir }}/public/LocalSettings.php" state=touch owner=archwiki group=archwiki mode=0640
roles/archwiki/tasks/main.yml
+ 27
27
View file @ 26f289b7
- name: run maintenance mode
- name: Run maintenance mode
include_role:
name: maintenance
vars:
......@@ -8,49 +8,49 @@
service_nginx_conf: "{{ archwiki_nginx_conf }}"
when: maintenance is defined
- name: create ssl cert
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ archwiki_domain }}"]
when: 'archwiki_domain is defined'
- name: install packages
- name: Install packages
pacman: name=git,php-intl state=present
- name: make archwiki user
- name: Make archwiki user
user: name="{{ archwiki_user }}" shell=/bin/false home="{{ archwiki_dir }}" createhome=no
register: user_created
- name: fix home permissions
- name: Fix home permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0751 path="{{ archwiki_dir }}"
- name: fix cache permissions
- name: Fix cache permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/cache"
- name: fix sessions permissions
- name: Fix sessions permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/sessions"
- name: fix uploads permissions
- name: Fix uploads permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/uploads"
- name: set up nginx
- name: Set up nginx
template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644
notify:
- reload nginx
when: maintenance is not defined
tags: ['nginx']
- name: configure robots.txt
- name: Configure robots.txt
copy: src=robots.txt dest="{{ archwiki_dir }}/robots.txt" owner=root group=root mode=0644
- name: make nginx log dir
- name: Make nginx log dir
file: path=/var/log/nginx/{{ archwiki_domain }} state=directory owner=root group=root mode=0755
- name: make debug log dir
- name: Make debug log dir
file: path=/var/log/archwiki state=directory owner={{ archwiki_user }} group=root mode=0700
- name: clone archwiki repo
- name: Clone archwiki repo
git: repo={{ archwiki_repository }} dest="{{ archwiki_dir }}/public" version={{ archwiki_version }}
become: true
become_user: "{{ archwiki_user }}"
......@@ -61,41 +61,41 @@
- purge nginx cache
- invalidate MediaWiki file cache
- name: configure archwiki
- name: Configure archwiki
template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640
register: config
no_log: true
- name: create archwiki db
- name: Create archwiki db
mysql_db: name="{{ archwiki_db }}" login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
register: db_created
- name: create archwiki db user
- name: Create archwiki db user
mysql_user: name={{ archwiki_db_user }} password={{ vault_archwiki_db_password }}
login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
priv="{{ archwiki_db }}.*:ALL"
no_log: true
- name: configure php-fpm
- name: Configure php-fpm
template:
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ archwiki_user }}.conf"
owner=root group=root mode=0644
notify:
- restart php-fpm@{{ archwiki_user }}
- name: start and enable systemd socket
- name: Start and enable systemd socket
service: name=php-fpm@{{ archwiki_user }}.socket state=started enabled=true
- name: create memcached.service.d drop-in directory
- name: Create memcached.service.d drop-in directory
file: path=/etc/systemd/system/memcached@archwiki.service.d state=directory owner=root group=root mode=0755
- name: install memcached.service drop-in
- name: Install memcached.service drop-in
template: src="memcached.service.d-archwiki.conf.j2" dest="/etc/systemd/system/memcached@archwiki.service.d/archwiki.conf" owner=root group=root mode=0644
- name: start and enable memcached service
- name: Start and enable memcached service
service: name=memcached@archwiki.service state=started enabled=true daemon_reload=true
- name: install systemd services/timers
- name: Install systemd services/timers
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
loop:
- archwiki-runjobs.service
......@@ -105,7 +105,7 @@
- archwiki-prune-cache.timer
- archwiki-question-updater.service
- name: start and enable archwiki timers and services
- name: Start and enable archwiki timers and services
systemd:
name: "{{ item }}"
enabled: true
......@@ -116,17 +116,17 @@
- archwiki-prune-cache.timer
- archwiki-runjobs-wait.service
- name: create question answer file
- name: Create question answer file
systemd:
name: archwiki-question-updater.service
state: started
daemon_reload: true
- name: ensure question answer file exists and set permissions
- name: Ensure question answer file exists and set permissions
file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
- name: create pacman.d hooks dir
- name: Create pacman.d hooks dir
file: state=directory owner=root group=root mode=0755 path=/etc/pacman.d/hooks
- name: install archwiki question updater hook
- name: Install archwiki question updater hook
template: src=archwiki-question-updater.hook.j2 dest=/etc/pacman.d/hooks/archwiki-question-updater.hook owner=root group=root mode=0644
roles/aurweb/handlers/main.yml
+ 3
3
View file @ 26f289b7
- name: daemon reload
- name: Daemon reload
systemd:
daemon-reload: true
- name: restart php-fpm@{{ aurweb_user }}
- name: Restart php-fpm@{{ aurweb_user }}
service: name=php-fpm@{{ aurweb_user }} state=restarted
- name: restart sshd
- name: Restart sshd
service: name=sshd state=restarted
roles/aurweb/tasks/main.yml
+ 41
41
View file @ 26f289b7
- name: install required packages
- name: Install required packages
pacman:
state: present
name:
......@@ -11,37 +11,37 @@
- gcc
- pkg-config
- name: install the cgit package
- name: Install the cgit package
pacman:
state: present
name:
- cgit-aurweb
register: cgit
- name: install the git package
- name: Install the git package
pacman:
state: present
name:
- git
register: git
- name: make aur user
- name: Make aur user
user: name="{{ aurweb_user }}" shell=/bin/bash createhome=yes
register: aur_user
- name: create .ssh for the aur user
- name: Create .ssh for the aur user
file: path={{ aur_user.home }}/.ssh state=directory owner={{ aur_user.name }} group={{ aur_user.name }} mode=0700
- name: install SSH key for mirroring to GitHub
- name: Install SSH key for mirroring to GitHub
copy: src=id_ed25519 dest={{ aur_user.home }}/.ssh/ owner={{ aur_user.name }} group={{ aur_user.name }} mode=0600
- name: fetch host keys for github.com
- name: Fetch host keys for github.com
command: ssh-keyscan github.com
args:
creates: "{{ aur_user.home }}/.ssh/known_hosts"
register: github_host_keys
- name: write github.com host keys to the aur user's known_hosts
- name: Write github.com host keys to the aur user's known_hosts
lineinfile: name={{ aur_user.home }}/.ssh/known_hosts create=yes line={{ item }} owner={{ aur_user.name }} group={{ aur_user.name }} mode=0644
loop: "{{ github_host_keys.stdout_lines }}"
when: github_host_keys.changed
......@@ -49,7 +49,7 @@
- name: Create directory
file: path={{ aurweb_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: receive valid signing keys
- name: Receive valid signing keys
command: /usr/bin/gpg --keyserver keys.openpgp.org --recv {{ item }}
loop: '{{ aurweb_pgp_keys }}'
become: true
......@@ -57,7 +57,7 @@
register: gpg
changed_when: "gpg.rc == 0"
- name: aurweb git repo check
- name: Aurweb git repo check
git: >
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
......@@ -69,7 +69,7 @@
register: release
check_mode: true
- name: install AUR systemd service and timers
- name: Install AUR systemd service and timers
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- aurweb-git.service
......@@ -91,7 +91,7 @@
- aurweb-github-mirror.timer
when: release.changed
- name: stop AUR systemd services and timers
- name: Stop AUR systemd services and timers
service: name={{ item }} enabled=yes state=stopped
with_items:
- aurweb-git.timer
......@@ -105,7 +105,7 @@
- aurweb-github-mirror.timer
when: release.changed
- name: clone aurweb repo
- name: Clone aurweb repo
git: >
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
......@@ -116,35 +116,35 @@
become_user: "{{ aurweb_user }}"
when: release.changed
- name: create necessary directories
- name: Create necessary directories
file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755
with_items:
- 'aurblup'
- 'sessions'
- 'uploads'
- name: create aurweb conf dir
- name: Create aurweb conf dir
file: path={{ aurweb_conf_dir }} state=directory owner=root group=root mode=0755
- name: copy aurweb configuration file
- name: Copy aurweb configuration file
copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes owner=root group=root mode=0644
# Note: initdb needs the config
- name: install custom aurweb configuration
- name: Install custom aurweb configuration
template: src=config.j2 dest={{ aurweb_conf_dir }}/config owner=root group=root mode=0644
- name: create aur db
- name: Create aur db
mysql_db: name="{{ aurweb_db }}" login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}" encoding=utf8
register: db_created
no_log: true
- name: create aur db user
- name: Create aur db user
mysql_user: name={{ aurweb_db_user }} password={{ vault_aurweb_db_password }}
login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}"
