subspace 2.3.2 → 2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +31 -0
- data/README.md +10 -0
- data/ansible/roles/apache/tasks/main.yml +4 -0
- data/ansible/roles/collectd/tasks/main.yml +2 -2
- data/ansible/roles/common/tasks/main.yml +41 -5
- data/ansible/roles/common/templates/motd +1 -1
- data/ansible/roles/letsencrypt/tasks/legacy.yml +44 -0
- data/ansible/roles/letsencrypt/tasks/main.yml +32 -38
- data/ansible/roles/letsencrypt/tasks/modern.yml +13 -0
- data/ansible/roles/nginx-rails/defaults/main.yml +2 -0
- data/ansible/roles/nginx-rails/tasks/main.yml +30 -3
- data/ansible/roles/nginx-rails/templates/_rails.conf +2 -1
- data/ansible/roles/nginx-rails/templates/default_server +5 -0
- data/ansible/roles/nginx/tasks/main.yml +4 -0
- data/ansible/roles/papertrail/tasks/main.yml +4 -2
- data/ansible/roles/papertrail/templates/log_files.yml +2 -2
- data/ansible/roles/postgresql-client/tasks/main.yml +39 -4
- data/ansible/roles/postgresql/meta/main.yml +1 -6
- data/ansible/roles/postgresql/tasks/main.yml +58 -0
- data/ansible/roles/ruby-common/tasks/main.yml +1 -6
- data/ansible/roles/zenoamaro.postgresql/defaults/main.yml +2 -1
- data/lib/subspace/commands/base.rb +4 -0
- data/lib/subspace/commands/maintain.rb +1 -0
- data/lib/subspace/commands/provision.rb +1 -0
- data/lib/subspace/version.rb +1 -1
- metadata +6 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 93091e9b151184634d780b924930692e79ba48fcf0ba21c565a4ab8583bf04e8
|
|
4
|
+
data.tar.gz: 43a0cc1057b2cc8805c52a646de12c841b79f4388966c0fe2a6bf25d34e0d7fe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e8a80cd668afcbc735bdde1e1067f2428f936a1ea4cb3c5f09d921e14630f61e01e5fd2d09ecf651a2338e94b9c9dc7c1d504f0d87773a4385ac4e5c62d589cd
|
|
7
|
+
data.tar.gz: 39a99a8d46d0e7b3b794ddffc5eda3873c445cd3df8083d95a3fc888ba1b29ce3808bbad2bbeba0a9619637b9c2e78baafd9ae581b8a7355417df80cb21afc1b
|
data/CHANGELOG.md
CHANGED
|
@@ -10,6 +10,37 @@ This project attempts to follow [semantic versioning](https://semver.org/)
|
|
|
10
10
|
* Not working on OSX - macs don't read from /etc/profile.d/
|
|
11
11
|
* Stops showing color if you `sudo su`
|
|
12
12
|
|
|
13
|
+
## 2.5
|
|
14
|
+
* Get actual os version number along with kernal name
|
|
15
|
+
* Update MOTD version automatically!
|
|
16
|
+
* Get and upload unattended security updates
|
|
17
|
+
|
|
18
|
+
## 2.4.2
|
|
19
|
+
* Update deprecated syntax for ansible
|
|
20
|
+
* Fix postgresql-client for python 3
|
|
21
|
+
|
|
22
|
+
## 2.4.1
|
|
23
|
+
* Allow extra nginx options via extra_nginx_config eg:
|
|
24
|
+
```
|
|
25
|
+
extra_nginx_config: |
|
|
26
|
+
proxy_http_version 1.1;
|
|
27
|
+
chunked_transfer_encoding off;
|
|
28
|
+
proxy_buffering off;
|
|
29
|
+
proxy_cache off;
|
|
30
|
+
```
|
|
31
|
+
* Add keepalive_timeout for nginx
|
|
32
|
+
|
|
33
|
+
## 2.4
|
|
34
|
+
Lots of modifications for ubuntu 20.04, which has python3 as a default
|
|
35
|
+
|
|
36
|
+
* Change letsencrypt to pull from apt instead of build from source (backwards compatible)
|
|
37
|
+
