Added role server/firefox-sync
parent
eb7715b619
commit
98386df525
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
remote_repository_url: "https://github.com/Zocker1999NET/syncserver"
|
||||||
|
remote_repository_version: master
|
||||||
|
|
||||||
|
# domain: firefox.example
|
||||||
|
system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
|
||||||
|
|
||||||
|
service_name: "{{ domain }}.service"
|
||||||
|
socket_name: "{{ domain }}.socket"
|
||||||
|
|
||||||
|
user_directory: "{{ global_webservers_directory }}/{{ domain }}"
|
||||||
|
installation_directory: "{{ user_directory }}/sync"
|
||||||
|
local_binary_directory: "{{ installation_directory }}/local/bin"
|
||||||
|
configuration_file_path: "{{ user_directory }}/configuration.ini"
|
||||||
|
pid_file_path: "{{ user_directory }}/pid"
|
||||||
|
socket_directory: "{{ global_socket_directory }}/{{ domain }}"
|
||||||
|
socket_path: "{{ socket_directory }}/socket"
|
||||||
|
|
||||||
|
database_user: "{{ system_user }}"
|
||||||
|
# database_pass from mysql/database
|
||||||
|
# database_name from mysql/database
|
||||||
|
|
||||||
|
secret: "{{ lookup('password', 'credentials/' + inventory_hostname + '/' + domain + '/secret chars=digits,ascii_letters length=80') }}"
|
||||||
|
|
||||||
|
systemd_service_conf: "{{ global_systemd_configuration_directory }}/{{ service_name }}"
|
||||||
|
systemd_socket_conf: "{{ global_systemd_configuration_directory }}/{{ socket_name }}"
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: restart firefox-sync
|
||||||
|
systemd:
|
||||||
|
state: restarted
|
||||||
|
name: "{{ service_name }}"
|
||||||
|
enabled: yes
|
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
allow_duplicates: yes
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- name: misc/handlers
|
||||||
|
- name: misc/system_user
|
||||||
|
# system_user
|
||||||
|
- name: mysql/database
|
||||||
|
# database_user
|
||||||
|
- role: nginx/proxy
|
||||||
|
# domain
|
||||||
|
backend_socket: "{{ socket_path }}"
|
||||||
|
upstream_name: "{{ socket_name }}"
|
@ -0,0 +1,60 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install required dependencies
|
||||||
|
apt:
|
||||||
|
state: present
|
||||||
|
name:
|
||||||
|
- git-core
|
||||||
|
- g++
|
||||||
|
- python-dev
|
||||||
|
- python-virtualenv
|
||||||
|
|
||||||
|
- name: Clone git repository
|
||||||
|
become_user: "{{ system_user }}"
|
||||||
|
git:
|
||||||
|
clone: yes
|
||||||
|
dest: "{{ installation_directory }}"
|
||||||
|
force: no
|
||||||
|
repo: "{{ remote_repository_url }}"
|
||||||
|
update: yes
|
||||||
|
version: "{{ remote_repository_version }}"
|
||||||
|
|
||||||
|
- name: Build project
|
||||||
|
become_user: "{{ system_user }}"
|
||||||
|
make:
|
||||||
|
chdir: "{{ installation_directory }}"
|
||||||
|
target: build
|
||||||
|
notify: restart firefox-sync
|
||||||
|
|
||||||
|
- name: Configure firefox sync server
|
||||||
|
template:
|
||||||
|
src: syncserver.ini
|
||||||
|
dest: "{{ configuration_file_path }}"
|
||||||
|
owner: "root"
|
||||||
|
group: "{{ system_user }}"
|
||||||
|
mode: "u=rw,g=r,o="
|
||||||
|
notify: restart firefox-sync
|
||||||
|
|
||||||
|
- name: Configure socket directory
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ socket_directory }}"
|
||||||
|
owner: "{{ system_user }}"
|
||||||
|
group: "{{ nginx_system_user }}"
|
||||||
|
mode: "u=rwx,g=rx,o="
|
||||||
|
|
||||||
|
- name: Register socket for firefox sync server
|
||||||
|
template:
|
||||||
|
src: "firefox.socket"
|
||||||
|
dest: "{{ global_systemd_configuration_directory }}/{{ socket_name }}"
|
||||||
|
notify:
|
