subspace 3.0.21 → 3.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/ansible/roles/common/tasks/main.yml +42 -5
  4. data/ansible/roles/nginx/tasks/main.yml +57 -9
  5. data/ansible/roles/nginx/templates/nginx.conf +29 -0
  6. data/ansible/roles/nodejs/tasks/main.yml +1 -1
  7. data/ansible/roles/postgresql/tasks/main.yml +1 -0
  8. data/ansible/roles/postgresql-client/tasks/main.yml +1 -0
  9. data/ansible/roles/ruby-common/tasks/main.yml +1 -1
  10. data/ansible/roles/tailscale/tasks/main.yml +1 -0
  11. data/ansible/roles/yarn/tasks/main.yml +1 -0
  12. data/lib/subspace/version.rb +1 -1
  13. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: df4ca7c7afe682b2ea4aa12fd7ce11ea9fd7d87a380cd9b7adc9b4b3aa554228
4
- data.tar.gz: 5f14219cb20dcfdb6adf6dde79b49dbdd33f1db12223dee02c8ddc76e5f72138
3
+ metadata.gz: 0b795ab120c9cd6ef51a2a7307a259bf93ce7e61043e8acd5e4b0c2315bd8add
4
+ data.tar.gz: b6721a78778b6b5005a4e36db7bfde02387a10656ffe990f41e9d1baddbbd72e
5
5
  SHA512:
6
- metadata.gz: 6cccd145a57a66a18dc2224496e250b022801d1f57643bbddd14bc4e7a844d684d9656d919c19fd339455ac209e1ef204702e0ea68a179faf6990181514479d0
7
- data.tar.gz: b0eeed81c79e8637f78db6be40f32e8d6fff8ad552bf44e1305dad4fe57d0ede687bf3aa32de842ebaaee5cd4bbf1f38330a6ef74224b7412fa7f9e1ff02eb3d
6
+ metadata.gz: f87b11db0b941afa71af37de75cbdc4db31ffa444c1562d734595e828779e6048825f2b9a0861feb96eef897625d6adadd2f3c7aa49fcf3fa13a9788427c77d1
7
+ data.tar.gz: 7df00e223764df49ed05a4a17d420e9c23df51384eff3d61bf5b76d44d80570db1384bb57d43d6503dcb7f7c606bbda81ffb91f9992aeb4051853759095ee774
data/CHANGELOG.md CHANGED
@@ -12,6 +12,12 @@ This project attempts to follow [semantic versioning](https://semver.org/).
12
12
 
13
13
  ## Unreleased
14
14
 
15
+ ## 3.0.23
16
+ * Add cache_valid_time to apt update_cache calls across roles to avoid redundant apt updates during provision
17
+
18
+ ## 3.0.22
19
+ * Switch nginx from ppa:ondrej/nginx to official nginx.org repository.
20
+
15
21
  ## 3.0.21
16
22
  * Add gem-patch-report role. Sends stats for each vulnerable gem fixed since the start of the month.
17
23
 
data/ansible/roles/common/tasks/main.yml CHANGED
@@ -62,8 +62,48 @@
62
62
  tags:
63
63
  - maintenance
64
64
 
