diff --git a/ansible/base.yml b/ansible/base.yml index 9ec6724d..9ed8ed82 100755 --- a/ansible/base.yml +++ b/ansible/base.yml @@ -1,15 +1,13 @@ #!/usr/bin/env ansible-playbook --- -- hosts: bde-note.adh.crans.org +- hosts: server vars_prompt: - name: DB_PASSWORD - prompt: "Password of the database" + prompt: "Password of the database (leave it blank if this is a reinstallation)" private: yes vars: mirror: deb.debian.org - note: - server_name: note.crans.org roles: - 1-apt-basic - 2-nk20 diff --git a/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml b/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml new file mode 100644 index 00000000..f48f28a0 --- /dev/null +++ b/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml @@ -0,0 +1,5 @@ +--- +note: + server_name: note-beta.crans.org + git_branch: beta + cron_enabled: true diff --git a/ansible/host_vars/bde-note.adh.crans.org.yml b/ansible/host_vars/bde-note.adh.crans.org.yml new file mode 100644 index 00000000..ba085433 --- /dev/null +++ b/ansible/host_vars/bde-note.adh.crans.org.yml @@ -0,0 +1,5 @@ +--- +note: + server_name: note.crans.org + git_branch: master + cron_enabled: true diff --git a/ansible/host_vars/bde3-virt.adh.crans.org.yml b/ansible/host_vars/bde3-virt.adh.crans.org.yml new file mode 100644 index 00000000..477a4b7a --- /dev/null +++ b/ansible/host_vars/bde3-virt.adh.crans.org.yml @@ -0,0 +1,5 @@ +--- +note: + server_name: note-dev.crans.org + git_branch: beta + cron_enabled: false diff --git a/ansible/hosts b/ansible/hosts index 454b7aa0..72c3a7bc 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -1,4 +1,5 @@ [server] +bde3-virt.adh.crans.org bde-nk20-beta.adh.crans.org bde-note.adh.crans.org diff --git a/ansible/roles/2-nk20/tasks/main.yml b/ansible/roles/2-nk20/tasks/main.yml index 57615f52..9652359d 100644 --- a/ansible/roles/2-nk20/tasks/main.yml +++ b/ansible/roles/2-nk20/tasks/main.yml @@ -11,7 +11,7 @@ git: repo: https://gitlab.crans.org/bde/nk20.git dest: /var/www/note_kfet - version: master + version: "{{ note.git_branch }}" force: true - name: Use default env vars (should be updated!) @@ -30,6 +30,7 @@ group: www-data - name: Setup cron jobs + when: "note.cron_enabled" template: src: note.cron.j2 dest: /etc/cron.d/note diff --git a/ansible/roles/2-nk20/templates/note.cron.j2 b/ansible/roles/2-nk20/templates/note.cron.j2 deleted file mode 100644 index 17d65279..00000000 --- a/ansible/roles/2-nk20/templates/note.cron.j2 +++ /dev/null @@ -1,22 +0,0 @@ -# {{ ansible_managed }} -# Les cronjobs dont a besoin la Note Kfet - -# m h dom mon dow user command -# Envoyer les mails en attente - * * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail >> /var/www/note_kfet/cron_mail.log - * * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred >> /var/www/note_kfet/cron_mail_deferred.log - 00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 >> /var/www/note_kfet/cron_mail_purge.log -# Faire une sauvegarde de la base de données - 00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db -# Vérifier la cohérence de la base et mailer en cas de problème - 00 4 * * * root cd /var/www/note_kfet && env/bin/python manage.py check_consistency --sum-all --check-all --mail -# Mettre à jour le wiki (modification sans (dé)validation, activités passées) -#30 5 * * * root cd /var/www/note_kfet && env/bin/python manage.py refresh_activities --raw --comment refresh -# Spammer les gens en négatif - 00 5 * * 2 root cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --spam -# Envoyer le rapport mensuel aux trésoriers et respos info - 00 8 6 * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --report -# Envoyer les rapports aux gens - 55 6 * * * root cd /var/www/note_kfet && env/bin/python manage.py send_reports -# Envoyer les rapports aux gens - 00 9 * * * root cd /var/www/note_kfet && env/bin/python manage.py refresh_highlighted_buttons diff --git a/ansible/roles/2-nk20/templates/note.cron.j2 b/ansible/roles/2-nk20/templates/note.cron.j2 new file mode 120000 index 00000000..7bb39d7d --- /dev/null +++ b/ansible/roles/2-nk20/templates/note.cron.j2 @@ -0,0 +1 @@ +../../../../note.cron \ No newline at end of file diff --git a/ansible/roles/5-nginx/templates/nginx_note.conf b/ansible/roles/5-nginx/templates/nginx_note.conf new file mode 100644 index 00000000..218d6537 --- /dev/null +++ b/ansible/roles/5-nginx/templates/nginx_note.conf @@ -0,0 +1,63 @@ +# the upstream component nginx needs to connect to +upstream note{ + server unix:///var/www/note_kfet/note_kfet.sock; # file socket +} + +# Redirect HTTP to nk20 HTTPS +server { + listen 80 default_server; + listen [::]:80 default_server; + + location / { + return 301 https://{{ note.server_name }}$request_uri; + } +} + +# Redirect all HTTPS to nk20 HTTPS +server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + + location / { + return 301 https://{{ note.server_name }}$request_uri; + } + + ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} + +# configuration of the server +server { + listen 443 ssl; + listen [::]:443 ssl; + + # the port your site will be served on + # the domain name it will serve for + server_name {{ note.server_name }}; # substitute your machine's IP address or FQDN + charset utf-8; + + # max upload size + client_max_body_size 75M; # adjust to taste + + # Django media + location /media { + alias /var/www/note_kfet/media; # your Django project's media files - amend as required + } + + location /static { + alias /var/www/note_kfet/static; # your Django project's static files - amend as required + } + + # Finally, send all non-media requests to the Django server. + location / { + uwsgi_pass note; + include /etc/nginx/uwsgi_params; + } + + ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} diff --git a/ansible/roles/6-psql/tasks/main.yml b/ansible/roles/6-psql/tasks/main.yml index 90ed8096..c4349f5e 100644 --- a/ansible/roles/6-psql/tasks/main.yml +++ b/ansible/roles/6-psql/tasks/main.yml @@ -10,17 +10,15 @@ retries: 3 until: pkg_result is succeeded -- name: Install Psycopg2 - pip: - name: psycopg2-binary - - name: Create role note + when: "DB_PASSWORD|bool" # If the password is not defined, skip the installation postgresql_user: name: note password: "{{ DB_PASSWORD }}" become_user: postgres - name: Create NK20 database + when: "DB_PASSWORD|bool" postgresql_db: name: note_db owner: note diff --git a/note.cron b/note.cron index e0d4e754..dabe1a9e 100644 --- a/note.cron +++ b/note.cron @@ -1,11 +1,11 @@ -# Attention, il faut *copier* ce fichier dans /etc/cron.d, owner root:root et droits 644 +{{ ansible_managed }} # Les cronjobs dont a besoin la Note Kfet # m h dom mon dow user command # Envoyer les mails en attente - * * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail - * * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred - 00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 + * * * * * root cd /var/www/note_kfet && env/bin/python manage.py send_mail -c 1 + * * * * * root cd /var/www/note_kfet && env/bin/python manage.py retry_deferred -c 1 + 00 0 * * * root cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 -c 1 # Faire une sauvegarde de la base de données 00 2 * * * root cd /var/www/note_kfet && apps/scripts/shell/backup_db # Vérifier la cohérence de la base et mailer en cas de problème