Setup frugalfuel app

Author: edwinsteele

ansible/roles/frugalfuel_app/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+frugalfuel_base_dir: "/home/frugalfuel/frugalfuel_app"
+frugalfuel_django_virtualenv_dir: "{{ frugalfuel_base_dir }}/virtualenv"
+frugalfuel_django_listen_port: 5001

ansible/roles/frugalfuel_app/tasks/main.yml

@@ -0,0 +1,44 @@
+---
+- name: Make frugalfuel base directory
+  file:
+    path: "{{ frugalfuel_base_dir }}"
+    state: directory
+
+- name: Make data directories for loading
+  file:
+    path: "{{ frugalfuel_base_dir }}/{{ item }}"
+    state: directory
+  loop:
+    - data
+    - data-raw
+
+- name: Make frugalfuel django virtualenv base directory
+  file:
+    path: "{{ frugalfuel_django_virtualenv_dir }}"
+    state: directory
+
+- name: Copy production env file
+  template:
+    src: /Users/esteele/Code/local_setup-scripts/ansible/roles/frugalfuel_app/templates/production.env.j2
+    dest: "{{ frugalfuel_base_dir }}/production.env"
+    mode: 0600
+
+- name: Setup frugalfuel django virtualenv - install_requires
+  pip:
+    virtualenv: "{{ frugalfuel_django_virtualenv_dir }}"
+    virtualenv_python: python3.7
+    virtualenv_command: /usr/local/bin/virtualenv-3
+    name: git+https://github.com/edwinsteele/petrol_prices.git
+
+# Can move to gunicorn 20.x once a release has been made that includes
+#  https://github.com/benoitc/gunicorn/commit/2d40e6daceb9735d27bb91d9c32743695de8e01c
+- name: Setup frugalfuel django virtualenv - gunicorn
+  pip:
+    virtualenv: "{{ frugalfuel_django_virtualenv_dir }}"
+    virtualenv_python: python3.7
+    name: gunicorn==19.9.0
+
+# install
+# template copy rc file
+# service enable
+# create database if not already  (django-admin migrate) -> creates db file

ansible/roles/frugalfuel_app/templates/etc_rc.d_gunicorn.j2

@@ -0,0 +1,14 @@
+daemon="/home/frugalfuel/{{ frugalfuel_django_virtualenv_dir }}/bin/gunicorn"
+daemon_user="frugalfuel"
+daemon_flags=--log-file - --bind 127.0.0.1:{{ frugalfuel_django_listen_port }} project.wsgi
+
+#pexp=
+
+
+#--log-level {{ captiveportal_log_level }} \
+#--pid {{ captiveportal_pid_file }}  \
+#--bind 127.0.0.1:{{ captiveportal_listen_port }} captiveportal:app
+
+. /etc/rc.d/rc.subr
+
+

ansible/roles/nginx_frugalfuel.com/files/frugalfuel-com.conf

@@ -10,23 +10,29 @@ server {
     server_name www.frugalfuel.com frugalfuel.com origin.frugalfuel.com;
     root /var/www/htdocs/www.frugalfuel.com;
     index index.html;
-    error_page 404 /pages/404.html;
     access_log /var/www/logs/www.frugalfuel.com-access.log;
 
     #add_header Content-Security-Policy "default-src 'self'; base-uri 'self'; form-action 'none'; frame-ancestors 'none'; frame-src *.vimeo.com; child-src *.vimeo.com; connect-src 'self'; img-src 'self' https://*.cloudinary.com https://*.tile.openstreetmap.com; media-src *.vimeo.com; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://frugalfuel.report-uri.com/r/default/csp/enforce" always;
     ssl_certificate /etc/ssl/frugalfuel.com/fullchain.pem;
     ssl_trusted_certificate /etc/ssl/frugalfuel.com/fullchain.pem;
     ssl_certificate_key /etc/ssl/private/frugalfuel.com/privkey.pem;
 
-    location ~* \.(jpg|jpeg|gif|png|ico) {
-        expires 365d;
-    }
-    location = (index.html|archive.html) {
-        expires 1h;
+    location / {
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      # we don't want nginx trying to do something clever with
+      # redirects, we set the Host: header above already.
+      proxy_redirect off;
+      proxy_pass http://127.0.0.1:5001;
     }
-    location ~* \.(html|json|js|css|eot|woff|ttf|svg) {
-        expires 1d;
+
+    error_page 404 /pages/404.html;
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+	root /var/www/htdocs/www.frugalfuel.com;
     }
+
     location /.well-known/acme-challenge {
         alias /var/www/letsencrypt;
     }

ansible/roles/nginx_frugalfuel.com/tasks/main.yml

@@ -3,9 +3,7 @@
   user:
     name: frugalfuel
     system: yes
-    password_lock: yes
     password: '*************'
-    shell: /sbin/nologin
     comment: Service account for frugalfuel web files
 
 - name: Create Let's Encrypt directories

ansible/site.yml

@@ -19,6 +19,16 @@
   roles:
     - webhost
 
+# Frugalfuel user has a locked account, so we use become so that perms are
+#  correct.
+- hosts: webservers
+  strategy: linear
+  roles:
+    - frugalfuel_app
+  become: yes
+  become_method: doas
+  become_user: frugalfuel
+
 - hosts: firewalls
   roles:
     - firewall
@@ -27,7 +37,7 @@
     - /Users/esteele/Code/local_setup-scripts/ansible/roles/firewall/vars/local_address_vars.yml
 
 - hosts: all
-  user: esteele
+  remote_user: esteele
   roles:
     - esteele_contents
     - git