diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2024-09-25 19:18:15 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2024-09-25 21:44:41 +0200 |
| commit | f0feb7c74ca2252ef2513da12fc85be9684a54b4 (patch) | |
| tree | 301152d43426ab8f242ab835fdc04e6f3ba21196 /tasks | |
| parent | 5f9605745f4f8e59d5aba78da18b8a50bc4a5d88 (diff) | |
Copy webmap-publish.
We also replace persistent/shared RuntimeDirectory settings with
directories defined as tmpfiles.d(5) entries. This gives more control
over access control.
We also change static compression from gzip to brotli on the HTTPd.
Diffstat (limited to 'tasks')
| -rw-r--r-- | tasks/httpd.yml | 6 | ||||
| -rw-r--r-- | tasks/webmap.yml | 61 |
2 files changed, 65 insertions, 2 deletions
diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 22757d5..2e1fa98 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -2,6 +2,12 @@ - name: Install nginx apt: pkg=nginx-light +- name: Install nginx modules + apt: pkg={{ packages }} + vars: + packages: + - libnginx-mod-http-brotli-static + - name: Start nginx service: name=nginx enabled=true state=started diff --git a/tasks/webmap.yml b/tasks/webmap.yml index 053b744..9e2c2f6 100644 --- a/tasks/webmap.yml +++ b/tasks/webmap.yml @@ -1,14 +1,19 @@ - name: Install gdal-bin apt: pkg=gdal-bin install-recommends=true -- name: Install unzip - apt: pkg=unzip +- name: Install unzip and brotli + apt: pkg={{ packages }} + vars: + packages: + - unzip + - brotli - name: Install python dependencies apt: pkg={{ packages }} vars: packages: - python3 + - python3-brotli - python3-gdal - python3-lxml - python3-requests @@ -309,3 +314,55 @@ target: all - meta: flush_handlers + + +- name: Create system user '_webmap-publish' + user: name=_webmap-publish system=true + group=_webmap + createhome=false + home=/nonexistent + shell=/usr/sbin/nologin + comment="Webmap update (publication as MVT)" + password="!" + state=present + +- name: Copy /usr/local/share/webmap/publish.py + copy: src=webmap-tools/webmap-publish + dest=/usr/local/share/webmap/publish.py + owner=root group=root + mode=0755 + +- name: Create /usr/local/bin/webmap-publish + file: src=../share/webmap/publish.py + dest=/usr/local/bin/webmap-publish + owner=root group=root + state=link force=yes + +- name: Create directory /var/www/webmap/tiles + file: path=/var/www/webmap/tiles + state=directory + owner=_webmap-publish group=root + mode=0755 + +- name: Copy webmap-publish@.service + copy: src=etc/systemd/system/webmap-publish@.service + dest=/etc/systemd/system/webmap-publish@.service + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + +#- name: Enable webmap-publish@.service +# service: name=webmap-publish@{{ item }}.service enabled=true +# with_items: "{{ webmap_layer_groups }}" + + +- name: Copy /etc/tmpfiles.d/webmap.conf + copy: src=etc/tmpfiles.d/webmap.conf + dest=/etc/tmpfiles.d/webmap.conf + owner=root group=root + mode=0644 + notify: + - systemd-tmpfiles --create + +- meta: flush_handlers |