Add nginx to playbook

This commit is contained in:
Gabriel Augendre 2020-11-12 15:24:10 +01:00
parent a378447e1d
commit a23c96d9f8
No known key found for this signature in database
GPG key ID: 1E693F4CE4AEE7B4
3 changed files with 123 additions and 44 deletions

View file

@ -11,7 +11,7 @@ rcvar="blog_enable"
load_rc_config $name
: ${blog_enable="NO"}
: ${blog_listen_addr="0.0.0.0:8000"}
: ${blog_listen_addr="127.0.0.1:8000"}
pidfile="/var/run/${name}.pid"
logfile="/var/log/${name}.log"

59
ansible/nginx.conf Normal file
View file

@ -0,0 +1,59 @@
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
server_name localhost:80;
client_max_body_size 10M;
gzip on;
gzip_types
application/javascript
application/x-javascript
application/json
application/rss+xml
application/xml
image/svg+xml
image/x-icon
application/vnd.ms-fontobject
application/font-sfnt
text/css
text/plain;
gzip_min_length 256;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_vary on;
location /static/ {
alias /srv/blog/staticfiles/;
expires 30d;
}
location /media/ {
alias /srv/blog/media/;
expires 30d;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://localhost:8000;
proxy_redirect off;
}
listen [::]:80;
listen 80;
}
}

View file

@ -6,46 +6,66 @@
PATH: /root/.poetry/bin:{{ ansible_env.PATH }}
tasks:
- name: install dependencies
pkgng:
name: git,python38,py38-sqlite3,jpeg-turbo,nginx,curl,vim
- name: make python3.8 default
file:
path: /usr/local/bin/python3
src: /usr/local/bin/python3.8
state: link
- name: fetch code
git:
repo: https://git.sr.ht/~crocmagnon/blog
dest: /srv/blog
force: yes
- name: install poetry
shell:
cmd: POETRY_VERSION=1.1.4 curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python
creates: /root/.poetry/bin/poetry
- name: create venv
shell:
cmd: python -m venv /srv/blogvenv
creates: /srv/blogvenv/bin/python
- name: install deps
shell:
chdir: /srv/blog
cmd: . /srv/blogvenv/bin/activate && poetry install --remove-untracked
- name: install service
copy:
remote_src: yes
src: /srv/blog/ansible/blog.service
dest: /usr/local/etc/rc.d/blog
owner: root
group: wheel
mode: 0755
- name: enable and restart blog service
service:
name: blog
state: restarted
enabled: yes
# - name: enable nginx service
# service:
# name: nginx
# state: started
# enabled: yes
- name: install system dependencies
pkgng:
name: git,python38,py38-sqlite3,jpeg-turbo,nginx,curl,vim
- name: make python3.8 default
file:
path: /usr/local/bin/python3
src: /usr/local/bin/python3.8
state: link
- name: fetch code
git:
repo: https://git.sr.ht/~crocmagnon/blog
dest: /srv/blog
force: yes
- name: install poetry
shell:
cmd: POETRY_VERSION=1.1.4 curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python
creates: /root/.poetry/bin/poetry
- name: create venv
shell:
cmd: python -m venv /srv/blogvenv
creates: /srv/blogvenv/bin/python
- name: install python dependencies
shell:
chdir: /srv/blog
cmd: . /srv/blogvenv/bin/activate && poetry install --remove-untracked
- name: install service
copy:
remote_src: yes
src: /srv/blog/ansible/blog.service
dest: /usr/local/etc/rc.d/blog
owner: root
group: wheel
mode: 0755
- name: enable and restart blog service
service:
name: blog
state: restarted
enabled: yes
- name: backup old nginx conf
copy:
remote_src: yes
src: /usr/local/etc/nginx/nginx.conf
dest: /usr/local/etc/nginx/nginx.conf.BKP
- name: install nginx conf
copy:
remote_src: yes
src: /srv/blog/ansible/nginx.conf
dest: /usr/local/etc/nginx/nginx.conf
owner: root
group: wheel
mode: 0644
notify:
- restart nginx
- name: enable nginx service
service:
name: nginx
state: started
enabled: yes
handlers:
- name: restart nginx
service:
name: nginx
state: restarted