Browse Source

Merge branch 'ansible-roles'

remove-logs
Andreas Linz 3 years ago
parent
commit
3728460659
43 changed files with 1232 additions and 582 deletions
  1. +1
    -1
      build/caddy/.gitignore
  2. +2
    -2
      build/caddy/Makefile
  3. +1
    -1
      build/gitea/.gitignore
  4. +17
    -10
      build/gitea/Makefile
  5. +14
    -568
      playbook.yml
  6. +10
    -0
      roles/caddy/defaults/main.yml
  7. +12
    -0
      roles/caddy/handlers/main.yml
  8. +81
    -0
      roles/caddy/tasks/main.yml
  9. +0
    -0
      roles/caddy/templates/Caddyfile.tmpl
  10. +0
    -0
      roles/caddy/templates/caddy.service.tmpl
  11. +0
    -0
      roles/caddy/templates/common.caddy.tmpl
  12. +8
    -0
      roles/common/defaults/main.yml
  13. +6
    -0
      roles/common/handlers/main.yml
  14. +42
    -0
      roles/common/tasks/main.yml
  15. +7
    -0
      roles/gitea/defaults/main.yml
  16. +7
    -0
      roles/gitea/handlers/main.yml
  17. +88
    -0
      roles/gitea/tasks/main.yml
  18. +0
    -0
      roles/gitea/templates/app.ini.tmpl
  19. +0
    -0
      roles/gitea/templates/gitea.service.tmpl
  20. +11
    -0
      roles/grafana/defaults/main.yml
  21. +7
    -0
      roles/grafana/handlers/main.yml
  22. +77
    -0
      roles/grafana/tasks/main.yml
  23. +0
    -0
      roles/grafana/templates/config.ini.tmpl
  24. +0
    -0
      roles/grafana/templates/grafana.service.tmpl
  25. +0
    -0
      roles/grafana/templates/jupyter.service.tmpl
  26. +0
    -0
      roles/grafana/templates/jupyter_notebook_config.py.tmpl
  27. +4
    -0
      roles/jupyter/defaults/main.yml
  28. +7
    -0
      roles/jupyter/handlers/main.yml
  29. +52
    -0
      roles/jupyter/tasks/main.yml
  30. +20
    -0
      roles/jupyter/templates/jupyter.service.tmpl
  31. +605
    -0
      roles/jupyter/templates/jupyter_notebook_config.py.tmpl
  32. +5
    -0
      roles/postgres/defaults/main.yml
  33. +7
    -0
      roles/postgres/handlers/main.yml
  34. +38
    -0
      roles/postgres/tasks/main.yml
  35. +24
    -0
      roles/postgres/tasks/pgweb.yml
  36. +0
    -0
      roles/postgres/templates/pgweb.service.tmpl
  37. +3
    -0
      roles/prometheus/defaults/main.yml
  38. +15
    -0
      roles/prometheus/handlers/main.yml
  39. +38
    -0
      roles/prometheus/tasks/main.yml
  40. +23
    -0
      roles/prometheus/tasks/node_exporter.yml
  41. +0
    -0
      roles/prometheus/templates/node_exporter.service.tmpl
  42. +0
    -0
      roles/prometheus/templates/prometheus.service.tmpl
  43. +0
    -0
      roles/prometheus/templates/prometheus.yml.tmpl

+ 1
- 1
build/caddy/.gitignore View File

@ -1,2 +1,2 @@
/caddy
/caddy-src/
/caddy-src*/

+ 2
- 2
build/caddy/Makefile View File

@ -1,7 +1,7 @@
.PHONY: clean
VERSION :=v0.10.9
CADDY_SRC :=caddy-src
VERSION :=v0.10.8
CADDY_SRC :=caddy-src-$(VERSION)
GOPATH :=$(shell pwd)/$(CADDY_SRC)/.go
all: caddy

+ 1
- 1
build/gitea/.gitignore View File

@ -1,2 +1,2 @@
/gitea
/gitea-*-amd64*
/gitea-src*/

+ 17
- 10
build/gitea/Makefile View File

@ -1,19 +1,26 @@
.PHONY: clean
VERSION:=1.1.2
VERSION :=v1.1.4
GITEA_SRC :=gitea-src-$(VERSION)
GOPATH :=$(shell pwd)/$(GITEA_SRC)/.go
GITEA_BUILD_TAGS :=bindata
all: gitea
gitea: gitea-$(VERSION)-linux-amd64
sha256sum $<
cp $< $@
chmod +x $@
gitea: $(GITEA_SRC) checkout-version $(GOPATH)
cd $(GOPATH)/src/code.gitea.io/gitea && TAGS=$(GITEA_BUILD_TAGS) make generate build
cp $(GITEA_SRC)/$@ $@
gitea-$(VERSION)-linux-amd64: gitea-$(VERSION)-linux-amd64.sha256
curl -Lsf --remote-name 'https://dl.gitea.io/gitea/$(VERSION)/gitea-$(VERSION)-linux-amd64'
$(GOPATH): $(GITEA_SRC)
mkdir -p $@/src/code.gitea.io
ln -sf $(shell pwd)/$(GITEA_SRC) $(GOPATH)/src/code.gitea.io/gitea
gitea-$(VERSION)-linux-amd64.sha256:
curl -Lsf --remote-name 'https://dl.gitea.io/gitea/$(VERSION)/gitea-$(VERSION)-linux-amd64.sha256'
$(GITEA_SRC):
git clone https://github.com/go-gitea/gitea.git $@
checkout-version: $(GITEA_SRC)
cd $(GITEA_SRC) && git checkout --force --quiet $(VERSION)
clean:
rm -f "gitea*"
rm -f gitea
rm -rf gitea-*

