2023-08-16 17:17:25 -07:00
|
|
|
---
|
|
|
|
- name: Set up the environment for the impress app
|
|
|
|
hosts: webserver
|
|
|
|
become: yes
|
|
|
|
become_user: root
|
|
|
|
vars:
|
|
|
|
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
|
2023-10-25 15:15:46 -07:00
|
|
|
impress_hostname: impress.openneo.net
|
2024-09-20 12:47:23 -07:00
|
|
|
ruby_version: "3.3.5"
|
2024-02-19 13:21:24 -08:00
|
|
|
vars_files:
|
|
|
|
# mysql_root_password, mysql_user_password, mysql_user_password_2020,
|
|
|
|
# dev_ips
|
|
|
|
- files/setup_secrets.yml
|
2023-08-16 17:17:25 -07:00
|
|
|
tasks:
|
2024-06-10 13:09:37 -07:00
|
|
|
- name: Set hostname to impress.openneo.net
|
|
|
|
hostname:
|
|
|
|
name: impress.openneo.net
|
|
|
|
|
2024-01-29 04:21:19 -08:00
|
|
|
- name: Create SSH folder for logged-in user
|
|
|
|
become: no
|
|
|
|
file:
|
|
|
|
name: .ssh
|
|
|
|
mode: "700"
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Copy authorized SSH keys to logged-in user
|
|
|
|
become: no
|
|
|
|
copy:
|
|
|
|
dest: ~/.ssh/authorized_keys
|
|
|
|
src: files/authorized-ssh-keys.txt
|
|
|
|
mode: "600"
|
|
|
|
|
|
|
|
- name: Disable root SSH login
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
regexp: ^#?PermitRootLogin
|
|
|
|
line: PermitRootLogin no
|
|
|
|
|
|
|
|
- name: Disable password-based SSH authentication
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
regexp: ^#?PasswordAuthentication
|
|
|
|
line: PasswordAuthentication no
|
|
|
|
|
|
|
|
- name: Enable public-key SSH authentication
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
regexp: ^#?PubkeyAuthentication
|
|
|
|
line: PubkeyAuthentication yes
|
|
|
|
|
|
|
|
- name: Update the apt cache
|
|
|
|
apt:
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
- name: Install fail2ban firewall with default settings
|
|
|
|
apt:
|
|
|
|
name: fail2ban
|
|
|
|
|
|
|
|
- name: Configure ufw firewall to allow SSH connections on port 22
|
|
|
|
community.general.ufw:
|
|
|
|
rule: allow
|
|
|
|
port: "22"
|
|
|
|
|
|
|
|
- name: Configure ufw firewall to allow HTTP connections on port 80
|
|
|
|
community.general.ufw:
|
|
|
|
rule: allow
|
|
|
|
port: "80"
|
|
|
|
|
|
|
|
- name: Configure ufw firewall to allow HTTPS connections on port 443
|
|
|
|
community.general.ufw:
|
|
|
|
rule: allow
|
|
|
|
port: "443"
|
|
|
|
|
2024-02-19 13:21:24 -08:00
|
|
|
- name: Configure ufw firewall to allow MySQL connections from impress-2020
|
|
|
|
community.general.ufw:
|
|
|
|
rule: allow
|
|
|
|
port: "3306"
|
|
|
|
from_ip: "{{ item }}"
|
|
|
|
loop:
|
|
|
|
- "45.56.112.222"
|
|
|
|
- "2600:3c02::f03c:92ff:fe9a:4615"
|
|
|
|
|
|
|
|
- name: Configure ufw firewall to allow MySQL connections from known devs
|
|
|
|
community.general.ufw:
|
|
|
|
rule: allow
|
|
|
|
port: "3306"
|
|
|
|
from_ip: "{{ item }}"
|
|
|
|
loop: "{{ dev_ips }}"
|
|
|
|
|
2024-01-29 04:21:19 -08:00
|
|
|
- name: Enable ufw firewall with all other ports closed by default
|
|
|
|
community.general.ufw:
|
|
|
|
state: enabled
|
|
|
|
policy: deny
|
|
|
|
|
|
|
|
- name: Install unattended-upgrades
|
|
|
|
apt:
|
|
|
|
name: unattended-upgrades
|
|
|
|
|
|
|
|
- name: Enable unattended-upgrades to auto-upgrade our system
|
|
|
|
copy:
|
|
|
|
content: |
|
|
|
|
APT::Periodic::Update-Package-Lists "1";
|
|
|
|
APT::Periodic::Unattended-Upgrade "1";
|
|
|
|
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
|
|
|
|
|
|
|
- name: Configure unattended-upgrades to auto-reboot our server when necessary
