From 3b3b2594aa10c05f28ed8663899453ab72e3b0fe Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Dec 20 2022 22:13:26 +0000 Subject: Merge branch 'hellcp/paste-addons' into production Additional paste configuration https://gitlab.infra.opensuse.org/infra/salt/-/merge_requests/602/diffs --- diff --git a/pillar/secrets/role/paste.sls b/pillar/secrets/role/paste.sls index 70f4eee..3d4cb61 100644 --- a/pillar/secrets/role/paste.sls +++ b/pillar/secrets/role/paste.sls @@ -2,6 +2,149 @@ profile: paste: + credentials_yml_enc: + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+JeYBWcoCXmKUSB5aw1MJowRznxhp7mXYSBY5IhY86QXI + Xe5kgpbAvw6AcKt0pDC2tY4IQON1lgs25GtsDNLH0zMz01IMZlMUAc3vaQeiOEkD + Fifz4wp6sBVXPoUK+mmOHRfqbPBrgJ8td25jlbc2imjKyvOArlkdwv0fgy3S5k14 + 3Korfc99ofqoWZrRyZ36+IJ78dkrlNSf9KBY8k0oiBXUDXXkhXJRCjJLkywwrw/k + oTkg/g1qxE+ENvQqApbPNBtVvw4j19wbJ48CcoJY5XgJPkNQLBO8s8ziPiV+A3xG + 8FZeWmLEd373ang9xq8mTe2T642qB0SLn0Mna8I4pS0cRALgfHqXskeS4op/kqbS + P2XowDkQ1k1myaA2eO1Ts8JbUDUD6zlNAZ/0gz+0Vf/PmPkHVcqDD4jKtTDpvuUu + Ju54s+Hd4/79Vfd1Y9T4jStTpewOOiPZN38urLP72KCRZ9Beg6xjCkUhBlyK/NIF + frPoxDQZRY2z1Bh+JkfNtj+6JW8JermQaMoogHUclfkMuIMLLF1mTdzmggzrDayZ + P1BRvW5rU/oUTKsRU40yPMJwRDjLXxHLeYgcTbNR9KrF/VuboIvGkkgIS3/LKJ2C + HjKEZu0Ojz0B8lmmdV/Ey51A7zl93+gwK14r0dIXGchYEmi6n8OwMaRDGnghLI8P + /jZd3jpEr7kLJZEDTcX7ZICNuuLSDn+4li7cf/WysAtg1XSBvD4/IgQzoet8IeqN + UQwSpNMqs7a2YlC0jzeV17kFCyJ4ynbDpcLcqLG3s/bATSTSeLcrt41q5WjB5vk8 + nCFvxeNZWgOckbu+gvE1ReT+X8hEBBpcSpbFygIiMQe4A3Aue7yagT7rdy5aJDHt + 57JMpmyKQpP7aFTkC3HINxFaMqcHZpvyHdIId7i/vBx45hhnuYtDB2HkGMZwBB+F + xhLJFkN6vh7JNIkTI4/m/HFeA7h7bLV97Mz33Mim9LEiW0XzvGaQhI67EfG9/Dyq + qax7yujvBoaYCU181NdKla0St7Z/mjRUf9QocWnmdBFc/ZTZwHjSDi6AZMj7dmm7 + ssX+XCWxJZZ15vs9soTHfHnXUAZR/GftOW47qph2AG7IW9u1fQRP65sPDFHWFUQ2 + PY4upIMdktdSS+W4bUvOqK3SuD5FuPGfIC1DRlMRfJoz/Z4tJb9fDWoz0+KiLjoh + ne+USVGK1tN/EbDI42gaIHP/p5YSWOyftiWscOaGa399pVxCsbJOYrW+fXcLn5eo + VcqGaLvGYw+sRLVX4vmMrSTjhRTbMkFgx4Rr9AylCjUD7tFcvazbrmMuiC2MK2oy + Ns40I/Evncxtr8E7ezWTTD6R6b7c2KKOwmR4nVUCDwEuhQIMA8amgupjyC8cAQ/+ + IuL0BDCBultkLCB+4tsmKUtLimOYgtoSrRPg/EAGHt3PXdZ5CFZYInUP0cUYCxCo + qY7YU/NuLdqhpaGwW6AZUXLHzJTGygNs53NZw+IX0JF9VEfF6fPxdzSu3wv4kxh2 + DnfBcNVuuc7xg2aryLcoJJsQKVuMS0SCWlqOXhXvaBo3tEjA2RbavIUuxIe9Wnfu + 1IPR4OJC5sY9+gLteWh9INmUxbxmQP49HclmygcCwIH09rsp0JieDs5Q30hnx8aA + IDGKMJE7BNlbgLaq6mq4/ToN9+KlXxGbI5Vf3umr/hMZ8RlN4hufuuoqcsujPEqS + bTsmARyfFC+fc1GUnwvvwP8xpzZrWaZ8hs20XodWy2JiGTj/BDhgXwkcXZ9AHLsq + hc8IVgMwDOw+m0qHKggTqipSjFjT2ScARdHWpBDI+GLo4x3LGGgNlJlvFA933ixD + 6JngIGJ6WHYXslauKTaI65KKYH7084vYMntLF7BomuO/dW7PBlEsCFckwfpg5GJR + GHgCBXs7ZQFLnZrpZXqJzvVEcmo06ChaNsWeUQ5gQ+QQv6RWSXf7Zcu5Gt57SZO4 + r7FK1FD9OuexU14T7yhCDF5VYVUUvLQ62ZPA5tmYll58eHdXFshY4UNEv6mADKwt + iH7t/uWOOm+eZOldeZ1PlU8t5syV5ZM7dogYG+f7B++FAQ4DslgfDDfB4G8QBACM + 0DKNCqFaAFYUrim5mVZzDuGta6zr776CETyfZe2b1ZuT4RZaBk9vOpLr79Uk9npY + X9TQtDC3p2Ms6iWKLYt6S2//xdv3rozgGwXsVcdLaGq7M1GJzWc8SMfyk1txA5Ib + XmSiy1VztDznRKzYi2EZge6gbPyoZL/ht/eaBk4HAQP/aERw/Wbj7NJxmIb8yBcZ + Qx1L0iBZkuRh78LqzilK3xauWcvEdZz+3xmnX3lAK1vH/3kJ2nARaHt/NqePy4i4 + G2oFF7nQAWfrVFkF7IvhBb1g2fLt5rqd+TcO8xKF7cwvQZwBet24uozJYPcbZzv6 + zTipbUJeWoHarVg/RtVZWu6FAg4DiLcKbyvsTOYQCACitgVFCrb6Wz6He0LDGoMu + Wvj+al6gIuBUWeLtkdv3j8NyL+ZkDSIR4+cl24ZAuGa/Z1hCwqIhagXysRXBpJkz + PaNOUCiWOqytFPLXkBNLzufgaE+hbZjflv7HN3fNHXSc9Vm1RmgQzRjPwmzk/wCQ + H6wazgeeKrSOwhz02hqFLiIMzopZ39r6fZsZ5FpacN+VvQuUug0B8aWPuXWtBUcR + 83vG6pp8JZK18OPYOEh7zVxsrxE+UH6rTVS3mvwJksdV3aI2M7M++9I0pRjpN8bX + VHhMP/cQ4TZWlwLMqMLdVPXflmZKDNMQp1INpgPFgpS6uEqU+CWSHXFy4+iV9GBJ + B/91ySBFKIYZMRvCITJa0FgGgHpFve30e5FXL3Xwp/jf/3cGLG/YE9/J+mRcgJcz + xzlDQwBvIUy2LZH/vTS9RH1jqBsPq8QzrHPavpup6EGsQjYdSoFPNct2gWjqxf+Y + sA54kcgEW3ls8iWiB8rGktP7niSV0/qBqHpEIxC9zxH/Wc6HJRXF2iZuKTaw6IUL + ZSWfyGYnYlro9HbQb0W06xW6e+10LIGEZ04Q3f144Ko+nn2R1EvCTqnrXDfMt1Ul + wa+htJNAnVu/EBtewbp2+cqWn+q2pRhm/Iq4s8HQpCXJUlYwylBkxdrJE0cVI1KK + qJr/+CJ81j/m56UTCxa26NaZhQIMA6zwzgobrGmRARAAsHhfx3dE5gZy6OqFkdA7 + lYP9lT8dCfl8K+NgNx4wqzYhpQb082ZuVjONNUzjlNLq0MjVHW7v5gWV/9eFPbk3 + HCw4qAuJiuIvEsFD9lOi7T+qwV24fX9IG2AmkJf98DfJ0TCKsV/MMhK1w7W49hDN + cwz2gpNuigG79LVG/OrN6/dPJok1PM0CQLHLrIjkkVn30fyW+vgjkkkcqHXUbzDM + h6pl0aswCMAKmSmVtCSUwyBwEMR4VZfUZHaUb8Am+5DPhbO8XV77knCFS7i1kgK/ + EDNOVWBev4DyM4sv9VFiHEsf/aYyc9t3pog5pZmrEwuTEMj5GU8k8O1r1wzTw+gN + EOCQOXNuO1+n/pKUxTLxw+Gp+BPgkgwOsi54ewOPV//8VCw/ECFc+CAn6wfUt7L9 + 7Iqn2x2F2IcmpRzg1ckvH7hsMgzmztLRv2lkBdJ0bDEKvb52QwNoftdL696vbInp + Mw5R66VcMHnuXpOa1XV3kcnNeAGVR8RVI2+ZdsprCaWOjwFo7pamkL5JU4w+s4ib + Z5q/jugSYhzNPhcNXiah1cMjjnnbBFbrLvfoxwUaDyf/VbQr//YOQCkkgZeL047y + lAGrabxjAZ+oS14gycwnu0YbIvj0lv9GoznDbhO35fP7LvoLMhWEthImh88P1wkV + h3qVq/HC28oo8xzzjvwDQ+rSwQIB726AJhVM6sZw8GLieaBRUCptnIp5TOwRd1/0 + QLreDKOQd27JQ3TVIXzYckdFtkqo+PEiMJ7SeP3KK0GUyuwqaIw4DrgmC8VausH5 + Nbnaua6izYzRTJhrNaGxKQvMLFxuinduLLP/Y6IDI9RgkAazirmDh+LfUmX50m0T + ag4W4uCF4XlCvfvXdtFGxbDwX/X+4RhlS+eVI3ElNCLbcblmEHEXIogpH2obaM2m + v1q3B5vWfGoO6wEgXy/ToPqdSIRUhbCLedRVsSAItkuwr670zDRvxPOIZp6Lhy6N + mzlRgl3tJbDoN6cxa2XQxVRJTR8znfodi1EYMNfPmWFwMmrkwrRWYXvlcUJR7C7b + Kix8YLplQE+iquQi0PED/o6y428vYwyg3r0+3VaMVXem3JE9UYK/VGlLEonzeLnd + GFbdsfnyhovws3UlQTz08sRfj+Yosfz4gyH1tgGkTNg+nF9xx5jZ4Eo6KapBXjzy + S3jVA1NfTYGwMhgF5YNpgXR45aWZCAE8CImYLT2yO5dSkJ37oNNzO1seHrF/DMf/ + AFJkUBKcHgnCjlQyZa2viqONzwuFYPc34KwWx+DKQJAF1nxjdTo= + =JdRU + -----END PGP MESSAGE----- + master_key: + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+N5ZN8fTUrhL1nFxbC7TMEYSP5aZRAWsILuZjNitSZ3uU + pqz8mMdKdLICIy8MSakXhX6A77c4q7hcPn895wGXJTnxZsiT14QAzZ5sqJgo0Z+H + b5BkPmANlq9Xe8Wm/53pjBmPux4AGneFcaiTQ5QkFZPiaCJ2BS+SFGiQ4K/XWsoo + dkHop39OJ8pUAT9DAE6wMGKCTvtSpJ+Qc90W8q2Q7FU3qIcnprX9xoc5iwVrBWbP + JUMMlt6fCurebrTbzeAPsJD6qClZIDHn2I6sdrvWs4ySPycISvXjf6+1dHA9I7yt + 9efcqdJXI0hLpq+QEeROAbPvZkdbLH8xvReCm1r89Wzr/WiOjJICx0w0gxib4Idk + 7xchBYOoEYrfxmO7OBuD5hh4Zw8LKi/n4wwclNH13Vdf09CBvdxmzKkYA3ChBeoh + WiIUD2sfvkRHe2weELyRXxRt6/VIs/gH7i2dtRm0U5z9CVtDOjfPxb4yA5WeMFMA + RjtYR6PhsIs/6Bmv8VbusIwTjvsNiX0vWGOwNthf/tnBJqQxymVkt8vANs3xvRkH + LImY+JeZuZFPRmBZDesTXlGWQmYsx3vjVOxAoXwFd55HVQCJpys+Sou0E6AmalfS + yfWfA7liPXrI/EDMs6qAUY4MMKrZsJfoqFJiYUUyqsfLilzKBPHTQ+chdRxalKoP + /iqtQbgm4WZYpqm8/Qw/MGizpjCwGVyptYaTiEcuibRn/f+PEHrVdnlnvbu5xGAi + 6xH4gKtxrJRf9F+QdBrmsuLt1ET8fjNQ6JKZf6/nlnkvG35qQqiFgBruPC81A9FA + jcvo+gjEyV6ikVayRSVef43h94RMZfh+ot8aJ1R/cwbDoU70Y5Ed/OYO7Gaip+Ef + OCGdCjK3geJdA7GJaYkJYABKEJqWPFwSf9l2JlxWXyPxGMppRQsRdWtHjTtaDrJI + xRtN62/NyhcCeOdXZxlwgoNNNzRqq2fC+Tq57GtkL10P0IFXKA3qkeYYyIrWF/Ir + XD8PcbyHx2/vOcp3NKarFeil25/JEimVwrPmMw6ydr6ILC3RlMlRkdJAtc1tiaah + bKCK8TvFxbdzq/4DVhZ17JQsgfoWcmVnrqYS3ZDC0vMcsSAL+mp9AVclhMrELM5+ + vmBG95iadkX9NHqMaTvRPjOYqQOCyPJnzSIiqAqtMKJBZbuQfTAER0eZDC5b5Gd3 + t9nqe1fb8FVwMN2YTvmDLYIKSVbaj9HwaBXmP4Ixt0w0GzxR06Je03Tv7Yh1Z0I5 + QxR+vmtQtrtsb1djKAgDYjz6WGydz93rNxU+AONpHlVRqkES7nqIbha+kVQHcyrk + glm/kbKIzVuL5BsB4/iIt7E1NfUsHwddXz2zAAPuCRKfhQIMA8amgupjyC8cARAA + tXWxBjbNER3yMEP4NXnFAWGsFeoCDqgUbfyDFI6qAK82DugFTBFQzckUH1Q4ew9r + VtBHzUrwnqmi+tsMUDnVOU9Ly+67vHQfzBBUyfureI+FXTxW4SHNf527dljShmPH + xJCIwzIbANF3CuH314JkF6zQa5WlqSkHZ1hv6lNClv3Y7rNWj2ajOerOpK9SeyFL + 4v/WOF783oNaiqEhwIaTfmHKVXrc7+wOK+XIH83z7DHDxLUGXdOamaqYB50JYd4z + Ax3BzUo4WwIUGiwdjk6MizPzJZpB2Is3TJnwXl+3Ci1r/5N15atv8KVHojvXuFRI + Ppet6jAZrspBinaej1He9WGAPfRfCG8Mr+W3zNyoBAD9Dm9mOZ6P3El+4WgehqjO + kLfF+vJeJB/xP6GuB/GvQSPHTaqrHmir+hYHl1I2us9LiptWrXJGhbvTujPPgHat + SYlXkGodJHEuHdqH3I1zcb6NBBF8VHmxFS3cGlcA014z30Wgs1kTfjCO+lRcl+/+ + 0VCtGJTxlhhEl2uZ/qmmkfftO2S7BOuwcCaZgF3ARIDHV5+jOSKvvZJIeG6650NJ + lRafVJPRzKGGtiDWzQc18yPK2rHBUnxf/KvGhjmufEy4QlyKPEanG15g4HXci6I3 + o38aPI5xNWZrGhsaQNlct217EQmah3FIkIzMWTBDPNOFAQ4DslgfDDfB4G8QBACl + Tob+KC9D/TxTYh6vvqgfA+N34gu0+JjO9KQP3vNTsiaPmlxCQ5dh++GefreJOvYB + s20qNDORl9hHMiUxz24RLgQblFQN4mAuxYXIuqZw13GEr8gbAGFJR8K3wSlFyzc5 + yWFXBkzWxYhS+YeEOusH0b+JVaFDi/TcKez6wEHTdAP8DVlpvT+zz5fKmBK48YzM + NQ4AqVJnmPngbMSJwmPB3H4H60/bY4jbIEi4wSoEmWzSXeWr42Eq+QfsuKBUnfQd + SfmXo6D293LBXTdydyGYynutA1ouyAAJJpNFkcZShVAfKy53yXpuwpRwdgV3o872 + lyrztvqPoz/PbBJDtt+dpP6FAg4DiLcKbyvsTOYQB/wLrqG27qyvdPxVTERpa/yD + mOH5QoWk/9ej2qAOvz+5w3Oi21DVCL8Jhi92aMdX53qSmbi9LOYP3Vqj8VvI8Fy/ + 09vAVqB5CiQudH2q+WYAKmVd6PvQ+SopEIwtbSfBldMv99YIS+2VXeObHf+wEXVh + iMamyTzdswO/HCYteqIo0o+raNPDKYxO1V9iktcDRrtmhzlpSi4QjAxy5nhki38f + rEdbF1CHE8MOLeu/G0FBJev2zhFzY7wwGum01pT53MkRveB5Ho7yMzh/cRCNUYxh + SvHBG3RALTtcMOwQx0rlwTgDyQull+Uvq6f27RkKJyXgLmIVRLUEMklMOFZVXh5d + CACKQHabWTYDPfCImLYAAUuVoQrxbayCS0hWkmBFcU3OyKsHtILT73BEpWWKN9wF + K2jQxfu2nKS/a/a4CI0UmGWKGs6uCqC0s+rRUL2FBaD5KYuxXOpLvXhDxvWHu4ak + 4MSgrztvlKHENoIvc9lyfGx2MDB1K8igqB1LxA9UAFgd8NLGX2LORAxjw7gQz0WV + MAqLobR1O5SCo02dUdEQ6ca0p36dJ+zQ7ZdgTci1+448VtEXjBfQDazohKYz7l0T + rbc62ZVtK0aHbtrtkTUeSbvPrIykXS2IKzq1KOVJ1ILXb8438FrflUJUl8Z+DLAY + vJzyRUk2W/+T80cHJU3FvavYhQIMA6zwzgobrGmRAQ//SZEXbTjCQf7hdpaDZpM8 + zuplNLgK105P4Y1IoYWf2X3eW9pMilntS38NT5bvEtp5HaFUXW3f0eOlmCxn9HFG + Rf75qaeuKeePO3Dwo1ClZFCAjzRIm30UGOdbofIRGifyyt68p2OT0XRPpg5D80cc + eTyBZTIu+eraG16oAvE2+5j9IeO6qHte8smrhmvUrmN32PZxzlJ9cXbQRHPne14Y + rNNV1fHEQqtH0PYV1YLfx2ai19wzGEpEEQeiLlFcqBIcX4M/SQ4pLcUtUuw6h7ic + UtBcOR6Cts6u+C23heiXZZpxpjqt97VjZiM9+fCVADdtfgxBo6GkXAsMeXf8IwYW + bVj3bAJD7SyWP9dv6e2h6+ljGn3WUNF1n/goylFl3N2y65jDKhqVo1v4ldoGKXo9 + n4F7wgWLauzKfnL7OqJyxCPFLjzgX+e/BoSugNs8H5eyBn/7mGmmYHWI02RPkkuw + ug4rXOn8gEaaSKWq03TO/+cImOQuX0XPIjucE3QESNXSlrPE7CwHvvKl1oaSeuio + iHfxJ8uNyb15YHEl4/gxhdP+63nfGaAzTsDEJHNvI3LZbzhcTDR5dBlSD0r6MUHp + YlmdEic8r7A2MR3LKjzboBS0O5THXPPqzKAg+cyk6MBp9hooHJj6BnU9/cF2FcjP + PKbceAi3UUpMocQA4ncA3azSWgF3usydiS8JGtV4QCf0jObLKu/7iQtNLSIc/2+d + 8FjbTgr/mk/NhKPgyN73Rq0RmwymsJs5exk3BxJfmpe84jNGeGIUgU9zvtTneeSV + LWkO1ZBdzNGee3fYcw== + =dd3P + -----END PGP MESSAGE----- openidc: secret: | -----BEGIN PGP MESSAGE----- @@ -277,4 +420,4 @@ postgres: nMnr+ZPxAIAqtwvNMUIhg9zSQwEc3JIS046URZM1fXvuUvUgjc33kD8WmL9dJPP8 7B2ld6kQdsOR6d5D2sJEFrdCp5oaD/z0xxkLVI8YsVlWDURIITE= =49/2 - -----END PGP MESSAGE----- \ No newline at end of file + -----END PGP MESSAGE----- diff --git a/salt/profile/paste/files/paste-sidekiq.service b/salt/profile/paste/files/paste-sidekiq.service new file mode 100644 index 0000000..e96b0c0 --- /dev/null +++ b/salt/profile/paste/files/paste-sidekiq.service @@ -0,0 +1,17 @@ +[Unit] +Description=Paste Sidekiq job queue +After=network.target + +[Service] +Type=simple + +User=paste + +WorkingDirectory=/srv/www/paste-o-o + +ExecStart=/usr/bin/bundler.