Merge pull request #239 from gelnior/master

Merge pull request #239

README.textile

@@ -50,6 +50,7 @@ What do you get if you point this thing at a VPS? All kinds of good stuff!
 * "RFC6238":http://tools.ietf.org/html/rfc6238 two-factor authentication compatible with "Google Authenticator":http://en.wikipedia.org/wiki/Google_Authenticator and various hardware tokens
 * Nightly backups to "Tarsnap":https://www.tarsnap.com/.
 * Git hosting via "cgit":http://git.zx2c4.com/cgit/about/ and "gitolite":https://github.com/sitaramc/gitolite.
+* "Newebe":http://newebe.org, a social network.
 * A bunch of nice-to-have tools like "mosh":http://mosh.mit.edu and "htop":http://htop.sourceforge.net that make life with a server a little easier.
 
 No setup is perfect, but the general idea is to provide a bunch of useful services while being reasonably secure and low-maintenance. Set it up, SSH in every couple weeks, but mostly forget about it.

roles/newebe/files/newebe.conf

@@ -0,0 +1,5 @@
+[program:newebe]
+autorestart=false
+command=newebe_server.py --configfile=/usr/local/etc/newebe/config.yaml
+redirect_stderr=true
+user=newebe

roles/newebe/files/supervisor.conf

@@ -0,0 +1,7 @@
+; supervisor config file
+
+[supervisord]
+nodaemon=true
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

roles/newebe/tasks/main.yml

@@ -0,0 +1,84 @@
+- name: Install Python
+  apt: pkg=python,python-setuptools,python-pip,python-dev
+
+- name: Install Python tools
+  apt: pkg=python-imaging,python-pycurl
+
+- name: Install build tools
+  apt: pkg=build-essential,git
+
+- name: Install Python libs
+  apt: pkg=libxml2-dev,libxslt-dev,python-imaging
+
+- name: Install Supervisor
+  apt: pkg=supervisor
+
+- name: Install CouchDB
+  apt: pkg=couchdb
+
+- name: Install Newebe
+  pip: name='git+https://github.com/gelnior/newebe.git#egg=newebe'
+
+- name: Add group Newebe
+  group: name=newebe
+
+- name: Add user Newebe
+  user: name=newebe shell=/bin/bash groups=newebe
+
+- name: Create Newebe Config folder
+  file: path=/usr/local/etc/newebe/ 
+        owner=newebe 
+        group=newebe 
+        state=directory
+
+- name: Create Newebe folder
+  file: path=/usr/local/var/newebe/ 
+        owner=newebe 
+        group=newebe 
+        state=directory
+
+- name: Create Newebe log folder
+  file: path=/usr/local/var/log/newebe/ 
+        owner=newebe 
+        group=newebe 
+        state=directory
+
+- name: Set Newebe config file
+  template: src=usr_local_etc_newebe_config.j2
+            dest=/usr/local/etc/newebe/config.yaml 
+            owner=newebe 
+            group=newebe
+
+- name: Set Supervisor config file
+  copy: src=newebe.conf dest=/etc/supervisor/conf.d/newebe.conf
+
+- name: Set Newebe Supervisor config file
+  copy: src=supervisor.conf dest=/etc/supervisor/supervisor.conf
+
+- name: Reload Supervisor and start Newebe
+  command: /usr/bin/supervisorctl update
+
+- name: Ensure that newebe is started
+  supervisorctl: name=newebe state=started
+
+- name: Add mod_proxy module to Apache
+  raw: a2enmod proxy
+# When Ansible 1.6 will be available  
+# apache2_module: state=present name=proxy
+
+- name: Add proxy_http module to Apache
+  raw: a2enmod proxy_http
+# When Ansible 1.6 will be available  
+# apache2_module: state=present name=proxy_http
+#
+- name: Configure the Apache HTTP server for Newebe
+  template: src=etc_apache2_sites-available_newebe.j2
+            dest=/etc/apache2/sites-available/newebe
+            group=www-data
+            owner=www-data
+  notify: restart apache
+
+- name: Enable the site
+  command: a2ensite newebe
+           creates=/etc/apache2/sites-enabled/newebe
+  notify: restart apache

roles/newebe/templates/etc_apache2_sites-available_newebe.j2

@@ -0,0 +1,27 @@
+<VirtualHost *:80>
+    ServerName {{ newebe_domain }}
+
+    Redirect permanent / https://{{ newebe_domain }}/
+</VirtualHost>
+
+<VirtualHost *:443>
+
+    ServerName {{ newebe_domain }}
+    SSLEngine On
+
+    SSLProtocol ALL -SSLv2
+    SSLHonorCipherOrder On
+    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
+    SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt
+    SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key
+    SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem
+    Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"
+
+    ErrorLog /var/log/apache2/newebe.info-error_log
+    CustomLog /var/log/apache2/newebe.info-access_log common
+
+
+    ProxyPass / http://127.0.0.1:8282/
+    ProxyPassReverse / http://127.0.0.1:8282/
+
+</VirtualHost>

roles/newebe/templates/usr_local_etc_newebe_config.j2

@@ -0,0 +1,7 @@
+main:
+    port: 8282
+    debug: False
+    ssl: False
+    path: "/usr/local/var/newebe/"
+    logpath: "/usr/local/var/log/newebe"
+    timezone: {{ zpush_timezone }}

site.yml

@@ -22,3 +22,4 @@
     - tarsnap
     - news
     - git
+    - newebe

vars/defaults.yml

@@ -105,3 +105,6 @@ selfoss_db_database: selfoss
 cgit_version: 0.10.1
 cgit_domain: "git.{{ domain }}"
 gitolite_version: 3.5.3.1
+ 
+# newebe
+newebe_domain: "newebe.{{ domain }}"