subspace 3.0.21 → 3.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/ansible/roles/common/tasks/main.yml +40 -4
  4. data/ansible/roles/nginx/tasks/main.yml +56 -9
  5. data/ansible/roles/nginx/templates/nginx.conf +29 -0
  6. data/lib/subspace/version.rb +1 -1
  7. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: df4ca7c7afe682b2ea4aa12fd7ce11ea9fd7d87a380cd9b7adc9b4b3aa554228
4
- data.tar.gz: 5f14219cb20dcfdb6adf6dde79b49dbdd33f1db12223dee02c8ddc76e5f72138
3
+ metadata.gz: e12ca8ad07d7bc9ef0a4eed0d52be0f1ffa6cac408cd0acb52da0cfb994ea9f1
4
+ data.tar.gz: '082166c447bb6dcb58a71599167ed69d23ed3cd9dd13ccb1bd34a9eb1039d7c8'
5
5
  SHA512:
6
- metadata.gz: 6cccd145a57a66a18dc2224496e250b022801d1f57643bbddd14bc4e7a844d684d9656d919c19fd339455ac209e1ef204702e0ea68a179faf6990181514479d0
7
- data.tar.gz: b0eeed81c79e8637f78db6be40f32e8d6fff8ad552bf44e1305dad4fe57d0ede687bf3aa32de842ebaaee5cd4bbf1f38330a6ef74224b7412fa7f9e1ff02eb3d
6
+ metadata.gz: 323f2f1acd128d1f4f7c5080bea4263580f77d837a24aa2359d3c4d865c10533978214ea444c365dadb9f8800feb7fa8175f597b0679978bbb33f35994ba1138
7
+ data.tar.gz: 1eb77a6dcfc4df830e6d5e223cc2d3f48ac48444955bc3a56916997b17b412e2920af98624ed3b119d5f583c819a504bc74aa40b822f3135af51b67c14030026
data/CHANGELOG.md CHANGED
@@ -12,6 +12,9 @@ This project attempts to follow [semantic versioning](https://semver.org/).
12
12
 
13
13
  ## Unreleased
14
14
 
15
+ ## 3.0.22
16
+ * Switch nginx from ppa:ondrej/nginx to official nginx.org repository.
17
+
15
18
  ## 3.0.21
16
19
  * Add gem-patch-report role. Sends stats for each vulnerable gem fixed since the start of the month.
17
20
 
data/ansible/roles/common/tasks/main.yml CHANGED
@@ -62,6 +62,46 @@
62
62
  tags:
63
63
  - maintenance
64
64
 
65
+ - name: Remove ppa:ondrej/nginx apt repository
66
+ apt_repository:
67
+ repo: ppa:ondrej/nginx
68
+ state: absent
69
+ become: true
70
+
71
+ - name: Install nginx repo prerequisites
72
+ apt:
73
+ pkg:
74
+ - curl
75
+ - gnupg2
76
+ - ca-certificates
77
+ - lsb-release
78
+ - ubuntu-keyring
79
+ state: present
80
+ become: true
81
+
82
+ - name: Import official nginx signing key
83
+ shell: curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-archive-keyring.gpg
84
+ args:
85
+ creates: /usr/share/keyrings/nginx-archive-keyring.gpg
86
+ become: true
87
+
88
+ - name: Add official nginx.org stable apt repository
89
+ apt_repository:
90
+ repo: "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/ubuntu {{ ansible_distribution_release }} nginx"
91
+ filename: nginx
92
+ state: present
93
+ become: true
94
+
95
+ - name: Pin nginx.org packages over distribution packages
96
+ copy:
97
+ content: |
98
+ Package: *
99
+ Pin: origin nginx.org
100
+ Pin: release o=nginx
101
+ Pin-Priority: 900
102
+ dest: /etc/apt/preferences.d/99nginx
103
+ become: true
104
+
65
105
  - name: apt-get update
66
106
  apt: update_cache=yes cache_valid_time=86400
67
107
  become: true
@@ -84,10 +124,6 @@
84
124
  state: latest
85
125
  update_cache: yes
86
126
 