|
|
|
|
lineinfile:
|
|
|
|
regex: ^(//\s*)?Unattended-Upgrade::Automatic-Reboot ".*";$
|
|
|
|
line: Unattended-Upgrade::Automatic-Reboot "true";
|
|
|
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
|
|
|
|
|
|
- name: Configure unattended-upgrades to delay necessary reboots to 3am
|
|
|
|
lineinfile:
|
|
|
|
regex: ^(//\s*)?Unattended-Upgrade::Automatic-Reboot-Time ".*";$
|
|
|
|
line: Unattended-Upgrade::Automatic-Reboot-Time "03:00";
|
|
|
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
|
|
|
|
|
|
- name: Configure the system timezone to be US Pacific time
|
|
|
|
community.general.timezone:
|
|
|
|
name: America/Los_Angeles
|
|
|
|
|
|
|
|
- name: Create "impress" user
|
|
|
|
user:
|
|
|
|
name: impress
|
|
|
|
comment: Impress App
|
|
|
|
home: /srv/impress
|
|
|
|
create_home: false
|
|
|
|
shell: /bin/bash
|
|
|
|
|
|
|
|
- name: Create "impress-deployers" group
|
|
|
|
group:
|
|
|
|
name: impress-deployers
|
|
|
|
|
|
|
|
- name: Add the current user to the "impress-deployers" group
|
|
|
|
user:
|
|
|
|
name: "{{ lookup('env', 'USER') }}"
|
|
|
|
groups:
|
|
|
|
- impress-deployers
|
|
|
|
append: yes
|
|
|
|
|
|
|
|
# We use this so the deploy playbook doesn't have to prompt for a root
|
|
|
|
# password: this user just is trusted to act as "impress" in the future.
|
|
|
|
- name: Enable the "impress-deployers" group to freely act as the "impress" user
|
|
|
|
community.general.sudoers:
|
|
|
|
name: impress-deployers-as-impress
|
|
|
|
group: impress-deployers
|
|
|
|
runas: impress
|
|
|
|
commands: ALL
|
|
|
|
nopassword: yes
|
|
|
|
|
|
|
|
# Similarly, this enables us to manage the impress service in the deploy playbook
|
|
|
|
# and in live debugging without a password.
|
|
|
|
# NOTE: In the sudoers file, you need to specify the full path to the
|
|
|
|
# command, to avoid tricks where you use PATH to get around the intent!
|
|
|
|
- name: Enable the "impress-deployers" group to freely start and stop the impress service
|
|
|
|
community.general.sudoers:
|
|
|
|
name: impress-deployers-systemctl
|
|
|
|
group: impress-deployers
|
|
|
|
commands:
|
|
|
|
- /bin/systemctl status impress
|
|
|
|
- /bin/systemctl start impress
|
|
|
|
- /bin/systemctl stop impress
|
|
|
|
- /bin/systemctl restart impress
|
|
|
|
nopassword: yes
|
|
|
|
|
|
|
|
- name: Install ACL, to enable us to run commands as the "impress" user
|
|
|
|
apt:
|
|
|
|
name: acl
|
|
|
|
|
|
|
|
- name: Install ruby-build
|
|
|
|
git:
|
|
|
|
repo: https://github.com/rbenv/ruby-build.git
|
|
|
|
dest: /opt/ruby-build
|
2024-09-20 12:47:23 -07:00
|
|
|
version: v20240917
|
2024-01-29 04:21:19 -08:00
|
|
|
|
2024-09-20 12:47:23 -07:00
|
|
|
- name: Check if Ruby {{ ruby_version }} is already installed
|
2024-01-29 04:21:19 -08:00
|
|
|
stat:
|
2024-09-20 12:47:23 -07:00
|
|
|
path: /opt/ruby-{{ ruby_version }}
|
2024-01-29 04:21:19 -08:00
|
|
|
register: ruby_dir
|
|
|
|
|
2024-09-20 12:47:23 -07:00
|
|
|
- name: Install Ruby {{ ruby_version }}
|
|
|
|
command: "/opt/ruby-build/bin/ruby-build {{ ruby_version }} /opt/ruby-{{ ruby_version }}"
|
2024-01-29 04:21:19 -08:00
|
|
|
when: not ruby_dir.stat.exists
|
|
|
|
|
2024-09-20 12:47:23 -07:00
|
|
|
- name: Add Ruby {{ ruby_version }} to the global PATH, for developer convenience
|
2024-05-02 12:47:02 -07:00
|
|
|
copy:
|
|
|
|
dest: /etc/profile.d/ruby_path.sh
|
2024-09-20 12:47:23 -07:00
|
|
|
content: PATH="/opt/ruby-{{ ruby_version }}/bin:$PATH"
|
2024-01-29 04:21:19 -08:00
|
|
|
|
|
|
