Add role for apis-rilec

roles/rilec/templates/apis-rilec.ini.j2

@@ -0,0 +1,32 @@
+[uwsgi]
+plugin = python3
+
+uid = {{ user }}
+gid = {{ user }}
+
+# the socket (use the full path to be safe
+socket = /run/apis-rilec.socket
+chown-socket = {{ user }}:nginx
+chmod-socket = 660
+
+# log
+logto = /var/log/uwsgi/apis-rilec/apis-rilec.log
+
+# Django-related settings
+# the base directory (full path)
+chdir           = {{ django_app }}
+# Django's wsgi file
+module          = apis_rilec_fri.wsgi
+# the virtualenv (full path)
+home            = {{ django_venv }}
+
+# process-related settings
+# master
+master          = true
+# maximum number of worker processes
+processes       = 16
+harakiri = 3600
+# clear environment on exit
+vacuum          = true
+
+

roles/rilec/templates/apis_process_data.sh.j2

@@ -0,0 +1,4 @@
+#!/bin/sh
+. {{ django_venv }}/bin/activate
+{{ django_app }}/manage.py from_ldap
+{{ django_app }}/manage.py to_ldapobjects -gs -cd

roles/rilec/templates/environment.j2

@@ -0,0 +1,36 @@
+DEBUG=false
+# DATABASE_URL="mysql://apisrilec:TestBazeZaApisRilec@127.0.0.1:3306/apisrilecphp"
+DATABASE_URL="postgresql://{{ user }}@localhost/{{database | default(user)}}"
+# mysql://USER:PASSWORD@HOST:PORT/NAME
+ALLOWED_HOSTS=apis-rilec.fri.uni-lj.si,apis-rilec.fri1.uni-lj.si,apis-rilec-php.fri1.uni-lj.si
+SECRET_KEY="{{ password.secret_key }}"
+PUBLIC_ROOT={{ user_info.home }}/www_data/apis-rilec
+
+# APIS_X_API_KEY="ToleJeSkrivnost"
+X_API_KEY="{{ password.x_api_key }}"
+
+STUDIS_API_TOKEN="{{ password.studis_api_token }}"
+STUDIS_API_BASE_URL=https://studisfri.uni-lj.si/api
+
+#LDAP_SERVER_URI="ldap://212.235.188.28:389"
+# LDAP_SERVER_URI="ldap://dcv1fri1.fri1.uni-lj.si:389"
+# LDAP_BIND_DN="CN=ldap test,OU=ServiceAccounts,DC=test,DC=nodomain",
+# LDAP_BIND_DN="CN=LDAP\\, RILEC,OU=System,OU=admin,DC=fri1,DC=uni-lj,DC=si"
+# LDAP_BIND_PASSWORD="rUn.n-9pNUMq>7[}{AAF2W)f"
+
+
+LDAP_SERVER_URI="{{ ldap_server }}"
+LDAP_BIND_DN="{{ password.ldap_bind_dn }}"
+LDAP_BIND_PASSWORD="{{ password.ldap_bind_pass }}"
+LDAP_USER_SEARCH_BASE="OU=FRI,DC=fri1,DC=uni-lj,DC=si"
+LDAP_USER_SEARCH_SCOPE="SUBTREE"
+LDAP_START_TLS=true
+LDAP_OPT_X_TLS_REQUIRE_CERT="NEVER"
+
+# AUTH_LDAP_USER_DN_TEMPLATE = "userPrincipalName=%(user)s,OU=Users,OU=FRI,DC=fri1,DC=uni-lj,DC=si"
+
+LDAP_GROUP_SEARCH_BASE="OU=FRI,DC=fri1,DC=uni-lj,DC=si"
+AUTH_LDAP_MIRROR_GROUPS=true
+AUTH_LDAP_ALWAYS_UPDATE_USER=true
+AUTH_LDAP_CACHE_GROUPS=true
+AUTH_LDAP_GROUP_CACHE_TIMEOUT=3600

roles/rilec/templates/nginx.conf.j2

@@ -0,0 +1,25 @@
+server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+        server_name {{ dns_name }};
+
+        ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
+
+        location @uwsgi {
+                include uwsgi_params;
+                uwsgi_pass unix:/run/apis-rilec.socket;
+        }
+        location / {
+                # First attempt to serve request as file, then
+                # as directory, then fall back to displaying a 404.
+                alias {{ public_root }};
+                try_files $uri @uwsgi;
+        }
+        location /media/ {
+                alias {{ public_root }}/media/;
+        }
+        location /static/ {
+                alias {{ public_root }}/static/;
+        }
+}