From 54a59f3ad0ff3ec26c8e8e165c7adb5693340f7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20=20MENAGER?= <herve.menager@pasteur.fr>
Date: Thu, 3 Aug 2017 17:11:32 +0200
Subject: [PATCH] ansible WIP, restrict access by IP and collect static as
 ippidb

Former-commit-id: f9e46c934f318c2c40bed97e57781ff342159101
---
 ansible/deploy.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
index 50fb69b7..0fa7ea0b 100644
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -16,6 +16,7 @@
   - name: install python requirements
     pip: requirements=/home/ippidb/iPPIDB/ippisite/requirements.txt extra_args=--upgrade executable=pip3
   - name: collect static files
+    become_user: ippidb
     django_manage:
       command: "collectstatic"
       app_path: "/home/ippidb/iPPIDB/ippisite"
@@ -23,6 +24,11 @@
     django_manage:
       command: "runmodwsgi --setup-only --port=80 --user ippidb --group wheel --server-root=/etc/ippidb-80"
       app_path: "/home/ippidb/iPPIDB/ippisite"
+  - name: restrict access to the web server to specific IPs
+    lineinfile: dest=/etc/ippidb-80/httpd.conf 
+                regexp=''
+                insertafter=EOF
+                line='<Location '/'>\nRequire all denied\nRequire ip 10.6.108.60\nRequire ip 157.99\n</Location>\n'
   - name: copy systemd service file for IPPIDB-web
     copy: 
       remote_src: true
-- 
GitLab