summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorSacha Chua <sacha@sachachua.com>2023-10-17 11:58:42 -0400
committerSacha Chua <sacha@sachachua.com>2023-10-17 11:58:42 -0400
commitebba562c95e2f50c5cbac1706fd62457cf9d5eaa (patch)
treee58e27f223957fdf3b996328ce56af224d8f732a /roles
parent6f128bfc6c0172e05fc581a7150258d4dc978031 (diff)
downloademacsconf-ansible-ebba562c95e2f50c5cbac1706fd62457cf9d5eaa.tar.xz
emacsconf-ansible-ebba562c95e2f50c5cbac1706fd62457cf9d5eaa.zip
media server updates
Diffstat (limited to '')
-rw-r--r--roles/media/tasks/main.yml37
-rw-r--r--roles/media/templates/nginx-include4
2 files changed, 29 insertions, 12 deletions
diff --git a/roles/media/tasks/main.yml b/roles/media/tasks/main.yml
index 44374f5..8cd854d 100644
--- a/roles/media/tasks/main.yml
+++ b/roles/media/tasks/main.yml
@@ -9,43 +9,60 @@
name: python3-passlib
- name: Ensure web path exists
file:
- path: /var/www/{{ host_name }}/{{ emacsconf_year }}/backstage
+ path: /var/www/{{ media_server_name }}/{{ emacsconf_year }}/backstage
state: directory
+- name: Create group
+ group:
+ name: "{{ emacsconf_group }}"
+ state: present
+- name: Create user
+ user:
+ name: "{{ emacsconf_user }}"
+ group: "{{ emacsconf_group }}"
+ state: present
- name: Change ownership and permissions
file:
- path: /var/www/{{ host_name }}/{{ emacsconf_year }}
+ path: /var/www/{{ media_server_name }}/{{ emacsconf_year }}
owner: "{{ emacsconf_user }}"
group: "{{ emacsconf_group }}"
mode: "u=rwX,g=rwX,o=rX"
recurse: true
+- name: Add public key for authorized access
+ ansible.posix.authorized_key:
+ user: "{{ emacsconf_user }}"
+ state: present
+ key: '{{ item }}'
+ with_file:
+ - ../../base/files/keys/sachac
+ - ../../base/files/keys/orga
- name: Create htpasswd entry
htpasswd:
create: yes
name: "{{ emacsconf_backstage_user }}"
password: "{{ emacsconf_backstage_password }}"
- path: /etc/nginx/sites-available/{{ host_name }}-{{ emacsconf_year }}-htpasswd
+ path: /etc/nginx/sites-available/{{ media_server_name }}-{{ emacsconf_year }}-htpasswd
- name: Create Nginx include
template:
src: nginx-include
- dest: /etc/nginx/sites-available/{{ host_name }}-{{ emacsconf_year }}-include
+ dest: /etc/nginx/sites-available/{{ media_server_name }}-{{ emacsconf_year }}-include
- name: Create main configuration if needed
template:
src: nginx-site-config
- dest: /etc/nginx/sites-available/{{ host_name }}
+ dest: /etc/nginx/sites-available/{{ media_server_name }}
force: no
- name: Make sure main configuration is enabled
file:
- src: /etc/nginx/sites-available/{{ host_name }}
- dest: /etc/nginx/sites-enabled/{{ host_name }}
+ src: /etc/nginx/sites-available/{{ media_server_name }}
+ dest: /etc/nginx/sites-enabled/{{ media_server_name }}
owner: "{{ emacsconf_user }}"
group: "{{ emacsconf_group }}"
force: no
state: link
- name: Include it in the main configuration
lineinfile:
- path: /etc/nginx/sites-available/{{ host_name }}
- regexp: "{{ host_name }}-{{ emacsconf_year }}-include"
- line: " include sites-available/{{ host_name }}-{{ emacsconf_year }}-include;"
+ path: /etc/nginx/sites-available/{{ media_server_name }}
+ regexp: "{{ media_server_name }}-{{ emacsconf_year }}-include"
+ line: " include sites-available/{{ media_server_name }}-{{ emacsconf_year }}-include;"
insertafter: root
- name: Reload configuration
service:
diff --git a/roles/media/templates/nginx-include b/roles/media/templates/nginx-include
index 0f74c60..416e1ca 100644
--- a/roles/media/templates/nginx-include
+++ b/roles/media/templates/nginx-include
@@ -1,7 +1,7 @@
rewrite ^/current/bbb-open.html$ {{ bbb_open_url }} redirect;
location /{{ emacsconf_year }}/backstage {
auth_basic "Restricted";
- auth_basic_user_file /etc/nginx/sites-available/{{ host_name }}-{{ emacsconf_year }}-htpasswd;
+ auth_basic_user_file /etc/nginx/sites-available/{{ media_server_name }}-{{ emacsconf_year }}-htpasswd;
autoindex on;
rewrite ^/{{ emacsconf_year }}/backstage/current/pad/([^/]*)$ https://{{ etherpad_server_name }}/{{ emacsconf_year }}-$1 redirect;
rewrite ^/{{ emacsconf_year }}/backstage/current/room/([^/]*)$ https://{{ media_server_name }}/{{ emacsconf_year }}/backstage/assets/redirects/open/bbb-$1.html redirect;
@@ -22,7 +22,7 @@ location /{{ emacsconf_year }}/backstage {
{% if media_protect_root == 'true' %}
location /{{ emacsconf_year }} {
# TODO: Figure out how to make this properly controlled by the variable
- auth_basic_user_file /etc/nginx/sites-available/{{ host_name }}-{{ emacsconf_year }}-htpasswd;
+ auth_basic_user_file /etc/nginx/sites-available/{{ media_server_name }}-{{ emacsconf_year }}-htpasswd;
auth_basic "Restricted";
autoindex on;
}