|
- name: Install system dependencies for impress's Ruby gems
|
|
|
|
apt:
|
|
|
|
name:
|
|
|
|
- libmysqlclient-dev
|
|
|
|
- libyaml-dev
|
|
|
|
|
|
|
|
- name: Create the app folder
|
|
|
|
file:
|
|
|
|
path: /srv/impress
|
|
|
|
owner: impress
|
|
|
|
group: impress
|
|
|
|
mode: "755"
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Add a convenient .bash_profile for when we log in as "impress"
|
|
|
|
copy:
|
|
|
|
owner: impress
|
|
|
|
group: impress
|
|
|
|
dest: /srv/impress/.bash_profile
|
|
|
|
content: |
|
|
|
|
set -a # Export all of the below
|
|
|
|
RAILS_ENV=production
|
|
|
|
EXECJS_RUNTIME=Disabled
|
|
|
|
source /srv/impress/shared/production.env
|
|
|
|
set +a
|
|
|
|
|
|
|
|
- name: Create the app's "versions" folder
|
|
|
|
become_user: impress
|
|
|
|
file:
|
|
|
|
path: /srv/impress/versions
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Create the app's "shared" folder
|
|
|
|
become_user: impress
|
|
|
|
file:
|
|
|
|
path: /srv/impress/shared
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Check for a current app version
|
|
|
|
stat:
|
|
|
|
path: /srv/impress/current
|
|
|
|
register: current_app_version
|
|
|
|
|
|
|
|
- name: Check whether we already have a placeholder app
|
|
|
|
stat:
|
|
|
|
path: /srv/impress/versions/initial-placeholder
|
|
|
|
register: existing_placeholder_app
|
|
|
|
when: not current_app_version.stat.exists
|
|
|
|
|
|
|
|
- name: Create a placeholder app, to run until we deploy a real version
|
|
|
|
become_user: impress
|
|
|
|
copy:
|
|
|
|
src: files/initial-placeholder
|
|
|
|
dest: /srv/impress/versions
|
|
|
|
when: |
|
|
|
|
not current_app_version.stat.exists and
|
|
|
|
not existing_placeholder_app.stat.exists
|
|
|
|
|
|
|
|
- name: Configure the placeholder app to run in deployment mode
|
|
|
|
become_user: impress
|
|
|
|
command:
|
|
|
|
chdir: /srv/impress/versions/initial-placeholder
|
2024-09-20 12:47:23 -07:00
|
|
|
cmd: /opt/ruby-{{ ruby_version }}/bin/bundle config set --local deployment true
|
2024-01-29 04:21:19 -08:00
|
|
|
when: not current_app_version.stat.exists
|
|
|
|
|
|
|
|
- name: Install the placeholder app's dependencies
|
|
|
|
become_user: impress
|
|
|
|
command:
|
|
|
|
chdir: /srv/impress/versions/initial-placeholder
|
2024-09-20 12:47:23 -07:00
|
|
|
cmd: /opt/ruby-{{ ruby_version }}/bin/bundle install
|
2024-01-29 04:21:19 -08:00
|
|
|
when: not current_app_version.stat.exists
|
|
|
|
|
|
|
|
- name: Set the placeholder app as the current version
|
|
|
|
become_user: impress
|
|
|
|
file:
|
|
|
|
src: /srv/impress/versions/initial-placeholder
|
|
|
|
dest: /srv/impress/current
|
|
|
|
state: link
|
|
|
|
when: not current_app_version.stat.exists
|
|
|
|
|
|
|
|
# NOTE: This file is uploaded with stricter permissions, to help protect
|
|
|
|
# the secrets inside. Most of the app is world-readable for convenience
|
|
|
|
# for debugging and letting nginx serve static files, but keep this safer!
|
|
|
|
- name: Upload the production.env file
|
|
|
|
become_user: impress
|
|
|
|
copy:
|
|
|
|
dest: /srv/impress/shared/production.env
|
|
|
|
src: files/production.env
|
|
|
|
mode: "600"
|
|
|
|
notify:
|
|
|
|
- Reload systemctl
|
|
|
|
- Restart impress
|
2023-08-16 17:17:25 -07:00
|
|
|
|
Create `rails public_data:commit` task, to share public data dumps
I'm starting to port over the functionality that was previously just,
me running `yarn db:export:public-data` in `impress-2020` and
committing it to Git LFS every time.