{{ ruby }} exec sidekiq + +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/salt/profile/paste/init.sls b/salt/profile/paste/init.sls index d1d3668..1a59809 100644 --- a/salt/profile/paste/init.sls +++ b/salt/profile/paste/init.sls @@ -12,6 +12,7 @@ paste_dependencies: - postgresql-server-devel - {{ ruby }}-devel - system-user-wwwrun + - nodejs16 paste_user: user.present: @@ -28,10 +29,20 @@ https://github.com/openSUSE/paste-o-o.git: - rev: main - user: paste +paste_bundler_deployment: + cmd.run: + - name: bundler.{{ ruby }} config set --local path 'vendor/bundle' + - cwd: /srv/www/paste-o-o + - env: + - RAILS_ENV: 'production' + - runas: paste + paste_ruby_dependencies: cmd.run: - name: bundler.{{ ruby }} install - cwd: /srv/www/paste-o-o + - env: + - RAILS_ENV: 'production' - runas: paste paste_db_migration: @@ -59,6 +70,15 @@ paste_assets_precompile: - require_in: - service: paste_service +/etc/systemd/system/paste-sidekiq.service: + file.managed: + - source: salt://profile/paste/files/paste-sidekiq.service + - template: jinja + - context: + ruby: {{ ruby }} + - require_in: + - service: paste_sidekiq_service + {% for config in ['site', 'storage', 'database'] %} /srv/www/paste-o-o/config/{{ config }}.yml: file.managed: @@ -71,6 +91,18 @@ paste_assets_precompile: - module: paste_restart {% endfor %} +/srv/www/paste-o-o/config/master.key: + file.managed: + - contents_pillar: profile:paste:master_key + - mode: 640 + - user: paste + +/srv/www/paste-o-o/config/credentials.yml.enc: + file.managed: + - contents_pillar: profile:paste:credentials_yml_enc + - mode: 640 + - user: paste + paste_service: service.running: - name: paste.service @@ -82,3 +114,18 @@ paste_restart: - m_name: paste.service - require: - service: paste_service + +paste_sidekiq_service: + service.running: + - name: paste-sidekiq.service + - enable: True + - require: + - service: paste_service + +paste_sidekiq_restart: + module.wait: + - name: service.restart + - m_name: paste-sidekiq.service + - require: + - service: paste_service + - service: paste_sidekiq_service diff --git a/salt/role/paste.sls b/salt/role/paste.sls index decd3f7..157b218 100644 --- a/salt/role/paste.sls +++ b/salt/role/paste.sls @@ -1,3 +1,4 @@ include: - profile.web.server.nginx - profile.paste + - profile.pagure.redis