ansible WIP, adapted from https://github.com/baxeico/django_ansible.git

Former-commit-id: 8604e2d429d7460cf4228a9ea9c035dbfbf5f762

ansible/ansible.sh

+#!/bin/bash
+ansible-playbook -i ./hosts $1
\ No newline at end of file

ansible/config_files.yaml

+---
+- name: Copy configuration files
+  hosts: all
+  gather_facts: no
+
+  tasks:
+    - name: nginx config file
+      template: src=../config/nginx.conf dest=/etc/nginx/sites-enabled/django
+      register: nginx_config
+    - name: nginx restart
+      service: name=nginx state=restarted
+      when: nginx_config.changed
+    - name: uwsgi config file
+      template: src=../config/uwsgi.ini dest=/etc/uwsgi/apps-enabled/django.ini
+      register: uwsgi_config
+    - name: uwsgi restart
+      service: name=uwsgi state=restarted
+      when: uwsgi_config.changed

ansible/deploy.yaml

+---
+- hosts: all
+  become: yes
+  become_user: ubuntu
+  gather_facts: no
+
+  tasks:
+  - name: pull branch master
+    git:
+      repo={{ repo_url }}/{{ repo }}.git
+      dest={{ repo_dir }}
+      accept_hostkey=yes
+
+- hosts: all
+  gather_facts: no
+  tasks:
+  - name: install python requirements
+    pip: requirements={{ repo_dir }}/requirements.txt extra_args=--upgrade
+
+- hosts: all
+  become: yes
+  become_user: ippidb
+  gather_facts: no
+  #environment:
+    #DJANGO_SETTINGS_MODULE: "{{ django_project }}.settings.production"
+    #DATABASE_URL: postgres://{{ dbuser }}:{{ dbpassword }}@localhost/{{ dbname }}
+    #STATIC_ROOT: "{{ static_dir }}"
+
+  tasks:
+  - name: create static_root dir
+    file: path={{ static_dir }} state=directory mode=0755
+  - name: django collectstatic
+    shell: ./manage.py collectstatic --noinput chdir={{ django_dir }}
+  - name: django migrate
+    shell: ./manage.py migrate --noinput chdir={{ django_dir }}
+  - name: django loaddata
+    shell: ./manage.py loaddata user chdir={{ django_dir }}
+
+- hosts: all
+  gather_facts: no
+  tasks:
+  - name: uwsgi restart
+    service: name=uwsgi state=restarted

ansible/host_vars/ippidb

+---
+repo_url: ssh://git@bitbucket.org/youruser
+repo: yourproject
+home_dir: /home/ubuntu
+repo_dir: "{{ home_dir }}/{{ repo }}"
+django_dir: "{{ repo_dir }}/django"
+static_dir: "{{ home_dir }}/static"
+django_project: yourproject
+dbname: django
+dbuser: django
+dbpassword: "{{ lookup('password', 'postgresqlpasswd') }}"

ansible/hosts

+ippidb

ansible/packages.yaml

+---
+- hosts: all
+  gather_facts: no
+  tasks:
+    - name: Running apt update
+      apt: update_cache=yes
+    - name: Installing required packages
+      apt: name={{item}} state=present
+      with_items:
+       - fail2ban
+       - postgresql
+       - postgresql-client
+       - git
+       - python-pip
+       - rdiff-backup
+       - libpq-dev
+       - python-psycopg2
+       - uwsgi
+       - uwsgi-plugin-python
+       - nginx

ansible/postgresql.yaml

+---
+- hosts: all
+  become: yes
+  become_user: postgres
+  gather_facts: no
+
+  tasks:
+  - name: ensure database is created
+    postgresql_db: name={{dbname}}
+  - name: ensure user has access to database
+    postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
+  - name: ensure user does not have unnecessary privilege
+    postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB

ansible/system.yaml

+---
+- hosts: all
+  gather_facts: no
+  tasks:
+    - name: Create ubuntu user
+      user: name=ubuntu generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
+    - name: Read SSH public key
+      slurp: src=/home/ubuntu/.ssh/id_rsa.pub
+      register: public_key
+    - debug: msg="{{ public_key['content'] | b64decode }}"

ansible/upgrade.yaml

+---
+- hosts: all
+  gather_facts: no
+  tasks:
+    - name: Running update and safe-upgrade
+      apt:
+        update_cache=yes
+        upgrade=safe
+      register: result
+    - debug: var=result.stdout_lines