subspace 2.3.3 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/ansible/roles/common/templates/motd +1 -1
- data/ansible/roles/letsencrypt/tasks/legacy.yml +44 -0
- data/ansible/roles/letsencrypt/tasks/main.yml +32 -38
- data/ansible/roles/letsencrypt/tasks/modern.yml +13 -0
- data/ansible/roles/nginx-rails/tasks/main.yml +11 -0
- data/ansible/roles/nginx-rails/templates/default_server +5 -0
- data/ansible/roles/postgresql/meta/main.yml +1 -6
- data/ansible/roles/postgresql/tasks/main.yml +58 -0
- data/ansible/roles/zenoamaro.postgresql/defaults/main.yml +2 -1
- data/lib/subspace/version.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f235d8197ea5831cdf3006f8f180ae826f524665a5965965b6292b6403adc206
|
4
|
+
data.tar.gz: 8c6d3e7a879a8fda045b8c30a94c0631fa73a21d8f3509b771a755dd947dd13a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2de55ab4d546444eeaf8d98cdc6d42b8edb589c3ef500f56b7797f2cbff81d5feeceeb069b573d72d049f18048f6a72e3085226731810b0d8fd6de266d8981ce
|
7
|
+
data.tar.gz: 1d58d3a3df528cb398ae1c4feafd085cecad96ca56063bddd117002b43cbf485f32fe8bf8fb879bb68918095cbea00aa228717782bb6bdedc92badba094e21f4
|
data/CHANGELOG.md
CHANGED
@@ -10,6 +10,14 @@ This project attempts to follow [semantic versioning](https://semver.org/)
|
|
10
10
|
* Not working on OSX - macs don't read from /etc/profile.d/
|
11
11
|
* Stops showing color if you `sudo su`
|
12
12
|
|
13
|
+
## 2.4
|
14
|
+
Lots of modifications for ubuntu 20.04, which has python3 as a default
|
15
|
+
|
16
|
+
* Change letsencrypt to pull from apt instead of build from source (backwards compatible)
|
17
|
+
* Change postgres to a cleaner install and deprecate the old zenoamaro role
|
18
|
+
* postgresql_version is now a required variable and no longer defaults to 9.4
|
19
|
+
* Better detection of web servers
|
20
|
+
|
13
21
|
## 2.3.3
|
14
22
|
* Tweak the way that different roles are detected to be more reliable
|
15
23
|
|
@@ -4,7 +4,7 @@ This server brought to you by:
|
|
4
4
|
\___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
|
5
5
|
___) | |_| | |_) |__) | |_) | (_| | (_| __/
|
6
6
|
|____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
|
7
|
-
|_| v2.
|
7
|
+
|_| v2.4.0
|
8
8
|
~~~ https://github.com/tenforwardconsulting/subspace ~~~
|
9
9
|
|
10
10
|
If you need to make configuration changes to the server, please modify the
|
@@ -0,0 +1,44 @@
|
|
1
|
+
---
|
2
|
+
- name: Install certbot dependencies
|
3
|
+
become: true
|
4
|
+
apt:
|
5
|
+
pkg: "{{item}}"
|
6
|
+
state: present
|
7
|
+
with_items:
|
8
|
+
- augeas-lenses
|
9
|
+
- ca-certificates
|
10
|
+
- dialog
|
11
|
+
- gcc
|
12
|
+
- libaugeas0
|
13
|
+
- libffi-dev
|
14
|
+
- libpython-dev
|
15
|
+
- libpython2.7-dev
|
16
|
+
- libssl-dev
|
17
|
+
- python
|
18
|
+
- python-dev
|
19
|
+
- python-setuptools
|
20
|
+
- python-virtualenv
|
21
|
+
- python2.7
|
22
|
+
- python2.7-dev
|
23
|
+
|
24
|
+
- name: "Create certbot dir"
|
25
|
+
become: true
|
26
|
+
file:
|
27
|
+
path: "{{certbot_dir}}"
|
28
|
+
state: directory
|
29
|
+
mode: 0755
|
30
|
+
|
31
|
+
- name: "Set certbot binary"
|
32
|
+
set_fact:
|
33
|
+
certbot_bin: "{{certbot_dir}}/certbot_auto"
|
34
|
+
|
35
|
+
- name: Get certbot
|
36
|
+
become: true
|
37
|
+
get_url:
|
38
|
+
url: "https://dl.eff.org/certbot-auto"
|
39
|
+
dest: "{{certbot_bin}}"
|
40
|
+