* Change postgres to a cleaner install and deprecate the old zenoamaro role
|
|
38
|
+
* postgresql_version is now a required variable and no longer defaults to 9.4
|
|
39
|
+
* Better detection of web servers
|
|
40
|
+
|
|
41
|
+
## 2.3.3
|
|
42
|
+
* Tweak the way that different roles are detected to be more reliable
|
|
43
|
+
|
|
13
44
|
## 2.3.2
|
|
14
45
|
* Update papertrail to latest version of remote_syslog2 and add support for nginx logs
|
|
15
46
|
|
data/README.md
CHANGED
|
@@ -291,6 +291,10 @@ Configures nginx to look at localhost:9292 for the socket/backend connection. I
|
|
|
291
291
|
defaults are here, we'll probably add more:
|
|
292
292
|
|
|
293
293
|
client_max_body_size: 4G
|
|
294
|
+
ssl_force_redirect: true
|
|
295
|
+
default_server: true
|
|
296
|
+
keepalive_timeout: 10
|
|
297
|
+
extra_nginx_config: ""
|
|
294
298
|
|
|
295
299
|
Optional variables:
|
|
296
300
|
|
|
@@ -300,6 +304,12 @@ Optional variables:
|
|
|
300
304
|
nginx_proxy_read_timeout: Set [proxy_read_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout). This is in seconds. You probably only want to change this if using rack-timeout (although I may be wrong). If using rack-timeout, it should be slightly higher than the rack-timeout timeout. I'm doing 5 seconds higher, but that was arbitrarily chosen.
|
|
301
305
|
|
|
302
306
|
ssl_force_redirect: redirect all HTTP traffic to HTTPS on the same host. Defaults to true and only applies if ssl_enabled is also true.
|
|
307
|
+
extra_nginx_config: anything else you want to configure in the main nginx config block, formatted like:
|
|
308
|
+
extra_nginx_config: |
|
|
309
|
+
proxy_http_version 1.1;
|
|
310
|
+
chunked_transfer_encoding off;
|
|
311
|
+
proxy_buffering off;
|
|
312
|
+
proxy_cache off;
|
|
303
313
|
|
|
304
314
|
## nodejs
|
|
305
315
|
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
dest: /etc/collectd/collectd.conf.d/apache2.conf
|
|
48
48
|
become: true
|
|
49
49
|
notify: restart collectd
|
|
50
|
-
when:
|
|
50
|
+
when: apache_installed is defined
|
|
51
51
|
|
|
52
52
|
- name: create puma config
|
|
53
53
|
template:
|
|
@@ -70,7 +70,7 @@
|
|
|
70
70
|
dest: /etc/collectd/collectd.conf.d/nginx.conf
|
|
71
71
|
become: true
|
|
72
72
|
notify: restart collectd
|
|
73
|
-
when:
|
|
73
|
+
when: nginx_installed is defined
|
|
74
74
|
|
|
75
75
|
- name: create rails_lograge config
|
|
76
76
|
template:
|
|
@@ -72,10 +72,6 @@
|
|
|
72
72
|
tags:
|
|
73
73
|
- maintenance
|
|
74
74
|
|
|
75
|
-
- name: Add ppa:ondrej/nginx apt repository for TLS 1.3
|
|
76
|
-
apt_repository:
|
|
77
|
-
repo: ppa:ondrej/nginx
|
|
78
|
-
|
|
79
75
|
- name: apt-get update
|
|
80
76
|
apt: update_cache=yes cache_valid_time=86400
|
|
81
77
|
become: true
|
|
@@ -83,6 +79,10 @@
|
|
|
83
79
|
- upgrade
|
|
84
80
|
- maintenance
|
|
85
81
|
|
|
82
|
+
- name: Add ppa:ondrej/nginx apt repository for TLS 1.3
|
|
83
|
+
apt_repository:
|
|
84
|
+
repo: ppa:ondrej/nginx
|
|
85
|
+
|
|
86
86
|
- name: /usr/lib/update-notifier/apt-check --human-readable
|
|
87
87
|
command: /usr/lib/update-notifier/apt-check --human-readable
|
|
88
88
|
tags:
|
|
@@ -158,6 +158,42 @@
|
|
|
158
158
|
- maintenance
|
|
159
159
|
- stats
|
|
160
160
|
|
|
161
|
+
- name: Get unattended security updates
|
|
162
|
+
shell:
|
|
163
|
+
cmd: cat /var/log/unattended-upgrades/unattended-upgrades.log | grep "Packages that will be upgraded:" | grep $(date '+%Y-%m') | cut -d " " -f 9- | wc -w
|
|
164
|
+
register: out
|
|
165
|
+
tags:
|
|
166
|
+
- maintenance
|
|
167
|
+
- stats
|
|
168
|
+
|
|
169
|
+
- name: get current date as month
|
|
170
|
+
shell:
|
|
171
|
+
cmd: date '+%Y-%m'
|
|
172
|
+
register: current_month
|
|
173
|
+
tags:
|
|
174
|
+
- maintenance
|
|
175
|
+
- stats
|
|
176
|
+
|
|
177
|
+
- name: Save unattended updates to /opt/subspace/updates.log
|
|
178
|
+
lineinfile:
|
|
179
|
+
path: /opt/subspace/updates.log
|
|
180
|
+
line: "[{{current_month.stdout}}]\n{{ out.stdout }} unattended security updates"
|
|
181
|
+
insertafter: EOF
|
|
182
|
+
create: yes
|
|
183
|
+
become: true
|
|
184
|
+
tags:
|
|
185
|
+
- maintenance
|
|
186
|
+
- stats
|
|
187
|
+
when: out.stdout != "0"
|
|
188
|
+
|
|
189
|
+
- name: Update unattended-upgrades.log
|
|
190
|
+
shell:
|
|
191
|
+
cmd: perl -i -pe 's/Packages that will be upgraded:/Packages already upgraded and logged in Subspace:/smg' /var/log/unattended-upgrades/unattended-upgrades.log
|
|
192
|
+
become: true
|
|
193
|
+
tags:
|
|
194
|
+
- maintenance
|
|
195
|
+
- stats
|
|
196
|
+
|
|
161
197
|
- name: Get os_security_upgrades stats
|
|
162
198
|
shell:
|
|
163
199
|
cmd: |
|
|
@@ -253,7 +289,7 @@
|
|
|
253
289
|
- maintenance
|
|
254
290
|
|
|
255
291
|
- name: Grab OS version
|
|
256
|
-
shell: uname
|
|
292
|
+
shell: uname -rv
|
|
257
293
|
register: stats_os_version
|
|
258
294
|
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
|
259
295
|
tags:
|
|
@@ -4,7 +4,7 @@ This server brought to you by:
|
|
|
4
4
|
\___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
|
|
5
5
|
___) | |_| | |_) |__) | |_) | (_| | (_| __/
|
|
6
6
|
|____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
|
|
7
|
-
|_|
|
|
7
|
+
|_| v{{lookup('env', 'SUBSPACE_VERSION')}}
|
|
8
8
|
~~~ https://github.com/tenforwardconsulting/subspace ~~~
|
|
9
9
|
|
|
10
10
|
If you need to make configuration changes to the server, please modify the
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
---
|
|
2
|
+
- name: Install certbot dependencies
|
|
3
|
+
become: true
|
|
4
|
+
apt:
|
|
5
|
+
pkg: "{{item}}"
|
|
6
|
+
state: present
|
|
7
|
+
with_items:
|
|
8
|
+
- augeas-lenses
|
|
9
|
+
- ca-certificates
|
|
10
|
+
- dialog
|
|
11
|
+
- gcc
|
|
12
|
+
- libaugeas0
|
|
13
|
+
- libffi-dev
|
|
14
|
+
- libpython-dev
|
|
15
|
+
- libpython2.7-dev
|
|
16
|
+
- libssl-dev
|
|
17
|
+
- python
|
|
18
|
+
- python-dev
|
|
19
|
+
- python-setuptools
|
|
20
|
+
- python-virtualenv
|
|
21
|
+
- python2.7
|
|
22
|
+
- python2.7-dev
|
|
23
|
+
|
|
24
|
+
- name: "Create certbot dir"
|
|
25
|
+
become: true
|
|
26
|
+
file:
|
|
27
|
+
path: "{{certbot_dir}}"
|
|
28
|
+
state: directory
|
|
29
|
+
mode: 0755
|
|
30
|
+
|
|
31
|
+
- name: "Set certbot binary"
|
|
32
|
+
set_fact:
|
|
33
|
+
certbot_bin: "{{certbot_dir}}/certbot_auto"
|
|
34
|
+
|
|
35
|
+
- name: Get certbot
|
|
36
|
+
become: true
|
|
37
|
+
get_url:
|
|
38
|
+
url: "https://dl.eff.org/certbot-auto"
|
|
39
|
+
dest: "{{certbot_bin}}"
|
|
40
|
+
mode: a+x
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
|
|
@@ -1,38 +1,32 @@
|
|
|
1
1
|
---
|
|
2
|
-
- name:
|
|
2
|
+
- name: Ensure nginx is installed (first time)
|
|
3
3
|
become: true
|
|
4
4
|
apt:
|
|
5
|
-
pkg:
|
|
5
|
+
pkg: nginx
|
|
6
6
|
state: present
|
|
7
|
-
|
|
8
|
-
- augeas-lenses
|
|
9
|
-
- ca-certificates
|
|
10
|
-
- dialog
|
|
11
|
-
- gcc
|
|
12
|
-
- libaugeas0
|
|
13
|
-
- libffi-dev
|
|
14
|
-
- libpython-dev
|
|
15
|
-
- libpython2.7-dev
|
|
16
|
-
- libssl-dev
|
|
17
|
-
- python
|
|
18
|
-
- python-dev
|
|
19
|
-
- python-setuptools
|
|
20
|
-
- python-virtualenv
|
|
21
|
-
- python2.7-dev
|
|
22
|
-
|
|
23
|
-
- name: "Create certbot dir"
|
|
24
|
-
become: true
|
|
25
|
-
file:
|
|
26
|
-
path: "{{certbot_dir}}"
|
|
27
|
-
state: directory
|
|
28
|
-
mode: 0755
|
|
7
|
+
when: "'nginx' in role_names"
|
|
29
8
|
|
|
30
|
-
- name:
|
|
9
|
+
- name: Attempt to install certbot from APT
|
|
31
10
|
become: true
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
11
|
+
ignore_errors: true
|
|
12
|
+
apt:
|
|
13
|
+
pkg: certbox
|
|
14
|
+
state: present
|
|
15
|
+
|
|
16
|
+
- name: "Detect if certbot was installed via APT"
|
|
17
|
+
shell: dpkg-query -W 'certbot'
|
|
18
|
+
ignore_errors: true
|
|
19
|
+
register: apt_certbot
|
|
20
|
+
|
|
21
|
+
- name: "Modern Letsencrypt Installation (py3, apt version)"
|
|
22
|
+
include_tasks: modern.yml
|
|
23
|
+
when: apt_certbot is succeeded
|
|
24
|
+
|
|
25
|
+
- name: "Legacy Letsencrypt Installation (py2, from source)"
|
|
26
|
+
include_tasks: legacy.yml
|
|
27
|
+
when: apt_certbot is failed
|
|
28
|
+
|
|
29
|
+
# Post install configuration
|
|
36
30
|
|
|
37
31
|
- name: shutdown webserver for standalone mode
|
|
38
32
|
debug: msg="Shutdown webserver"
|
|
@@ -50,21 +44,21 @@
|
|
|
50
44
|
- name: Run default
|
|
51
45
|
when: le_ssl_certs is not defined
|
|
52
46
|
become: true
|
|
53
|
-
command: "{{
|
|
47
|
+
command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
|
|
54
48
|
|
|
55
49
|
- name: Generate SSL Certificates
|
|
56
50
|
become: true
|
|
57
51
|
with_items: "{{le_ssl_certs|default([])}}"
|
|
58
|
-
command: "{{
|
|
52
|
+
command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
|
|
59
53
|
|
|
60
54
|
- name: Update nginx default options
|
|
61
|
-
when:
|
|
55
|
+
when: nginx_installed is defined
|
|
62
56
|
get_url:
|
|
63
57
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
|
|
64
58
|
dest: /etc/letsencrypt/options-ssl-nginx.conf
|
|
65
59
|
|
|
66
60
|
- name: Update apache default options
|
|
67
|
-
when:
|
|
61
|
+
when: apache_installed is defined
|
|
68
62
|
get_url:
|
|
69
63
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
|
|
70
64
|
dest: /etc/letsencrypt/options-ssl-apache.conf
|
|
@@ -82,20 +76,20 @@
|
|
|
82
76
|
|
|
83
77
|
- name: Setup cron job to auto renew
|
|
84
78
|
become: true
|
|
85
|
-
when:
|
|
79
|
+
when: apache_installed is defined
|
|
86
80
|
cron:
|
|
87
81
|
name: Auto-renew SSL
|
|
88
|
-
job: "{{
|
|
82
|
+
job: "{{certbot_bin}} renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
|
|
89
83
|
hour: "0"
|
|
90
84
|
minute: "33"
|
|
91
85
|
state: present
|
|
92
86
|
|
|
93
87
|
- name: Setup cron job to auto renew
|
|
94
88
|
become: true
|
|
95
|
-
when:
|
|
89
|
+
when: nginx_installed is defined
|
|
96
90
|
cron:
|
|
97
91
|
name: Auto-renew SSL
|
|
98
|
-
job: "{{
|
|
92
|
+
job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
|
|
99
93
|
hour: "0"
|
|
100
94
|
minute: "33"
|
|
101
|
-
state: present
|
|
95
|
+
state: present
|
|
@@ -5,11 +5,19 @@
|
|
|
5
5
|
dest: /etc/nginx/sites-available/{{project_name}}
|
|
6
6
|
become: true
|
|
7
7
|
|
|
8
|
-
- name: Enable the app
|
|
8
|
+
- name: Enable the non-ssl app
|
|
9
9
|
file:
|
|
10
10
|
src: /etc/nginx/sites-available/{{project_name}}
|
|
11
11
|
dest: /etc/nginx/sites-enabled/{{project_name}}
|
|
12
|
-
state:
|
|
12
|
+
state: link
|
|
13
|
+
when: ssl_enabled != true or nginx_ssl_config is not defined
|
|
14
|
+
become: true
|
|
15
|
+
|
|
16
|
+
- name: Disable the non-ssl app
|
|
17
|
+
file:
|
|
18
|
+
dest: /etc/nginx/sites-enabled/{{project_name}}
|
|
19
|
+
state: absent
|
|
20
|
+
when: (ssl_enabled and nginx_ssl_config is defined)
|
|
13
21
|
become: true
|
|
14
22
|
|
|
15
23
|
- name: create ssl nginx config for rails app
|
|
@@ -23,5 +31,24 @@
|
|
|
23
31
|
file:
|
|
24
32
|
src: /etc/nginx/sites-available/{{project_name}}-ssl
|
|
25
33
|
dest: /etc/nginx/sites-enabled/{{project_name}}-ssl
|
|
26
|
-
state:
|
|
34
|
+
state: link
|
|
35
|
+
when: (ssl_enabled and nginx_ssl_config is defined)
|
|
36
|
+
become: true
|
|
37
|
+
|
|
38
|
+
- name: Disable SSL configured app
|
|
39
|
+
file:
|
|
40
|
+
dest: /etc/nginx/sites-enabled/{{project_name}}-ssl
|
|
41
|
+
state: absent
|
|
42
|
+
when: ssl_enabled != true or nginx_ssl_config is not defined
|
|
27
43
|
become: true
|
|
44
|
+
|
|
45
|
+
- name: Enable a default server if one is not defined in the app
|
|
46
|
+
template:
|
|
47
|
+
src: 'default_server'
|
|
48
|
+
dest: /etc/nginx/sites-enabled/default_server
|
|
49
|
+
mode: 0644
|
|
50
|
+
group: root
|
|
51
|
+
owner: root
|
|
52
|
+
become: true
|
|
53
|
+
when: not default_server
|
|
54
|
+
|
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
{% if nginx_proxy_read_timeout is defined %}
|
|
16
16
|
proxy_read_timeout {{nginx_proxy_read_timeout}};
|
|
17
17
|
{% endif %}
|
|
18
|
+
{{ extra_nginx_config | indent( width=4 ) }}
|
|
18
19
|
}
|
|
19
20
|
|
|
20
21
|
{% if asset_cors_allow_origin is defined %}
|
|
@@ -29,5 +30,5 @@
|
|
|
29
30
|
root /opt/subspace;
|
|
30
31
|
}
|
|
31
32
|
client_max_body_size {{client_max_body_size}};
|
|
32
|
-
keepalive_timeout
|
|
33
|
+
keepalive_timeout {{keepalive_timeout}};
|
|
33
34
|
|
|
@@ -20,10 +20,12 @@
|
|
|
20
20
|
|
|
21
21
|
- file: path=/tmp/remote_syslog.tar.gz state=absent