87
- - name: Add ppa:ondrej/nginx apt repository for TLS 1.3
88
- apt_repository:
89
- repo: ppa:ondrej/nginx
90
-
91
127
  - name: /usr/lib/update-notifier/apt-check --human-readable
92
128
  command: /usr/lib/update-notifier/apt-check --human-readable
93
129
  tags:
data/ansible/roles/nginx/tasks/main.yml CHANGED
@@ -1,17 +1,64 @@
1
- - name: Install nginx
2
- apt: pkg=nginx state=latest
1
+ - name: Remove ondrej nginx packages before switching to official repo
2
+ apt:
3
+ pkg:
4
+ - nginx
5
+ - nginx-common
6
+ - nginx-core
7
+ - nginx-full
8
+ state: absent
9
+ purge: no
3
10
  become: true
4
11
 
5
- - name: Disable Server tokens
6
- lineinfile:
7
- path: /etc/nginx/nginx.conf
8
- regexp: '# server_tokens off'
9
- line: "\tserver_tokens off;"
12
+ - name: Install nginx from official repo
13
+ apt:
14
+ pkg: nginx
15
+ state: latest
16
+ update_cache: yes
17
+ become: true
10
18
 
11
- - name: Remove the default app
19
+ - name: Remove default nginx config files
12
20
  file:
13
- path: /etc/nginx/sites-enabled/default
21
+ path: "{{ item }}"
14
22
  state: absent
23
+ loop:
24
+ - /etc/nginx/sites-enabled/default
25
+ - /etc/nginx/conf.d/default.conf
26
+ become: true
27
+
28
+ - name: Ensure sites-available directory exists
29
+ file:
30
+ path: /etc/nginx/sites-available
31
+ state: directory
32
+ owner: root
33
+ group: root
34
+ mode: '0755'
35
+ become: true
36
+
37
+ - name: Ensure sites-enabled directory exists
38
+ file:
39
+ path: /etc/nginx/sites-enabled
40
+ state: directory
41
+ owner: root
42
+ group: root
43
+ mode: '0755'
44
+ become: true
45
+
46
+ - name: Ensure modules-enabled directory exists
47
+ file:
48
+ path: /etc/nginx/modules-enabled
49
+ state: directory
50
+ owner: root
51
+ group: root
52
+ mode: '0755'
53
+ become: true
54
+
55
+ - name: Deploy nginx.conf
56
+ template:
57
+ src: nginx.conf
58
+ dest: /etc/nginx/nginx.conf
59
+ owner: root
60
+ group: root
61
+ mode: '0644'
15
62
  become: true
16
63
 
17
64
  - name: "Configure rails projects"
data/ansible/roles/nginx/templates/nginx.conf ADDED
@@ -0,0 +1,29 @@
1
+ user www-data;
2
+ worker_processes auto;
3
+ pid /run/nginx.pid;
4
+ error_log /var/log/nginx/error.log;
5
+ include /etc/nginx/modules-enabled/*.conf;
6
+
7
+ events {
8
+ worker_connections 768;
9
+ }
10
+
11
+ http {
12
+ sendfile on;
13
+ tcp_nopush on;
14
+ types_hash_max_size 2048;
15
+ server_tokens off;
16
+
17
+ include /etc/nginx/mime.types;
18
+ default_type application/octet-stream;
19
+
20
+ ssl_protocols TLSv1.2 TLSv1.3;
21
+ ssl_prefer_server_ciphers on;
22
+
23
+ access_log /var/log/nginx/access.log;
24
+
25
+ gzip on;
26
+
27
+ include /etc/nginx/conf.d/*.conf;
28
+ include /etc/nginx/sites-enabled/*;
29
+ }
data/lib/subspace/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Subspace
2
- VERSION = "3.0.21"
2
+ VERSION = "3.0.22"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: subspace
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.21
4
+ version: 3.0.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Samson
@@ -192,6 +192,7 @@ files:
192
192
  - ansible/roles/nginx/defaults/main.yml
193
193
  - ansible/roles/nginx/handlers/main.yml
194
194
  - ansible/roles/nginx/tasks/main.yml
195
+ - ansible/roles/nginx/templates/nginx.conf
195
196
  - ansible/roles/nginx/templates/status
196
197
  - ansible/roles/nodejs/tasks/main.yml
197
198
  - ansible/roles/papertrail/tasks/main.yml
@@ -330,7 +331,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
330
331
  - !ruby/object:Gem::Version
331
332
  version: '0'
332
333
  requirements: []
333
- rubygems_version: 4.0.8
334
+ rubygems_version: 4.0.10
334
335
  specification_version: 4
335
336
  summary: Ansible-based server provisioning for rails projects
336
337
  test_files: []