priv="{{ aurweb_db }}.*:ALL"
no_log: true
- name: initialize the database
- name: Initialize the database
command: poetry run python -m aurweb.initdb
args:
chdir: "{{ aurweb_dir }}"
......@@ -152,7 +152,7 @@
become_user: "{{ aurweb_user }}"
when: db_created.changed
- name: run migrations
- name: Run migrations
command: poetry run alembic upgrade head
args:
chdir: "{{ aurweb_dir }}"
......@@ -183,19 +183,19 @@
become_user: "{{ aurweb_user }}"
when: release.changed or aurweb_installed.rc != 0
- name: install custom aurweb-git-auth wrapper script
- name: Install custom aurweb-git-auth wrapper script
template: src=aurweb-git-auth.sh.j2 dest=/usr/local/bin/aurweb-git-auth.sh owner=root group=root mode=0755
when: release.changed
- name: install custom aurweb-git-serve wrapper script
- name: Install custom aurweb-git-serve wrapper script
template: src=aurweb-git-serve.sh.j2 dest=/usr/local/bin/aurweb-git-serve.sh owner=root group=root mode=0755
when: release.changed
- name: install custom aurweb-git-update wrapper script
- name: Install custom aurweb-git-update wrapper script
template: src=aurweb-git-update.sh.j2 dest=/usr/local/bin/aurweb-git-update.sh owner=root group=root mode=0755
when: release.changed
- name: link custom aurweb-git-update wrapper to hooks/update
- name: Link custom aurweb-git-update wrapper to hooks/update
file:
src: /usr/local/bin/aurweb-git-update.sh
dest: "{{ aurweb_dir }}/aur.git/hooks/update"
......@@ -215,36 +215,36 @@
become: true
become_user: "{{ aurweb_user }}"
- name: create ssl cert
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ aurweb_domain }}"]
- name: set up nginx
- name: Set up nginx
template: src=nginx.d.conf.j2 dest={{ aurweb_nginx_conf }} owner=root group=root mode=644
notify: reload nginx
tags: ['nginx']
- name: make nginx log dir
- name: Make nginx log dir
file: path=/var/log/nginx/{{ aurweb_domain }} state=directory owner=root group=root mode=0755
- name: install cgit configuration
- name: Install cgit configuration
template: src=cgitrc.j2 dest="{{ aurweb_conf_dir }}/cgitrc" owner=root group=root mode=0644
- name: configure cgit uwsgi service
- name: Configure cgit uwsgi service
template: src=cgit.ini.j2 dest=/etc/uwsgi/vassals/cgit.ini owner={{ aurweb_user }} group=http mode=0644
- name: deploy new cgit release
- name: Deploy new cgit release
become: true
become_user: "{{ aurweb_user }}"
file: path=/etc/uwsgi/vassals/cgit.ini state=touch owner=root group=root mode=0644
when: cgit.changed
- name: configure smartgit uwsgi service
- name: Configure smartgit uwsgi service
template: src=smartgit.ini.j2 dest=/etc/uwsgi/vassals/smartgit.ini owner={{ aurweb_user }} group=http mode=0644
- name: deploy new smartgit release
- name: Deploy new smartgit release
become: true
become_user: "{{ aurweb_user }}"
file:
......@@ -255,10 +255,10 @@
mode: 0644
when: git.changed
- name: create git repo dir
- name: Create git repo dir
file: path={{ aurweb_git_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: init git directory
- name: Init git directory
command: git init --bare {{ aurweb_git_dir }}
args:
creates: "{{ aurweb_git_dir }}/HEAD"
......@@ -267,7 +267,7 @@
tags:
- skip_ansible_lint
- name: save hideRefs setting on var
- name: Save hideRefs setting on var
command: git config --local --get-all transfer.hideRefs
register: git_config
args:
......@@ -276,7 +276,7 @@
tags:
- skip_ansible_lint
- name: configure git tranfser.hideRefs
- name: Configure git tranfser.hideRefs
command: git config --local transfer.hideRefs '^refs/'
args:
chdir: "{{ aurweb_git_dir }}"
......@@ -286,7 +286,7 @@
tags:
- skip_ansible_lint
- name: configure git transfer.hideRefs second
- name: Configure git transfer.hideRefs second
command: git config --local --add transfer.hideRefs '!refs/'
args:
chdir: "{{ aurweb_git_dir }}"
......@@ -296,7 +296,7 @@
tags:
- skip_ansible_lint
- name: configure git transfer.hideRefs third
- name: Configure git transfer.hideRefs third
command: git config --local --add transfer.hideRefs '!HEAD'
args:
chdir: "{{ aurweb_git_dir }}"
......@@ -306,12 +306,12 @@
tags:
- skip_ansible_lint
- name: configure sshd
- name: Configure sshd
template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
notify:
- restart sshd
- name: start and enable AUR systemd services and timers
- name: Start and enable AUR systemd services and timers
service: name={{ item }} enabled=yes state=started daemon_reload=yes
with_items:
- aurweb-git.timer
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment