A roles/paste.sr.ht/defaults/main.yml => roles/paste.sr.ht/defaults/main.yml +3 -0
@@ 0,0 1,3 @@
+---
+pastesrht_oauth_client_id: ""
+pastesrht_oauth_client_secret: ""
A roles/paste.sr.ht/tasks/config.yml => roles/paste.sr.ht/tasks/config.yml +39 -0
@@ 0,0 1,39 @@
+---
+- name: Ensure the paste.sr.ht config is injected
+ ansible.builtin.blockinfile:
+ path: /etc/sr.ht/config.ini
+ marker: "#-- {mark} ANSIBLE paste.sr.ht --#"
+ block: |
+ [paste.sr.ht]
+ #
+ # URL paste.sr.ht is being served at (protocol://domain)
+ origin={{ srht_protocol }}://paste.{{ srht_domain }}
+ #
+ # Address and port to bind the debug server to
+ debug-host=0.0.0.0
+ debug-port=5011
+ #
+ # Configures the SQLAlchemy connection string for the database.
+ connection-string=postgresql://postgres@127.0.0.1/pastesrht?sslmode=disable
+ #
+ # Set to "yes" to automatically run migrations on package upgrade.
+ migrate-on-upgrade=yes
+ #
+ # paste.sr.ht's OAuth client ID and secret for meta.sr.ht
+ # Register your client at meta.example.org/oauth
+ oauth-client-id={{ pastesrht_oauth_client_id }}
+ oauth-client-secret={{ pastesrht_oauth_client_secret }}
+ register: conf
+
+- name: Enable & start paste.sr.ht service
+ ansible.builtin.service:
+ name: paste.sr.ht
+ state: restarted
+ enabled: true
+ when: conf.changed
+- name: Enable & start paste.sr.ht api service
+ ansible.builtin.service:
+ name: paste.sr.ht-api
+ state: restarted
+ enabled: true
+ when: conf.changed
A roles/paste.sr.ht/tasks/db.yml => roles/paste.sr.ht/tasks/db.yml +15 -0
@@ 0,0 1,15 @@
+---
+- name: Download database schema from git.sr.ht
+ ansible.builtin.get_url:
+ url: https://git.sr.ht/~sircmpwn/paste.sr.ht/blob/master/schema.sql
+ dest: /tmp/pastesrht.psql
+
+- name: Create database
+ community.postgresql.postgresql_db:
+ name: pastesrht
+
+- name: Ensure database layout
+ community.postgresql.postgresql_db:
+ name: pastesrht
+ state: restore
+ target: /tmp/pastesrht.psql
A roles/paste.sr.ht/tasks/main.yml => roles/paste.sr.ht/tasks/main.yml +15 -0
@@ 0,0 1,15 @@
+---
+- name: Install paste.sr.ht packages
+ community.general.apk:
+ name:
+ - paste.sr.ht
+ state: latest
+
+- name: Setup Database
+ ansible.builtin.import_tasks: db.yml
+
+- name: Setup config & services
+ ansible.builtin.import_tasks: config.yml
+
+- name: Setup nginx
+ ansible.builtin.import_tasks: nginx.yml
A roles/paste.sr.ht/tasks/nginx.yml => roles/paste.sr.ht/tasks/nginx.yml +13 -0
@@ 0,0 1,13 @@
+---
+- name: Copy nginx config file
+ ansible.builtin.template:
+ src: nginx.conf
+ dest: /etc/nginx/http.d/paste.sr.ht.conf
+ register: nginxconf
+
+- name: Start & enable nginx
+ ansible.builtin.service:
+ name: nginx
+ state: restarted
+ enabled: true
+ when: nginxconf.changed
A roles/paste.sr.ht/templates/nginx.conf => roles/paste.sr.ht/templates/nginx.conf +23 -0
@@ 0,0 1,23 @@
+server {
+ include sourcehut.conf;
+ server_name paste.{{ srht_domain }};
+
+ client_max_body_size 10M;
+
+ location / {
+ proxy_pass http://127.0.0.1:5011;
+ include headers.conf;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'; frame-ancestors 'none'" always;
+ include web.conf;
+ }
+
+ location /query {
+ proxy_pass http://127.0.0.1:5111;
+ include graphql.conf;
+ }
+
+ location /static {
+ root /usr/lib/$python/site-packages/pastesrht;
+ expires 30d;
+ }
+}
M run.yml => run.yml +4 -0
@@ 27,3 27,7 @@
hosts: all
roles:
- role: builds.sr.ht
+- name: Setup paste.sr.ht
+ hosts: all
+ roles:
+ - role: paste.sr.ht