ansible: Set up a test machine again

ansible/inventory.yaml

@@ -10,6 +10,7 @@ all:
                     vhost_aliases:
                         - squaresdb-google.dehnerts.com
                     dbtype: mysql
+                    enable_logging: false
 
         test:
             hosts:
@@ -18,3 +19,4 @@ all:
                     extname: squaresdb.dehnerts.com
                     vhost_aliases: []
                     dbtype: sqlite
+                    enable_logging: true

ansible/roles/squaresdb/tasks/main.yaml

@@ -7,10 +7,12 @@
         # Python build-deps
         - gcc
         - python3-dev
-        - libxmlsec1-dev
+        # Anti-required due to https://github.com/xmlsec/python-xmlsec/issues/320
+        #- libxmlsec1-dev
         - pkg-config
         - libmysqlclient-dev
         # Hosting
+        - apache2
         - libapache2-mod-wsgi-py3
         # JS local libraries
         - libjs-bootstrap4
@@ -32,9 +34,21 @@
       password: '!'
       home: /home/squaresdb
 
+- name: Set homedir perms
+  ansible.builtin.file:
+      path: /home/squaresdb
+      state: directory
+      mode: "0751"
 
 # Database
 
+# sqlite tools when useful
+- name: Install packages
+  ansible.builtin.package:
+      name:
+        - sqlite3
+  when: dbtype == "sqlite"
+
 # Assumes mysql is preinstalled, with the socket pluggable auth mechanism
 # setup -- see
 # https://dev.mysql.com/doc/refman/8.0/en/socket-pluggable-authentication.html
@@ -279,10 +293,17 @@
   notify:
       - Reload apache
 
-- name: Enable Apache2 Machine vhost
+- name: Enable Apache2 vhost
   ansible.builtin.file:
       state: link
       src: ../sites-available/squaresdb.conf
       dest: /etc/apache2/sites-enabled/squaresdb.conf
   notify:
       - Reload apache
+
+- name: Enable Apache2 HTTPS
+  ansible.builtin.command:
+      cmd: a2enmod ssl wsgi
+      creates:
+        - /etc/apache2/mods-enabled/ssl.load
+        - /etc/apache2/mods-enabled/wsgi.load

ansible/roles/squaresdb/templates/django_local.py.j2

@@ -1,4 +1,5 @@
 import json
+import os
 from pathlib import Path
 
 SETTINGS_DIR = Path(__file__).resolve().parent
@@ -21,6 +22,37 @@ EMAIL_BACKEND = 'squaresdb.utils.email.AutoBccEmailBackend'
 
 STATIC_ROOT = '/var/www/squaresdb/static'
 
+{% if enable_logging %}
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'formatters': {
+        'default': {
+            'format': '%(asctime)s %(levelname)-8s %(name)-15s %(message)s',
+            'datefmt': '%Y-%m-%d %H:%M:%S',
+        },
+    },
+    'handlers': {
+        'console': {
+            'class': 'logging.StreamHandler',
+            'formatter': 'default',
+        },
+    },
+    'loggers': {
+        'django': {
+            'handlers': ['console'],
+            'level': os.getenv('DJANGO_LOG_LEVEL', 'INFO'),
+        },
+        'squaresdb': {
+            'handlers': ['console'],
+            'level': os.getenv('SQUARESDB_LOG_LEVEL', 'INFO'),
+        },
+    },
+}
+{% else %}
+# Custom logging not enabled
+{% endif %}
+
 {% if dbtype == "mysql" %}
 DATABASES = {
     'default': {

ansible/roles/squaresdb/templates/vhost.conf

@@ -1,3 +1,7 @@
+# Disable this vhost if we don't have a cert yet
+# (Getting a cert uses the webroot authenticator, so there's an awkward
+# manual bootstrap phase otherwise)
+#<IfFile "/etc/letsencrypt/live/{{extname}}/fullchain.pem">
 <IfModule mod_ssl.c>
     <VirtualHost _default_:443>
         ServerName {{extname}}
@@ -32,5 +36,6 @@
 
     </VirtualHost>
 </IfModule>
+#</IfFile>
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet