Add nginx to playbook

2020-11-12 15:24:10 +01:00 · 2020-11-12 15:24:10 +01:00 · a23c96d9f8
parent a378447e1d
commit a23c96d9f8
3 changed files with 123 additions and 44 deletions
--- a/ansible/blog.service
+++ b/ansible/blog.service
@ -11,7 +11,7 @@ rcvar="blog_enable"

 load_rc_config $name
 : ${blog_enable="NO"}
-: ${blog_listen_addr="0.0.0.0:8000"}
+: ${blog_listen_addr="127.0.0.1:8000"}

 pidfile="/var/run/${name}.pid"
 logfile="/var/log/${name}.log"
--- a/ansible/nginx.conf
+++ b/ansible/nginx.conf
@ -0,0 +1,59 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    server {
+        server_name localhost:80;
+
+        client_max_body_size 10M;
+
+        gzip on;
+        gzip_types
+          application/javascript
+          application/x-javascript
+          application/json
+          application/rss+xml
+          application/xml
+          image/svg+xml
+          image/x-icon
+          application/vnd.ms-fontobject
+          application/font-sfnt
+          text/css
+          text/plain;
+        gzip_min_length 256;
+        gzip_comp_level 5;
+        gzip_http_version 1.1;
+        gzip_vary on;
+
+        location /static/ {
+            alias /srv/blog/staticfiles/;
+            expires 30d;
+        }
+
+        location /media/ {
+            alias /srv/blog/media/;
+            expires 30d;
+        }
+
+        location / {
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_set_header X-Forwarded-Proto https;
+            proxy_pass http://localhost:8000;
+            proxy_redirect off;
+        }
+
+        listen [::]:80;
+        listen 80;
+    }
+}
--- a/ansible/playbook.yml
+++ b/ansible/playbook.yml
@ -6,46 +6,66 @@
    PATH: /root/.poetry/bin:{{ ansible_env.PATH }}

  tasks:
-  - name: install dependencies
-    pkgng:
-      name: git,python38,py38-sqlite3,jpeg-turbo,nginx,curl,vim
-  - name: make python3.8 default
-    file:
-      path: /usr/local/bin/python3
-      src: /usr/local/bin/python3.8
-      state: link
-  - name: fetch code
-    git:
-      repo: https://git.sr.ht/~crocmagnon/blog
-      dest: /srv/blog
-      force: yes
-  - name: install poetry
-    shell:
-      cmd: POETRY_VERSION=1.1.4 curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python
-      creates: /root/.poetry/bin/poetry
-  - name: create venv
-    shell:
-      cmd: python -m venv /srv/blogvenv
-      creates: /srv/blogvenv/bin/python
-  - name: install deps
-    shell:
-      chdir: /srv/blog
-      cmd: . /srv/blogvenv/bin/activate && poetry install --remove-untracked
-  - name: install service
-    copy:
-      remote_src: yes
-      src: /srv/blog/ansible/blog.service
-      dest: /usr/local/etc/rc.d/blog
-      owner: root
-      group: wheel
-      mode: 0755
-  - name: enable and restart blog service
-    service:
-      name: blog
-      state: restarted
-      enabled: yes
-#  - name: enable nginx service
-#    service:
-#      name: nginx
-#      state: started
-#      enabled: yes
+    - name: install system dependencies
+      pkgng:
+        name: git,python38,py38-sqlite3,jpeg-turbo,nginx,curl,vim
+    - name: make python3.8 default
+      file:
+        path: /usr/local/bin/python3
+        src: /usr/local/bin/python3.8
+        state: link
+    - name: fetch code
+      git:
+        repo: https://git.sr.ht/~crocmagnon/blog
+        dest: /srv/blog
+        force: yes
+    - name: install poetry
+      shell:
+        cmd: POETRY_VERSION=1.1.4 curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python
+        creates: /root/.poetry/bin/poetry
+    - name: create venv
+      shell:
+        cmd: python -m venv /srv/blogvenv
+        creates: /srv/blogvenv/bin/python
+    - name: install python dependencies
+      shell:
+        chdir: /srv/blog
+        cmd: . /srv/blogvenv/bin/activate && poetry install --remove-untracked
+    - name: install service
+      copy:
+        remote_src: yes
+        src: /srv/blog/ansible/blog.service
+        dest: /usr/local/etc/rc.d/blog
+        owner: root
+        group: wheel
+        mode: 0755
+    - name: enable and restart blog service
+      service:
+        name: blog
+        state: restarted
+        enabled: yes
+    - name: backup old nginx conf
+      copy:
+        remote_src: yes
+        src: /usr/local/etc/nginx/nginx.conf
+        dest: /usr/local/etc/nginx/nginx.conf.BKP
+    - name: install nginx conf
+      copy:
+        remote_src: yes
+        src: /srv/blog/ansible/nginx.conf
+        dest: /usr/local/etc/nginx/nginx.conf
+        owner: root
+        group: wheel
+        mode: 0644
+      notify:
+        - restart nginx
+    - name: enable nginx service
+      service:
+        name: nginx
+        state: started
+        enabled: yes
+  handlers:
+    - name: restart nginx
+      service:
+        name: nginx
+        state: restarted