-
-
Notifications
You must be signed in to change notification settings - Fork 19
/
playbook.yml
186 lines (167 loc) · 4.5 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
- hosts: signdict
remote_user: "{{username}}"
vars:
asdf_version: 0.7.6
elixir_version: 1.8.2
erlang_version: 20.3
nodejs_version: 10.16.0
tasks:
- name: Install all needed apt packages
apt:
name: "{{ packages }}"
become: true
vars:
packages:
- automake
- build-essential
- fop
- imagemagick
- libncurses5-dev
- libpng-dev
- libssh-dev
- libxml2-utils
- m4
- postgresql-10
- postgresql-server-dev-10
- python3-dev
- python3-pip
- python3-setuptools
- unixodbc-dev
- xsltproc
- nginx
- libnginx-mod-http-lua
- ufw
- certbot
- webp
- ffmpeg
- redis
- name: Enable UFW
become: true
ufw: direction=incoming policy=deny state=enabled
- name: UFW open SSH
become: true
ufw: rule=allow port=ssh
- name: UFW open HTTP
become: true
ufw: rule=allow port=http
- name: UFW open HTTPs
become: true
ufw: rule=allow port=https
- name: Install all needed python packages
become: true
pip:
name:
- psycopg2
- name: Create database user
become: true
become_user: postgres
postgresql_user:
name: signdict
password: "{{ lookup('env','DB_PASSWORD') }}"
role_attr_flags: CREATEDB,NOSUPERUSER
- name: Create a new database with name "signdict" and specific encoding and locale
become: true
become_user: postgres
postgresql_db:
name: signdict
encoding: UTF-8
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
- name: Adds citext to signdict database
become: true
become_user: postgres
postgresql_ext:
ext: citext
db: signdict
- name: Adds unaccent to signdict database
become: true
become_user: postgres
postgresql_ext:
ext: unaccent
db: signdict
- name: Adds fuzzystrmatch to signdict database
become: true
become_user: postgres
postgresql_ext:
ext: fuzzystrmatch
db: signdict
- name: Creates ssl config folder for nginx
become: true
file: path=/etc/nginx/ssl state=directory
- name: Generate strong encryption for nginx (4096 bits), this will take 5 minutes at least if not present
become: true
openssl_dhparam:
path: /etc/nginx/ssl/dhparam.pem
- name: Setup nginx conf signdict.com
become: true
template:
src=signdict.letsencrypt.conf.tpl
dest=/etc/nginx/sites-enabled/signdict.conf
notify: restart nginx
- name: Install asdf
git:
repo: https://github.com/asdf-vm/asdf.git
dest: ~/.asdf
version: v{{ asdf_version }}
- name: Make sure bashrc exists
file: path=~/.bashrc state=touch
- name: Add asdf to bashrc
lineinfile:
dest: ~/.bashrc
line: ". $HOME/.asdf/asdf.sh"
insertbefore: BOF
- name: Add asdf completion to bashrc
lineinfile:
dest: ~/.bashrc
line: ". $HOME/.asdf/completions/asdf.bash"
insertafter: asdf\.sh
- name: Install asdf plugins
shell: "if ! ~/.asdf/bin/asdf plugin-list | grep {{ item }}; then ~/.asdf/bin/asdf plugin-add {{ item }} http://github.com/asdf-vm/asdf-{{ item }}; fi;"
with_items: ['elixir', 'erlang', 'nodejs']
- name: Install erlang
command: ~/.asdf/bin/asdf install erlang {{ erlang_version }}
args:
chdir: ~/
- name: Install elixir
command: ~/.asdf/bin/asdf install elixir {{ elixir_version }}
args:
chdir: ~/
- name: Install node gpg keyring
command: ~/.asdf/plugins/nodejs/bin/import-release-team-keyring
- name: Install node
command: bash -ic "asdf install nodejs {{ nodejs_version }}"
- name: Set asdf versions
copy:
dest: "~/.tool-versions"
content: |
elixir {{ elixir_version }}
erlang {{ erlang_version }}
nodejs {{ nodejs_version }}
- name: Install default NPM packages
command: bash -ic "npm install -g {{ item }}"
with_items: ['yarn']
- name: Setup systemd for signdict
become: true
template:
src: signdict.service.tpl
dest: /etc/systemd/system/signdict.service
mode: 0644
- name: Setup env file for signdict
become: true
template:
src: signdict.env.tpl
dest: /etc/default/signdict.env
- name: Ensure my daemon signdict is started
become: true
systemd:
name: signdict
state: started
enabled: yes
daemon-reload: yes
no_block: yes
handlers:
- name: restart nginx
become: true
service:
name=nginx
state=restarted