||||||
|
- reload systemd
|
||||||
|
- restart firefox-sync
|
||||||
|
|
||||||
|
- name: Register service for firefox sync server
|
||||||
|
template:
|
||||||
|
src: "firefox.service"
|
||||||
|
dest: "{{ global_systemd_configuration_directory }}/{{ service_name }}"
|
||||||
|
notify:
|
||||||
|
- reload systemd
|
||||||
|
- restart firefox-sync
|
@ -0,0 +1,18 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=firefox sync server at {{ domain }}
|
||||||
|
Requires=mariadb.service
|
||||||
|
Requires={{ socket_name }}
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
PIDFile={{ pid_file_path }}
|
||||||
|
User={{ system_user }}
|
||||||
|
Group={{ system_user }}
|
||||||
|
WorkingDirectory={{ installation_directory }}
|
||||||
|
ExecStart={{ local_binary_directory }}/gunicorn --pid {{ pid_file_path | quote }} --bind unix:{{ socket_path | quote }} --threads 2 --paste {{ configuration_file_path | quote }}
|
||||||
|
ExecReload=/bin/kill -s HUP $MAINPID
|
||||||
|
ExecStop=/bin/kill -s TERM $MAINPID
|
||||||
|
PrivateTmp=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=firefox sync server socket at {{ domain }}
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
ListenStream={{ socket_path }}
|
||||||
|
SocketUser={{ system_user }}
|
||||||
|
SocketGroup={{ nginx_system_user }}
|
||||||
|
SocketMode=0660
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
@ -0,0 +1,43 @@
|
|||||||
|
[server:main]
|
||||||
|
use = egg:gunicorn
|
||||||
|
workers = 2
|
||||||
|
timeout = 60
|
||||||
|
|
||||||
|
[app:main]
|
||||||
|
use = egg:syncserver
|
||||||
|
|
||||||
|
[syncserver]
|
||||||
|
# This must be edited to point to the public URL of your server,
|
||||||
|
# i.e. the URL as seen by Firefox.
|
||||||
|
public_url = https://{{ domain }}/
|
||||||
|
|
||||||
|
# By default, syncserver will accept identity assertions issued by
|
||||||
|
# any BrowserID issuer. The line below restricts it to accept assertions
|
||||||
|
# from just the production Firefox Account servers. If you are hosting
|
||||||
|
# your own account server, put its public URL here instead.
|
||||||
|
identity_provider = https://accounts.firefox.com/
|
||||||
|
|
||||||
|
# This defines the database in which to store all server data.
|
||||||
|
#sqluri = sqlite:////tmp/syncserver.db
|
||||||
|
sqluri = pymysql://{{ database_user | urlencode }}:{{ database_pass | urlencode }}@127.0.0.1/{{ database_name | urlencode }}
|
||||||
|
|
||||||
|
# This is a secret key used for signing authentication tokens.
|
||||||
|
# It should be long and randomly-generated.
|
||||||
|
# The following command will give a suitable value on *nix systems:
|
||||||
|
#
|
||||||
|
# head -c 20 /dev/urandom | sha1sum
|
||||||
|
#
|
||||||
|
# If not specified then the server will generate a temporary one at startup.
|
||||||
|
secret = {{ secret }}
|
||||||
|
|
||||||
|
# Set this to "false" to disable new-user signups on the server.
|
||||||
|
# Only requests by existing accounts will be honoured.
|
||||||
|
allow_new_users = false
|
||||||
|
|
||||||
|
# Set this to "true" to work around a mismatch between public_url and
|
||||||
|
# the application URL as seen by python, which can happen in certain reverse-
|
||||||
|
# proxy hosting setups. It will overwrite the WSGI environ dict with the
|
||||||
|
# details from public_url. This could have security implications if e.g.
|
||||||
|
# you tell the app that it's on HTTPS but it's really on HTTP, so it should
|
||||||
|
# only be used as a last resort and after careful checking of server config.
|
||||||
|
force_wsgi_environ = false
|
Loading…
Reference in New Issue