+ 14
- 568
playbook.yml View File

@ -6,585 +6,31 @@
# - cron for postgres backup (pg_dumpall | tar --use-compress-programm=pixz -cJf postgres-$(date foobar).tar.xz
- hosts: all
vars:
user_name: alinz
user_password: ThisIsInsecure
user_email: "{{ user_name }}@email-provider.com"
domain: klingt.vnet
domain_version: unknown
db_name: klingt-net
# TODO encrypt this!
domain_version: ''
db_password: ThisIsInsecure
postgres_host: localhost
postgres_port: 5432
pgweb_path: /usr/bin/pgweb
pgweb_port: 9999
gitea_path: /usr/bin/gitea
gitea_user: gitea
gitea_group: gitea
gitea_port: 10000
gitea_db_name: gitea
gitea_db_password: ThisIsInsecure
gitea_admin_password: ThisIsInsecure
jupyter_user: jupyter
jupyter_group: jupyter
jupyter_port: 10001
caddy_user: caddy
caddy_group: caddy
caddy_path: /usr/bin/caddy
caddy_email: admin@klingt.net
caddy_ca_url: https://acme-staging.api.letsencrypt.org/directory
caddy_prometheus_port: 9180
caddy_restic_path: "/home/{{ caddy_user }}/restic"
caddy_email: "{{ user_email }}"
caddy_restic_user: alinz
caddy_restic_password: ThisIsInsecure
caddy_file_browser_root: "/var/caddy/files.{{ domain }}"
# ThisIsInsecure
jupyter_password: 'sha1:7ba04f8b7db3:b647b05c2e317857828f9f4fc929b08d485f9c76'
prometheus_path: /usr/bin/prometheus
prometheus_config_path: /etc/prometheus/config.yml
prometheus_port: 9090
node_exporter_path: /usr/bin/node_exporter
node_exporter_port: 9091
node_exporter_address: "127.0.0.1:{{ node_exporter_port }}"
grafana_domain: "grafana.{{ domain }}"
grafana_user: grafana
grafana_password: ThisIsInsecure
grafana_group: grafana
grafana_address: 127.0.0.1
grafana_port: 10002
grafana_db_name: grafana
grafana_db_password: ThisIsInsecure
user_name: alinz
user_password: ThisIsInsecure
user_email: alinz@email.provider
locale: en_US.UTF-8
roles:
- common
- postgres
- gitea
- jupyter
- caddy
- prometheus
- grafana
tasks:
- name: Set version number
delegate_to: localhost
shell: git describe --always --tags
register: git_version
- set_fact:
domain_version: "{{ git_version.stdout }}"
- name: "Generate {{ locale }}"
locale_gen:
name: "{{ locale }}"
state: present
- name: "Set {{ locale }}"
become: true
command: "update-locale LANG={{ locale }}"
- name: Set timezone to UTC
timezone:
name: Etc/UTC
- name: Create systemd-journald log path
become: true
file:
path: /var/log/journal
state: directory
mode: 0600
register: journald_dir_result
- name: Restart journal process
become: true
systemd:
name: systemd-journald
state: restarted
when: journald_dir_result.changed
- name: Update package index
apt: update_cache=yes package=sudo
become: true
- name: Check wheel group
become: true
group:
name: wheel
state: present
- name: Allow wheel to sudo (with password)
become: true
lineinfile:
dest: /etc/sudoers
state: present
backup: true
regexp: '^#\s*%wheel\s+ALL=\(ALL\)\s+ALL$'
line: '%wheel ALL=(ALL) ALL'
- name: "Create user {{ user_name }}"
become: true
user:
name: "{{ user_name }}"
comment: "{{ user_email }}"
append: true
groups: wheel
# http://docs.ansible.com/ansible/user_module.html
password: "{{ user_password }}"
# POSTGRES
- name: Install postgres
become: true
apt:
name: "{{ item }}"
state: latest
with_items:
- postgresql
- python-psycopg2
- name: Start postgres
become: true
systemd:
name: postgresql
state: started
enabled: true
- name: "Create postgres user {{ user_name }}"
become: true
become_user: postgres
postgresql_user:
name: "{{ user_name }}"
password: "{{ db_password }}"
role_attr_flags: NOSUPERUSER,CREATEDB
- name: "Create database {{ db_name }}"
become: true
become_user: "{{ user_name }}"
postgresql_db:
name: "{{ db_name }}"
login_user: "{{ user_name }}"
state: present
- name: "Create schemas"
become: true
become_user: "{{ user_name }}"
postgresql_schema:
database: "{{ db_name }}"
name: blog
login_user: "{{ user_name }}"
login_password: "{{ db_password }}"
# PGWEB
- name: Build pgweb
command: make -C ./build/pgweb
delegate_to: localhost
- name: Install pgweb
become: true
copy:
src: ./build/pgweb/pgweb
dest: "{{ pgweb_path }}"
mode: 0755
- name: Install pgweb systemd unit
become: true
template:
src: ./build/pgweb/pgweb.service.tmpl
dest: /etc/systemd/system/pgweb.service
mode: 0600
register: pgweb_service_result
- name: Start pgweb
become: true
systemd:
daemon_reload: yes
name: pgweb
state: started
enabled: true
- name: Restart pgweb
become: true
systemd:
daemon_reload: yes
name: pgweb
state: restarted
when: pgweb_service_result.changed
# GITEA
- name: Build gitea
command: make -C ./build/gitea
delegate_to: localhost
- name: Install gitea
become: true
copy:
src: ./build/gitea/gitea
dest: "{{ gitea_path }}"
mode: 0755
- name: Install gitea systemd unit
become: true
template:
src: ./build/gitea/gitea.service.tmpl
dest: /etc/systemd/system/gitea.service
mode: 0600
register: gitea_service_result
- name: "Create group {{ gitea_group }}"
become: true
group:
name: "{{ gitea_group }}"
- name: "Create user {{ gitea_user }}"
become: true
user:
name: "{{ gitea_user }}"
comment: "Gitea run user"
append: true
group: "{{ gitea_group }}"
# needs a shell because of git
- name: Create gitea folder
become: true
become_user: "{{ gitea_user }}"
file:
path: "/home/{{ gitea_user }}/gitea/{{ item }}"
state: directory
mode: 0700
with_items:
- repos
- logs
- custom/conf
- name: Create postgres user gitea
become: true
become_user: postgres
postgresql_user:
name: gitea
password: "{{ gitea_db_password }}"
- name: "Create database {{ gitea_db_name }}"
become: true
become_user: "postgres"
postgresql_db:
name: gitea
owner: "{{ gitea_db_name }}"
state: present
- name: Create gitea configuration
become: true
template:
src: ./build/gitea/app.ini.tmpl
dest: /home/gitea/gitea/custom/conf/app.ini
mode: 0600
owner: "{{ gitea_user }}"
register: gitea_config_result
- name: Start gitea
become: true
systemd:
daemon_reload: yes
name: gitea
state: started
enabled: true
- name: Restart gitea
become: true
systemd:
daemon_reload: true
name: gitea
state: restarted
when: gitea_config_result.changed or gitea_service_result.changed
- name: Wait for Gitea to startup
uri:
url: "http://127.0.0.1:{{ gitea_port }}/"
status_code: 200
register: result
until: result.status == 200
retries: 3
delay: 1
- name: Check if gitea admin user was created
become: true
become_user: "{{ gitea_user }}"
command: "psql 'postgresql://{{ gitea_user }}:{{ gitea_db_password }}@localhost/{{ gitea_db_name }}' --no-align --tuples-only --quiet --command 'select exists (select 1 from \"user\" where is_admin);'"
register: gitea_admin_check
- debug:
msg: "{{ gitea_admin_check }}"
- name: "Create gitea admin user {{ user_name }}"
become: true
become_user: gitea
command: "gitea admin create-user --name {{ user_name }} --password {{ gitea_admin_password }} --email {{ user_email }} --admin --config ./gitea/custom/conf/app.ini"
args:
chdir: "/home/{{ gitea_user }}"
when: gitea_admin_check.stdout.strip() == 'f'
# Jupyter
- name: "Create group {{jupyter_group }}"
become: true
group:
name: "{{jupyter_group }}"
- name: "Create user {{jupyter_user }}"
become: true
user:
name: "{{jupyter_user }}"
comment: Jupyter run user"
append: true
group: "{{jupyter_group }}"
shell: /bin/false
- name: Install Python3 PIP
become: true
apt:
name: python3-pip
state: latest
- name: Install jupyter
become: true
become_user: "{{ jupyter_user }}"
command: pip3 install --user jupyter
- name: Create jupyter config directory
become: true
file:
path: "/home/{{ jupyter_user }}//.jupyter"
owner: "{{ jupyter_user }}"
group: "{{ jupyter_group }}"
state: directory
mode: 0700
- name: Install jupyter configuration
become: true
template:
src: ./build/jupyter/jupyter_notebook_config.py.tmpl
dest: "/home/{{ jupyter_user }}/.jupyter/jupyter_notebook_config.py"
owner: "{{ jupyter_user }}"
group: "{{ jupyter_group }}"
mode: 0600
register: jupyter_config_result
- name: Install jupyter systemd unit
become: true
template:
src: ./build/jupyter/jupyter.service.tmpl
dest: /etc/systemd/system/jupyter.service
mode: 0600
register: jupyter_systemd_result
- name: Start jupyter
become: true
systemd:
daemon_reload: yes
name: jupyter
state: started
enabled: true
register: jupyter_service_result
- name: Restart jupyter
become: true
systemd:
daemon_reload: true
name: jupyter
state: restarted
when: jupyter_config_result.changed or jupyter_service_result.changed
# CADDY
- name: "Create group {{ caddy_group }}"
become: true
group:
name: "{{ caddy_group }}"
- name: Create caddy user
become: true
user:
name: "{{ caddy_user }}"
comment: "Caddy run user"
append: true
group: "{{ caddy_group }}"
shell: /bin/false
- name: Build caddy
command: make -C ./build/caddy
delegate_to: localhost
- name: Install caddy
become: true
copy:
src: ./build/caddy/caddy
dest: "{{ caddy_path }}"
mode: 0755
- name: Create caddy certificate directory
become: true
file:
name: "/home/{{ caddy_user }}/certs"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
state: directory
mode: 0700
- name: Create caddy restic path
become: true
file:
name: "{{ caddy_restic_path }}"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
state: directory
mode: 0700
- name: "Create {{ caddy_file_browser_root }} directory"
become: true
file:
name: "{{ caddy_file_browser_root }}/public"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
state: directory
mode: 0700
- name: Create caddy configuration directory
become: true
file:
name: "/etc/caddy"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
state: directory
mode: 0700
- name: Configure caddy
become: true
template:
src: "./build/caddy/{{ item }}.tmpl"
dest: "/etc/caddy/{{ item }}"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
mode: 0600
with_items:
- Caddyfile
- common.caddy
register: caddy_config_result
- name: Validate caddy configuration
become: true
become_user: "{{ caddy_user }}"
command: "{{ caddy_path }} -conf=/etc/caddy/Caddyfile -validate"
when: caddy_config_result.changed
- name: Install caddy systemd unit
become: true
template:
src: ./build/caddy/caddy.service.tmpl
dest: /etc/systemd/system/caddy.service
mode: 0600
register: caddy_service_result
- name: Start caddy
become: true
systemd:
daemon_reload: yes
name: caddy
state: started
enabled: true
- name: Restart caddy
become: true
systemd:
daemon_reload: yes
name: caddy
state: restarted
when: caddy_config_result.changed or caddy_service_result.changed
# PROMETHEUS
- name: Build prometheus
command: make -C ./build/prometheus
delegate_to: localhost
- name: Install prometheus
become: true
copy:
src: ./build/prometheus/prometheus
dest: "{{ prometheus_path }}"
mode: 0755
- name: Create prometheus folder
become: true
file:
path: /etc/prometheus
state: directory
mode: 0700
- name: Install prometheus configuration
become: true
template:
src: ./build/prometheus/prometheus.yml.tmpl
dest: /etc/prometheus/config.yml
mode: 0600
register: prometheus_config_result
- name: Install prometheus systemd unit
become: true
template:
src: ./build/prometheus/prometheus.service.tmpl
dest: /etc/systemd/system/prometheus.service
mode: 0600
register: prometheus_service_result
- name: Start prometheus
become: true
systemd:
daemon_reload: yes
name: prometheus
state: started
enabled: true
- name: Restart prometheus
become: true
systemd:
name: prometheus
state: restarted
daemon_reload: true
when: prometheus_config_result.changed or prometheus_service_result.changed
# NODE_EXPORTER
- name: Build node_exporter
command: make -C ./build/node_exporter
delegate_to: localhost
- name: Install node_exporter
become: true
copy:
src: ./build/node_exporter/node_exporter
dest: "{{ node_exporter_path }}"
mode: 0755
- name: Install node_exporter systemd unit
become: true
template:
src: ./build/node_exporter/node_exporter.service.tmpl
dest: /etc/systemd/system/node_exporter.service
mode: 0600
register: node_exporter_service_result
- name: Start node_exporter
become: true
systemd:
daemon_reload: yes
name: node_exporter
state: started
enabled: true
- name: Restart node_exporter
become: true
systemd:
daemon_reload: true
name: node_exporter
state: restarted
when: node_exporter_service_result.changed
# GRAFANA
- name: "Create group {{ grafana_group }}"
become: true
group:
name: "{{ grafana_group }}"
- name: Create grafana user
become: true
user:
name: "{{ grafana_user }}"
comment: "Grafana run user"
append: true
group: "{{ grafana_group }}"
shell: /bin/false
- name: Create postgres user grafana
become: true
become_user: postgres
postgresql_user:
name: grafana
password: "{{ grafana_db_password }}"
- name: Build grafana
command: make -C ./build/grafana
delegate_to: localhost
- name: Create grafana homepath
become: true
file:
path: /usr/share/grafana
state: directory
mode: 0755
- name: Install grafana
become: true
# copy does not scale for directories
synchronize:
src: "./build/grafana/grafana/{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: 'bin/grafana-server', dest: '/usr/bin/grafana-server' }
- { src: 'conf', dest: '/usr/share/grafana' }
- { src: 'public', dest: '/usr/share/grafana' }
- name: Create grafana config path
become: true
file:
path: /etc/grafana
state: directory
mode: 0755
- name: Install grafana configuration
become: true
template:
src: ./build/grafana/config.ini.tmpl
dest: /etc/grafana/config.ini
mode: 0644
register: grafana_config_result
- name: Install grafana systemd unit
become: true
template:
src: ./build/grafana/grafana.service.tmpl
dest: /etc/systemd/system/grafana.service
mode: 0600
register: grafana_service_result
- name: Create postgres user grafana
become: true
become_user: postgres
postgresql_user:
name: grafana
password: "{{ grafana_db_password }}"
- name: "Create database {{ grafana_db_name }}"
become: true
become_user: "postgres"
postgresql_db:
name: grafana
owner: "{{ grafana_db_name }}"
state: present
- name: Start grafana
become: true
systemd:
daemon_reload: yes
name: grafana
state: started
enabled: true
- name: Restart grafana
become: true
systemd:
daemon_reload: true
name: grafana
state: restarted
when: grafana_config_result.changed or grafana_service_result.changed
domain_version: "{{ git_version.stdout }}"

+ 10
- 0
roles/caddy/defaults/main.yml View File

@ -0,0 +1,10 @@
caddy_user: caddy
caddy_group: caddy
caddy_path: /usr/bin/caddy
caddy_ca_url: https://acme-staging.api.letsencrypt.org/directory
caddy_prometheus_port: 9180
caddy_restic_path: "/home/{{ caddy_user }}/restic"
#caddy_email: user@email-provider.com
#caddy_restic_user: alinz
#caddy_restic_password: password
caddy_file_browser_root: "/var/caddy/files.{{ domain }}"

+ 12
- 0
roles/caddy/handlers/main.yml View File

@ -0,0 +1,12 @@
- name: Validate caddy configuration
listen: caddy-validate
become: true
become_user: "{{ caddy_user }}"
command: "{{ caddy_path }} -conf=/etc/caddy/Caddyfile -validate"
- name: Restart caddy
listen: restart-caddy
become: true
systemd:
daemon_reload: yes
name: caddy
state: restarted

+ 81
- 0
roles/caddy/tasks/main.yml View File

@ -0,0 +1,81 @@
- name: "Create group {{ caddy_group }}"
become: true
group:
name: "{{ caddy_group }}"
- name: Create caddy user
become: true
user:
name: "{{ caddy_user }}"
comment: "Caddy run user"
append: true
group: "{{ caddy_group }}"
shell: /bin/false
- name: Build caddy
command: make -C ./build/caddy
delegate_to: localhost
- name: Install caddy
become: true
copy:
src: ./build/caddy/caddy
dest: "{{ caddy_path }}"
mode: 0755
- name: Create caddy certificate directory
become: true
file:
name: "/home/{{ caddy_user }}/certs"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
state: directory
mode: 0700
- name: Create caddy restic path
become: true
file:
name: "{{ caddy_restic_path }}"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
state: directory
mode: 0700
- name: "Create {{ caddy_file_browser_root }} directory"
become: true
file:
name: "{{ caddy_file_browser_root }}/public"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
state: directory
mode: 0700
- name: Create caddy configuration directory
become: true
file:
name: "/etc/caddy"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
state: directory
mode: 0700
- name: Configure caddy
become: true
template:
src: "{{ item }}.tmpl"
dest: "/etc/caddy/{{ item }}"
owner: "{{ caddy_user }}"
group: "{{ caddy_group }}"
mode: 0600
with_items:
- Caddyfile
- common.caddy
notify:
- caddy-validate
- restart-caddy
- name: Install caddy systemd unit
become: true
template:
src: caddy.service.tmpl
dest: /etc/systemd/system/caddy.service
mode: 0600
- name: Start caddy
become: true
systemd:
daemon_reload: yes
name: caddy
state: started
enabled: true
notify: restart-caddy

build/caddy/Caddyfile.tmpl → roles/caddy/templates/Caddyfile.tmpl View File


build/caddy/caddy.service.tmpl → roles/caddy/templates/caddy.service.tmpl View File


build/caddy/common.caddy.tmpl → roles/caddy/templates/common.caddy.tmpl View File


+ 8
- 0
roles/common/defaults/main.yml View File

@ -0,0 +1,8 @@
#user_name: default_user
#user_password: ThisIsInsecure
#user_email: user@email-provider.com
locale: en_US.UTF-8
domain: klingt.net
domain_version: unknown-version
db_name: klingt-net
#db_password: password

+ 6
- 0
roles/common/handlers/main.yml View File

@ -0,0 +1,6 @@
- name: Restart journal process
listen: restart-journald
become: true
systemd:
name: systemd-journald
state: restarted

+ 42
- 0
roles/common/tasks/main.yml View File

@ -0,0 +1,42 @@
- name: "Generate {{ locale }}"
locale_gen:
name: "{{ locale }}"
state: present
- name: "Set {{ locale }}"
become: true
command: "update-locale LANG={{ locale }}"
- name: Set timezone to UTC
timezone:
name: Etc/UTC
- name: Create systemd-journald log path
become: true
file:
path: /var/log/journal
state: directory
mode: 0600
notify: restart-journald
- name: Update package index
apt: update_cache=yes package=sudo
become: true
- name: Check wheel group
become: true
group:
name: wheel
state: present
- name: Allow wheel to sudo (with password)
become: true
lineinfile:
dest: /etc/sudoers
state: present
backup: true
regexp: '^#\s*%wheel\s+ALL=\(ALL\)\s+ALL$'
line: '%wheel ALL=(ALL) ALL'
- name: "Create user {{ user_name }}"
become: true
user:
name: "{{ user_name }}"
comment: "{{ user_email }}"
append: true
groups: wheel
# http://docs.ansible.com/ansible/user_module.html
password: "{{ user_password }}"

+ 7
- 0
roles/gitea/defaults/main.yml View File

@ -0,0 +1,7 @@
gitea_user: gitea
gitea_group: gitea
gitea_db_name: gitea
gitea_path: /usr/bin/gitea
gitea_port: 10000
#gitea_db_password: password
#gitea_admin_password: password

+ 7
- 0
roles/gitea/handlers/main.yml View File

@ -0,0 +1,7 @@
- name: Restart gitea
listen: restart-gitea
become: true
systemd:
daemon_reload: true
name: gitea
state: restarted

+ 88
- 0
roles/gitea/tasks/main.yml View File

@ -0,0 +1,88 @@
# GITEA
- name: Build gitea
command: make -C ./build/gitea
delegate_to: localhost
- name: Install gitea
become: true
copy:
src: ./build/gitea/gitea
dest: "{{ gitea_path }}"
mode: 0755
- name: Install gitea systemd unit
become: true
template:
src: gitea.service.tmpl
dest: /etc/systemd/system/gitea.service
mode: 0600
notify: restart-gitea
- name: "Create group {{ gitea_group }}"
become: true
group:
name: "{{ gitea_group }}"
- name: "Create user {{ gitea_user }}"
become: true
user:
name: "{{ gitea_user }}"
comment: "Gitea run user"
append: true
group: "{{ gitea_group }}"
# needs a shell because of git
- name: Create gitea folder
become: true
become_user: "{{ gitea_user }}"
file:
path: "/home/{{ gitea_user }}/gitea/{{ item }}"
state: directory
mode: 0700
with_items:
- repos
- logs
- custom/conf
- name: Create postgres user gitea
become: true
become_user: postgres
postgresql_user:
name: gitea
password: "{{ gitea_db_password }}"
- name: "Create database {{ gitea_db_name }}"
become: true
become_user: "postgres"
postgresql_db:
name: gitea
owner: "{{ gitea_db_name }}"
state: present
- name: Create gitea configuration
become: true
template:
src: app.ini.tmpl
dest: /home/gitea/gitea/custom/conf/app.ini
mode: 0600
owner: "{{ gitea_user }}"
notify: restart-gitea
- name: Start gitea
become: true
systemd:
daemon_reload: yes
name: gitea
state: started
enabled: true
- name: Wait for Gitea to startup
uri:
url: "http://127.0.0.1:{{ gitea_port }}/"
status_code: 200
register: result
until: result.status == 200
retries: 3
delay: 1
- name: Check if gitea admin user was created
become: true
become_user: "{{ gitea_user }}"
command: "psql 'postgresql://{{ gitea_user }}:{{ gitea_db_password }}@localhost/{{ gitea_db_name }}' --no-align --tuples-only --quiet --command 'select exists (select 1 from \"user\" where is_admin);'"
register: gitea_admin_check
- name: "Create gitea admin user {{ user_name }}"
become: true
become_user: gitea
command: "gitea admin create-user --name {{ user_name }} --password {{ gitea_admin_password }} --email {{ user_email }} --admin --config ./gitea/custom/conf/app.ini"
args:
chdir: "/home/{{ gitea_user }}"
when: gitea_admin_check.stdout.strip() == 'f'

build/gitea/app.ini.tmpl → roles/gitea/templates/app.ini.tmpl View File


build/gitea/gitea.service.tmpl → roles/gitea/templates/gitea.service.tmpl View File


+ 11
- 0
roles/grafana/defaults/main.yml View File

@ -0,0 +1,11 @@
grafana_user: grafana
grafana_group: grafana
grafana_address: 127.0.0.1
grafana_port: 10002
grafana_db_name: grafana
grafana_db_password: ThisIsInsecure
grafana_domain: "grafana.{{ domain }}"
#grafana_password: password
node_exporter_path: /usr/bin/node_exporter
node_exporter_port: 9091
node_exporter_address: "127.0.0.1:{{ node_exporter_port }}"

+ 7
- 0
roles/grafana/handlers/main.yml View File

@ -0,0 +1,7 @@
- name: Restart grafana
listen: restart-grafana
become: true
systemd:
daemon_reload: true
name: grafana
state: restarted

+ 77
- 0
roles/grafana/tasks/main.yml View File

@ -0,0 +1,77 @@
- name: "Create group {{ grafana_group }}"
become: true
group:
name: "{{ grafana_group }}"
- name: Create grafana user
become: true
user:
name: "{{ grafana_user }}"
comment: "Grafana run user"
append: true
group: "{{ grafana_group }}"
shell: /bin/false
- name: Create postgres user grafana
become: true
become_user: postgres
postgresql_user:
name: grafana
password: "{{ grafana_db_password }}"
- name: Build grafana
command: make -C ./build/grafana
delegate_to: localhost
- name: Create grafana homepath
become: true
file:
path: /usr/share/grafana
state: directory
mode: 0755
- name: Install grafana
become: true
# copy does not scale for directories
synchronize:
src: "./build/grafana/grafana/{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: 'bin/grafana-server', dest: '/usr/bin/grafana-server' }
- { src: 'conf', dest: '/usr/share/grafana' }
- { src: 'public', dest: '/usr/share/grafana' }
- name: Create grafana config path
become: true
file:
path: /etc/grafana
state: directory
mode: 0755
- name: Install grafana configuration
become: true
template:
src: config.ini.tmpl
dest: /etc/grafana/config.ini
mode: 0644
notify: restart-grafana
- name: Install grafana systemd unit
become: true
template:
src: grafana.service.tmpl
dest: /etc/systemd/system/grafana.service
mode: 0600
notify: restart-grafana
- name: Create postgres user grafana
become: true
become_user: postgres
postgresql_user:
name: grafana
password: "{{ grafana_db_password }}"
- name: "Create database {{ grafana_db_name }}"
become: true
become_user: "postgres"
postgresql_db:
name: grafana
owner: "{{ grafana_db_name }}"
state: present
- name: Start grafana
become: true
systemd:
daemon_reload: yes
name: grafana
state: started
enabled: true

build/grafana/config.ini.tmpl → roles/grafana/templates/config.ini.tmpl View File


build/grafana/grafana.service.tmpl → roles/grafana/templates/grafana.service.tmpl View File


build/jupyter/jupyter.service.tmpl → roles/grafana/templates/jupyter.service.tmpl View File


build/jupyter/jupyter_notebook_config.py.tmpl → roles/grafana/templates/jupyter_notebook_config.py.tmpl View File


+ 4
- 0
roles/jupyter/defaults/main.yml View File

@ -0,0 +1,4 @@
jupyter_user: jupyter
jupyter_group: jupyter
jupyter_port: 10001
#jupyter_password: 'sha1:<salt>:<password-hash>'

+ 7
- 0
roles/jupyter/handlers/main.yml View File

@ -0,0 +1,7 @@
- name: Restart jupyter
listen: restart-jupyter
become: true
systemd:
daemon_reload: true
name: jupyter
state: restarted

+ 52
- 0
roles/jupyter/tasks/main.yml View File

@ -0,0 +1,52 @@
- name: "Create group {{jupyter_group }}"
become: true
group:
name: "{{jupyter_group }}"
- name: "Create user {{jupyter_user }}"
become: true
user:
name: "{{jupyter_user }}"
comment: Jupyter run user"
append: true
group: "{{jupyter_group }}"
shell: /bin/false
- name: Install Python3 PIP
become: true
apt:
name: python3-pip
state: latest
- name: Install jupyter
become: true
become_user: "{{ jupyter_user }}"
command: pip3 install --user jupyter
- name: Create jupyter config directory
become: true
file:
path: "/home/{{ jupyter_user }}//.jupyter"
owner: "{{ jupyter_user }}"
group: "{{ jupyter_group }}"
state: directory
mode: 0700
- name: Install jupyter configuration
become: true
template:
src: jupyter_notebook_config.py.tmpl
dest: "/home/{{ jupyter_user }}/.jupyter/jupyter_notebook_config.py"
owner: "{{ jupyter_user }}"
group: "{{ jupyter_group }}"
mode: 0600
notify: restart-jupyter
- name: Install jupyter systemd unit
become: true
template:
src: jupyter.service.tmpl
dest: /etc/systemd/system/jupyter.service
mode: 0600
notify: restart-jupyter
- name: Start jupyter
become: true
systemd:
daemon_reload: yes
name: jupyter
state: started
enabled: true

+ 20
- 0
roles/jupyter/templates/jupyter.service.tmpl View File

@ -0,0 +1,20 @@
[Unit]
Description=jupyter - Python notebook server
Documentation=http://jupyter.github.io/
After=network-online.target
Wants=systemd-networkd-wait-online.service
[Service]
Restart=on-abnormal
ExecStart=/home/{{ jupyter_user }}/.local/bin/jupyter notebook
User={{ jupyter_user }}
Group={{ jupyter_group }}
WorkingDirectory=/home/{{ jupyter_user }}
PrivateTmp=true
PrivateDevices=true
ProtectSystem=full
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

+ 605
- 0
roles/jupyter/templates/jupyter_notebook_config.py.tmpl View File

@ -0,0 +1,605 @@
# Configuration file for jupyter-notebook.
#------------------------------------------------------------------------------
# Application(SingletonConfigurable) configuration
#------------------------------------------------------------------------------
## This is an application.
## The date format used by logging formatters for %(asctime)s
#c.Application.log_datefmt = '%Y-%m-%d %H:%M:%S'
## The Logging format template
#c.Application.log_format = '[%(name)s]%(highlevel)s %(message)s'
## Set the log level by value or name.
#c.Application.log_level = 30
#------------------------------------------------------------------------------
# JupyterApp(Application) configuration
#------------------------------------------------------------------------------
## Base class for Jupyter applications
## Answer yes to any prompts.
c.JupyterApp.answer_yes = True
## Full path of a config file.
#c.JupyterApp.config_file = ''
## Specify a config file to load.
#c.JupyterApp.config_file_name = ''
## Generate default config file.
c.JupyterApp.generate_config = False
#------------------------------------------------------------------------------
# NotebookApp(JupyterApp) configuration
#------------------------------------------------------------------------------
## Set the Access-Control-Allow-Credentials: true header
#c.NotebookApp.allow_credentials = False
## Set the Access-Control-Allow-Origin header
#
# Use '*' to allow any origin to access your server.
#
# Takes precedence over allow_origin_pat.
#c.NotebookApp.allow_origin = ''
## Use a regular expression for the Access-Control-Allow-Origin header
#
# Requests from an origin matching the expression will get replies with:
#
# Access-Control-Allow-Origin: origin
#
# where `origin` is the origin of the request.
#
# Ignored if allow_origin is set.
#c.NotebookApp.allow_origin_pat = ''
## Whether to allow the user to run the notebook as root.
#c.NotebookApp.allow_root = False
## DEPRECATED use base_url
#c.NotebookApp.base_project_url = '/'
## The base URL for the notebook server.
#
# Leading and trailing slashes can be omitted, and will automatically be added.
#c.NotebookApp.base_url = '/'
## Specify what command to use to invoke a web browser when opening the notebook.
# If not specified, the default browser will be determined by the `webbrowser`
# standard library module, which allows setting of the BROWSER environment
# variable to override it.
#c.NotebookApp.browser = ''
## The full path to an SSL/TLS certificate file.
#c.NotebookApp.certfile = ''
## The full path to a certificate authority certificate for SSL/TLS client
# authentication.
#c.NotebookApp.client_ca = ''
## The config manager class to use
#c.NotebookApp.config_manager_class = 'notebook.services.config.manager.ConfigManager'
## The notebook manager class to use.
#c.NotebookApp.contents_manager_class = 'notebook.services.contents.largefilemanager.LargeFileManager'
## Extra keyword arguments to pass to `set_secure_cookie`. See tornado's
# set_secure_cookie docs for details.
#c.NotebookApp.cookie_options = {}
## The random bytes used to secure cookies. By default this is a new random
# number every time you start the Notebook. Set it to a value in a config file
# to enable logins to persist across server sessions.
#
# Note: Cookie secrets should be kept private, do not share config files with
# cookie_secret stored in plaintext (you can read the value from a file).
#c.NotebookApp.cookie_secret = b''
## The file where the cookie secret is stored.
#c.NotebookApp.cookie_secret_file = ''
## The default URL to redirect to from `/`
#c.NotebookApp.default_url = '/tree'
## Disable cross-site-request-forgery protection
#
# Jupyter notebook 4.3.1 introduces protection from cross-site request
# forgeries, requiring API requests to either:
#
# - originate from pages served by this server (validated with XSRF cookie and
# token), or - authenticate with a token
#
# Some anonymous compute resources still desire the ability to run code,
# completely without authentication. These services can disable all
# authentication and security checks, with the full knowledge of what that
# implies.
#c.NotebookApp.disable_check_xsrf = False
## Whether to enable MathJax for typesetting math/TeX
#
# MathJax is the javascript library Jupyter uses to render math/LaTeX. It is
# very large, so you may want to disable it if you have a slow internet
# connection, or for offline use of the notebook.
#
# When disabled, equations etc. will appear as their untransformed TeX source.
#c.NotebookApp.enable_mathjax = True
## extra paths to look for Javascript notebook extensions
#c.NotebookApp.extra_nbextensions_path = []
## Extra paths to search for serving static files.
#
# This allows adding javascript/css to be available from the notebook server
# machine, or overriding individual files in the IPython
#c.NotebookApp.extra_static_paths = []
## Extra paths to search for serving jinja templates.
#
# Can be used to override templates from notebook.templates.
#c.NotebookApp.extra_template_paths = []
##
#c.NotebookApp.file_to_run = ''
## Deprecated: Use minified JS file or not, mainly use during dev to avoid JS
# recompilation
#c.NotebookApp.ignore_minified_js = False
## (bytes/sec) Maximum rate at which messages can be sent on iopub before they
# are limited.
#c.NotebookApp.iopub_data_rate_limit = 1000000
## (msgs/sec) Maximum rate at which messages can be sent on iopub before they are
# limited.
#c.NotebookApp.iopub_msg_rate_limit = 1000
## The IP address the notebook server will listen on.
c.NotebookApp.ip = '0.0.0.0'
## Supply extra arguments that will be passed to Jinja environment.
#c.NotebookApp.jinja_environment_options = {}
## Extra variables to supply to jinja templates when rendering.
#c.NotebookApp.jinja_template_vars = {}
## The kernel manager class to use.
#c.NotebookApp.kernel_manager_class = 'notebook.services.kernels.kernelmanager.MappingKernelManager'
## The kernel spec manager class to use. Should be a subclass of
# `jupyter_client.kernelspec.KernelSpecManager`.
#
# The Api of KernelSpecManager is provisional and might change without warning
# between this version of Jupyter and the next stable one.
#c.NotebookApp.kernel_spec_manager_class = 'jupyter_client.kernelspec.KernelSpecManager'
## The full path to a private key file for usage with SSL/TLS.
#c.NotebookApp.keyfile = ''
## The login handler class to use.
#c.NotebookApp.login_handler_class = 'notebook.auth.login.LoginHandler'
