deploy: Add Ansible deployment scripts

roles/webserver/templates/nginx-site-ssl.j2

@@ -0,0 +1,27 @@
+server {
+    # HTTP/2 allows requests to be pipelined within a single connection
+    listen 443 ssl http2;
+    server_name {{ inventory_hostname }} localhost 127.0.0.1;
+
+    ssl_certificate /etc/ssl/crt/{{ inventory_hostname }}.crt;
+    ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.pem;
+
+    # Cache and tickets improve performance by ~10% on small requests
+    ssl_session_cache shared:SSL:1m;
+    ssl_session_timeout 4h;
+    ssl_session_tickets on;
+
+    location /favicon.ico {
+        alias {{ project_dir }}/static/img/favicon.ico;
+    }
+
+    location /static/ {
+        alias {{ project_dir }}/static/;
+    }
+
+    location / {
+        include     uwsgi_params;
+        uwsgi_pass  unix:/run/uwsgi/{{ project_name }}.sock;
+        uwsgi_buffers 256 16k;
+    }
+}

roles/webserver/templates/nginx-site.j2

@@ -0,0 +1,17 @@
+server {
+    listen 80;
+    server_name {{ inventory_hostname }} localhost 127.0.0.1;
+
+    location /favicon.ico {
+        alias {{ project_dir }}/static/img/favicon.ico;
+    }
+
+    location /static/ {
+        alias {{ project_dir }}/static/;
+    }
+
+    location / {
+        include     uwsgi_params;
+        uwsgi_pass  unix:/run/uwsgi/{{ project_name }}.sock;
+    }
+}

roles/webserver/templates/settings.j2

@@ -0,0 +1,18 @@
+# Template populated on {{ template_run_date }}
+[settings]
+
+SECRET_KEY={{ secret_key }}
+DEBUG={{ "True" if deploy_mode > 1 else "False" }}
+ALLOWED_HOSTS={{ inventory_hostname }},localhost,127.0.0.1
+DATABASE_URL=mysql://{{ db_user }}:{{ db_pass }}@localhost:3306/{{ db_name }}
+
+# LDAP auth
+AUTH_LDAP_SERVER_URI={{ ldap_server }}
+AUTH_LDAP_USER_SEARCH={{ ldap_user_search }}
+AUTH_LDAP_GROUP_SEARCH={{ ldap_group_search }}
+
+# PURE settings
+PURE_URL={{ pure_api_url }}
+PURE_API_KEY={{ pure_api_key }}
+PURE_USERNAME={{ pure_api_user }}
+PURE_PASSWORD={{ pure_api_pass }}

roles/webserver/templates/uwsgi-service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=uWSGI Emperor Service
+
+[Service]
+ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown {{ web_user }}:{{ web_group }} /run/uwsgi'
+ExecStart=/usr/local/bin/uwsgi --emperor /etc/uwsgi/sites
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

roles/webserver/templates/uwsgi-site.j2

@@ -0,0 +1,18 @@
+[uwsgi]
+project = {{ project_name }}
+uid = {{ web_user }}
+base = /var/www
+
+chdir = %(base)/%(project)
+home = {{ venv_dir }}
+module = {{ project_full_name }}.wsgi:application
+logto = %(chdir)/%(project).log
+
+master = true
+processes = 2
+listen = 128
+
+socket = /run/uwsgi/%(project).sock
+chown-socket = %(uid):{{ web_group }}
+chmod-socket = 660
+vacuum = true