Fix Ansible script for production

2025-10-31 07:49:57 +01:00 · 2020-09-04 22:37:18 +02:00
parent 4ddd763886
commit 0f47412c38
10 changed files with 14 additions and 164 deletions
--- a/ansible/base.yml
+++ b/ansible/base.yml
@@ -1,18 +1,20 @@
 #!/usr/bin/env ansible-playbook
 ---

- hosts: bde-nk20-beta.adh.crans.org
+- hosts: bde-note.adh.crans.org
  vars_prompt:
    - name: DB_PASSWORD
      prompt: "Password of the database"
      private: yes
  vars:
    mirror: deb.debian.org
+    note:
+      server_name: bde-note.adh.crans.org
  roles:
    - 1-apt-basic
    - 2-nk20
    - 3-pip
-    - 4-nginx
-    - 5-certbot
+    - 4-certbot
+    - 5-nginx
    - 6-psql
    - 7-postinstall
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -1,5 +1,6 @@
 [server]
 bde-nk20-beta.adh.crans.org
+bde-note.adh.crans.org

 [all:vars]
 ansible_python_interpreter=/usr/bin/python3
--- a/ansible/roles/2-nk20/tasks/main.yml
+++ b/ansible/roles/2-nk20/tasks/main.yml
@@ -11,7 +11,7 @@
  git:
    repo: https://gitlab.crans.org/bde/nk20.git
    dest: /var/www/note_kfet
-    version: beta
+    version: master
    force: true

