Refactor srht role with vars

author: binary <me@rgoncalves.se> 2021-01-18 08:51:43 +0100
committer: binary <me@rgoncalves.se> 2021-01-18 08:51:43 +0100
commit: 3d2f89b3bdda212c57975cc261ea8c9040aee159 (patch)
tree: 3c0b4e5818f8a036ced87790e37269b5c1cb7f96
parent: f83652e0e723af7afbeb3494ed888db76d5efa82 (diff)
download: infrastructure-3d2f89b3bdda212c57975cc261ea8c9040aee159.tar.gz
5 files changed, 77 insertions, 43 deletions
diff --git a/roles/srht/tasks/main.yml b/roles/srht/tasks/main.yml
index 076557f..3815ebc 100644
--- a/roles/srht/tasks/main.yml
+++ b/roles/srht/tasks/main.yml
@@ -16,7 +16,7 @@
     apk update
 
 - name: ensure sourcehut is installed
-  package: name="{{ item }}" state=present
+  package: name="{{ item }}.sr.ht" state=present
   loop: "{{ srht_services }}"
 
 - name: generate srht service key
@@ -38,14 +38,13 @@
     owner: "{{ user_root }}"
     group: "{{ group_root }}"
     mode: 0644
-  loop:
-    - "meta"
-    - "hub"
+  loop: "{{ srht_services }}"
+
 
 - name: generate srht example configuration
   template:
     src: config.ini.j2
-    dest: /etc/sr.ht/config.example.ini
+    dest: /etc/sr.ht/config.ini
     owner: "{{ user_root }}"
     group: "{{ group_root }}"
     mode: 0644
@@ -61,32 +60,38 @@
   register: result
   failed_when: result.rc != 0 and "already exists" not in result.stderr
   ignore_errors: true
-  loop:
-    - "meta"
-    - "git"
-    - "hub"
+  loop: "{{ srht_services }}"
   become: true
   become_user: postgres
 
 - name: init database for srht services
   shell: "{{ item }}srht-initdb"
-  loop:
-    - "meta"
-    - "git"
-    - "hub"
+  loop: "{{ srht_services }}"
 
 - name: enable and restart srht services
   service:
-    name: "{{ item }}"
+    name: "{{ item }}.sr.ht"
     state: restarted
     enabled: true
   loop: "{{ srht_services }}"
 
 - name: enable and restart srht api services
   service:
-    name: "{{ item }}"
+    name: "{{ item }}.sr.ht-api"
     state: restarted
     enabled: true
   loop:
-    - "meta.sr.ht-api"
-    - "git.sr.ht-api"
+    - "meta"
+    - "git"
+
+- name: enable and restart srht webhooks services
+  service:
+    name: "{{ item }}.sr.ht-webhooks"
+    state: restarted
+    enabled: true
+  loop:
+    - "meta"
+    - "git"
+
+- name: restart nginx
+  service: name=nginx state=restarted
diff --git a/roles/srht/templates/config.ini.j2 b/roles/srht/templates/config.ini.j2
index e3bca6a..26e167a 100644
--- a/roles/srht/templates/config.ini.j2
+++ b/roles/srht/templates/config.ini.j2
@@ -43,7 +43,7 @@ network-key={{ srht_key_network.stdout_lines[0] }}
 # be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
 # shared between services. It may be shared between services, however, with no
 # ill effect, if this better suits your infrastructure.
-redis-host=redis://localhost
+redis-host=
 
 [objects]
 #
@@ -91,7 +91,8 @@ private-key={{ srht_key_webhook.stdout_lines[0] }}
 [meta.sr.ht]
 # 
 # URL meta.sr.ht is being served at (protocol://domain)
-origin=http://meta.git.{{ global.domain_name }}
+#origin=http://meta.git.{{ global.domain_name }}
+origin=http://192.168.5.61:81
 #
 # Address and port to bind the debug server to
 debug-host=0.0.0.0
@@ -104,7 +105,7 @@ connection-string=postgresql://postgres@localhost/meta.sr.ht?sslmode=disable
 migrate-on-upgrade=yes
 #
 # The redis connection used for the webhooks worker
-webhooks=redis://localhost:6379/1?sslmode=disable
+webhooks=redis://localhost:6379/1
 #
 # If "yes", the user will be sent the stock sourcehut welcome emails after
 # signup (requires cron to be configured properly). These are specific to the
@@ -166,7 +167,7 @@ stripe-secret-key=
 # What authentication method to use.
 #   builtin:  use sr.ht builtin authentication
 #   unix-pam: use Unix PAM authentication
-#auth-method=builtin
+auth-method=builtin
 