My immediate motivation is that the `impress-2020` git repository is
getting weirdly large?? Idk how these 40MB files have blown up to a
solid 16GB of Git LFS data (we don't have THAT many!!!), but I guess
there's something about Git LFS's architecture and disk usage that I'm
not understanding.
So, let's move to a simpler system in which we don't bind the public
data to the codebase, but instead just regularly dump it in production
and make it available for download.
This change adds the `rails public_data:commit` task, which when run in
production will make the latest available at
`https://impress.openneo.net/public-data/latest.sql.gz`, and will also
store a running log of previous dumps, viewable at
`https://impress.openneo.net/public-data/`.
Things left to do:
1. Create a `rails public_data:pull` task, to download `latest.sql.gz`
and import it into the local development database.
2. Set up a cron job to dump this out regularly, idk maybe weekly? That
will grow, but not very fast (about 2GB per year), and we can add
logic to rotate out old ones if it starts to grow too far. (If we
wanted to get really intricate, we could do like, daily for the past
week, then weekly for the past 3 months, then monthly for the past
year, idk. There must be tools that do this!)
2024-02-29 14:30:33 -08:00
|
|
|
- name: Create the shared public-data folder
|
|
|
|
become_user: impress
|
|
|
|
file:
|
|
|
|
dest: /srv/impress/shared/public-data
|
|
|
|
mode: "755"
|
|
|
|
state: directory
|
|
|
|
|
2023-08-16 17:17:25 -07:00
|
|
|
- name: Create service file for impress
|
2024-09-20 12:47:23 -07:00
|
|
|
template:
|
|
|
|
src: files/impress.service.j2
|
2024-02-19 13:21:24 -08:00
|
|
|
dest: /etc/systemd/system/impress.service
|
2023-08-16 17:17:25 -07:00
|
|
|
notify:
|
|
|
|
- Reload systemctl
|
|
|
|
- Restart impress
|
|
|
|
|
|
|
|
- name: Configure impress to run now, and automatically when the system starts
|
|
|
|
systemd:
|
|
|
|
name: impress
|
|
|
|
state: started
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
- name: Install nginx
|
|
|
|
apt:
|
|
|
|
name: nginx
|
|
|
|
|
|
|
|
- name: Install core snap
|
|
|
|
community.general.snap:
|
|
|
|
name: core
|
|
|
|
|
|
|
|
- name: Install certbot as a snap
|
|
|
|
community.general.snap:
|
|
|
|
name: certbot
|
|
|
|
classic: yes
|
|
|
|
|
|
|
|
- name: Set up certbot
|
2023-10-25 15:15:46 -07:00
|
|
|
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains {{ impress_hostname }}"
|
2023-08-16 17:17:25 -07:00
|
|
|
|
|
|
|
- name: Add impress config file to nginx
|
2023-10-25 15:40:43 -07:00
|
|
|
template:
|
|
|
|
src: files/sites-available/impress.conf
|
2023-08-16 17:17:25 -07:00
|
|
|
dest: /etc/nginx/sites-available/impress.conf
|
|
|
|
notify:
|
2024-02-19 13:21:24 -08:00
|
|
|
- Reload nginx
|
2023-08-16 17:17:25 -07:00
|
|
|
|
|
|
|
- name: Enable impress config file in nginx
|
|
|
|
file:
|
|
|
|
src: /etc/nginx/sites-available/impress.conf
|
|
|
|
dest: /etc/nginx/sites-enabled/impress.conf
|
|
|
|
state: link
|
|
|
|
notify:
|
2024-02-19 13:21:24 -08:00
|
|
|
- Reload nginx
|
|
|
|
|
2024-02-20 10:35:59 -08:00
|
|
|
- name: Add openneo-home config file to nginx
|
|
|
|
template:
|
|
|
|
src: files/sites-available/openneo-home.conf
|
|
|
|
dest: /etc/nginx/sites-available/openneo-home.conf
|
|
|
|
notify:
|
|
|
|
- Reload nginx
|
|
|
|
|
|
|
|
- name: Enable openneo-home config file in nginx
|
|
|
|
file:
|
|
|
|
src: /etc/nginx/sites-available/openneo-home.conf
