Skip to content
Snippets Groups Projects
Normal view Permalink
main.yml 2.29 KiB
Newer Older
Nicolas KAROLAK's avatar
merge envsetup3 | fixes #31425
Nicolas KAROLAK committed
1 2 3 4 5 6 7 8 9 10 11 
---

- name: mirismanager install
  apt:
    force_apt_get: true
    install_recommends: false
    name: "{{ manager_packages }}"

- name: configure email sender address
  notify: restart nginx
  lineinfile:
Stéphane Diemer's avatar
Changed skyreach settings path | refs #32545  
Stéphane Diemer committed
12 
    path: /home/skyreach/skyreach_data/private/settings_override.py
Nicolas KAROLAK's avatar
merge envsetup3 | fixes #31425
Nicolas KAROLAK committed
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 
    regexp: '^#? ?DEFAULT_FROM_EMAIL.*'
    line: "DEFAULT_FROM_EMAIL = '{{ manager_email_sender }}'"
    backup: true

- name: configure domain name in nginx conf
  notify: restart nginx
  replace:
    path: /etc/nginx/sites-available/skyreach.conf
    regexp: '^(\s*server_name).*;$'
    replace: '\1 {{ manager_hostname }};'
    backup: true

- name: configure domain name in database
  become: true
  become_user: skyreach
  environment:
Stéphane Diemer's avatar
Changed skyreach python path | refs #32545  
Stéphane Diemer committed
29 
    PYTHONPATH: "/home/skyreach/skyreach_site:/home/skyreach:${PYTHONPATH}"
Nicolas KAROLAK's avatar
merge envsetup3 | fixes #31425
Nicolas KAROLAK committed
30 
    DJANGO_SETTINGS_MODULE: settings
Nicolas KAROLAK's avatar
simplify roles organization and renames  
Nicolas KAROLAK committed
31 32 
  script:
    cmd: files/set_site_url.py {{ manager_hostname }}
Nicolas KAROLAK's avatar
merge envsetup3 | fixes #31425
Nicolas KAROLAK committed
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 
    executable: python3
    creates: /home/skyreach/.{{ manager_hostname }}.log

- name: resolve domain name to localhost ipv4
  when: not in_docker
  notify: restart nginx
  lineinfile:
    path: /etc/hosts
    line: '127.0.1.1 {{ manager_hostname }}'
    backup: true

- name: ensure skyreach is running
  service:
    name: skyreach
    enabled: true
    state: started

- name: check apt cacher ng config exists
  register: manager_apt_cacher_conf
  stat:
    path: /etc/apt-cacher-ng/acng.conf

- name: configure apt-cacher-ng
  when:
    - manager_apt_cacher_conf.stat.exists
    - manager_proxy_http | d(false)
  notify: restart apt-cacher-ng
  lineinfile:
    path: /etc/apt-cacher-ng/acng.conf
    regexp: '^Proxy: .*'
    line: 'Proxy: {{ manager_proxy_http }}'

- name: ensure apt-cacher-ng is running
  service:
    name: apt-cacher-ng
    enabled: true
    state: started

# FAIL2BAN

- name: fail2ban
  when: manager_fail2ban_enabled
  vars:
    f2b_filter: "{{ manager_f2b_filter }}"
    f2b_jail: "{{ manager_f2b_jail }}"
  include_role:
    name: fail2ban

# FIREWALL

- name: firewall
  when: manager_firewall_enabled
  vars:
    ferm_rules_filename: "{{ manager_ferm_rules_filename }}"
    ferm_input_rules: "{{ manager_ferm_input_rules }}"
    ferm_output_rules: "{{ manager_ferm_output_rules }}"
    ferm_global_settings: "{{ manager_ferm_global_settings }}"
  include_role:
Stéphane Diemer's avatar
Split ferm setup in two roles to avoid ferm install on existing systems | refs #32028  
Stéphane Diemer committed
91 
    name: ferm-configure
Nicolas KAROLAK's avatar
merge envsetup3 | fixes #31425
Nicolas KAROLAK committed
92
Nicolas KAROLAK's avatar
simplify roles organization and renames  
Nicolas KAROLAK committed
93 94 
- meta: flush_handlers
Nicolas KAROLAK's avatar
merge envsetup3 | fixes #31425
Nicolas KAROLAK committed
95 
...