 [meta.sr.ht::auth::unix-pam]
 #
@@ -195,12 +196,14 @@ user-group=
 # sourcehut even if they are not in the group specified in user-group.
 # If unset, administrator status can be manually assigned from the web
 # interface.
-admin-group={{ group_root }}
+#admin-group={{ group_root }}
+admin-group=
 
 [git.sr.ht]
 #
 # URL git.sr.ht is being served at (protocol://domain)
-origin=http://git.{{ global.domain_name }}
+#origin=http://git.{{ global.domain_name }}
+origin=http://192.168.5.61:82
 #
 # Address and port to bind the debug server to
 debug-host=0.0.0.0
@@ -213,7 +216,7 @@ connection-string=postgresql://postgres@localhost/git.sr.ht?sslmode=disable
 migrate-on-upgrade=yes
 #
 # The redis connection used for the webhooks worker
-webhooks=redis://localhost:6379/1?sslmode=disable
+webhooks=redis://localhost:6379/1
 #
 # A post-update script which is installed in every git repo.
 post-update-script=/usr/bin/gitsrht-update-hook
@@ -269,7 +272,8 @@ internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
 #/usr/bin/buildsrht-keys=builds:builds
 
 [hub.sr.ht]
-origin=http://git.{{ global.domain_name }}
+#origin=http://git.{{ global.domain_name }}
+origin=http://192.168.5.61:80
 oauth-client-id=CHANGEME
 oauth-client-secret=CHANGEME
 connection-string=postgresql://postgres@localhost/hub.sr.ht?sslmode=disable
diff --git a/roles/srht/templates/git.srht.conf.j2 b/roles/srht/templates/git.srht.conf.j2
new file mode 100644
index 0000000..1b42ef2
--- /dev/null
+++ b/roles/srht/templates/git.srht.conf.j2
@@ -0,0 +1,22 @@
+server {
+	listen 82;
+	server_name git.{{ global.domain_name }};
+	client_max_body_size 100M;
+
+	location / {
+		proxy_pass http://127.0.0.1:{{ srht_git_port }};
+	}
+
+	location /static {
+		root /usr/lib/python3.8/site-packages/hubsrht;
+	}
+
+	location /query {
+		proxy_pass http://127.0.0.1:{{ srht_git_api_port }};
+	}
+
+	location = /robots.txt {
+		root /var/www;
+	}
+}
+
diff --git a/roles/srht/templates/meta.srht.conf.j2 b/roles/srht/templates/meta.srht.conf.j2
index f5a3a2c..6c3abec 100644
--- a/roles/srht/templates/meta.srht.conf.j2
+++ b/roles/srht/templates/meta.srht.conf.j2
@@ -1,22 +1,25 @@
 server {
-        listen 81;
-        server_name meta.git.{{ global.domain_name }};
-        client_max_body_size 100M;
+	listen 81;
+	server_name meta.git.{{ global.domain_name }};
+	client_max_body_size 100M;
 
-        location / {
-                proxy_pass http://127.0.0.1:{{ srht_meta_port }};
-        }
+	gzip on;
+	gzip_types text/css text/html;
 
-        location /static {
-                root /usr/lib/python3.8/site-packages/metasrht;
-        }
+	location / {
+		proxy_pass http://127.0.0.1:{{ srht_meta_port }};
+	}
 
-        location /query {
-                proxy_pass http://127.0.0.1:{{ srht_meta_api_port }};
-        }
+	location /static {
+		root /usr/lib/python3.8/site-packages/hubsrht;
+	}
 
-        location = /robots.txt {
-                root /var/www;
-        }
+	location /query {
+		proxy_pass http://127.0.0.1:{{ srht_meta_api_port }};
+	}
+
+	location ^~ /.well-known {
+		root /var/www;
+	}
 }
 
diff --git a/roles/srht/vars/main.yml b/roles/srht/vars/main.yml
index d65e051..a37d6a5 100644
--- a/roles/srht/vars/main.yml
+++ b/roles/srht/vars/main.yml
@@ -5,9 +5,9 @@
 ---
 
 srht_services:
-  - meta.sr.ht
-  - git.sr.ht
-  - hub.sr.ht
+  - meta
+  - git
+  - hub
 
 srht_meta_port: 5000
 srht_git_port: 5001
author	binary <me@rgoncalves.se>	2021-01-18 08:51:43 +0100
committer	binary <me@rgoncalves.se>	2021-01-18 08:51:43 +0100
commit	3d2f89b3bdda212c57975cc261ea8c9040aee159 (patch)
tree	3c0b4e5818f8a036ced87790e37269b5c1cb7f96
parent	f83652e0e723af7afbeb3494ed888db76d5efa82 (diff)
download	infrastructure-3d2f89b3bdda212c57975cc261ea8c9040aee159.tar.gz