summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.org4
-rw-r--r--common-playbook.yml6
-rw-r--r--inventory.yml6
-rw-r--r--roles/pad-proxy/tasks/main.yml3
-rw-r--r--roles/upload/defaults/main.yml2
-rw-r--r--roles/upload/tasks/main.yml107
-rw-r--r--roles/upload/templates/config.production.js106
-rw-r--r--roles/upload/templates/head.pug22
-rw-r--r--roles/upload/templates/upload.service16
9 files changed, 269 insertions, 3 deletions
diff --git a/README.org b/README.org
index 76c082f..31c926b 100644
--- a/README.org
+++ b/README.org
@@ -138,3 +138,7 @@ https://gist.github.com/aaronpk/7307172
ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy --extra-vars='{"use_wikimedia": false}'
ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy --extra-vars='{"use_wikimedia": true}'
+* Upload
+
+/ssh:media|sudo:upload@media:~upload
+/ssh:media|sudo::/etc/nginx/sites-available
diff --git a/common-playbook.yml b/common-playbook.yml
index 06b8d08..815aac4 100644
--- a/common-playbook.yml
+++ b/common-playbook.yml
@@ -23,3 +23,9 @@
tags: proxy
roles:
- pad-proxy
+- name: Set up upload container
+ hosts: upload
+ tags: upload
+ roles:
+ - upload
+
diff --git a/inventory.yml b/inventory.yml
index 3124fb5..7f80dae 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -18,6 +18,12 @@ prod:
ansible_ssh_user: orga
ansible_python_interpreter: /usr/bin/python3
ansible_become: true
+ upload:
+ ansible_host: media.emacsconf.org
+ remote_user: orga
+ ansible_ssh_user: orga
+ ansible_python_interpreter: /usr/bin/python3
+ ansible_become: true
all:
hosts:
localhost:
diff --git a/roles/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml
index b8cfdf3..8de72df 100644
--- a/roles/pad-proxy/tasks/main.yml
+++ b/roles/pad-proxy/tasks/main.yml
@@ -6,9 +6,6 @@
apt:
name: nginx
state: present
- - debug:
- var: ansible_managed
- tags: wip
- name: Add proxy configuration
template:
src: etherpad.nginx.conf
diff --git a/roles/upload/defaults/main.yml b/roles/upload/defaults/main.yml
new file mode 100644
index 0000000..188420c
--- /dev/null
+++ b/roles/upload/defaults/main.yml
@@ -0,0 +1,2 @@
+upload_user: upload
+upload_dir: /home/upload/files
diff --git a/roles/upload/tasks/main.yml b/roles/upload/tasks/main.yml
new file mode 100644
index 0000000..843b4be
--- /dev/null
+++ b/roles/upload/tasks/main.yml
@@ -0,0 +1,107 @@
+- name: Set up packages as root
+ block:
+ - name: Add GPG
+ apt:
+ update_cache: yes
+ name:
+ - gpg
+ - sudo
+ - name: Add nodesource key
+ apt_key:
+ url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+ state: present
+ - name: Add nodesource repository
+ ansible.builtin.apt_repository:
+ repo: deb https://deb.nodesource.com/node_13.x buster main
+ update_cache: yes
+ - name: Install packages
+ apt:
+ update_cache: yes
+ name:
+ - nodejs
+ state: present
+- name: Create upload user
+ become: true
+ user:
+ name: "{{ upload_user }}"
+ shell: /bin/bash
+ state: present
+- name: Ensure upload directory exists
+ file:
+ path: "{{ upload_dir }}"
+ owner: "{{ upload_user }}"
+ state: directory
+- name: Install precompiled version
+ unarchive:
+ src: https://github.com/psi-4ward/psitransfer/releases/download/v2.1.1/psitransfer-v2.1.1.tar.gz
+ dest: "/home/{{ upload_user }}"
+ remote_src: yes
+- name: Create link
+ file:
+ src: "/home/{{ upload_user }}/psitransfer-v2.1.1"
+ dest: "/home/{{ upload_user }}/psitransfer"
+ state: link
+- name: Upload production config
+ tags: wip
+ become: true
+ template:
+ src: config.production.js
+ dest: "/home/{{ upload_user }}/psitransfer/config.production.js"
+- name: Install dependencies
+ npm:
+ path: "/home/{{ upload_user }}/psitransfer"
