fix initial nginx ssl deployment in ansible playbook

2024-01-07 17:36:35 +01:00 · 2024-01-07 17:36:35 +01:00 · 258065eec3
commit 258065eec3
parent 8f7c037606
4 changed files with 50 additions and 16254 deletions
--- a/deploy/ansible/playbooks/deploy-c3lf-sys3.yml
+++ b/deploy/ansible/playbooks/deploy-c3lf-sys3.yml
@ -78,6 +78,7 @@
          - python3-certbot-nginx
          - mariadb-server
          - python3-dev
+          - python3-mysqldb
          - default-libmysqlclient-dev
          - build-essential
          - postfix
@ -133,18 +134,34 @@
        path: /etc/letsencrypt/live/{{web_domain}}/fullchain.pem
      register: certbot_cert_exists

+    - name: Check nginx ssl config
+      stat:
+        path: /etc/letsencrypt/options-ssl-nginx.conf
+      register: nginx_ssl_config_exists
+
    - block:
        - name: stop nginx
          service:
            name: nginx
            state: stopped
+        - name: disable c3lf-sys3 site
+          file:
+            path: /etc/nginx/sites-enabled/c3lf-sys3.conf
+            state: absent
        - name: add certbot domain
          command: "certbot certonly --standalone -d {{web_domain}} --non-interactive --agree-tos --email {{main_email}}"
+        - name: install letsencrypt ssl config
+          command: "certbot install --nginx --non-interactive"
+        - name: enable c3lf-sys3 site
+          file:
+            src: /etc/nginx/sites-available/c3lf-sys3.conf
+            dest: /etc/nginx/sites-enabled/c3lf-sys3.conf
+            state: link
        - name: start nginx
          service:
            name: nginx
            state: started
-      when: certbot_cert_exists.stat.exists == false
+      when: certbot_cert_exists.stat.exists == false or nginx_ssl_config_exists.stat.exists == false

    - name: Enable certbot auto renew
      cron:
@ -171,6 +188,12 @@
      notify:
        - restart nginx

+    - name: Initially start nginx
+      service:
+        name: nginx
+        state: started
+        enabled: yes
+
    - name: create database
      mysql_db:
        name: c3lf_sys3
@ -185,6 +208,14 @@
        state: present
        login_unix_socket: /var/run/mysqld/mysqld.sock

+    - name: configure webdir
+      file:
+        path: /var/www
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: 0755
+
    - name: configure webdir
      file:
        path: /var/www/c3lf-sys3
@ -235,11 +266,19 @@
            dest: /var/www/c3lf-sys3/repo/core/.env

        - name: migrate database
-          command: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py migrate"
+          shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py migrate"
          when: git_repo.changed == true

+        - name: create superuser
+          shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py createsuperuser --noinput || true"
+          when: git_repo.changed == true
+          environment:
+            DJANGO_SUPERUSER_USERNAME: admin
+            DJANGO_SUPERUSER_PASSWORD: "{{ django_password }}"
+            DJANGO_SUPERUSER_EMAIL: "{{ main_email }}"
+
        - name: collect static files
-          command: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py collectstatic --noinput"
+          shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py collectstatic --noinput"
          when: git_repo.changed == true

        - name: js config
@ -247,7 +286,7 @@
            src: templates/config.js.j2
            dest: /var/www/c3lf-sys3/repo/web/src/config.js

-        - name: build install dependencies
+        - name: install build dependencies
          command:
            cmd: "npm install"
            chdir: /var/www/c3lf-sys3/repo/web