From 98386df525974e66cd7ec8b7289b16caf347bdcb Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Thu, 29 Aug 2019 06:01:06 +0200 Subject: [PATCH] Added role server/firefox-sync --- roles/server/firefox-sync/defaults/main.yml | 27 +++++++++ roles/server/firefox-sync/handlers/main.yml | 7 +++ roles/server/firefox-sync/meta/main.yml | 14 +++++ roles/server/firefox-sync/tasks/main.yml | 60 +++++++++++++++++++ .../firefox-sync/templates/firefox.service | 18 ++++++ .../firefox-sync/templates/firefox.socket | 11 ++++ .../firefox-sync/templates/syncserver.ini | 43 +++++++++++++ 7 files changed, 180 insertions(+) create mode 100644 roles/server/firefox-sync/defaults/main.yml create mode 100644 roles/server/firefox-sync/handlers/main.yml create mode 100644 roles/server/firefox-sync/meta/main.yml create mode 100644 roles/server/firefox-sync/tasks/main.yml create mode 100644 roles/server/firefox-sync/templates/firefox.service create mode 100644 roles/server/firefox-sync/templates/firefox.socket create mode 100644 roles/server/firefox-sync/templates/syncserver.ini diff --git a/roles/server/firefox-sync/defaults/main.yml b/roles/server/firefox-sync/defaults/main.yml new file mode 100644 index 0000000..975fe48 --- /dev/null +++ b/roles/server/firefox-sync/defaults/main.yml @@ -0,0 +1,27 @@ +--- + +remote_repository_url: "https://github.com/Zocker1999NET/syncserver" +remote_repository_version: master + +# domain: firefox.example +system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}" + +service_name: "{{ domain }}.service" +socket_name: "{{ domain }}.socket" + +user_directory: "{{ global_webservers_directory }}/{{ domain }}" +installation_directory: "{{ user_directory }}/sync" +local_binary_directory: "{{ installation_directory }}/local/bin" +configuration_file_path: "{{ user_directory }}/configuration.ini" +pid_file_path: "{{ user_directory }}/pid" +socket_directory: "{{ global_socket_directory }}/{{ domain }}" +socket_path: "{{ socket_directory }}/socket" + +database_user: "{{ system_user }}" +# database_pass from mysql/database +# database_name from mysql/database + +secret: "{{ lookup('password', 'credentials/' + inventory_hostname + '/' + domain + '/secret chars=digits,ascii_letters length=80') }}" + +systemd_service_conf: "{{ global_systemd_configuration_directory }}/{{ service_name }}" +systemd_socket_conf: "{{ global_systemd_configuration_directory }}/{{ socket_name }}" diff --git a/roles/server/firefox-sync/handlers/main.yml b/roles/server/firefox-sync/handlers/main.yml new file mode 100644 index 0000000..30e1816 --- /dev/null +++ b/roles/server/firefox-sync/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: restart firefox-sync + systemd: + state: restarted + name: "{{ service_name }}" + enabled: yes diff --git a/roles/server/firefox-sync/meta/main.yml b/roles/server/firefox-sync/meta/main.yml new file mode 100644 index 0000000..3415506 --- /dev/null +++ b/roles/server/firefox-sync/meta/main.yml @@ -0,0 +1,14 @@ +--- + +allow_duplicates: yes + +dependencies: + - name: misc/handlers + - name: misc/system_user + # system_user + - name: mysql/database + # database_user + - role: nginx/proxy + # domain + backend_socket: "{{ socket_path }}" + upstream_name: "{{ socket_name }}" diff --git a/roles/server/firefox-sync/tasks/main.yml b/roles/server/firefox-sync/tasks/main.yml new file mode 100644 index 0000000..941f5d8 --- /dev/null +++ b/roles/server/firefox-sync/tasks/main.yml @@ -0,0 +1,60 @@ +--- + +- name: Install required dependencies + apt: + state: present + name: + - git-core + - g++ + - python-dev + - python-virtualenv + +- name: Clone git repository + become_user: "{{ system_user }}" + git: + clone: yes + dest: "{{ installation_directory }}" + force: no + repo: "{{ remote_repository_url }}" + update: yes + version: "{{ remote_repository_version }}" + +- name: Build project + become_user: "{{ system_user }}" + make: + chdir: "{{ installation_directory }}" + target: build + notify: restart firefox-sync + +- name: Configure firefox sync server + template: + src: syncserver.ini + dest: "{{ configuration_file_path }}" + owner: "root" + group: "{{ system_user }}" + mode: "u=rw,g=r,o=" + notify: restart firefox-sync + +- name: Configure socket directory + file: + state: directory + path: "{{ socket_directory }}" + owner: "{{ system_user }}" + group: "{{ nginx_system_user }}" + mode: "u=rwx,g=rx,o=" + +- name: Register socket for firefox sync server + template: + src: "firefox.socket" + dest: "{{ global_systemd_configuration_directory }}/{{ socket_name }}" + notify: + - reload systemd + - restart firefox-sync + +- name: Register service for firefox sync server + template: + src: "firefox.service" + dest: "{{ global_systemd_configuration_directory }}/{{ service_name }}" + notify: + - reload systemd + - restart firefox-sync diff --git a/roles/server/firefox-sync/templates/firefox.service b/roles/server/firefox-sync/templates/firefox.service new file mode 100644 index 0000000..bae8005 --- /dev/null +++ b/roles/server/firefox-sync/templates/firefox.service @@ -0,0 +1,18 @@ +[Unit] +Description=firefox sync server at {{ domain }} +Requires=mariadb.service +Requires={{ socket_name }} +After=network.target + +[Service] +PIDFile={{ pid_file_path }} +User={{ system_user }} +Group={{ system_user }} +WorkingDirectory={{ installation_directory }} +ExecStart={{ local_binary_directory }}/gunicorn --pid {{ pid_file_path | quote }} --bind unix:{{ socket_path | quote }} --threads 2 --paste {{ configuration_file_path | quote }} +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s TERM $MAINPID +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/server/firefox-sync/templates/firefox.socket b/roles/server/firefox-sync/templates/firefox.socket new file mode 100644 index 0000000..bf00359 --- /dev/null +++ b/roles/server/firefox-sync/templates/firefox.socket @@ -0,0 +1,11 @@ +[Unit] +Description=firefox sync server socket at {{ domain }} + +[Socket] +ListenStream={{ socket_path }} +SocketUser={{ system_user }} +SocketGroup={{ nginx_system_user }} +SocketMode=0660 + +[Install] +WantedBy=sockets.target diff --git a/roles/server/firefox-sync/templates/syncserver.ini b/roles/server/firefox-sync/templates/syncserver.ini new file mode 100644 index 0000000..74530d7 --- /dev/null +++ b/roles/server/firefox-sync/templates/syncserver.ini @@ -0,0 +1,43 @@ +[server:main] +use = egg:gunicorn +workers = 2 +timeout = 60 + +[app:main] +use = egg:syncserver + +[syncserver] +# This must be edited to point to the public URL of your server, +# i.e. the URL as seen by Firefox. +public_url = https://{{ domain }}/ + +# By default, syncserver will accept identity assertions issued by +# any BrowserID issuer. The line below restricts it to accept assertions +# from just the production Firefox Account servers. If you are hosting +# your own account server, put its public URL here instead. +identity_provider = https://accounts.firefox.com/ + +# This defines the database in which to store all server data. +#sqluri = sqlite:////tmp/syncserver.db +sqluri = pymysql://{{ database_user | urlencode }}:{{ database_pass | urlencode }}@127.0.0.1/{{ database_name | urlencode }} + +# This is a secret key used for signing authentication tokens. +# It should be long and randomly-generated. +# The following command will give a suitable value on *nix systems: +# +# head -c 20 /dev/urandom | sha1sum +# +# If not specified then the server will generate a temporary one at startup. +secret = {{ secret }} + +# Set this to "false" to disable new-user signups on the server. +# Only requests by existing accounts will be honoured. +allow_new_users = false + +# Set this to "true" to work around a mismatch between public_url and +# the application URL as seen by python, which can happen in certain reverse- +# proxy hosting setups. It will overwrite the WSGI environ dict with the +# details from public_url. This could have security implications if e.g. +# you tell the app that it's on HTTPS but it's really on HTTP, so it should +# only be used as a last resort and after careful checking of server config. +force_wsgi_environ = false