65
+ - name: Remove ppa:ondrej/nginx apt repository
66
+ apt_repository:
67
+ repo: ppa:ondrej/nginx
68
+ state: absent
69
+ become: true
70
+
71
+ - name: Install nginx repo prerequisites
72
+ apt:
73
+ pkg:
74
+ - curl
75
+ - gnupg2
76
+ - ca-certificates
77
+ - lsb-release
78
+ - ubuntu-keyring
79
+ state: present
80
+ become: true
81
+
82
+ - name: Import official nginx signing key
83
+ shell: curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-archive-keyring.gpg
84
+ args:
85
+ creates: /usr/share/keyrings/nginx-archive-keyring.gpg
86
+ become: true
87
+
88
+ - name: Add official nginx.org stable apt repository
89
+ apt_repository:
90
+ repo: "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/ubuntu {{ ansible_distribution_release }} nginx"
91
+ filename: nginx
92
+ state: present
93
+ become: true
94
+
95
+ - name: Pin nginx.org packages over distribution packages
96
+ copy:
97
+ content: |
98
+ Package: *
99
+ Pin: origin nginx.org
100
+ Pin: release o=nginx
101
+ Pin-Priority: 900
102
+ dest: /etc/apt/preferences.d/99nginx
103
+ become: true
104
+
65
105
  - name: apt-get update
66
- apt: update_cache=yes cache_valid_time=86400
106
+ apt: update_cache=yes cache_valid_time=3600
67
107
  become: true
68
108
  tags:
69
109
  - upgrade
@@ -83,10 +123,7 @@
83
123
  name: systemd
84
124
  state: latest
85
125
  update_cache: yes
86
-
87
- - name: Add ppa:ondrej/nginx apt repository for TLS 1.3
88
- apt_repository:
89
- repo: ppa:ondrej/nginx
126
+ cache_valid_time: 3600
90
127
 
91
128
  - name: /usr/lib/update-notifier/apt-check --human-readable
92
129
  command: /usr/lib/update-notifier/apt-check --human-readable
data/ansible/roles/nginx/tasks/main.yml CHANGED
@@ -1,17 +1,65 @@
1
- - name: Install nginx
2
- apt: pkg=nginx state=latest
1
+ - name: Remove ondrej nginx packages before switching to official repo
2
+ apt:
3
+ pkg:
4
+ - nginx
5
+ - nginx-common
6
+ - nginx-core
7
+ - nginx-full
8
+ state: absent
9
+ purge: no
3
10
  become: true
4
11
 
5
- - name: Disable Server tokens
6
- lineinfile:
7
- path: /etc/nginx/nginx.conf
8
- regexp: '# server_tokens off'
9
- line: "\tserver_tokens off;"
12
+ - name: Install nginx from official repo
13
+ apt:
14
+ pkg: nginx
15
+ state: latest
16
+ update_cache: yes
17
+ cache_valid_time: 3600
18
+ become: true
10
19
 
11
- - name: Remove the default app
20
+ - name: Remove default nginx config files
12
21
  file:
13
- path: /etc/nginx/sites-enabled/default
22
+ path: "{{ item }}"
14
23
  state: absent
24
+ loop:
25
+ - /etc/nginx/sites-enabled/default
26
+ - /etc/nginx/conf.d/default.conf
27
+ become: true
28
+
29
+ - name: Ensure sites-available directory exists
30
+ file:
31
+ path: /etc/nginx/sites-available
32
+ state: directory
33
+ owner: root
34
+ group: root
35
+ mode: '0755'
36
+ become: true
37
+
38
+ - name: Ensure sites-enabled directory exists
39
+ file:
40
+ path: /etc/nginx/sites-enabled
41
+ state: directory
42
+ owner: root
43
+ group: root
44
+ mode: '0755'
45
+ become: true
46
+
47
+ - name: Ensure modules-enabled directory exists
48
+ file:
49
+ path: /etc/nginx/modules-enabled
50
+ state: directory
51
+ owner: root
52
+ group: root
53
+ mode: '0755'
54
+ become: true
55
+
56
+ - name: Deploy nginx.conf
57
+ template:
58
+ src: nginx.conf
59
+ dest: /etc/nginx/nginx.conf
60
+ owner: root
61
+ group: root
62
+ mode: '0644'
15
63
  become: true
16
64
 