|
|
|
|
dest: /etc/nginx/sites-enabled/openneo-home.conf
|
|
|
|
state: link
|
|
|
|
notify:
|
|
|
|
- Reload nginx
|
|
|
|
|
2024-02-19 13:21:24 -08:00
|
|
|
- name: Install MariaDB
|
|
|
|
apt:
|
|
|
|
name: mariadb-server
|
|
|
|
|
|
|
|
- name: Install a Python MySQL client, for Ansible to use when configuring
|
|
|
|
apt:
|
|
|
|
name: python3-mysqldb
|
|
|
|
|
|
|
|
- name: Update MariaDB root password
|
|
|
|
community.mysql.mysql_user:
|
|
|
|
name: root
|
|
|
|
host_all: true
|
|
|
|
password: "{{mysql_root_password}}"
|
|
|
|
|
|
|
|
- name: Create root's .my.cnf file
|
|
|
|
copy:
|
|
|
|
content: |
|
|
|
|
[client]
|
|
|
|
user=root
|
|
|
|
password='{{ mysql_root_password }}'
|
|
|
|
dest: /root/.my.cnf
|
|
|
|
mode: 0400
|
|
|
|
|
|
|
|
- name: Remove test database
|
|
|
|
community.mysql.mysql_db:
|
|
|
|
name: test
|
|
|
|
state: absent
|
|
|
|
login_unix_socket: "{{ login_unix_socket | default(omit) }}"
|
|
|
|
|
|
|
|
- name: Remove anonymous users
|
|
|
|
community.mysql.mysql_user:
|
|
|
|
name: ""
|
|
|
|
state: absent
|
|
|
|
host_all: true
|
|
|
|
|
|
|
|
- name: Remove remote root access
|
|
|
|
community.mysql.mysql_query:
|
|
|
|
query:
|
|
|
|
- DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
|
|
|
|
|
|
|
|
- name: Expose MariaDB to the internet (but ufw will block most clients)
|
|
|
|
copy:
|
|
|
|
dest: /etc/mysql/mariadb.conf.d/80-bind-address.cnf
|
|
|
|
content: |
|
|
|
|
[mysqld]
|
|
|
|
skip-networking=0
|
|
|
|
skip-bind-address
|
|
|
|
notify: Restart MariaDB
|
|
|
|
|
2024-02-28 18:52:56 -08:00
|
|
|
# This is the best Unicode collation available in our version of MariaDB!
|
|
|
|
# We already specify it for all the tables in `schema.rb`, but also set it
|
|
|
|
# as the default collation for new tables here, too.
|
|
|
|
- name: Set MariaDb's default collation to utf8mb4_unicode_520_ci
|
|
|
|
copy:
|
|
|
|
dest: /etc/mysql/mariadb.conf.d/80-charsets.cnf
|
|
|
|
content: |
|
|
|
|
[mysqld]
|
|
|
|
character-set-server=utf8mb4
|
|
|
|
collation-server=utf8mb4_unicode_520_ci
|
|
|
|
notify: Restart MariaDB
|
|
|
|
|
2024-02-26 11:06:51 -08:00
|
|
|
- name: Enable slow query logging for MariaDB
|
|
|
|
copy:
|
|
|
|
dest: /etc/mysql/mariadb.conf.d/80-logging.cnf
|
|
|
|
content: |
|
|
|
|
[mysqld]
|
|
|
|
slow-query-log
|
|
|
|
notify: Restart MariaDB
|
|
|
|
|
2024-02-19 13:21:24 -08:00
|
|
|
- name: Create MySQL databases
|
|
|
|
community.mysql.mysql_db:
|
|
|
|
name:
|
|
|
|
- openneo_impress
|
|
|
|
- openneo_id
|
|
|
|
|
|
|
|
- name: Create MySQL user openneo_impress
|
|
|
|
community.mysql.mysql_user:
|
|
|
|
name: openneo_impress
|
|
|
|
password: "{{ mysql_user_password }}"
|
|
|
|
priv: "openneo_impress.*:ALL,openneo_id.*:ALL"
|
|
|
|
|
|
|
|
- name: Create MySQL user impress2020
|
|
|
|
community.mysql.mysql_user:
|
|
|
|
name: impress2020
|
|
|
|
password: "{{ mysql_user_password_2020 }}"
|
|
|
|
priv: "openneo_impress.*:ALL,openneo_id.*:ALL"
|
2023-08-16 17:17:25 -07:00
|
|
|
|
Create NeopetsMediaArchive, read the actual manifests for Alt Styles
The Neopets Media Archive is a service that mirrors `images.neopets.com`
over time! Right now we're starting by just loading manifests, and
using them to replace the hacks we used for determining the Alt Style
PNG and SVG URLs; but with time, I want to load *all* customization
media files, to have our own secondary file source that isn't dependent
on Neopets to always be up.