+ production: yes
+ ci: yes
+- name: Add LibreJS tag start
+ tags: wip
+ lineinfile:
+ path: /home/{{ upload_user }}/psitransfer/public/app/{{ item.path }}
+ line: // @license {{ item.license }}
+ insertbefore: BOF
+ loop:
+ - path: common.js
+ license: magnet:?xt=urn:btih:d3d9a9a6595521f9666a5e94cc830dab83b65699&dn=expat.txt Expat
+ - path: upload.js
+ license: magnet:?xt=urn:btih:d3d9a9a6595521f9666a5e94cc830dab83b65699&dn=expat.txt Expat
+ - path: admin.js
+ license: magnet:?xt=urn:btih:87f119ba0b429ba17a44b4bffcab33165ebdacc0&dn=freebsd.txt BSD-2-Clause
+ - path: download.js
+ license: magnet:?xt=urn:btih:87f119ba0b429ba17a44b4bffcab33165ebdacc0&dn=freebsd.txt BSD-2-Clause
+- name: Add license tag end
+ tags: wip
+ lineinfile:
+ path: /home/{{ upload_user }}/psitransfer/public/app/{{ item.path }}
+ line: // @license-end
+ loop:
+ - path: common.js
+ - path: upload.js
+ - path: admin.js
+ - path: download.js
+- name: Update head template
+ tags: wip
+ template:
+ src: head.pug
+ dest: /home/{{ upload_user }}/psitransfer/public/pug/partials/head.pug
+- name: Change ownership
+ file:
+ path: "/home/{{ upload_user }}"
+ owner: "{{ upload_user }}"
+ group: "{{ upload_group }}"
+ recurse: true
+- name: Install systemd configuration
+ tags: system
+ become: true
+ template:
+ src: upload.service
+ dest: /etc/systemd/system/upload.service
+ owner: root
+ group: root
+ mode: 0755
+ when: not use_initd
+- name: Restart Upload
+ tags: wip
+ become: true
+ service:
+ name: upload
+ state: restarted
+ enabled: yes
diff --git a/roles/upload/templates/config.production.js b/roles/upload/templates/config.production.js
new file mode 100644
index 0000000..b3b1e4b
--- /dev/null
+++ b/roles/upload/templates/config.production.js
@@ -0,0 +1,106 @@
+const path = require('path');
+const fs = require('fs');
+const fsp = require('fs-promise');
+
+// Default Config
+// Do not edit this, generate a config.<ENV>.js for your NODE_ENV
+// or use ENV-VARS like PSITRANSFER_PORT=8000
+const config = {
+ "uploadDir": path.resolve(__dirname + '/data'),
+ // set to serve PsiTransfer from a sub-path
+ "baseUrl": '/',
+ // use to set custom upload url (subfolder to baseUrl)
+ "uploadAppPath": '/',
+ "iface": '127.0.0.1',
+ // set to false to disable HTTP
+ "port": 3000,
+ // HTTPS, set all 3 values to enable
+ "sslPort": "{{ upload_ssl_port }}",
+ "sslKeyFile": "{{ upload_ssl_key }}",
+ "sslCertFile": "{{ upload_ssl_cert }}",
+ // Force redirect to https
+ // can be true or a specific url like https://example.com:8443
+ // keep empty to disable
+ "forceHttps": '',
+ // retention options in seconds:label
+ "retentions": {
+ // "one-time": "one time download",
+ // "3600": "1 Hour",
+ // "21600": "6 Hours",
+ // "86400": "1 Day",
+ // "259200": "3 Days",
+ // "604800": "1 Week",
+ // "1209600": "2 Weeks",
+ // "2419200": "4 Weeks",
+ "4838400": "8 Weeks"
+ },
+ // admin password, set to false to disable /admin page
+ "adminPass": false,
+ // upload password, set to false to disable
+ "uploadPass": false,
+ // make the bucket-password field mandatory
+ "requireBucketPassword": false,
+ "defaultRetention": "4838400",
+ // expire every file after maxAge (eg never downloaded one-time files)
+ "maxAge": 3600 * 24 * 75, // 75 days
+ // maximum file-size for previews in byte
+ "maxPreviewSize": Math.pow(2, 20) * 2, // 2MB
+ "mailTemplate": 'mailto:?subject=File Transfer&body=You can download the files here: %%URL%%',
+ // see https://github.com/expressjs/morgan
+ // set to false to disable logging
+ "accessLog": ':date[iso] :method :url :status :response-time :remote-addr',
+ // event webhooks
