diff --git a/.nvmrc b/.nvmrc index 3e558c9..2b9cabc 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -18.12.0 +20.12.0 diff --git a/ansible/roles/app/handlers/main.yml b/ansible/roles/app/handlers/main.yml index ed44edb..c54be41 100644 --- a/ansible/roles/app/handlers/main.yml +++ b/ansible/roles/app/handlers/main.yml @@ -2,4 +2,6 @@ command: systemctl daemon-reload - name: restart sataako - service: name=sataako state=restarted \ No newline at end of file + service: + name: sataako + state: restarted diff --git a/ansible/roles/app/tasks/main.yml b/ansible/roles/app/tasks/main.yml index b717b60..1372aed 100644 --- a/ansible/roles/app/tasks/main.yml +++ b/ansible/roles/app/tasks/main.yml @@ -41,9 +41,6 @@ - reload systemctl - restart sataako -- name: enable service - service: name=sataako enabled=yes - - name: create cache directory file: path: /var/run/sataako @@ -56,4 +53,10 @@ copy: src: sataako.conf dest: /etc/tmpfiles.d/ - mode: '0644' \ No newline at end of file + mode: '0644' + +- name: enable and starat sataako.fi app + service: + name: sataako + state: started + enabled: yes diff --git a/ansible/roles/app/templates/sataako.service.j2 b/ansible/roles/app/templates/sataako.service.j2 index 1616027..52fc394 100644 --- a/ansible/roles/app/templates/sataako.service.j2 +++ b/ansible/roles/app/templates/sataako.service.j2 @@ -5,8 +5,7 @@ After=network.target [Service] Environment="NODE_ENV=production" -Environment="LD_PRELOAD=/usr/lib64/libjemalloc.so.1" -ExecStart=/bin/node --max-old-space-size=256 src/app.js +ExecStart=/bin/node --max-old-space-size=512 src/app.js Restart=always RestartSec=10 User=sataako @@ -14,4 +13,4 @@ Group=sataako WorkingDirectory=/home/sataako/app [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/ansible/roles/nginx/handlers/main.yml b/ansible/roles/nginx/handlers/main.yml index 3f5ca39..5463835 100644 --- a/ansible/roles/nginx/handlers/main.yml +++ b/ansible/roles/nginx/handlers/main.yml @@ -1,2 +1,4 @@ - name: restart nginx - service: name=nginx state=restarted \ No newline at end of file + service: + name: nginx + state: restarted diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index f5a3e67..1407300 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -1,13 +1,16 @@ -- name: install packages +- name: install nginx, and epel repository (for certbot) package: - name: "{{ item }}" + name: + - epel-release + - nginx + state: latest + +- name: install certbot + package: + name: + - certbot + - python3-certbot-nginx state: latest - lock_timeout: 180 - with_items: - - nano - - nginx - - certbot - - python2-certbot-nginx - name: create nginx site configuration template: @@ -19,12 +22,14 @@ notify: - restart nginx -- name: create cron job for renewing the SSL certificate - cron: - name: "certbot renew" - minute: "0" - hour: "0,12" - job: "python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" +- name: enable and start nginx + service: + name: nginx + state: started + enabled: yes -- name: ensure nginx is running (and enable it at boot) - service: name=nginx state=started enabled=yes \ No newline at end of file +- name: enable and start certbot renewal timer + service: + name: certbot-renew.timer + state: started + enabled: yes diff --git a/ansible/roles/nodejs/tasks/main.yml b/ansible/roles/nodejs/tasks/main.yml index f382fb9..c2f5b3e 100644 --- a/ansible/roles/nodejs/tasks/main.yml +++ b/ansible/roles/nodejs/tasks/main.yml @@ -1,10 +1,7 @@ -- name: install packages +- name: enable Node.js v20 module + shell: dnf module enable nodejs:20 + +- name: install Node.js package: - name: "{{ item }}" + name: nodejs state: latest - lock_timeout: 180 - with_items: - - gcc-c++ - - make - - nodejs - - jemalloc diff --git a/ansible/roles/os/handlers/main.yml b/ansible/roles/os/handlers/main.yml index 74ccbf8..84b9881 100644 --- a/ansible/roles/os/handlers/main.yml +++ b/ansible/roles/os/handlers/main.yml @@ -1,2 +1,4 @@ - name: restart firewalld - service: name=firewalld state=restarted \ No newline at end of file + service: + name: firewalld + state: restarted diff --git a/ansible/roles/os/tasks/main.yml b/ansible/roles/os/tasks/main.yml index 60e65cf..590cac5 100644 --- a/ansible/roles/os/tasks/main.yml +++ b/ansible/roles/os/tasks/main.yml @@ -1,42 +1,25 @@ -- name: add epel-release rpm repository - yum: - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - state: present - lock_timeout: 180 - -- name: add nodesource rpm repository - yum: - name: https://rpm.nodesource.com/pub_18.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm - state: present - lock_timeout: 180 - -- name: add nginx rpm repository - yum_repository: - name: nginx-stable - description: nginx stable - baseurl: http://nginx.org/packages/mainline/centos/7/$basearch/ - gpgkey: https://nginx.org/keys/nginx_signing.key - gpgcheck: yes - - name: upgrade all packages yum: name: '*' state: latest - lock_timeout: 180 - name: set timezone timezone: name: Europe/Helsinki +- name: install nano + package: + name: nano + state: latest + - name: install firewalld package: name: firewalld state: latest - lock_timeout: 180 notify: - restart firewalld -- name: configure firewalld +- name: allow http, https and ssh through firewall firewalld: service: "{{ item }}" permanent: yes @@ -48,5 +31,8 @@ notify: - restart firewalld -- name: ensure firewalld is running (and enable it at boot) - service: name=firewalld state=started enabled=yes \ No newline at end of file +- name: enable and start firewalld + service: + name: firewalld + state: started + enabled: yes