Impress 2020 already caches manifest files, but this strategy is
different in two ways:
1. We're using the filesystem rather than a database column. (That is,
manifest data is kinda duplicated in the system right now!) This is
because I intend to go in a more file-y way long-term anyway, to
load more than just the manifests.
2. Impress 2020 guesses at the manifest URLs by pattern, and reloads
them on a regular basis. Instead, we use the modeling system: when
TNT changes the URL of a manifest by appending a new `?v=` query
string to it, this system will consider it a new URL, and will load
the new copy accordingly.
Fun fact, I actually have been prototyping some of this stuff in a side
project I'd named `impress-media-server`! It's a little Sinatra app
that indeed *does* save all the files needed for customization, and can
generate lightweight lil preview iframes and images pretty easily. I
had initially been planning this as a separate service, but after
thinking over the arch a bit, I think it'll go smoother to just give
the main app all the same access and awareness—and I wrote it all in
Ruby and plain HTML/JS/CSS, so it should be pretty easy to port over
bit-by-bit!
Anyway, only Alt Styles use this for now, but my motivation is to be
able to use more-correct asset URL logic to be able to finally swap
over wardrobe-2020's item search to impress.openneo.net's item search
API endpoint—which will get "Items You Own" searches working again, and
whittle down one of the last big things Impress 2020 can do that the
main app can't. Let's see how it goes!
2024-02-23 12:02:39 -08:00
|
|
|
- name: Create the Neopets Media Archive data directory
|
|
|
|
file:
|
|
|
|
path: /var/lib/neopets-media-archive
|
|
|
|
owner: impress
|
|
|
|
group: impress
|
|
|
|
mode: "755"
|
|
|
|
state: directory
|
|
|
|
|
2024-05-18 14:26:16 -07:00
|
|
|
- name: Create 10min cron job to run `rails nc_mall:sync`
|
|
|
|
become_user: impress
|
|
|
|
cron:
|
|
|
|
name: "Impress: sync NC Mall data"
|
|
|
|
minute: "*/10"
|
|
|
|
job: "bash -c 'source /etc/profile && source ~/.bash_profile && cd /srv/impress/current && bin/rails nc_mall:sync'"
|
|
|
|
|
2024-03-01 13:20:59 -08:00
|
|
|
- name: Create weekly cron job to run `rails public_data:commit`
|
|
|
|
become_user: impress
|
|
|
|
cron:
|
|
|
|
name: "Impress: commit public data"
|
|
|
|
weekday: "0" # Sunday
|
|
|
|
hour: "1" # 1:15am
|
|
|
|
minute: "15" # 1:15am
|
2024-05-02 12:21:14 -07:00
|
|
|
job: "bash -c 'source /etc/profile && source ~/.bash_profile && cd /srv/impress/current && bin/rails public_data:commit[scheduled]'"
|
2024-03-01 13:20:59 -08:00
|
|
|
|
2023-08-16 17:17:25 -07:00
|
|
|
handlers:
|
2024-02-19 13:21:24 -08:00
|
|
|
- name: Reload nginx
|
2023-08-16 17:17:25 -07:00
|
|
|
systemd:
|
|
|
|
name: nginx
|
2024-02-19 13:21:24 -08:00
|
|
|
state: reloaded
|
|
|
|
|
|
|
|
- name: Restart MariaDB
|
|
|
|
systemd:
|
|
|
|
name: mariadb
|
2023-08-16 17:17:25 -07:00
|
|
|
state: restarted
|
|
|
|
|
|
|
|
- name: Reload systemctl
|
|
|
|
command: systemctl daemon-reload
|
|
|
|
|
|
|
|
- name: Restart impress
|
|
|
|
systemd:
|
|
|
|
name: impress
|
|
|
|
state: restarted
|