Annonce IRC corrigée

Euh tout est bon pour forgehook?
intégration de forgehook \o/
2020-05-15 11:30:40 +00:00 · 2020-05-15 11:10:26 +00:00 · 2020-05-15 11:10:26 +00:00 · 2020-05-15 11:09:26 +00:00
11 changed files with 92 additions and 16 deletions
--- a/config.yml
+++ b/config.yml
@ -9,7 +9,7 @@ peers:
 packages:
  debian: [ subversion, mercurial, htop, tmux, vim, emacs, mutt, weechat, elinks, rsync, dnsutils, make, g++, libssl-dev, mosh, gopher, sl ]
  rust: [ lsd ]
-  custom: [ zola, ttbp ]
+  custom: [ zola, ttbp, forgehook  ]
 users:
  - name: tofu
    sudo: true
@ -24,3 +24,5 @@ users:
    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBl15MKr9LqpJrohoQ/JBg95o2dFTOx6zEmdVO3peAt4FyrH8IfGj8H8DfOu4FQ9cay17X+/tV6znnW0D3XJro8fEavXWfNmpJ20EYwS2FeJ67lgL/7t4vUA4QGo/QR2vzxrLzP41bE5Bb3a4Rh1wJwvB06e0QCETyZNurxlLJ7E/IS0Axjcc+GTmFuR+I0Tj1dzRBn/DS8EVgRxCpx5eYUrh+uzLIyhKJEq6tGaQzIbSgNYFSorXcdf1IAkWRsV29VCTH8narzFfc8fuwetWhBc60WyRAyzGm4K7m+YNBj1JmWXvCeYGsRdaQQrOqY44fxo0WdVWbjLbQKTZMgPB3Ag34egI/RM4hQqQeOSPjzZM9t2yfSp1Uv5W5gBI6hg71CpVicz0ZkXaBNONxX6RRyav4Dmk62I87R2RrY4YkgwWyX3KrzdOuCV7IZZWWUIolaXpQxXhIA6svQ8/Gs+wwq+o1gPvBife9j4V19UnUxl4gtUwVcnSNfzNJgGYDyvOszz+hjxqVj1jD30UCzjnxe+vuxxY+mgr8RNSyjDvcruBAOGk0VXU292zdtYM9Wi0va5sxnhItgsabxlmjmUr2y1S3mDxnf8HC7yZQ7xMueksqDEavqxpWA1e11BPedWL9W38ZlnDpunx9lg1SClqLGCmYBVPOSMzl2WOxYGjivw== von"
  - name: h30x
    key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVwgt0+qgrRVVT6Je9JHD2IBIt7pbfeRovGecOtP8H8q5pOOxTmvWwTkLVeOVVWJsWrCso2IQo95z4pUg1yUuXlvassHVCU5oWXlkE2Ax19M/ZjcLZ4eoGwtEJRlcibZwJK/8dD4SffNzd5cmFk+Bs6+hbCvFRG5/tAxdBZnAazB/mK8hUlmQbB0KCcaGXUEB3RYw15Kij7X9+vMAwhyYmYRyQeZmy/mMr0lc49WPQSGWl0oh9B6+rUsV1o8v7OEu3yincnEzUm86RAdgPbFVKMtYX9CEoram6M15Ca5/0fpgIST5ZB3lKc03dSk/cq+yMzLtzmD1XW0u8WHhTnlf2vNMgxOlDH7K1zsZSQkCeJtkOSHff6JFuPqH2zmfMxKWnvnRgIf3J4yZSCImI/Cv4DzRQUE3QS7XNlBKWuIfhaJ67bpwYjyWuFip9BGvBMdYv+htEgSpiSaeIozI55HDVU+zLp0ZpnAKt49/dXdX1OPW9w9GH1/XVuPLYsifrDhs=
+  - name: vaurora
+    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0mpVI7iWm1pQ9Kl7Bjn9ItgVlBn+EX1yv8MCyxwyau
--- a/roles/.common/tasks/users/setup_user.yml
+++ b/roles/.common/tasks/users/setup_user.yml
@ -28,7 +28,7 @@