 - name: Use default env vars (should be updated!)
--- a/ansible/roles/4-nginx/tasks/main.yml
+++ b/ansible/roles/4-nginx/tasks/main.yml
@@ -1,44 +0,0 @@
---
- name: Install NGINX
-  apt:
-    name: nginx
-  register: pkg_result
-  retries: 3
-  until: pkg_result is succeeded
-
- name: Copy conf of Nginx
-  template:
-    src: "nginx_note.conf"
-    dest: /etc/nginx/sites-available/nginx_note.conf
-    mode: 0644
-    owner: www-data
-    group: www-data
-
- name: Enable Nginx site
-  file:
-    src: /etc/nginx/sites-available/nginx_note.conf
-    dest: /etc/nginx/sites-enabled/nginx_note.conf
-    owner: www-data
-    group: www-data
-    state: link
-
- name: Disable default Nginx site
-  file:
-    dest: /etc/nginx/sites-enabled/default
-    state: absent
-
- name: Copy conf of UWSGI
-  file:
-    src: /var/www/note_kfet/uwsgi_note.ini
-    dest: /etc/uwsgi/apps-enabled/uwsgi_note.ini
-    state: link
-
- name: Reload Nginx
-  systemd:
-    name: nginx
-    state: reloaded
-
- name: Restart UWSGI
-  systemd:
-    name: uwsgi
-    state: restarted
--- a/ansible/roles/4-nginx/templates/nginx_note.conf
+++ b/ansible/roles/4-nginx/templates/nginx_note.conf
@@ -1,63 +0,0 @@
-# the upstream component nginx needs to connect to
-upstream note{
-    server unix:///var/www/note_kfet/note_kfet.sock; # file socket
-}
-
-# Redirect HTTP to nk20 HTTPS
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    location / {
-        return 301 https://nk20-beta.crans.org$request_uri;
-    }
-}
-
-# Redirect all HTTPS to nk20 HTTPS
-server {
-    listen 443 ssl default_server;
-    listen [::]:443 ssl default_server;
-
-    location / {
-        return 301 https://nk20-beta.crans.org$request_uri;
-    }
-
-    ssl_certificate /etc/letsencrypt/live/nk20-beta.crans.org/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/nk20-beta.crans.org/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-}
-
-# configuration of the server
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-
-    # the port your site will be served on
-    # the domain name it will serve for
-    server_name nk20-beta.crans.org; # substitute your machine's IP address or FQDN
-    charset     utf-8;
-
-    # max upload size
-    client_max_body_size 75M;   # adjust to taste
-
-    # Django media
-    location /media  {
-        alias /var/www/note_kfet/media;  # your Django project's media files - amend as required
-    }
-
-    location /static {
-        alias /var/www/note_kfet/static; # your Django project's static files - amend as required
-    }
-
-    # Finally, send all non-media requests to the Django server.
-    location / {
-        uwsgi_pass note;
-        include /etc/nginx/uwsgi_params;
-    }
-
-    ssl_certificate /etc/letsencrypt/live/nk20-beta.crans.org/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/nk20-beta.crans.org/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-}
--- a/ansible/roles/5-certbot/tasks/main.yml
+++ b/ansible/roles/5-certbot/tasks/main.yml
@@ -1,21 +0,0 @@
---
- name: Install basic APT packages
-  apt:
-    update_cache: true
-    name:
-      - certbot
-      - python3-certbot-nginx
-  register: pkg_result
-  retries: 3
-  until: pkg_result is succeeded
-
- name: Create /etc/letsencrypt/conf.d
-  file:
-    path: /etc/letsencrypt/conf.d
-    state: directory
-
- name: Add Certbot configuration
-  template:
-    src: "letsencrypt/conf.d/nk20.ini.j2"
-    dest: "/etc/letsencrypt/conf.d/nk20.ini"
-    mode: 0644
--- a/ansible/roles/5-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
+++ b/ansible/roles/5-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
@@ -1,20 +0,0 @@
-{{ ansible_managed | comment }}
-
-# To generate the certificate, please use the following command
-# certbot --config /etc/letsencrypt/conf.d/nk20.ini certonly
-
-# Use a 4096 bit RSA key instead of 2048
-rsa-key-size = 4096
-
-# Always use the staging/testing server
-# server = https://acme-staging.api.letsencrypt.org/directory
-
-# Uncomment and update to register with the specified e-mail address
-email = notekfet2020@lists.crans.org
-
-# Uncomment to use a text interface instead of ncurses
-text = True
-
-# Use DNS-01 challenge
-authenticator = nginx
-
--- a/ansible/roles/7-postinstall/tasks/main.yml
+++ b/ansible/roles/7-postinstall/tasks/main.yml
@@ -22,3 +22,9 @@
  args:
    chdir: /var/www/note_kfet
  become_user: postgres
+
+- name: Collect static files
+  command: /var/www/note_kfet/env/bin/python manage.py collectstatic --noinput
+  args:
+    chdir: /var/www/note_kfet
+  become_user: www-data
--- a/apps/scripts
+++ b/apps/scripts
--- a/note_kfet/templates/base.html
+++ b/note_kfet/templates/base.html
@@ -154,17 +154,6 @@ SPDX-License-Identifier: GPL-3.0-or-later
                {% trans "Your e-mail address is not validated. Please check your mail inbox and click on the validation link." %}
            </div>
        {% endif %}
-        <div class="alert alert-warning alert-dismissible">
-            <button type="button" class="close" data-dismiss="alert" aria-hidden="true">&#215;</button>
-            Attention : la Note Kfet 2020 est en phase de beta. Des fonctionnalités pourront être rajoutées d'ici à la version
-            finale, et des bugs peuvent survenir. Pour tout problème, merci d'envoyer un mail à l'adresse
-            <a href="mailto:&#110;&#111;&#116;&#101;&#107;&#102;&#101;&#116;&#50;&#48;&#50;&#48;&commat;&#108;&#105;&#115;&#116;&#115;&period;&#99;&#114;&#97;&#110;&#115;&period;&#111;&#114;&#103;">
-                &#110;&#111;&#116;&#101;&#107;&#102;&#101;&#116;&#50;&#48;&#50;&#48;&commat;&#108;&#105;&#115;&#116;&#115;&period;&#99;&#114;&#97;&#110;&#115;&period;&#111;&#114;&#103;</a>,
-            ou bien levez une issue sur le dépôt <a href="https://gitlab.crans.org/bde/nk20/-/issues">Gitlab</a>,
-            ou encore posez un commentaire sur le <a href="https://pad.crans.org/p/todoNK20">pad</a>.<br><br>
-
-            Certaines données ont été anonymisées afin de limiter les fuites de données, et peuvent ne pas correspondre avec vos données réelles.
-        </div>
        <div id="messages"></div>
        {% block content %}
            <p>Default content...</p>