aboutsummaryrefslogtreecommitdiff
path: root/gerboweb/deploy/setup_secure_download.yml
diff options
context:
space:
mode:
authorjaseg <code@jaseg.net>2019-06-26 16:41:45 +0900
committerjaseg <git@jaseg.net>2019-06-26 16:41:45 +0900
commit8cb082a42d71a1e86a138eb58106d636e7c6d191 (patch)
tree8d4da453893c338dcd19671596c95100da4c83ce /gerboweb/deploy/setup_secure_download.yml
parent20f0df3892aea77ff17aed032aba7d9207fd85ae (diff)
downloadgerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.tar.gz
gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.tar.bz2
gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.zip
Misc changes. Move up to fedora 30, add gerbolyze, secure download
Diffstat (limited to 'gerboweb/deploy/setup_secure_download.yml')
-rw-r--r--gerboweb/deploy/setup_secure_download.yml57
1 files changed, 57 insertions, 0 deletions
diff --git a/gerboweb/deploy/setup_secure_download.yml b/gerboweb/deploy/setup_secure_download.yml
new file mode 100644
index 0000000..aa94a53
--- /dev/null
+++ b/gerboweb/deploy/setup_secure_download.yml
@@ -0,0 +1,57 @@
+---
+- name: Set local facts
+ set_fact:
+ secure_download_dir: /var/cache/secure_download
+
+- name: Copy webapp sources
+ synchronize:
+ # FIXME: make this path configurable
+ src: ~/secure_download/
+ dest: /var/lib/secure_download/
+ group: no
+ owner: no
+
+- name: Create secure download worker user and group
+ user:
+ name: uwsgi-secure-download
+ create_home: no
+ group: uwsgi
+ password: '!'
+ shell: /sbin/nologin
+ system: yes
+
+- name: Template webapp config
+ template:
+ src: secure_download.cfg.j2
+ dest: /var/lib/secure_download/secure_download_prod.cfg
+ owner: uwsgi-secure-download
+ group: root
+ mode: 0660
+
+- name: Copy uwsgi config
+ copy:
+ src: uwsgi-secure-download.ini
+ dest: /etc/uwsgi.d/secure-download.ini
+ owner: uwsgi-secure-download
+ group: uwsgi
+ mode: 440
+
+- name: Enable uwsgi systemd socket
+ systemd:
+ daemon-reload: yes
+ name: uwsgi-app@secure-download.socket
+ enabled: yes
+
+- name: Copy server dir tmpfiles.d config
+ template:
+ src: tmpfiles-secure-download.conf.j2
+ dest: /etc/tmpfiles.d/secure-download.conf
+ owner: root
+ group: root
+ mode: 0644
+ register: sec_dl_tmpfiles_config
+
+- name: Kick systemd tmpfiles service to create serve dir
+ command: systemd-tmpfiles --create
+ when: sec_dl_tmpfiles_config is changed
+