+ // invokes an HTTP POST to a url whenever a file is downloaded
+ // for more info, see the webhooks section of docs/configuration.md
+ "fileDownloadedWebhook": null,
+ "fileUploadedWebhook": null,
+ // Fallback language
+ "defaultLanguage": "en",
+ // Limit upload size
+ "maxFileSize": null, // Math.pow(2, 30) * 2, // 2GB
+ "maxBucketSize": null, // Math.pow(2, 30) * 2, // 10GB
+ "plugins": ['file-downloaded-webhook', 'file-uploaded-webhook'],
+};
+
+// Load NODE_ENV specific config
+const envConfFile = path.resolve(__dirname, `config.${ process.env.NODE_ENV }.js`);
+if (process.env.NODE_ENV && fsp.existsSync(envConfFile)) {
+ Object.assign(config, require(envConfFile));
+}
+
+// Load config from ENV VARS
+let envName;
+for (let k in config) {
+ envName = 'PSITRANSFER_' + k.replace(/([A-Z])/g, $1 => "_" + $1).toUpperCase();
+ if (process.env[envName]) {
+ if (typeof config[k] === 'number') {
+ config[k] = parseInt(process.env[envName], 10);
+ } else if (Array.isArray(config[k])) {
+ config[k] = process.env[envName].split(',');
+ } else if (typeof config[k] === 'object') {
+ config[k] = JSON.parse(process.env[envName]);
+ } else {
+ config[k] = process.env[envName];
+ }
+ }
+}
+
+if (!config.baseUrl.endsWith('/')) config.baseUrl = config.baseUrl + '/';
+if (!config.uploadAppPath.endsWith('/')) config.uploadAppPath = config.uploadAppPath + '/';
+
+config.uploadAppPath = config.baseUrl.substr(0, config.baseUrl.length - 1) + config.uploadAppPath;
+
+// Load language files
+config.languages = {
+ [config.defaultLanguage]: require(`./lang/${ config.defaultLanguage }`) // default language
+};
+fs.readdirSync(path.resolve(__dirname, 'lang')).forEach(lang => {
+ lang = lang.replace('.js', '');
+ if (lang === config.defaultLanguage) return;
+ config.languages[lang] = {
+ ...config.languages[config.defaultLanguage],
+ ...require(`./lang/${ lang }`)
+ };
+});
+
+module.exports = config;
diff --git a/roles/upload/templates/head.pug b/roles/upload/templates/head.pug
new file mode 100644
index 0000000..fbc16f5
--- /dev/null
+++ b/roles/upload/templates/head.pug
@@ -0,0 +1,22 @@
+base(href=baseUrl)
+meta(charset='utf-8')
+title EmacsConf upload
+link(href='assets/favicon.ico' rel='icon' type='image/x-icon')
+meta(name='viewport' content='width=device-width, initial-scale=1')
+meta(name='robots' content='noindex,nofollow')
+meta(http-equiv='x-ua-compatible' content='IE=edge')
+link(href='assets/styles.css' rel='stylesheet')
+script.
+ // {{ ansible_managed }}
+ // @license magnet:?xt=urn:btih:87f119ba0b429ba17a44b4bffcab33165ebdacc0&dn=freebsd.txt BSD-2-Clause
+ // Add ployfills for stupid IE
+ if (document.documentMode || /Edge/.test(navigator.userAgent)) {
+ (function(d, script) {
+ script = d.createElement('script');
+ script.type = 'text/javascript';
+ script.async = false;
+ script.src = 'assets/babel-polyfill.js';
+ d.getElementsByTagName('head')[0].appendChild(script);
+ }(document));
+ }
+ // @license-end \ No newline at end of file
diff --git a/roles/upload/templates/upload.service b/roles/upload/templates/upload.service
new file mode 100644
index 0000000..2d65a74
--- /dev/null
+++ b/roles/upload/templates/upload.service
@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=PsiTransfer
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User={{ upload_user }}
+WorkingDirectory=/home/{{ upload_user }}/psitransfer
+ExecStart=/usr/bin/node app.js
+Environment=NODE_ENV=production PSITRANSFER_ADMIN_PASS="{{ upload_admin_password }}" PSITRANSFER_UPLOAD_PASS="{{ upload_password }}" PSITRANSFER_UPLOAD_DIR="{{ upload_dir }}"
+Restart=always
+
+[Install]
+WantedBy=multi-user.target