mode: a+x
|
41
|
+
|
42
|
+
|
43
|
+
|
44
|
+
|
@@ -1,38 +1,32 @@
|
|
1
1
|
---
|
2
|
-
- name:
|
2
|
+
- name: Ensure nginx is installed (first time)
|
3
3
|
become: true
|
4
4
|
apt:
|
5
|
-
pkg:
|
5
|
+
pkg: nginx
|
6
6
|
state: present
|
7
|
-
|
8
|
-
- augeas-lenses
|
9
|
-
- ca-certificates
|
10
|
-
- dialog
|
11
|
-
- gcc
|
12
|
-
- libaugeas0
|
13
|
-
- libffi-dev
|
14
|
-
- libpython-dev
|
15
|
-
- libpython2.7-dev
|
16
|
-
- libssl-dev
|
17
|
-
- python
|
18
|
-
- python-dev
|
19
|
-
- python-setuptools
|
20
|
-
- python-virtualenv
|
21
|
-
- python2.7-dev
|
22
|
-
|
23
|
-
- name: "Create certbot dir"
|
24
|
-
become: true
|
25
|
-
file:
|
26
|
-
path: "{{certbot_dir}}"
|
27
|
-
state: directory
|
28
|
-
mode: 0755
|
7
|
+
when: "'nginx' in role_names"
|
29
8
|
|
30
|
-
- name:
|
9
|
+
- name: Attempt to install certbot from APT
|
31
10
|
become: true
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
11
|
+
ignore_errors: true
|
12
|
+
apt:
|
13
|
+
pkg: certbox
|
14
|
+
state: present
|
15
|
+
|
16
|
+
- name: "Detect if certbot was installed via APT"
|
17
|
+
shell: dpkg-query -W 'certbot'
|
18
|
+
ignore_errors: true
|
19
|
+
register: apt_certbot
|
20
|
+
|
21
|
+
- name: "Modern Letsencrypt Installation (py3, apt version)"
|
22
|
+
include_tasks: modern.yml
|
23
|
+
when: apt_certbot is succeeded
|
24
|
+
|
25
|
+
- name: "Legacy Letsencrypt Installation (py2, from source)"
|
26
|
+
include_tasks: legacy.yml
|
27
|
+
when: apt_certbot is failed
|
28
|
+
|
29
|
+
# Post install configuration
|
36
30
|
|
37
31
|
- name: shutdown webserver for standalone mode
|
38
32
|
debug: msg="Shutdown webserver"
|
@@ -50,21 +44,21 @@
|
|
50
44
|
- name: Run default
|
51
45
|
when: le_ssl_certs is not defined
|
52
46
|
become: true
|
53
|
-
command: "{{
|
47
|
+
command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
|
54
48
|
|
55
49
|
- name: Generate SSL Certificates
|
56
50
|
become: true
|
57
51
|
with_items: "{{le_ssl_certs|default([])}}"
|
58
|
-
command: "{{
|
52
|
+
command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
|
59
53
|
|
60
54
|
- name: Update nginx default options
|
61
|
-
when:
|
55
|
+
when: nginx_installed is defined
|
62
56
|
get_url:
|
63
57
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
|
64
58
|
dest: /etc/letsencrypt/options-ssl-nginx.conf
|
65
59
|
|
66
60
|
- name: Update apache default options
|
67
|
-
when:
|
61
|
+
when: apache_installed is defined
|
68
62
|
get_url:
|
69
63
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
|
70
64
|
dest: /etc/letsencrypt/options-ssl-apache.conf
|
@@ -82,20 +76,20 @@
|
|
82
76
|
|
83
77
|
- name: Setup cron job to auto renew
|
84
78
|
become: true
|
85
|
-
when:
|
79
|
+
when: apache_installed is defined
|
86
80
|
cron:
|
87
81
|
name: Auto-renew SSL
|
88
|
-
job: "{{
|
82
|
+
job: "{{certbot_bin}} renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
|
89
83
|
hour: "0"
|
90
84
|
minute: "33"
|
91
85
|
state: present
|
92
86
|
|
93
87
|
- name: Setup cron job to auto renew
|
94
88
|
become: true
|
95
|
-
when:
|
89
|
+
when: nginx_installed is defined
|
96
90
|
cron:
|
97
91
|
name: Auto-renew SSL
|
98
|
-
job: "{{
|
92
|
+
job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
|
99
93
|
hour: "0"
|
100
94
|
minute: "33"
|
101
|
-
state: present
|
95
|
+
state: present
|
