From ebba562c95e2f50c5cbac1706fd62457cf9d5eaa Mon Sep 17 00:00:00 2001 From: Sacha Chua Date: Tue, 17 Oct 2023 11:58:42 -0400 Subject: media server updates --- roles/media/tasks/main.yml | 37 +++++++++++++++++++++++++++---------- roles/media/templates/nginx-include | 4 ++-- 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/roles/media/tasks/main.yml b/roles/media/tasks/main.yml index 44374f5..8cd854d 100644 --- a/roles/media/tasks/main.yml +++ b/roles/media/tasks/main.yml @@ -9,43 +9,60 @@ name: python3-passlib - name: Ensure web path exists file: - path: /var/www/{{ host_name }}/{{ emacsconf_year }}/backstage + path: /var/www/{{ media_server_name }}/{{ emacsconf_year }}/backstage state: directory +- name: Create group + group: + name: "{{ emacsconf_group }}" + state: present +- name: Create user + user: + name: "{{ emacsconf_user }}" + group: "{{ emacsconf_group }}" + state: present - name: Change ownership and permissions file: - path: /var/www/{{ host_name }}/{{ emacsconf_year }} + path: /var/www/{{ media_server_name }}/{{ emacsconf_year }} owner: "{{ emacsconf_user }}" group: "{{ emacsconf_group }}" mode: "u=rwX,g=rwX,o=rX" recurse: true +- name: Add public key for authorized access + ansible.posix.authorized_key: + user: "{{ emacsconf_user }}" + state: present + key: '{{ item }}' + with_file: + - ../../base/files/keys/sachac + - ../../base/files/keys/orga - name: Create htpasswd entry htpasswd: create: yes name: "{{ emacsconf_backstage_user }}" password: "{{ emacsconf_backstage_password }}" - path: /etc/nginx/sites-available/{{ host_name }}-{{ emacsconf_year }}-htpasswd + path: /etc/nginx/sites-available/{{ media_server_name }}-{{ emacsconf_year }}-htpasswd - name: Create Nginx include template: src: nginx-include - dest: /etc/nginx/sites-available/{{ host_name }}-{{ emacsconf_year }}-include + dest: /etc/nginx/sites-available/{{ media_server_name }}-{{ emacsconf_year }}-include - name: Create main configuration if needed template: src: nginx-site-config - dest: /etc/nginx/sites-available/{{ host_name }} + dest: /etc/nginx/sites-available/{{ media_server_name }} force: no - name: Make sure main configuration is enabled file: - src: /etc/nginx/sites-available/{{ host_name }} - dest: /etc/nginx/sites-enabled/{{ host_name }} + src: /etc/nginx/sites-available/{{ media_server_name }} + dest: /etc/nginx/sites-enabled/{{ media_server_name }} owner: "{{ emacsconf_user }}" group: "{{ emacsconf_group }}" force: no state: link - name: Include it in the main configuration lineinfile: - path: /etc/nginx/sites-available/{{ host_name }} - regexp: "{{ host_name }}-{{ emacsconf_year }}-include" - line: " include sites-available/{{ host_name }}-{{ emacsconf_year }}-include;" + path: /etc/nginx/sites-available/{{ media_server_name }} + regexp: "{{ media_server_name }}-{{ emacsconf_year }}-include" + line: " include sites-available/{{ media_server_name }}-{{ emacsconf_year }}-include;" insertafter: root - name: Reload configuration service: diff --git a/roles/media/templates/nginx-include b/roles/media/templates/nginx-include index 0f74c60..416e1ca 100644 --- a/roles/media/templates/nginx-include +++ b/roles/media/templates/nginx-include @@ -1,7 +1,7 @@ rewrite ^/current/bbb-open.html$ {{ bbb_open_url }} redirect; location /{{ emacsconf_year }}/backstage { auth_basic "Restricted"; - auth_basic_user_file /etc/nginx/sites-available/{{ host_name }}-{{ emacsconf_year }}-htpasswd; + auth_basic_user_file /etc/nginx/sites-available/{{ media_server_name }}-{{ emacsconf_year }}-htpasswd; autoindex on; rewrite ^/{{ emacsconf_year }}/backstage/current/pad/([^/]*)$ https://{{ etherpad_server_name }}/{{ emacsconf_year }}-$1 redirect; rewrite ^/{{ emacsconf_year }}/backstage/current/room/([^/]*)$ https://{{ media_server_name }}/{{ emacsconf_year }}/backstage/assets/redirects/open/bbb-$1.html redirect; @@ -22,7 +22,7 @@ location /{{ emacsconf_year }}/backstage { {% if media_protect_root == 'true' %} location /{{ emacsconf_year }} { # TODO: Figure out how to make this properly controlled by the variable - auth_basic_user_file /etc/nginx/sites-available/{{ host_name }}-{{ emacsconf_year }}-htpasswd; + auth_basic_user_file /etc/nginx/sites-available/{{ media_server_name }}-{{ emacsconf_year }}-htpasswd; auth_basic "Restricted"; autoindex on; } -- cgit v1.2.3