add meckerkasten to uwsgi_python

remove obsolete roles

lehrpreis/defaults/main.yml

----
-# file: roles/lehrpreis/defaults/main.yml
-
-lehrpreis_web_root: /var/www/lehrpreis
-lehrpreis_name: lehrpreis
-lehrpreis_user: lehrpreis
-lehrpreis_group: lehrpreis
-
-lehrpreis_default_locale: en
-lehrpreis_default_timezone: Europe/Berlin
-lehrpreis_auth_group: users
-
-lehrpreis_ad_host: ad.example.com
-lehrpreis_ad_domain: EXAMPLE
-lehrpreis_ad_user_dn: 'cn=users,dc=example,dc=com'
-lehrpreis_ad_group_dn: 'cn=users,dc=example,dc=com'
-lehrpreis_ad_cert: ''
-
-lehrpreis_branding_app_name_de: 'Lehrpreis WebApp'
-lehrpreis_branding_app_name_en: 'Teaching Award WebApp'
-lehrpreis_branding_app_url: 'https://example.com'
-lehrpreis_branding_org_name: 'Example Org'
-lehrpreis_branding_contact: 'committee@example.com'
-lehrpreis_branding_logo: ''
-lehrpreis_branding_logo_src: ''
-lehrpreis_branding_information_de: ''
-lehrpreis_branding_information_en: ''
-
-lehrpreis_mail_enabled: True
-lehrpreis_mail_address: 'committee@example.com'
-lehrpreis_mail_host: mail.example.com
-lehrpreis_mail_locale: en

lehrpreis/handlers/main.yml

----
-# file: roles/lehrpreis/handlers/main.yml
-
-- name: reload systemd service files
-  command: systemctl daemon-reload
-
-- name: restart uwsgi for lehrpreis 
-  service: name=lehrpreis state=restarted enabled=yes
-
-- name: create tmpfiles
-  command: systemd-tmpfiles --create
-
-- name: recompile translations
-  command: ./bin/pybabel compile -d translations
-  args:
-    chdir: "{{ lehrpreis_web_root }}"

lehrpreis/meta/main.yml

----
-# file:roles/lehrpreis/meta/main.yml
-
-dependencies:
-  - { role: uwsgi-python, uwsgi_name: "lehrpreis", uwsgi_user: "{{lehrpreis_user}}", uwsgi_group: "{{lehrpreis_group}}", uwsgi_path: "{{lehrpreis_web_root}}", uwsgi_home: "{{lehrpreis_web_root}}", uwsgi_program: "lehrpreis.py", uwsgi_callable: "app", uwsgi_command: "", uwsgi_python: 3, uwsgi_db: "postgres" }

lehrpreis/tasks/main.yml

----
-# file: roles/lehrpreis/tasks/main.yml
-
-- name: ensure the deploy key is available
-  copy:
-    src: "{{ lehrpreis_deploy_key }}"
-    dest: /root/.ssh/lehrpreis
-    owner: root
-    group: root
-    mode: 0600
-  tags:
-    - lehrpreis
-    - webservices
-
-# https://github.com/ansible/ansible/issues/27699
-- name: ensure git module is able to clone
-  command: mount -o remount,exec /tmp
-  tags:
-    - lehrpreis
-    - webservices
-
-- name: ensure we have the program
-  git:
-    repo: git@git.fsmpi.rwth-aachen.de:studi-systeme/lehrpreis.git
-    dest: "{{ lehrpreis_web_root }}"
-    key_file: /root/.ssh/lehrpreis
-    version: HEAD
-  notify:
-    - recompile translations
-    - restart uwsgi for lehrpreis
-  tags:
-    - lehrpreis
-    - webservices
-
-- name: ensure git module is not able to clone anymore
-  command: mount -o remount,noexec /tmp
-  tags:
-    - lehrpreis
-    - webservices
-
-- name: ensure we have a virtualenv
-  pip:
-    requirements: "{{ lehrpreis_web_root }}/requirements.txt"
-    virtualenv: "{{ lehrpreis_web_root }}"
-    virtualenv_python: python3
-  notify:
-    - restart uwsgi for lehrpreis
-  tags:
-    - lehrpreis
-    - webservices
-
-- name: ensure we have our config
-  template:
-    src: config.py.j2
-    dest: "{{ lehrpreis_web_root }}/config.py"
-    owner: "{{ lehrpreis_user }}"
-    group: "{{ lehrpreis_group }}"
-    mode: 0640
-  notify:
-    - restart uwsgi for lehrpreis
-  tags:
-    - lehrpreis
-    - webservices
-
-- name: ensure we have our secret config
-  template:
-    src: secret_config.py.j2
-    dest: "{{ lehrpreis_web_root }}/secret_config.py"
-    owner: "{{ lehrpreis_user }}"
-    group: "{{ lehrpreis_group }}"
-    mode: 0600
-    force: no
-  notify:
-    - restart uwsgi for lehrpreis
-  tags:
-    - lehrpreis
-    - webservices
-
-- name: ensure we have our branded logo
-  copy:
-    src: "{{ lehrpreis_branding_logo_src }}"
-    dest: "{{ lehrpreis_web_root }}/static/images/{{ lehrpreis_branding_logo }}"
-    owner: "{{ lehrpreis_user }}"
-    group: "{{ lehrpreis_group }}"
-    mode: 0644
-  notify:
-    - restart uwsgi for lehrpreis
-  when: lehrpreis_branding_logo and lehrpreis_branding_logo_src
-  tags:
-    - lehrpreis
-    - webservices
-
-- name: ensure the unit file exists
-  template:
-    src: lehrpreis.service.j2
-    dest: "/etc/systemd/system/lehrpreis.service"
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - reload systemd service files
-    - restart uwsgi for lehrpreis
-  tags:
-    - lehrpreis
-    - webservices
-
-- meta: flush_handlers
-
-- name: ensure the service is enabled
-  service:
-    name: lehrpreis
-    enabled: yes
-    state: started
-  tags:
-    - lehrpreis
-    - webservices

lehrpreis/templates/config.py.j2

-from secret_config import secret_key as SECRET_KEY
-SQLALCHEMY_DATABASE_URI = 'postgresql://lehrpreis:@/lehrpreis'
-DEBUG = False
-PORT = 5001
-SESSION_COOKIE_SECURE = True
-
-import datetime
-REMEMBER_COOKIE_NAME = 'remember_token'
-REMEMBER_COOKIE_DURATION = datetime.timedelta(30)
-REMEMBER_COOKIE_DOMAIN = None
-REMEMBER_COOKIE_PATH = '/'
-REMEMBER_COOKIE_SECURE = True
-REMEMBER_COOKIE_HTTPONLY = True
-
-BABEL_DEFAULT_LOCALE = '{{ lehrpreis_default_locale }}'
-BABEL_DEFAULT_TIMEZONE = '{{ lehrpreis_default_timezone }}'
-
-USER_GROUP = '{{ lehrpreis_auth_group }}'
-
-AD_HOST = '{{ lehrpreis_ad_host }}'
-AD_DOMAIN = '{{ lehrpreis_ad_domain }}'
-AD_USER_DN = '{{ lehrpreis_ad_user_dn }}'
-AD_GROUP_DN = '{{ lehrpreis_ad_group_dn }}'
-AD_CA_CERT = '{{ lehrpreis_ad_cert }}'
-
-BRANDING_APP_NAME = {'de': '{{ lehrpreis_branding_app_name_de }}',
-	'en': '{{ lehrpreis_branding_app_name_en }}'}
-BRANDING_APP_URL = '{{ lehrpreis_branding_app_url }}'
-BRANDING_ORG_NAME = '{{ lehrpreis_branding_org_name }}'
-BRANDING_CONTACT = '{{ lehrpreis_branding_contact }}'
-BRANDING_LOGO = '{{ lehrpreis_branding_logo }}'
-BRANDING_INFORMATION = {'de': '''{{ lehrpreis_branding_information_de }}''',
-	'en': '''{{ lehrpreis_branding_information_en }}'''}
-
-MAIL_ENABLED = {{ lehrpreis_mail_enabled }}
-MAIL_ADDRESS = '{{ lehrpreis_mail_address }}'
-MAIL_HOST = '{{ lehrpreis_mail_host }}'
-MAIL_LOCALE = '{{ lehrpreis_mail_locale }}'
-

lehrpreis/templates/lehrpreis.service.j2

-[Unit]
-Description=Lehrpreis-Nominierungs-WebApp
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-available/lehrpreis.ini
-Restart=always
-KillSignal=SIGQUIT
-Type=notify
-NotifyAccess=all
-
-[Install]
-WantedBy=multi-user.target

