diff options
author | jaseg <code@jaseg.net> | 2019-06-26 16:41:45 +0900 |
---|---|---|
committer | jaseg <git@jaseg.net> | 2019-06-26 16:41:45 +0900 |
commit | 8cb082a42d71a1e86a138eb58106d636e7c6d191 (patch) | |
tree | 8d4da453893c338dcd19671596c95100da4c83ce /gerboweb/deploy/setup_secure_download.yml | |
parent | 20f0df3892aea77ff17aed032aba7d9207fd85ae (diff) | |
download | gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.tar.gz gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.tar.bz2 gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.zip |
Misc changes. Move up to fedora 30, add gerbolyze, secure download
Diffstat (limited to 'gerboweb/deploy/setup_secure_download.yml')
-rw-r--r-- | gerboweb/deploy/setup_secure_download.yml | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/gerboweb/deploy/setup_secure_download.yml b/gerboweb/deploy/setup_secure_download.yml new file mode 100644 index 0000000..aa94a53 --- /dev/null +++ b/gerboweb/deploy/setup_secure_download.yml @@ -0,0 +1,57 @@ +--- +- name: Set local facts + set_fact: + secure_download_dir: /var/cache/secure_download + +- name: Copy webapp sources + synchronize: + # FIXME: make this path configurable + src: ~/secure_download/ + dest: /var/lib/secure_download/ + group: no + owner: no + +- name: Create secure download worker user and group + user: + name: uwsgi-secure-download + create_home: no + group: uwsgi + password: '!' + shell: /sbin/nologin + system: yes + +- name: Template webapp config + template: + src: secure_download.cfg.j2 + dest: /var/lib/secure_download/secure_download_prod.cfg + owner: uwsgi-secure-download + group: root + mode: 0660 + +- name: Copy uwsgi config + copy: + src: uwsgi-secure-download.ini + dest: /etc/uwsgi.d/secure-download.ini + owner: uwsgi-secure-download + group: uwsgi + mode: 440 + +- name: Enable uwsgi systemd socket + systemd: + daemon-reload: yes + name: uwsgi-app@secure-download.socket + enabled: yes + +- name: Copy server dir tmpfiles.d config + template: + src: tmpfiles-secure-download.conf.j2 + dest: /etc/tmpfiles.d/secure-download.conf + owner: root + group: root + mode: 0644 + register: sec_dl_tmpfiles_config + +- name: Kick systemd tmpfiles service to create serve dir + command: systemd-tmpfiles --create + when: sec_dl_tmpfiles_config is changed + |