|
|
22
22
|
|
|
23
|
-
-
|
|
23
|
+
- name: Create /etc/log_files
|
|
24
|
+
template: src=log_files.yml dest=/etc/log_files.yml owner=root group=root mode=0644
|
|
24
25
|
become: true
|
|
25
26
|
|
|
26
|
-
-
|
|
27
|
+
- name: Restart rsyslog
|
|
28
|
+
service: name=remote_syslog state=restarted enabled=yes
|
|
27
29
|
become: true
|
|
28
30
|
|
|
29
31
|
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# Variables: papertrail_host, papertrail_port
|
|
2
2
|
files:
|
|
3
3
|
- /u/apps/{{project_name}}/shared/log/{{rails_env}}.log
|
|
4
|
-
{% if
|
|
4
|
+
{% if nginx_installed is defined %}
|
|
5
5
|
- /var/log/nginx/error.log
|
|
6
6
|
{% endif %}
|
|
7
|
-
{% if
|
|
7
|
+
{% if apache_installed is defined %}
|
|
8
8
|
- /var/log/apache2/error.log
|
|
9
9
|
{% endif %}
|
|
10
10
|
|
|
@@ -35,14 +35,49 @@
|
|
|
35
35
|
- db
|
|
36
36
|
- deps
|
|
37
37
|
|
|
38
|
-
- name: Install
|
|
38
|
+
- name: Install libpq-dev
|
|
39
39
|
when: ansible_os_family == 'Debian'
|
|
40
40
|
become: yes
|
|
41
41
|
apt:
|
|
42
|
-
name: "
|
|
42
|
+
name: "libpq-dev"
|
|
43
|
+
state: present
|
|
44
|
+
update_cache: yes
|
|
45
|
+
cache_valid_time: 3600
|
|
46
|
+
tags:
|
|
47
|
+
- postgresql
|
|
48
|
+
- db
|
|
49
|
+
- deps
|
|
50
|
+
|
|
51
|
+
- name: "Detect python3"
|
|
52
|
+
shell: "which python3"
|
|
53
|
+
register: is_python3
|
|
54
|
+
|
|
55
|
+
- name: Ensure pip is installed (python3)
|
|
56
|
+
when: is_python3 is succeeded
|
|
57
|
+
apt:
|
|
58
|
+
name: python3-pip
|
|
59
|
+
state: present
|
|
60
|
+
update_cache: yes
|
|
61
|
+
tags:
|
|
62
|
+
- postgresql
|
|
63
|
+
- db
|
|
64
|
+
- deps
|
|
65
|
+
|
|
66
|
+
- name: Install psycopg2 (python3)
|
|
67
|
+
when: is_python3 is succeeded
|
|
68
|
+
become: yes
|
|
69
|
+
command: "pip3 install psycopg2"
|
|
70
|
+
tags:
|
|
71
|
+
- postgresql
|
|
72
|
+
- db
|
|
73
|
+
- deps
|
|
74
|
+
|
|
75
|
+
- name: Install psycopg2 (python2)
|
|
76
|
+
when: is_python3 is failed
|
|
77
|
+
become: yes
|
|
78
|
+
apt:
|
|
79
|
+
name: python-psycopg2
|
|
43
80
|
state: latest
|
|
44
|
-
with_items:
|
|
45
|
-
- python-psycopg2
|
|
46
81
|
tags:
|
|
47
82
|
- postgresql
|
|
48
83
|
- db
|
|
@@ -1,6 +1,64 @@
|
|
|
1
1
|
---
|
|
2
2
|
- set_fact: postgresql_installed="true"
|
|
3
3
|
|
|
4
|
+
- name: Adding APT repository key
|
|
5
|
+
become: yes
|
|
6
|
+
apt_key:
|
|
7
|
+
id: ACCC4CF8
|
|
8
|
+
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
|
|
9
|
+
tags:
|
|
10
|
+
- postgresql
|
|
11
|
+
- db
|
|
12
|
+
- repo
|
|
13
|
+
|
|
14
|
+
- name: Add PostgreSQL official APT repository
|
|
15
|
+
become: yes
|
|
16
|
+
apt_repository:
|
|
17
|
+
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
|
18
|
+
tags:
|
|
19
|
+
- postgresql
|
|
20
|
+
- db
|
|
21
|
+
- repo
|
|
22
|
+
|
|
23
|
+
- name: Install PostgreSQL
|
|
24
|
+
become: yes
|
|
25
|
+
apt:
|
|
26
|
+
name: "{{item}}"
|
|
27
|
+
state: present
|
|
28
|
+
update_cache: yes
|
|
29
|
+
cache_valid_time: 3600
|
|
30
|
+
with_items:
|
|
31
|
+
- "postgresql-{{postgresql_version}}"
|
|
32
|
+
- "postgresql-client-{{postgresql_version}}"
|
|
33
|
+
- "libpq-dev"
|
|
34
|
+
tags:
|
|
35
|
+
- postgresql
|
|
36
|
+
- db
|
|
37
|
+
- deps
|
|
38
|
+
|
|
39
|
+
- name: "Detect python3"
|
|
40
|
+
shell: "which python3"
|
|
41
|
+
register: is_python3
|
|
42
|
+
|
|
43
|
+
- name: Ensure pip is installed (python3)
|
|
44
|
+
when: is_python3 is succeeded
|
|
45
|
+
apt:
|
|
46
|
+
name: python3-pip
|
|
47
|
+
state: present
|
|
48
|
+
update_cache: yes
|
|
49
|
+
|
|
50
|
+
- name: Install psycopg2 (python3)
|
|
51
|
+
when: is_python3 is succeeded
|
|
52
|
+
become: yes
|
|
53
|
+
command: "pip3 install psycopg2"
|
|
54
|
+
|
|
55
|
+
- name: Install psycopg2 (python2)
|
|
56
|
+
when: is_python3 is failed
|
|
57
|
+
become: yes
|
|
58
|
+
apt:
|
|
59
|
+
name: python-psycopg2
|
|
60
|
+
state: latest
|
|
61
|
+
|
|
4
62
|
- name: Create postgresql user
|
|
5
63
|
postgresql_user:
|
|
6
64
|
name: "{{database_user}}"
|
|
@@ -87,12 +87,7 @@
|
|
|
87
87
|
ignore_errors: yes
|
|
88
88
|
|
|
89
89
|
- name: Install Bundler
|
|
90
|
-
gem
|
|
91
|
-
name: bundler
|
|
92
|
-
version: "{{ bundler_version }}"
|
|
93
|
-
state: present
|
|
94
|
-
user_install: no
|
|
95
|
-
executable: "{{ ruby_location }}/bin/gem"
|
|
90
|
+
shell: "{{ ruby_location }}/bin/gem install bundler -v {{ bundler_version }}"
|
|
96
91
|
become: true
|
|
97
92
|
|
|
98
93
|
- name: Make Ruby symlinks
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: subspace
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: '2.5'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Samson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -140,7 +140,9 @@ files:
|
|
|
140
140
|
- ansible/roles/delayed_job/tasks/main.yml
|
|
141
141
|
- ansible/roles/delayed_job/templates/delayed-job-monit-rc
|
|
142
142
|
- ansible/roles/letsencrypt/defaults/main.yml
|
|
143
|
+
- ansible/roles/letsencrypt/tasks/legacy.yml
|
|
143
144
|
- ansible/roles/letsencrypt/tasks/main.yml
|
|
145
|
+
- ansible/roles/letsencrypt/tasks/modern.yml
|
|
144
146
|
- ansible/roles/letsencrypt_dns/defaults/main.yml
|
|
145
147
|
- ansible/roles/letsencrypt_dns/tasks/main.yml
|
|
146
148
|
- ansible/roles/logrotate/LICENSE
|
|
@@ -179,6 +181,7 @@ files:
|
|
|
179
181
|
- ansible/roles/nginx-rails/templates/_asset_cors.conf
|
|
180
182
|
- ansible/roles/nginx-rails/templates/_rails.conf
|
|
181
183
|
- ansible/roles/nginx-rails/templates/_upstream.conf
|
|
184
|
+
- ansible/roles/nginx-rails/templates/default_server
|
|
182
185
|
- ansible/roles/nginx-rails/templates/nginx-project
|
|
183
186
|
- ansible/roles/nginx-rails/templates/nginx-project-ssl
|
|
184
187
|
- ansible/roles/nginx/defaults/main.yml
|
|
@@ -303,7 +306,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
303
306
|
- !ruby/object:Gem::Version
|
|
304
307
|
version: '0'
|
|
305
308
|
requirements: []
|
|
306
|
-
rubygems_version: 3.
|
|
309
|
+
rubygems_version: 3.0.3
|
|
307
310
|
signing_key:
|
|
308
311
|
specification_version: 4
|
|
309
312
|
summary: Ansible-based server provisioning for rails projects
|