Added role server/firefox-sync
parent
eb7715b619
commit
98386df525
@ -0,0 +1,27 @@
|
||||
---
|
||||
|
||||
remote_repository_url: "https://github.com/Zocker1999NET/syncserver"
|
||||
remote_repository_version: master
|
||||
|
||||
# domain: firefox.example
|
||||
system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
|
||||
|
||||
service_name: "{{ domain }}.service"
|
||||
socket_name: "{{ domain }}.socket"
|
||||
|
||||
user_directory: "{{ global_webservers_directory }}/{{ domain }}"
|
||||
installation_directory: "{{ user_directory }}/sync"
|
||||
local_binary_directory: "{{ installation_directory }}/local/bin"
|
||||
configuration_file_path: "{{ user_directory }}/configuration.ini"
|
||||
pid_file_path: "{{ user_directory }}/pid"
|
||||
socket_directory: "{{ global_socket_directory }}/{{ domain }}"
|
||||
socket_path: "{{ socket_directory }}/socket"
|
||||
|
||||
database_user: "{{ system_user }}"
|
||||
# database_pass from mysql/database
|
||||
# database_name from mysql/database
|
||||
|
||||
secret: "{{ lookup('password', 'credentials/' + inventory_hostname + '/' + domain + '/secret chars=digits,ascii_letters length=80') }}"
|
||||
|
||||
systemd_service_conf: "{{ global_systemd_configuration_directory }}/{{ service_name }}"
|
||||
systemd_socket_conf: "{{ global_systemd_configuration_directory }}/{{ socket_name }}"
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
|
||||
- name: restart firefox-sync
|
||||
systemd:
|
||||
state: restarted
|
||||
name: "{{ service_name }}"
|
||||
enabled: yes
|
@ -0,0 +1,14 @@
|
||||
---
|
||||
|
||||
allow_duplicates: yes
|
||||
|
||||
dependencies:
|
||||
- name: misc/handlers
|
||||
- name: misc/system_user
|
||||
# system_user
|
||||
- name: mysql/database
|
||||
# database_user
|
||||
- role: nginx/proxy
|
||||
# domain
|
||||
backend_socket: "{{ socket_path }}"
|
||||
upstream_name: "{{ socket_name }}"
|
@ -0,0 +1,60 @@
|
||||
---
|
||||
|
||||
- name: Install required dependencies
|
||||
apt:
|
||||
state: present
|
||||
name:
|
||||
- git-core
|
||||
- g++
|
||||
- python-dev
|
||||
- python-virtualenv
|
||||
|
||||
- name: Clone git repository
|
||||
become_user: "{{ system_user }}"
|
||||
git:
|
||||
clone: yes
|
||||
dest: "{{ installation_directory }}"
|
||||
force: no
|
||||
repo: "{{ remote_repository_url }}"
|
||||
update: yes
|
||||
version: "{{ remote_repository_version }}"
|
||||
|
||||
- name: Build project
|
||||
become_user: "{{ system_user }}"
|
||||
make:
|
||||
chdir: "{{ installation_directory }}"
|
||||
target: build
|
||||
notify: restart firefox-sync
|
||||
|
||||
- name: Configure firefox sync server
|
||||
template:
|
||||
src: syncserver.ini
|
||||
dest: "{{ configuration_file_path }}"
|
||||
owner: "root"
|
||||
group: "{{ system_user }}"
|
||||
mode: "u=rw,g=r,o="
|
||||
notify: restart firefox-sync
|
||||
|
||||
- name: Configure socket directory
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ socket_directory }}"
|
||||
owner: "{{ system_user }}"
|
||||
group: "{{ nginx_system_user }}"
|
||||
mode: "u=rwx,g=rx,o="
|
||||
|
||||
- name: Register socket for firefox sync server
|
||||
template:
|
||||
src: "firefox.socket"
|
||||
dest: "{{ global_systemd_configuration_directory }}/{{ socket_name }}"
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart firefox-sync
|
||||
|
||||
- name: Register service for firefox sync server
|
||||
template:
|
||||
src: "firefox.service"
|
||||
dest: "{{ global_systemd_configuration_directory }}/{{ service_name }}"
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart firefox-sync
|
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=firefox sync server at {{ domain }}
|
||||
Requires=mariadb.service
|
||||
Requires={{ socket_name }}
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
PIDFile={{ pid_file_path }}
|
||||
User={{ system_user }}
|
||||
Group={{ system_user }}
|
||||
WorkingDirectory={{ installation_directory }}
|
||||
ExecStart={{ local_binary_directory }}/gunicorn --pid {{ pid_file_path | quote }} --bind unix:{{ socket_path | quote }} --threads 2 --paste {{ configuration_file_path | quote }}
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
ExecStop=/bin/kill -s TERM $MAINPID
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=firefox sync server socket at {{ domain }}
|
||||
|
||||
[Socket]
|
||||
ListenStream={{ socket_path }}
|
||||
SocketUser={{ system_user }}
|
||||
SocketGroup={{ nginx_system_user }}
|
||||
SocketMode=0660
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
@ -0,0 +1,43 @@
|
||||
[server:main]
|
||||
use = egg:gunicorn
|
||||
workers = 2
|
||||
timeout = 60
|
||||
|
||||
[app:main]
|
||||
use = egg:syncserver
|
||||
|
||||
[syncserver]
|
||||
# This must be edited to point to the public URL of your server,
|
||||
# i.e. the URL as seen by Firefox.
|
||||
public_url = https://{{ domain }}/
|
||||
|
||||
# By default, syncserver will accept identity assertions issued by
|
||||
# any BrowserID issuer. The line below restricts it to accept assertions
|
||||
# from just the production Firefox Account servers. If you are hosting
|
||||
# your own account server, put its public URL here instead.
|
||||
identity_provider = https://accounts.firefox.com/
|
||||
|
||||
# This defines the database in which to store all server data.
|
||||
#sqluri = sqlite:////tmp/syncserver.db
|
||||
sqluri = pymysql://{{ database_user | urlencode }}:{{ database_pass | urlencode }}@127.0.0.1/{{ database_name | urlencode }}
|
||||
|
||||
# This is a secret key used for signing authentication tokens.
|
||||
# It should be long and randomly-generated.
|
||||
# The following command will give a suitable value on *nix systems:
|
||||
#
|
||||
# head -c 20 /dev/urandom | sha1sum
|
||||
#
|
||||
# If not specified then the server will generate a temporary one at startup.
|
||||
secret = {{ secret }}
|
||||
|
||||
# Set this to "false" to disable new-user signups on the server.
|
||||
# Only requests by existing accounts will be honoured.
|
||||
allow_new_users = false
|
||||
|
||||
# Set this to "true" to work around a mismatch between public_url and
|
||||
# the application URL as seen by python, which can happen in certain reverse-
|
||||
# proxy hosting setups. It will overwrite the WSGI environ dict with the
|
||||
# details from public_url. This could have security implications if e.g.
|
||||
# you tell the app that it's on HTTPS but it's really on HTTP, so it should
|
||||
# only be used as a last resort and after careful checking of server config.
|
||||
force_wsgi_environ = false
|
Loading…
Reference in New Issue