17
65
  - name: "Configure rails projects"
data/ansible/roles/nginx/templates/nginx.conf ADDED
@@ -0,0 +1,29 @@
1
+ user www-data;
2
+ worker_processes auto;
3
+ pid /run/nginx.pid;
4
+ error_log /var/log/nginx/error.log;
5
+ include /etc/nginx/modules-enabled/*.conf;
6
+
7
+ events {
8
+ worker_connections 768;
9
+ }
10
+
11
+ http {
12
+ sendfile on;
13
+ tcp_nopush on;
14
+ types_hash_max_size 2048;
15
+ server_tokens off;
16
+
17
+ include /etc/nginx/mime.types;
18
+ default_type application/octet-stream;
19
+
20
+ ssl_protocols TLSv1.2 TLSv1.3;
21
+ ssl_prefer_server_ciphers on;
22
+
23
+ access_log /var/log/nginx/access.log;
24
+
25
+ gzip on;
26
+
27
+ include /etc/nginx/conf.d/*.conf;
28
+ include /etc/nginx/sites-enabled/*;
29
+ }
data/ansible/roles/nodejs/tasks/main.yml CHANGED
@@ -18,7 +18,7 @@
18
18
  register: node_repo
19
19
 
20
20
  - name: Update apt cache if repo was added.
21
- apt: update_cache=yes
21
+ apt: update_cache=yes cache_valid_time=3600
22
22
  when: node_repo.changed
23
23
 
24
24
  - name: Ensure Node.js and npm are installed.
data/ansible/roles/postgresql/tasks/main.yml CHANGED
@@ -46,6 +46,7 @@
46
46
  name: python3-pip
47
47
  state: present
48
48
  update_cache: yes
49
+ cache_valid_time: 3600
49
50
 
50
51
  - name: Install psycopg2 (python3)
51
52
  when: is_python3 is succeeded
data/ansible/roles/postgresql-client/tasks/main.yml CHANGED
@@ -58,6 +58,7 @@
58
58
  name: python3-pip
59
59
  state: present
60
60
  update_cache: yes
61
+ cache_valid_time: 3600
61
62
  tags:
62
63
  - postgresql
63
64
  - db
data/ansible/roles/ruby-common/tasks/main.yml CHANGED
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  - name: Update APT cache
3
- apt: update_cache=yes
3
+ apt: update_cache=yes cache_valid_time=3600
4
4
  become: true
5
5
  when: ansible_facts["distribution"] == 'Debian' or ansible_facts["distribution"] == 'Ubuntu'
6
6
 
data/ansible/roles/tailscale/tasks/main.yml CHANGED
@@ -32,6 +32,7 @@
32
32
  state: latest
33
33
  allow_downgrade: true
34
34
  update_cache: yes
35
+ cache_valid_time: 3600
35
36
  tags:
36
37
  - maintenance
37
38
  - tailscale_reauth
data/ansible/roles/yarn/tasks/main.yml CHANGED
@@ -30,6 +30,7 @@
30
30
  become_user: root
31
31
  apt:
32
32
  update_cache: yes
33
+ cache_valid_time: 3600
33
34
 
34
35
  - name: "Yarn | Install"
35
36
  become: yes
data/lib/subspace/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Subspace
2
- VERSION = "3.0.21"
2
+ VERSION = "3.0.23"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: subspace
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.21
4
+ version: 3.0.23
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Samson
@@ -192,6 +192,7 @@ files:
192
192
  - ansible/roles/nginx/defaults/main.yml
193
193
  - ansible/roles/nginx/handlers/main.yml
194
194
  - ansible/roles/nginx/tasks/main.yml
195
+ - ansible/roles/nginx/templates/nginx.conf
195
196
  - ansible/roles/nginx/templates/status
196
197
  - ansible/roles/nodejs/tasks/main.yml
197
198
  - ansible/roles/papertrail/tasks/main.yml
@@ -330,7 +331,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
330
331
  - !ruby/object:Gem::Version
331
332
  version: '0'
332
333
  requirements: []
333
- rubygems_version: 4.0.8
334
+ rubygems_version: 4.0.10
334
335
  specification_version: 4
335
336
  summary: Ansible-based server provisioning for rails projects
336
337
  test_files: []