 - name: common-users-setup-irc
  irc:
-    msg: "{{ irc_announce.msg | default('Bienvenue à ' ~ item.name ~ sur le serveur \\o/') }}"
+    msg: "{{ irc_announce.msg | default('Bienvenue à ' ~ item.name ~ ' sur le serveur \\o/') }}"
    server: "{{ irc_announce.server | default('irc.tilde.chat') }}"
    port: "{{ irc_announce.port | default(6697) }}"
    channel: "{{ irc_announce.chan }}"
--- a/roles/.custom/files/forgehook/nginx.conf
+++ b/roles/.custom/files/forgehook/nginx.conf
@ -0,0 +1,11 @@
+location /.well-known/forgehook {
+    alias /opt/forgehook/source/public;
+    index index.html index.php;
+    try_files $uri $uri/ /index.php;
+
+    location ~ \.php$ {
+        include fastcgi.conf;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+        fastcgi_pass unix:/opt/forgehook/php.sock;
+    }
+}
--- a/roles/.custom/files/forgehook/php.conf
+++ b/roles/.custom/files/forgehook/php.conf
@ -0,0 +1,22 @@
+[forgehook]
+user = __forgehook
+group = __forgehook
+listen = /opt/forgehook/php.sock
+listen.owner = www-data
+listen.group = www-data
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+pm.max_requests = 30
+request_terminate_timeout = 10s
+
+catch_workers_output = yes
+
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+php_admin_value[error_log] = /opt/forgehook/php.err.log
+php_admin_flag[log_errors] = on
+php_admin_value[memory_limit] = 32M
--- a/roles/.custom/handlers
+++ b/roles/.custom/handlers
@ -0,0 +1 @@
+../webserver/handlers/
--- a/roles/.custom/tasks/forgehook/main.yml
+++ b/roles/.custom/tasks/forgehook/main.yml
@ -0,0 +1,41 @@
+- name: custom-forgehook-user
+  user:
+    name: __forgehook
+    state: present
+    shell: /bin/bash
+    system: no
+    createhome: yes
+    home: /opt/forgehook
+
+- name: custom-forgehook-clone
+  git:
+    repo: https://tildegit.org/southerntofu/webhook
+    dest: /opt/forgehook/source
+  register: repo_update
+
+- name: custom-forgehook-setup
+  shell:
+    chdir: /opt/forgehook/source
+    cmd: bash setup.sh
+  when: repo_update.changed
+
+# TODO: Ici on présume très très fortement que webserver est activé et PHP installé -> mettre en place un vrai système d'interface entre rôles
+# TODO: Here we strongly assume webserver is enabled and PHP setup -> need a real interface/dependency system between roles
+
+- name: custom-forgehook-phpconf
+  copy:
+    src: ../../files/forgehook/php.conf
+    dest: /etc/php/7.3/fpm/pool.d/forgehook.conf
+  notify: webserver-reload-php
+
+- name: custom-forgehook-endpoint
+  copy:
+    remote_src: yes
+    src: /opt/forgehook/source/endpoints/index.php
+    dest: /opt/forgehook/source/public/index.php
+
+- name: custom-forgehook-nginx
+  copy:
+    src: ../../files/forgehook/nginx.conf
+    dest: /etc/nginx/conf.d/well-known/forgehook.conf
+  notify: webserver-reload-nginx
--- a/roles/.custom/tasks/main.yml
+++ b/roles/.custom/tasks/main.yml
@ -1,14 +1,3 @@
-# Pour l'instant, il n'est pas possible d'avoir un paquet qui ne porte pas le nom de son binaire
-# parce qu'on vérifie que le binaire est installé
-# A terme, ça sera à chaque paquet de vérifier lui-même s'il est installé
-
-# Vérifier quels paquets custom sont installés
- stat:
-    path: "/usr/local/bin/{{ item }}"
-  loop: "{{ packages.custom }}"
-  register: custom_exists
-
 - name: "Installer les paquets custom activés dans la config"
-  include: "{{ item.item }}/main.yml"
-  loop: "{{ custom_exists.results | default([]) }}"
-  when: not item.stat.exists
+  include: "{{ item }}/main.yml"
+  loop: "{{ packages.custom }}"
--- a/roles/.custom/tasks/zola/main.yml
+++ b/roles/.custom/tasks/zola/main.yml
@ -2,6 +2,6 @@
 # Donc on copie un binaire que j'ai compilé avec amour
 - name: custom-zola-setup
  copy:
-    src: ../../files/bin/zola
+    src: ../../files/zola/zola
    dest: /usr/local/bin/zola
    mode: 0755
--- a/roles/webserver/files/default-site.conf.j2
+++ b/roles/webserver/files/default-site.conf.j2
@ -31,6 +31,8 @@ server {
        #try_files $2 $2/ = 404;
    }

+    include /etc/nginx/conf.d/well-known/*.conf;
+
    location / {
        try_files $uri $uri/ =404;
    }
--- a/roles/webserver/handlers/main.yml
+++ b/roles/webserver/handlers/main.yml
@ -1,2 +1,5 @@
 - name: webserver-reload-nginx
  service: name=nginx state=restarted
+
+- name: webserver-reload-php
+  service: name=php7.3-fpm state=restarted
--- a/roles/webserver/tasks/nginx.yml
+++ b/roles/webserver/tasks/nginx.yml
@ -16,6 +16,11 @@
    dest: /etc/nginx/conf.d/ssl.conf
  notify: webserver-reload-nginx

+- name: TODO
+  file:
+    path: /etc/nginx/conf.d/well-known
+    state: directory
+
 - name: webserver-personal-pages
  include: pages_perso.yml
Author	SHA1	Message	Date
southerntofu	abe64e795a	Annonce IRC corrigée	2020-05-15 11:30:40 +00:00
southerntofu	910479a37f	Euh tout est bon pour forgehook?	2020-05-15 11:10:26 +00:00
southerntofu	a74ae14b48	intégration de forgehook \o/	2020-05-15 11:10:26 +00:00
southerntofu	03ff3d2a7d	Bienvenue vaurora	2020-05-15 11:09:26 +00:00