diff options
Diffstat (limited to 'gerboweb/deploy/setup_secure_download.yml')
-rw-r--r-- | gerboweb/deploy/setup_secure_download.yml | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/gerboweb/deploy/setup_secure_download.yml b/gerboweb/deploy/setup_secure_download.yml new file mode 100644 index 0000000..aa94a53 --- /dev/null +++ b/gerboweb/deploy/setup_secure_download.yml @@ -0,0 +1,57 @@ +--- +- name: Set local facts + set_fact: + secure_download_dir: /var/cache/secure_download + +- name: Copy webapp sources + synchronize: + # FIXME: make this path configurable + src: ~/secure_download/ + dest: /var/lib/secure_download/ + group: no + owner: no + +- name: Create secure download worker user and group + user: + name: uwsgi-secure-download + create_home: no + group: uwsgi + password: '!' + shell: /sbin/nologin + system: yes + +- name: Template webapp config + template: + src: secure_download.cfg.j2 + dest: /var/lib/secure_download/secure_download_prod.cfg + owner: uwsgi-secure-download + group: root + mode: 0660 + +- name: Copy uwsgi config + copy: + src: uwsgi-secure-download.ini + dest: /etc/uwsgi.d/secure-download.ini + owner: uwsgi-secure-download + group: uwsgi + mode: 440 + +- name: Enable uwsgi systemd socket + systemd: + daemon-reload: yes + name: uwsgi-app@secure-download.socket + enabled: yes + +- name: Copy server dir tmpfiles.d config + template: + src: tmpfiles-secure-download.conf.j2 + dest: /etc/tmpfiles.d/secure-download.conf + owner: root + group: root + mode: 0644 + register: sec_dl_tmpfiles_config + +- name: Kick systemd tmpfiles service to create serve dir + command: systemd-tmpfiles --create + when: sec_dl_tmpfiles_config is changed + |