## The logout handler class to use.
#c.NotebookApp.logout_handler_class = 'notebook.auth.logout.LogoutHandler'
## The MathJax.js configuration file that is to be used.
#c.NotebookApp.mathjax_config = 'TeX-AMS-MML_HTMLorMML-full,Safe'
## A custom url for MathJax.js. Should be in the form of a case-sensitive url to
# MathJax, for example: /static/components/MathJax/MathJax.js
#c.NotebookApp.mathjax_url = ''
## Dict of Python modules to load as notebook server extensions.Entry values can
# be used to enable and disable the loading ofthe extensions. The extensions
# will be loaded in alphabetical order.
#c.NotebookApp.nbserver_extensions = {}
## The directory to use for notebooks and kernels.
#c.NotebookApp.notebook_dir = ''
## Whether to open in a browser after starting. The specific browser used is
# platform dependent and determined by the python standard library `webbrowser`
# module, unless it is overridden using the --browser (NotebookApp.browser)
# configuration option.
c.NotebookApp.open_browser = False
## Hashed password to use for web authentication.
#
# To generate, type in a python/IPython shell:
#
# from notebook.auth import passwd; passwd()
#
# The string should be of the form type:salt:hashed-password.
c.NotebookApp.password = '{{ jupyter_password }}'
## Forces users to use a password for the Notebook server. This is useful in a
# multi user environment, for instance when everybody in the LAN can access each
# other's machine though ssh.
#
# In such a case, server the notebook server on localhost is not secure since
# any user can connect to the notebook server via ssh.
c.NotebookApp.password_required = True
## The port the notebook server will listen on.
c.NotebookApp.port = {{ jupyter_port }}
## The number of additional ports to try if the specified port is not available.
#c.NotebookApp.port_retries = 0
## DISABLED: use %pylab or %matplotlib in the notebook to enable matplotlib.
#c.NotebookApp.pylab = 'disabled'
## (sec) Time window used to check the message and data rate limits.
#c.NotebookApp.rate_limit_window = 3
## Reraise exceptions encountered loading server extensions?
#c.NotebookApp.reraise_server_extension_failures = False
## DEPRECATED use the nbserver_extensions dict instead
#c.NotebookApp.server_extensions = []
## The session manager class to use.
#c.NotebookApp.session_manager_class = 'notebook.services.sessions.sessionmanager.SessionManager'
## Supply SSL options for the tornado HTTPServer. See the tornado docs for
# details.
#c.NotebookApp.ssl_options = {}
## Supply overrides for terminado. Currently only supports "shell_command".
#c.NotebookApp.terminado_settings = {}
## Token used for authenticating first-time connections to the server.
#
# When no password is enabled, the default is to generate a new, random token.
#
# Setting to an empty string disables authentication altogether, which is NOT
# RECOMMENDED.
# c.NotebookApp.token = ''
## Supply overrides for the tornado.web.Application that the Jupyter notebook
# uses.
#c.NotebookApp.tornado_settings = {}
## Whether to trust or not X-Scheme/X-Forwarded-Proto and X-Real-Ip/X-Forwarded-
# For headerssent by the upstream reverse proxy. Necessary if the proxy handles
# SSL
#c.NotebookApp.trust_xheaders = False
## DEPRECATED, use tornado_settings
#c.NotebookApp.webapp_settings = {}
## The base URL for websockets, if it differs from the HTTP server (hint: it
# almost certainly doesn't).
#
# Should be in the form of an HTTP origin: ws[s]://hostname[:port]
#c.NotebookApp.websocket_url = ''
#------------------------------------------------------------------------------
# ConnectionFileMixin(LoggingConfigurable) configuration
#------------------------------------------------------------------------------
## Mixin for configurable classes that work with connection files
## JSON file in which to store connection info [default: kernel-<pid>.json]
#
# This file will contain the IP, ports, and authentication key needed to connect
# clients to this kernel. By default, this file will be created in the security
# dir of the current profile, but can be specified by absolute path.
#c.ConnectionFileMixin.connection_file = ''
## set the control (ROUTER) port [default: random]
#c.ConnectionFileMixin.control_port = 0
## set the heartbeat port [default: random]
#c.ConnectionFileMixin.hb_port = 0
## set the iopub (PUB) port [default: random]
#c.ConnectionFileMixin.iopub_port = 0
## Set the kernel's IP address [default localhost]. If the IP address is
# something other than localhost, then Consoles on other machines will be able
# to connect to the Kernel, so be careful!
#c.ConnectionFileMixin.ip = ''
## set the shell (ROUTER) port [default: random]
#c.ConnectionFileMixin.shell_port = 0
## set the stdin (ROUTER) port [default: random]
#c.ConnectionFileMixin.stdin_port = 0
##
#c.ConnectionFileMixin.transport = 'tcp'
#------------------------------------------------------------------------------
# KernelManager(ConnectionFileMixin) configuration
#------------------------------------------------------------------------------
## Manages a single kernel in a subprocess on this host.
#
# This version starts kernels with Popen.
## Should we autorestart the kernel if it dies.
#c.KernelManager.autorestart = True
## DEPRECATED: Use kernel_name instead.
#
# The Popen Command to launch the kernel. Override this if you have a custom
# kernel. If kernel_cmd is specified in a configuration file, Jupyter does not
# pass any arguments to the kernel, because it cannot make any assumptions about
# the arguments that the kernel understands. In particular, this means that the
# kernel does not receive the option --debug if it given on the Jupyter command
# line.
#c.KernelManager.kernel_cmd = []
## Time to wait for a kernel to terminate before killing it, in seconds.
#c.KernelManager.shutdown_wait_time = 5.0
#------------------------------------------------------------------------------
# Session(Configurable) configuration
#------------------------------------------------------------------------------
## Object for handling serialization and sending of messages.
#
# The Session object handles building messages and sending them with ZMQ sockets
# or ZMQStream objects. Objects can communicate with each other over the
# network via Session objects, and only need to work with the dict-based IPython
# message spec. The Session will handle serialization/deserialization, security,
# and metadata.
#
# Sessions support configurable serialization via packer/unpacker traits, and
# signing with HMAC digests via the key/keyfile traits.
#
# Parameters ----------
#
# debug : bool
# whether to trigger extra debugging statements
# packer/unpacker : str : 'json', 'pickle' or import_string
# importstrings for methods to serialize message parts. If just
# 'json' or 'pickle', predefined JSON and pickle packers will be used.
# Otherwise, the entire importstring must be used.
#
# The functions must accept at least valid JSON input, and output *bytes*.
#
# For example, to use msgpack:
# packer = 'msgpack.packb', unpacker='msgpack.unpackb'
# pack/unpack : callables
# You can also set the pack/unpack callables for serialization directly.
# session : bytes
# the ID of this Session object. The default is to generate a new UUID.
# username : unicode
# username added to message headers. The default is to ask the OS.
# key : bytes
# The key used to initialize an HMAC signature. If unset, messages
# will not be signed or checked.
# keyfile : filepath
# The file containing a key. If this is set, `key` will be initialized
# to the contents of the file.
## Threshold (in bytes) beyond which an object's buffer should be extracted to
# avoid pickling.
#c.Session.buffer_threshold = 1024