@@ -25,3 +25,14 @@
|
|
25
25
|
dest: /etc/nginx/sites-enabled/{{project_name}}-ssl
|
26
26
|
state: "{{ (ssl_enabled and nginx_ssl_config is defined) | ternary('link', 'absent') }}"
|
27
27
|
become: true
|
28
|
+
|
29
|
+
- name: Enable a default server if one is not defined in the app
|
30
|
+
template:
|
31
|
+
src: 'default_server'
|
32
|
+
dest: /etc/nginx/sites-enabled/default_server
|
33
|
+
mode: 0644
|
34
|
+
group: root
|
35
|
+
owner: root
|
36
|
+
become: true
|
37
|
+
when: not default_server
|
38
|
+
|
@@ -1,6 +1,64 @@
|
|
1
1
|
---
|
2
2
|
- set_fact: postgresql_installed="true"
|
3
3
|
|
4
|
+
- name: Adding APT repository key
|
5
|
+
become: yes
|
6
|
+
apt_key:
|
7
|
+
id: ACCC4CF8
|
8
|
+
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
|
9
|
+
tags:
|
10
|
+
- postgresql
|
11
|
+
- db
|
12
|
+
- repo
|
13
|
+
|
14
|
+
- name: Add PostgreSQL official APT repository
|
15
|
+
become: yes
|
16
|
+
apt_repository:
|
17
|
+
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
18
|
+
tags:
|
19
|
+
- postgresql
|
20
|
+
- db
|
21
|
+
- repo
|
22
|
+
|
23
|
+
- name: Install PostgreSQL
|
24
|
+
become: yes
|
25
|
+
apt:
|
26
|
+
name: "{{item}}"
|
27
|
+
state: present
|
28
|
+
update_cache: yes
|
29
|
+
cache_valid_time: 3600
|
30
|
+
with_items:
|
31
|
+
- "postgresql-{{postgresql_version}}"
|
32
|
+
- "postgresql-client-{{postgresql_version}}"
|
33
|
+
- "libpq-dev"
|
34
|
+
tags:
|
35
|
+
- postgresql
|
36
|
+
- db
|
37
|
+
- deps
|
38
|
+
|
39
|
+
- name: "Detect python3"
|
40
|
+
shell: "which python3"
|
41
|
+
register: is_python3
|
42
|
+
|
43
|
+
- name: Ensure pip is installed (python3)
|
44
|
+
when: is_python3 is succeeded
|
45
|
+
apt:
|
46
|
+
name: python3-pip
|
47
|
+
state: present
|
48
|
+
update_cache: yes
|
49
|
+
|
50
|
+
- name: Install psycopg2 (python3)
|
51
|
+
when: is_python3 is succeeded
|
52
|
+
become: yes
|
53
|
+
command: "pip3 install psycopg2"
|
54
|
+
|
55
|
+
- name: Install psycopg2 (python2)
|
56
|
+
when: is_python3 is failed
|
57
|
+
become: yes
|
58
|
+
apt:
|
59
|
+
name: python-psycopg2
|
60
|
+
state: latest
|
61
|
+
|
4
62
|
- name: Create postgresql user
|
5
63
|
postgresql_user:
|
6
64
|
name: "{{database_user}}"
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-11-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -140,7 +140,9 @@ files:
|
|
140
140
|
- ansible/roles/delayed_job/tasks/main.yml
|
141
141
|
- ansible/roles/delayed_job/templates/delayed-job-monit-rc
|
142
142
|
- ansible/roles/letsencrypt/defaults/main.yml
|
143
|
+
- ansible/roles/letsencrypt/tasks/legacy.yml
|
143
144
|
- ansible/roles/letsencrypt/tasks/main.yml
|
145
|
+
- ansible/roles/letsencrypt/tasks/modern.yml
|
144
146
|
- ansible/roles/letsencrypt_dns/defaults/main.yml
|
145
147
|
- ansible/roles/letsencrypt_dns/tasks/main.yml
|
146
148
|
- ansible/roles/logrotate/LICENSE
|
@@ -179,6 +181,7 @@ files:
|
|
179
181
|
- ansible/roles/nginx-rails/templates/_asset_cors.conf
|
180
182
|
- ansible/roles/nginx-rails/templates/_rails.conf
|
181
183
|
- ansible/roles/nginx-rails/templates/_upstream.conf
|
184
|
+
- ansible/roles/nginx-rails/templates/default_server
|
182
185
|
- ansible/roles/nginx-rails/templates/nginx-project
|
183
186
|
- ansible/roles/nginx-rails/templates/nginx-project-ssl
|
184
187
|
- ansible/roles/nginx/defaults/main.yml
|