lehrpreis/templates/secret_config.py.j2

-secret_key = '{{ (2**2048)|random }}'

meckerkasten/defaults/main.yml

----
-# file: meckerkasten/defaults/main.yml
-
-meckerkasten_web_root: /var/www/meckerkasten
-meckerkasten_name: meckerkasten
-meckerkasten_user: meckerkasten
-meckerkasten_group: meckerkasten
-meckerkasten_admins: [['Admins', 'admin@example.com']]
-meckerkasten_sender: 'meckerkasten@example.com'
-meckerkasten_mail_host: 'mail.example.invalid'
-meckerkasten_allowed_hosts: ['example.com']
-meckerkasten_ldap_cert: ''

meckerkasten/handlers/main.yml

----
-# file: meckerkasten/handlers/main.yml
-
-- name: reload systemd service files
-  command: systemctl daemon-reload
-
-- name: restart uwsgi for meckerkasten
-  service:
-    name: "{{ meckerkasten_name }}"
-    state: restarted
-    enabled: yes
-
-- name: create tmpfiles
-  command: systemd-tmpfiles --create

meckerkasten/meta/main.yml

----
-# file: meckerkasten/meta/main.yml
-dependencies:
-  - { role: uwsgi-python, uwsgi_name: "{{meckerkasten_name}}", uwsgi_user: "{{meckerkasten_user}}", uwsgi_group: "{{meckerkasten_group}}", uwsgi_path: "{{meckerkasten_web_root}}/program", uwsgi_home: "{{meckerkasten_web_root}}", uwsgi_program: "meckerkasten/wsgi.py", uwsgi_callable: "application", uwsgi_command: "runserver", uwsgi_db: "sqlite", uwsgi_python: 2 }

meckerkasten/tasks/main.yml

----
-# file: meckerkasten/tasks/main.yml
-
-- name: ensure the deploy key is available
-  copy:
-    src: "{{ meckerkasten_deploy_key }}"
-    dest: /root/.ssh/meckerkasten
-    owner: root
-    group: root
-    mode: 0600
-  tags:
-    - meckerkasten
-    - webservices
-
-# https://github.com/ansible/ansible/issues/27699
-- name: ensure fucking git module is able to clone
-  command: mount -o remount,exec /tmp
-  tags:
-    - meckerkasten
-    - webservices
-
-- name: ensure we have the program
-  git:
-    repo: git@git.fsmpi.rwth-aachen.de:studi-systeme/meckerkasten.git
-    dest: "{{ meckerkasten_web_root }}"
-    key_file: /root/.ssh/meckerkasten
-    version: HEAD
-  notify:
-    - restart uwsgi for meckerkasten
-  tags:
-    - meckerkasten
-    - webservices
-
-- name: ensure fucking git module is not able to clone anymore
-  command: mount -o remount,noexec /tmp
-  tags:
-    - meckerkasten
-    - webservices
-
-- name: ensure we have a virtualenv
-  pip:
-    requirements: "{{ meckerkasten_web_root }}/requirements.txt"
-    virtualenv: "{{ meckerkasten_web_root }}"
-    virtualenv_python: python2
-  notify:
-    - restart uwsgi for meckerkasten
-  tags:
-    - meckerkasten
-    - webservices
-
-- name: ensure we have our config
-  template:
-    src: settings.py.j2
-    dest: "{{ meckerkasten_web_root }}/meckerkasten/settings.py"
-    owner: "{{ meckerkasten_user }}"
-    group: "{{ meckerkasten_group }}"
-    mode: 0640
-  notify:
-    - restart uwsgi for meckerkasten
-  tags:
-    - meckerkasten
-    - webservices
-
-- name: ensure the unit file exists
-  template:
-    src: meckerkasten.service.j2
-    dest: "/etc/systemd/system/{{ meckerkasten_name }}.service"
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - reload systemd service files
-    - restart uwsgi for meckerkasten
-  tags:
-    - meckerkasten
-    - webservices
-
-- meta: flush_handlers
-
-- name: ensure the service is enabled
-  service:
-    name: "{{ meckerkasten_name }}"
-    enabled: yes
-    state: started
-  tags:
-    - meckerkasten
-    - webservices

meckerkasten/templates/meckerkasten.service.j2

-[Unit]
-Description=Meckerkasten
-After=network.target
-
-[Service]
-{% if meckerkasten_ldap_cert %}
-Environment=LDAPTLS_CACERT={{ meckerkasten_ldap_cert }}
-{% endif %}
-Environment=MECKERKASTEN_WEB_ROOT={{meckerkasten_web_root}}/
-Environment=MECKERKASTEN_WEB_SUBDIR=meckerkasten
-ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-available/{{meckerkasten_name}}.ini
-Restart=always
-KillSignal=SIGQUIT
-Type=notify
-NotifyAccess=all
-
-[Install]
-WantedBy=multi-user.target

schildergenerator/defaults/main.yml

----
-# file: schildergenerator/defaults/main.yml
-
-schilder_web_root: /var/www/schilder
-schilder_name: schilder
-schilder_user: schilder
-schilder_group: schilder
-schilder_printsrv: printsrv.fsmpi.rwth-aachen.de
-schilder_printers:
-  - description: "1 - Kopierer"
-    name: "Kopierer"
-schilder_lproptions:
-  - "-Fa4g"
-  - "-N1"
-  - "-o fitplot"
-schilder_templates_url: ''

schildergenerator/files/requirements.txt

-Flask
-Flask-Genshi
-Genshi
-docutils

schildergenerator/handlers/main.yml

----
-# file: schildergenerator/handlers/main.yml
-
-- name: reload systemd service files
-  command: systemctl daemon-reload
-
-- name: restart uwsgi for schilder
-  service:
-    name: "{{ schilder_name }}"
-    state: restarted
-
-- name: create tmpfiles
-  command: systemd-tmpfiles --create

schildergenerator/meta/main.yml

----
-# file: schildergenerator/meta/main.yml
-
-dependencies:
-  - { role: texlive }
-  - { role: cups-client }
-  - { role: uwsgi-python, uwsgi_name: "{{schilder_name}}", uwsgi_user: "{{schilder_user}}", uwsgi_group: "{{schilder_group}}", uwsgi_path: "{{schilder_web_root}}/program", uwsgi_home: "{{schilder_web_root}}", uwsgi_program: "schilder.py", uwsgi_callable: "app", uwsgi_command: "", uwsgi_db: "", uwsgi_python: 2, uwsgi_mules: 0 }

schildergenerator/tasks/main.yml

----
-# file: schildergenerator/tasks/main.yml
-
-- name: ensure we have necessary software installed
-  apt:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - graphicsmagick
-    - python-pythonmagick
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure the deploy key is available
-  copy:
-    src: "{{ schilder_deploy_key }}"
-    dest: /root/.ssh/schildergenerator
-    owner: root
-    group: root
-    mode: 0600
-  tags:
-    - schildergenerator
-    - webservices
-
-# https://github.com/ansible/ansible/issues/27699
-- name: ensure fucking git module is able to clone
-  command: mount -o remount,exec /tmp
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure the git is at the current revision
-  git:
-    repo: git@git.fsmpi.rwth-aachen.de:schilder/schildergenerator.git
-    dest: "{{ schilder_web_root }}"
-    key_file: /root/.ssh/schildergenerator
-    version: HEAD
-  notify:
-    - restart uwsgi for schilder
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure fucking git module is not able to clone anymore
-  command: mount -o remount,noexec /tmp
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure git ignores local files
-  lineinfile:
-    dest: "{{ schilder_web_root }}/.git/info/exclude"
-    line: "{{ item }}"
-    state: present
-  with_items:
-    - data/
-    - include/
-    - lib/
-    - local/
-    - share/
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure we have our requirements
-  copy:
-    src: requirements.txt
-    dest: "{{ schilder_web_root }}/requirements.txt"
-    owner: "{{ schilder_user }}"
-    group: "{{ schilder_group }}"
-    mode: 0644
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure we have a virtualenv
-  pip:
-    requirements: "{{ schilder_web_root }}/requirements.txt"
-    virtualenv: "{{ schilder_web_root }}"
-    virtualenv_python: python2
-    virtualenv_site_packages: yes
-  notify:
-    - restart uwsgi for schilder
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure we have our config
-  template:
-    src: config.py.j2
-    dest: "{{ schilder_web_root }}/config.py"
-    owner: "{{ schilder_user }}"
-    group: "{{ schilder_group }}"
-    mode: 0644
-  notify:
-    - restart uwsgi for schilder
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure we have our templates
-  git:
-    repo: "{{ schilder_templates_url }}"
-    dest: "{{ schilder_web_root }}/tex"
-    key_file: /root/.ssh/schildergenerator
-    version: HEAD
-  notify:
-    - restart uwsgi for schilder
-  tags:
-    - schildergenerator
-    - webservices
-
-- name: ensure the unit file exists
-  template:
-    src: schilder.service.j2
-    dest: "/etc/systemd/system/{{ schilder_name }}.service"
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - reload systemd service files
-    - restart uwsgi for schilder
-  tags:
-    - schildergenerator
-    - webservices
-
-- meta: flush_handlers
-
-- name: ensure the service is enabled
-  service:
-    name: "{{ schilder_name }}"
-    enabled: yes
-    state: started
-  tags:
-    - schildergenerator
-    - webservices

schildergenerator/templates/config.py.j2

-#### BASIC CONFIGURATION
-
-# Secret key (used for session cookie encryption). Needs to be set to some random string.
-# Yes, just smash your keyboard for some random characters. No, don't publish them anywhere.
-# Yes, you will need this. If you get random RuntimeErrors, you did not set this.
-app_secret = '{{ range(10**15, 10**16)|random }}'
-
-## You will need to use absolute paths!
-
-# Base directory. You need to set this again in schilder.wsgi if you use WSGI.
-basedir = '{{ schilder_web_root }}'
-
-# Temp directory for imagemagick/pdflatex work files (needs to be writeable)
-tmpdir = '/tmp'
-
-## All following directories derive from basedir, you don't really need to alter them
-
-# Data directory (needs to be writeable)
-datadir = basedir + '/data'
-
-# HTML template directory
-templatedir = basedir + '/templates'
-
-# TeX template directory
-textemplatedir = '{{ schilder_web_root }}/tex'
-
-# TeX support file directory (all files that might be needed by a tex template)
-texsupportdir = textemplatedir + '/support'
-
-# PDF data directory (needs to be writeable)
-pdfdir = datadir + '/pdf'
-
-# Image data directory (needs to be writeable)
-imagedir = datadir + '/images'
-
-# Cache dir (needs to be writable)
-cachedir = datadir + '/cache'
-
-# Upload temp directory (needs to be writeable)
-uploaddir = datadir + '/upload'
-
-# allowed image upload file extensions
-allowed_extensions = set(['png', 'jpg', 'jpeg', 'gif', 'svg'])
-
-
-#### PRINTER OPTIONS
-
-# CUPS printer names
-printers = { 
-  {% for printer in schilder_printers %}
-    '{{ printer.description }}': '{{ printer.name }}',
-  {% endfor %}
-}
-printserver = '{{ schilder_printsrv }}'
-
-# additional lpr options. Use an empty list if not needed.
-lproptions = [
-{% for option in schilder_lproptions %}
-    '{{ option }}',
-{% endfor %}
-]
-
-#### DEVELOPERS ONLY
-# Listening interface and port, usually '127.0.0.1' or '0.0.0.0'
-# Only effective if started from command line (instead via webserver/WSGI),
-# therefore these options would only be interesting to a developer.
-listen = '127.0.0.1'
-port = 5432

schildergenerator/templates/schilder.service.j2

-[Unit]
-Description={{ schilder_name }}
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-available/{{ schilder_name }}.ini
-Restart=always
-KillSignal=SIGQUIT
-Type=notify
-NotifyAccess=all
-
-[Install]
-WantedBy=multi-user.target

sso/defaults/main.yml

----
-# file: sso/defaults/main.yml
-
-program_name: sso
-program_user: sso
-program_group: sso
-program_repository: git@git.fsmpi.rwth-aachen.de:infra/sso.git
-
-sso_auth_use_ad: yes
-sso_auth_host: auth.example.com
-sso_auth_user_dn: "cn=users,dc=example,dc=com"
-sso_auth_group_dn: "dc=example,dc=com"
-sso_auth_ca_cert: ''
-sso_auth_domain: EXAMPLE
-
-sso_domain: "{{ domain }}"
-program_dir: '/var/www/sso'