Finish up the Ansible deployment.

ansible/README.md

@@ -12,13 +12,3 @@ $ ansible-playbook --ask-become-pass plays/main.yml
 ```
 
 [varia.zone]: https://varia.zone/
-
-## What Does It Do?
-
-* Clone the Python application into `/var/xppl/`.
-* Get the RQLite database running managed under [Supervisord].
-* Run the [Gunicorn] WSGI server to server the Python application.
-* Proxy the WSGI server with an NGINX configuration.
-
-[Gunicorn]: https://gunicorn.org/
-[Supervisord]: http://supervisord.org/introduction.html#features

ansible/ansible.cfg

@@ -2,7 +2,7 @@
 forks=10
 internal_poll_interval=0.004
 inventory=inventory
-retry_files=false
+retry_files_enabled=false
 roles_path=roles
 
 [privilege_escalation]

ansible/inventory

@@ -1,2 +1,2 @@
-[prod]
+[varia-zone]
 varia.zone ansible_ssh_port=12345

ansible/plays/main.yml

@@ -1,5 +1,10 @@
 ---
 
-- hosts: prod
+- hosts: varia-zone
   roles:
-    - role: xppl
+    - role: perms       # Setup users and groups
+    - role: git         # Clone the project source
+    - role: pipenv      # Install Python dependencies
+    - role: rqlite      # Install RQLite
+    - role: supervisor  # Setup managed proccesses
+    - role: nginx       # Setup Nginx configuration

ansible/roles/git/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Ensure the Git package is installed.
+  become: true
+  yum:
+    name: git
+    state: present
+
+- name: Clone the latest project source.
+  become: true
+  git:
+    repo: https://git.vvvvvvaria.org/decentral1se/xppl.git
+    dest: /var/xppl/
+    version: master

ansible/roles/nginx/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Reload Nginx.
+  become: true
+  service:
+    name: nginx
+    state: reloaded

ansible/roles/nginx/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Copy over the Nginx configuration.
+  become: true
+  template:
+    src: books.vvvvvvaria.org.j2
+    dest: /etc/nginx/sites-available/
+    mode: 0644
+  notify: Reload Nginx.

ansible/roles/nginx/templates/books.vvvvvvaria.org.j2

@@ -0,0 +1,27 @@
+server {
+  listen 80;
+  server_name books.vvvvvvaria.org;
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  server_name books.vvvvvvaria.org;
+
+  ssl_certificate /etc/letsencrypt/live/vvvvvvaria.org/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/vvvvvvaria.org/privkey.pem;
+
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers HIGH:!aNULL:!MD5;
+
+  access_log /var/log/nginx/books.vvvvvvaria.org.log;
+  error_log /var/log/nginx/books.vvvvvvaria.org.log;
+
+  location / {
+    proxy_bind $server_addr;
+    proxy_pass http://127.0.0.1:5000;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Scheme $scheme;
+  }
+}

ansible/roles/perms/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+
+- name: Ensure the XPPL group exists.
+  become: true
+  group:
+    name: xppl
+    system: true
+    state: present
+
+- name: Ensure the XPPL user exists.
+  become: true
+  user:
+    name: xppl
+    system: true
+    groups: xppl
+    create_home: false
+
+- name: Add the XPPL user to the XPPL group.
+  become: true
+  user:
+    name: xppl
+    groups: xppl
+    append: true
+
+- name: Ensure the XPPL root directory is created.
+  become: true
+  file:
+    path: /var/xppl/
+    state: directory
+    owner: xppl
+    group: xppl
+    mode: 0755

ansible/roles/pipenv/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+- name: Ensure python3-pip package is installed.
+  become: true
+  apt:
+    name: python3-pip
+    state: present
+
+- name: Ensure Pipenv is installed.
+  become: true
+  pip:
+    name: pipenv
+    executable: pip3
+
+- name: Run a Pipenv package sync.
+  become: true
+  become_user: xppl
+  environment:
+    LANG: C.UTF-8
+    LC_ALL: C.UTF-8
+  command: pipenv sync
+  args:
+    chdir: /var/xppl/

ansible/roles/supervisor/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Restart Supervisor.
+  become: true
+  service:
+    name: supervisor
+    state: restarted

ansible/roles/supervisor/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Ensure Supervisor is installed.
+  become: true
+  yum:
+    name: supervisor
+    state: present
+
+- name: Ensure the Supervisor configuration directory exists.
+  become: true
+  file:
+    path: /etc/supervisor/conf.d
+    state: directory
+
+- name: Copy over the Supervisor configuration.
+  become: true
+  template:
+    src: xppl.conf.j2
+    dest: /etc/supervisor/conf.d/xppl.conf
+    mode: 0644
+  notify: Restart Supervisor.
+
+- name: Ensure Supervisor is running and enabled.
