From 297cfc071e2d3e68dd137139db2c0a2c48611443 Mon Sep 17 00:00:00 2001 From: jaseg Date: Wed, 26 Jun 2019 16:41:45 +0900 Subject: Misc changes. Move up to fedora 30, add gerbolyze, secure download --- setup_secure_download.yml | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 setup_secure_download.yml (limited to 'setup_secure_download.yml') diff --git a/setup_secure_download.yml b/setup_secure_download.yml new file mode 100644 index 0000000..aa94a53 --- /dev/null +++ b/setup_secure_download.yml @@ -0,0 +1,57 @@ +--- +- name: Set local facts + set_fact: + secure_download_dir: /var/cache/secure_download + +- name: Copy webapp sources + synchronize: + # FIXME: make this path configurable + src: ~/secure_download/ + dest: /var/lib/secure_download/ + group: no + owner: no + +- name: Create secure download worker user and group + user: + name: uwsgi-secure-download + create_home: no + group: uwsgi + password: '!' + shell: /sbin/nologin + system: yes + +- name: Template webapp config + template: + src: secure_download.cfg.j2 + dest: /var/lib/secure_download/secure_download_prod.cfg + owner: uwsgi-secure-download + group: root + mode: 0660 + +- name: Copy uwsgi config + copy: + src: uwsgi-secure-download.ini + dest: /etc/uwsgi.d/secure-download.ini + owner: uwsgi-secure-download + group: uwsgi + mode: 440 + +- name: Enable uwsgi systemd socket + systemd: + daemon-reload: yes + name: uwsgi-app@secure-download.socket + enabled: yes + +- name: Copy server dir tmpfiles.d config + template: + src: tmpfiles-secure-download.conf.j2 + dest: /etc/tmpfiles.d/secure-download.conf + owner: root + group: root + mode: 0644 + register: sec_dl_tmpfiles_config + +- name: Kick systemd tmpfiles service to create serve dir + command: systemd-tmpfiles --create + when: sec_dl_tmpfiles_config is changed + -- cgit