113 lines
2.3 KiB
YAML
113 lines
2.3 KiB
YAML
- name: Create friwall group
|
|
group:
|
|
name: friwall
|
|
system: yes
|
|
|
|
- name: Create friwall user
|
|
user:
|
|
name: friwall
|
|
system: yes
|
|
home: /srv/friwall
|
|
shell: /sbin/nologin
|
|
generate_ssh_key: yes
|
|
ssh_key_comment: "{{ inventory_hostname }}"
|
|
ssh_key_type: ed25519
|
|
|
|
- name: Install packages
|
|
package:
|
|
name: git,inotify-tools,py3-pip,procps-ng,rsync,uwsgi,uwsgi-python3,wireguard-tools
|
|
|
|
- name: Clone web files
|
|
become: yes
|
|
become_user: friwall
|
|
become_method: su
|
|
become_flags: "-s /bin/sh"
|
|
git:
|
|
repo: '{{ password.friwall_repo }}'
|
|
dest: /srv/friwall/app
|
|
force: yes
|
|
notify: reload uwsgi
|
|
|
|
- name: Install requirements
|
|
become: yes
|
|
become_user: friwall
|
|
become_method: su
|
|
become_flags: '-s /bin/sh'
|
|
pip:
|
|
requirements: /srv/friwall/app/requirements.txt
|
|
extra_args: --user --break-system-packages --no-warn-script-location
|
|
notify: restart uwsgi
|
|
|
|
- name: Configure base settings
|
|
template:
|
|
dest: "/srv/friwall/{{ item }}"
|
|
src: "{{ item }}.j2"
|
|
owner: friwall
|
|
group: friwall
|
|
mode: 0600
|
|
force: no
|
|
loop:
|
|
- nodes.json
|
|
- settings.json
|
|
notify: restart uwsgi
|
|
|
|
- name: Configure list of networks
|
|
template:
|
|
dest: "/srv/friwall/networks.json"
|
|
src: "networks.json.j2"
|
|
owner: friwall
|
|
group: friwall
|
|
mode: 0600
|
|
|
|
- name: Configure uwsgi
|
|
copy:
|
|
dest: /etc/uwsgi/
|
|
src: uwsgi.ini
|
|
notify: restart uwsgi
|
|
|
|
- name: Configure uwsgi instance
|
|
copy:
|
|
dest: /etc/uwsgi/conf.d/
|
|
src: friwall.ini
|
|
owner: friwall
|
|
group: friwall
|
|
|
|
- name: Enable uwsgi
|
|
service:
|
|
name: uwsgi
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Configure nginx instance
|
|
template:
|
|
dest: /etc/nginx/http.d/friwall.conf
|
|
src: nginx.conf.j2
|
|
notify: reload nginx
|
|
|
|
- name: Install config pusher initscript
|
|
copy:
|
|
dest: /etc/init.d/pusher
|
|
src: pusher.initd
|
|
mode: 0755
|
|
notify: restart pusher
|
|
|
|
- name: Enable config pusher service
|
|
service:
|
|
name: pusher
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Regenerate config daily
|
|
cron:
|
|
name: "regenerate config"
|
|
job: "cd ~/app ; FLASK_APP=web python3 -m flask generate"
|
|
user: friwall
|
|
hour: "3"
|
|
minute: "33"
|
|
|
|
- name: Try (re-)pushing config periodically
|
|
cron:
|
|
name: "push config"
|
|
job: "cd ~/app ; FLASK_APP=web python3 -m flask push"
|
|
user: friwall
|
|
minute: "*/15"
|