## Whether to check PID to protect against calls after fork.
#
# This check can be disabled if fork-safety is handled elsewhere.
#c.Session.check_pid = True
## Threshold (in bytes) beyond which a buffer should be sent without copying.
#c.Session.copy_threshold = 65536
## Debug output in the Session
#c.Session.debug = False
## The maximum number of digests to remember.
#
# The digest history will be culled when it exceeds this value.
#c.Session.digest_history_size = 65536
## The maximum number of items for a container to be introspected for custom
# serialization. Containers larger than this are pickled outright.
#c.Session.item_threshold = 64
## execution key, for signing messages.
#c.Session.key = b''
## path to file containing execution key.
#c.Session.keyfile = ''
## Metadata dictionary, which serves as the default top-level metadata dict for
# each message.
#c.Session.metadata = {}
## The name of the packer for serializing messages. Should be one of 'json',
# 'pickle', or an import name for a custom callable serializer.
#c.Session.packer = 'json'
## The UUID identifying this session.
#c.Session.session = ''
## The digest scheme used to construct the message signatures. Must have the form
# 'hmac-HASH'.
#c.Session.signature_scheme = 'hmac-sha256'
## The name of the unpacker for unserializing messages. Only used with custom
# functions for `packer`.
#c.Session.unpacker = 'json'
## Username for the Session. Default is your system username.
#c.Session.username = 'ubuntu'
#------------------------------------------------------------------------------
# MultiKernelManager(LoggingConfigurable) configuration
#------------------------------------------------------------------------------
## A class for managing multiple kernels.
## The name of the default kernel to start
#c.MultiKernelManager.default_kernel_name = 'python3'
## The kernel manager class. This is configurable to allow subclassing of the
# KernelManager for customized behavior.
#c.MultiKernelManager.kernel_manager_class = 'jupyter_client.ioloop.IOLoopKernelManager'
#------------------------------------------------------------------------------
# MappingKernelManager(MultiKernelManager) configuration
#------------------------------------------------------------------------------
## A KernelManager that handles notebook mapping and HTTP error handling
##
#c.MappingKernelManager.root_dir = ''
#------------------------------------------------------------------------------
# ContentsManager(LoggingConfigurable) configuration
#------------------------------------------------------------------------------
## Base class for serving files and directories.
#
# This serves any text or binary file, as well as directories, with special
# handling for JSON notebook documents.
#
# Most APIs take a path argument, which is always an API-style unicode path, and
# always refers to a directory.
#
# - unicode, not url-escaped
# - '/'-separated
# - leading and trailing '/' will be stripped
# - if unspecified, path defaults to '',
# indicating the root path.
##
#c.ContentsManager.checkpoints = None
##
#c.ContentsManager.checkpoints_class = 'notebook.services.contents.checkpoints.Checkpoints'
##
#c.ContentsManager.checkpoints_kwargs = {}
## Glob patterns to hide in file and directory listings.
#c.ContentsManager.hide_globs = ['__pycache__', '*.pyc', '*.pyo', '.DS_Store', '*.so', '*.dylib', '*~']
## Python callable or importstring thereof
#
# To be called on a contents model prior to save.
#
# This can be used to process the structure, such as removing notebook outputs
# or other side effects that should not be saved.
#
# It will be called as (all arguments passed by keyword)::
#
# hook(path=path, model=model, contents_manager=self)
#
# - model: the model to be saved. Includes file contents.
# Modifying this dict will affect the file that is stored.
# - path: the API path of the save destination
# - contents_manager: this ContentsManager instance
#c.ContentsManager.pre_save_hook = None
##
#c.ContentsManager.root_dir = '/'
## The base name used when creating untitled directories.
#c.ContentsManager.untitled_directory = 'Untitled Folder'
## The base name used when creating untitled files.
#c.ContentsManager.untitled_file = 'untitled'
## The base name used when creating untitled notebooks.
#c.ContentsManager.untitled_notebook = 'Untitled'
#------------------------------------------------------------------------------
# FileManagerMixin(Configurable) configuration
#------------------------------------------------------------------------------
## Mixin for ContentsAPI classes that interact with the filesystem.
#
# Provides facilities for reading, writing, and copying both notebooks and
# generic files.
#
# Shared by FileContentsManager and FileCheckpoints.
#
# Note ---- Classes using this mixin must provide the following attributes:
#
# root_dir : unicode
# A directory against against which API-style paths are to be resolved.
#
# log : logging.Logger
## By default notebooks are saved on disk on a temporary file and then if
# succefully written, it replaces the old ones. This procedure, namely
# 'atomic_writing', causes some bugs on file system whitout operation order
# enforcement (like some networked fs). If set to False, the new notebook is
# written directly on the old one which could fail (eg: full filesystem or quota
# )
#c.FileManagerMixin.use_atomic_writing = True
#------------------------------------------------------------------------------
# FileContentsManager(FileManagerMixin,ContentsManager) configuration
#------------------------------------------------------------------------------
## Python callable or importstring thereof
#
# to be called on the path of a file just saved.
#
# This can be used to process the file on disk, such as converting the notebook
# to a script or HTML via nbconvert.
#
# It will be called as (all arguments passed by keyword)::
#
# hook(os_path=os_path, model=model, contents_manager=instance)
#
# - path: the filesystem path to the file just written - model: the model
# representing the file - contents_manager: this ContentsManager instance
#c.FileContentsManager.post_save_hook = None
##
#c.FileContentsManager.root_dir = ''
## DEPRECATED, use post_save_hook. Will be removed in Notebook 5.0
#c.FileContentsManager.save_script = False
#------------------------------------------------------------------------------
# NotebookNotary(LoggingConfigurable) configuration
#------------------------------------------------------------------------------<