+  become: true
+  service:
+    name: supervisor
+    state: started
+    enabled: true

ansible/roles/supervisor/templates/xppl.conf.j2

@@ -0,0 +1,13 @@
+[group:xppl]
+programs=xppl-rqlite,xppl-flask
+
+[program:xppl-flask]
+user = xppl
+directory = /var/xppl
+command = pipenv run gunicorn --worker-class eventlet -w 1 wsgi:app
+priority = 999
+
+[program:xppl-rqlite]
+user = xppl
+command = /var/xppl/rqlite/rqlite-v4.3.0-linux-amd64/rqlited /var/xppl/rqlite/node.1
+priority = 888

ansible/roles/xppl/.yamllint

@@ -1,13 +0,0 @@
-extends: default
-
-rules:
-  braces:
-    max-spaces-inside: 1
-    level: error
-  brackets:
-    max-spaces-inside: 1
-    level: error
-  line-length: disable
-  # NOTE(retr0h): Templates no longer fail this lint rule.
-  #               Uncomment if running old Molecule templates.
-  # truthy: disable

ansible/roles/xppl/README.md

@@ -1,53 +0,0 @@
-# xppl
-
-A role to install the XPPL.
-
-# Testing
-
-We use [Molecule] and the [Docker driver] to automate tests.
-
-```bash
-$ curl -sSL https://get.docker.com/ | sh
-$ virtualenv --python=$(which python3) .venv
-$ source .venv/bin/activate
-$ pip install molecule docker
-$ molecule test
-```
-
-[Molecule]: https://molecule.readthedocs.io/en/latest/
-[Docker driver]: https://molecule.readthedocs.io/en/latest/configuration.html#docker
-
-# Supported OS
-
-* Debian Stretch
-
-Others may be supported. However, we only test on Debian.
-
-# Requirements
-
-None.
-
-# Role Variables
-
-None.
-
-# Dependencies
-
-None.
-
-# Example Playbook
-
-
-```yaml
-- hosts: servers
-  roles:
-     - { role: xppl }
-```
-
-# License
-
-* GPLv3
-
-# Author Information
-
-* https://git.vvvvvvaria.org/decentral1se

ansible/roles/xppl/defaults/main.yml

@@ -1 +0,0 @@
----

ansible/roles/xppl/handlers/main.yml

@@ -1 +0,0 @@
----

ansible/roles/xppl/meta/main.yml

@@ -1,10 +0,0 @@
----
-
-galaxy_info:
-  author: decentral1se
-  description: Ansible automation for the XPPL.
-  license: GPLv3
-  min_ansible_version: 2.7.2
-  galaxy_tags: []
-
-dependencies: []

ansible/roles/xppl/molecule/default/Dockerfile.j2

@@ -1,9 +0,0 @@
-# Molecule managed
-
-{% if item.registry is defined %}
-FROM {{ item.registry.url }}/{{ item.image }}
-{% else %}
-FROM {{ item.image }}
-{% endif %}
-
-RUN apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean

ansible/roles/xppl/molecule/default/molecule.yml

@@ -1,26 +0,0 @@
----
-dependency:
-  name: galaxy
-
-driver:
-  name: docker
-
-lint:
-  name: yamllint
-
-platforms:
-  - name: instance
-    image: debian:stretch
-
-provisioner:
-  name: ansible
-  lint:
-    name: ansible-lint
-
-scenario:
-  name: default
-
-verifier:
-  name: testinfra
-  lint:
-    name: flake8

ansible/roles/xppl/molecule/default/playbook.yml

@@ -1,6 +0,0 @@
----
-
-- name: Converge
-  hosts: all
-  roles:
-    - role: xppl

ansible/roles/xppl/tasks/main.yml

@@ -1,77 +0,0 @@
----
-
-- name: Ensure the XPPL group exists.
-  become: true
-  group:
-    name: xppl
-    system: true
-    state: present
-
-- name: Ensure the project user exists.
-  become: true
-  user:
-    name: xppl
-    system: true
-    groups: xppl
-
-- name: Add the project user to the project group.
-  become: true
-  user:
-    name: xppl
-    groups: xppl
-    append: true
-
-- name: Ensure the project root directory is created.
-  become: true
-  file:
-    path: /var/xppl/
-    state: directory
-    owner: xppl
-    group: xppl
-    mode: 0755
-
-- name: Ensure the Git package is installed.
-  become: true
-  yum:
-    name: git
-    state: present
-
-- name: Clone the latest project source.
-  become: true
-  become_user: xppl
-  git:
-    repo: https://git.vvvvvvaria.org/decentral1se/xppl.git
-    dest: /var/xppl/
-    version: master
-  register: git_clone_result
-
-- name: Ensure the Make package is installed.
-  become: true
-  yum:
-    name: make
-    state: present
-
-- name: Get RQLite installed into project directory.
-  make:
-    chdir: /var/xppl
-    target: install-rqlite
-
-- name: Ensure Supervisor is installed.
-  become: true
-  yum:
-    name: supervisord
-    state: present
-
-- name: Ensure Supervisor is running and enabled.
-  service:
-    name: supervisord
-    state: started
-    enabled: true
-  tags:
-    - molecule-notest
-
-# get the rqlite database setup with supervisor
-# get the nginx certificate in place
-# run the gunicorn server
-# configure the uploads directory with Syncthing
-# write some documentation

ansible/roles/xppl/vars/main.yml

@@ -1 +0,0 @@
----