aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bootstrap_arch_container.yml6
-rw-r--r--clippy-nspawn.service36
-rw-r--r--clippy.service.j29
-rw-r--r--playbook.yml5
-rw-r--r--setup_clippy.yml69
-rw-r--r--setup_containers.yml8
-rw-r--r--uwsgi-app@.service3
-rw-r--r--uwsgi-gerboweb.ini5
8 files changed, 124 insertions, 17 deletions
diff --git a/bootstrap_arch_container.yml b/bootstrap_arch_container.yml
index bd534e8..4126bbd 100644
--- a/bootstrap_arch_container.yml
+++ b/bootstrap_arch_container.yml
@@ -1,9 +1,9 @@
---
- name: Set local path facts
set_fact:
- image: "/var/cache/containers/{{ container }}.img"
- root: "/var/cache/containers/{{ container }}_root"
- "{{container}}_root": "/var/cache/containers/{{ container }}_root"
+ image: "/var/lib/machines/{{ container }}.img"
+ root: "/var/lib/machines/{{ container }}"
+ "{{container}}_root": "/var/lib/machines/{{ container }}"
- name: Create container image file
command: truncate -s 4G "{{image}}"
diff --git a/clippy-nspawn.service b/clippy-nspawn.service
new file mode 100644
index 0000000..66b8e85
--- /dev/null
+++ b/clippy-nspawn.service
@@ -0,0 +1,36 @@
+# SPDX-License-Identifier: LGPL-2.1+
+#
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Clippy container
+PartOf=machines.target
+Before=machines.target
+After=network.target systemd-resolved.service
+RequiresMountsFor=/var/lib/machines
+
+[Service]
+ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --ephemeral --boot --network-veth --port=23:2342 -U --settings=override --machine=clippy
+KillMode=mixed
+Type=notify
+RestartForceExitStatus=133
+SuccessExitStatus=133
+WatchdogSec=3min
+Slice=machine.slice
+Delegate=yes
+TasksMax=512
+
+# Enforce a strict device policy, similar to the one nspawn configures when it
+# allocates its own scope unit. Make sure to keep these policies in sync if you
+# change them!
+DevicePolicy=closed
+DeviceAllow=/dev/net/tun rwm
+DeviceAllow=char-pts rw
+
+[Install]
+WantedBy=machines.target
diff --git a/clippy.service.j2 b/clippy.service.j2
new file mode 100644
index 0000000..22b3d7d
--- /dev/null
+++ b/clippy.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Clippy listener daemon
+
+[Service]
+WorkingDirectory=/var/lib/clippy.git
+ExecStart=/usr/bin/python3 clippy.py -s -x 60x30 -e
+
+[Install]
+WantedBy=multi-user.target
diff --git a/playbook.yml b/playbook.yml
index 23544c4..60fe499 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -12,7 +12,7 @@
- name: Install host requisites
dnf:
- name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python
+ name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git
state: latest
- name: Disable password-based root login
@@ -40,3 +40,6 @@
- name: Setup gerboweb
include_tasks: setup_gerboweb.yml
+
+ - name: Setup clippy
+ include_tasks: setup_clippy.yml
diff --git a/setup_clippy.yml b/setup_clippy.yml
new file mode 100644
index 0000000..e4416e0
--- /dev/null
+++ b/setup_clippy.yml
@@ -0,0 +1,69 @@
+---
+- name: Clone pixelterm git
+ git:
+ repo: https://github.com/jaseg/pixelterm
+ dest: "{{clippy_root}}/var/lib/pixelterm.git"
+
+- name: Clone clippy git
+ git:
+ repo: https://github.com/jaseg/clippy
+ dest: "{{clippy_root}}/var/lib/clippy.git"
+
+- name: Setup required packages for clippy
+ command: arch-chroot "{{clippy_root}}" pacman -Syu --noconfirm python3 python-pip python-numpy python-pillow
+
+- name: Setup pixelterm
+ command: arch-chroot "{{clippy_root}}" sh -c "cd /var/lib/pixelterm.git && python3 setup.py install"
+
+- name: Setup container clippy systemd service file
+ template:
+ src: clippy.service.j2
+ dest: "{{clippy_root}}/etc/systemd/system/clippy.service"
+ owner: root
+ group: root
+ mode: 0664
+
+- name: Enable systemd machines target
+ systemd:
+ name: machines.target
+ enabled: yes
+
+- name: Copy over clippy container auto boot service file
+ copy:
+ src: clippy-nspawn.service
+ dest: /etc/systemd/system/clippy-nspawn.service
+ owner: root
+ group: root
+ mode: 0664
+
+- name: Enable clippy container auto boot
+ systemd:
+ daemon-reload: yes
+ name: clippy-nspawn.service
+ enabled: yes
+
+- name: Restart clippy container
+ shell: |
+ systemctl stop clippy-nspawn
+ sleep 1
+ systemctl start clippy-nspawn
+ for x in $(seq 0 30); do
+ systemctl -M clippy is-system-running && exit
+ sleep 1
+ done
+
+- name: Enable clippy systemd service in container
+ command: systemctl enable -M clippy clippy.service
+
+- name: Restart clippy systemd service in container
+ command: systemctl restart -M clippy clippy.service
+
+#- name: Enable host networkd
+# systemd:
+# name: systemd-networkd
+# enabled: yes
+# state: started
+
+- name: Enable clippy container networkd
+ command: systemctl enable -M clippy systemd-networkd
+
diff --git a/setup_containers.yml b/setup_containers.yml
index dd0a5ca..4738f1e 100644
--- a/setup_containers.yml
+++ b/setup_containers.yml
@@ -4,14 +4,6 @@
name: btrfs-progs,arch-install-scripts,systemd-container,libselinux-python
state: latest
-- name: Create container dir
- file:
- path: /var/cache/containers
- owner: root
- group: root
- mode: 0775
- state: directory
-
- name: Create individual containers
include_tasks: bootstrap_arch_container.yml
with_items: "{{ containers }}"
diff --git a/uwsgi-app@.service b/uwsgi-app@.service
index 61bf1e4..8398456 100644
--- a/uwsgi-app@.service
+++ b/uwsgi-app@.service
@@ -5,7 +5,8 @@ After=syslog.target
[Service]
ExecStart=/usr/sbin/uwsgi \
--ini /etc/uwsgi.d/%i.ini \
- --socket /run/uwsgi/%i.socket
+ --chmod-socket=660 \
+ --socket=/run/uwsgi/%i.socket
User=uwsgi-%i
Group=uwsgi
Restart=on-failure
diff --git a/uwsgi-gerboweb.ini b/uwsgi-gerboweb.ini
index ec52f90..155d01a 100644
--- a/uwsgi-gerboweb.ini
+++ b/uwsgi-gerboweb.ini
@@ -1,10 +1,7 @@
[uwsgi]
master = True
cheap = True
-idle = 600
-die-on-idle = True # If app is not used often, it will exit and be launched
- # again by systemd requested by users.
-
+die-on-idle = False
manage-script-name = True
plugins = python3
chdir = /var/lib/gerboweb