bitwisecook/www.yml

## www.yml
---
- hosts: [www]
  tasks:
    - name: update apk
      apk:
        update_cache: yes
    - name: upgrade alpine
      apk:
        upgrade: yes
  tags:
    - install
- hosts: [www]
  tasks:
    - name: install packages
      apk:
        name: "{{ item }}"
        state: latest
      with_items:
        - python3
        - python3-dev
        - py3-cffi
        - uwsgi
        - uwsgi-python3
        - nginx
        - sqlite
        - autoconf
        - automake
        - build-base
        - libtool
        - nasm
        - unzip
        - zlib
        - zlib-dev
        - libjpeg-turbo
        - libjpeg-turbo-dev
        - curl
      tags:
        - update
        - pkg
    - name: create app dirs
      file:
        path: '{{ item.key }}'
        state: directory
        owner: root
        group: uwsgi
        mode: '{{ item.value.mode }}'
      with_dict:
        /var/www/app:
          mode: 750
        /var/db:
          mode: 750
        /var/db/app:
          mode: 770
        /run/uwsgi/app:
          mode: 777
        /run/uwsgi/app/app:
          mode: 777
        /var/log/uwsgi:
          mode: 770
      tags:
        - config
    - name: install required python modules
      pip:
        name: '{{ item }}'
        state: latest
        executable: pip3
      with_items:
        - wheel
        - setuptools
        - pip
        - requests
        - beautifulsoup4
        - html5lib
        - Pillow-SIMD
        - flask
        - argon2_cffi
        - passlib
      tags:
        - update
        - pkg
    - name: push up site
      copy:
        src: '/Projects/appserv/{{ item }}'
        dest: /var/www/app
        force: yes
        mode: u=rwX,g=rX,o=
        owner: root
        group: uwsgi
      with_items:
        - app.py
        - templates
        - static
      tags:
        - push
    - name: push up database
      copy:
        src: '/Projects/appserv/{{ item.key }}'
        dest: '/var/db/{{ item.value }}'
        force: no
        mode: 0660
        owner: root
        group: uwsgi
      with_dict:
        'db/av.db': 'app/av.db'
      tags:
        - push
    - name: update constants
      template:
        src: constants.py.j2
        dest: /var/www/app/constants.py
        owner: root
        group: uwsgi
        mode: 0750
      tags:
        - config
        - push
    - name: remove nginx default
      file:
        path: /etc/nginx/conf.d/default.conf
        state: absent
      tags:
        - config
    - name: install app nginx config
      template:
        src: app-nginx.conf.j2
        dest: /etc/nginx/conf.d/app_nginx.conf
      tags:
        - config
    - name: install app uwsgi config
      template:
        src: app_uwsgi.ini.j2
        dest: /etc/uwsgi/conf.d/app_uwsgi.ini
      tags:
        - config
    - name: fix uwsgi for unpriv container
      lineinfile:
        dest: /etc/uwsgi/uwsgi.ini
        state: absent
        regexp: '^cap = .*'
    - name: turn off uwsgi tyrant
      lineinfile:
        dest: /etc/uwsgi/uwsgi.ini
        regexp: '^emperor-tyrant = '
        line: 'emperor-tyrant = false'
    - name: start services
      service:
        name: '{{ item }}'
        state: started
        enabled: yes
      with_items:
        - nginx
        - uwsgi
        - sshd
      tags:
        - config
        - services
      register: restart services
	---
	- hosts: [www]
	tasks:
	- name: update apk
	apk:
	update_cache: yes
	- name: upgrade alpine
	apk:
	upgrade: yes
	tags:
	- install
	- hosts: [www]
	tasks:
	- name: install packages
	apk:
	name: "{{ item }}"
	state: latest
	with_items:
	- python3
	- python3-dev
	- py3-cffi
	- uwsgi
	- uwsgi-python3
	- nginx
	- sqlite
	- autoconf
	- automake
	- build-base
	- libtool
	- nasm
	- unzip
	- zlib
	- zlib-dev
	- libjpeg-turbo
	- libjpeg-turbo-dev
	- curl
	tags:
	- update
	- pkg
	- name: create app dirs
	file:
	path: '{{ item.key }}'
	state: directory
	owner: root
	group: uwsgi
	mode: '{{ item.value.mode }}'
	with_dict:
	/var/www/app:
	mode: 750
	/var/db:
	mode: 750
	/var/db/app:
	mode: 770
	/run/uwsgi/app:
	mode: 777
	/run/uwsgi/app/app:
	mode: 777
	/var/log/uwsgi:
	mode: 770
	tags:
	- config
	- name: install required python modules
	pip:
	name: '{{ item }}'
	state: latest
	executable: pip3
	with_items:
	- wheel
	- setuptools
	- pip
	- requests
	- beautifulsoup4
	- html5lib
	- Pillow-SIMD
	- flask
	- argon2_cffi
	- passlib
	tags:
	- update
	- pkg
	- name: push up site
	copy:
	src: '/Projects/appserv/{{ item }}'
	dest: /var/www/app
	force: yes
	mode: u=rwX,g=rX,o=
	owner: root
	group: uwsgi
	with_items:
	- app.py
	- templates
	- static
	tags:
	- push
	- name: push up database
	copy:
	src: '/Projects/appserv/{{ item.key }}'
	dest: '/var/db/{{ item.value }}'
	force: no
	mode: 0660
	owner: root
	group: uwsgi
	with_dict:
	'db/av.db': 'app/av.db'
	tags:
	- push
	- name: update constants
	template:
	src: constants.py.j2
	dest: /var/www/app/constants.py
	owner: root
	group: uwsgi
	mode: 0750
	tags:
	- config
	- push
	- name: remove nginx default
	file:
	path: /etc/nginx/conf.d/default.conf
	state: absent
	tags:
	- config
	- name: install app nginx config
	template:
	src: app-nginx.conf.j2
	dest: /etc/nginx/conf.d/app_nginx.conf
	tags:
	- config
	- name: install app uwsgi config
	template:
	src: app_uwsgi.ini.j2
	dest: /etc/uwsgi/conf.d/app_uwsgi.ini
	tags:
	- config
	- name: fix uwsgi for unpriv container
	lineinfile:
	dest: /etc/uwsgi/uwsgi.ini
	state: absent
	regexp: '^cap = .*'
	- name: turn off uwsgi tyrant
	lineinfile:
	dest: /etc/uwsgi/uwsgi.ini
	regexp: '^emperor-tyrant = '
	line: 'emperor-tyrant = false'
	- name: start services
	service:
	name: '{{ item }}'
	state: started
	enabled: yes
	with_items:
	- nginx
	- uwsgi
	- sshd
	tags:
	- config
	- services
	register: restart services