dogeystamp/homeserver-ansible
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: dogeystamp:449a0a6ccac8b9135e33ddfef43ccf9e544b88c7
Branches Tags
dogeystamp:main
..
compare: dogeystamp:619bd7a5d28b3abdd7d52c253c49c62fcb675298
Branches Tags
dogeystamp:main

No commits in common. "449a0a6ccac8b9135e33ddfef43ccf9e544b88c7" and "619bd7a5d28b3abdd7d52c253c49c62fcb675298" have entirely different histories.
449a0a6cca ... 619bd7a5d2

6 changed files with 51 additions and 46 deletions
Show Stats Expand all files Collapse all files

1
README.md
View File

@ -17,6 +17,7 @@ This project was largely inspired by his own [infra](https://github.com/notthebe
* Nginx webserver * Nginx webserver
* MediaWiki farm * MediaWiki farm
* Navidrome music server * Navidrome music server
* SFTP (not really a service, included in sshd)
* Syncthing * Syncthing
* Firewall (UFW) * Firewall (UFW)

14
group_vars/all/vars.yml
View File

@ -20,9 +20,12 @@ admin_username: maestro
# Username for unpriviledged user # Username for unpriviledged user
username: dogeystamp username: dogeystamp
# Create an SFTP read-only user (leave blank to disable)
sftp_ro_username: dogeystamp-mobile
# Git repos (could be localhost if Gitea is installed) # Git repos (could be localhost if Gitea is installed)
dots_repo: http://localhost:3000/dogeystamp/dots.git dots_repo: http://localhost:3000/dogeystamp/dots.git
site_repo: http://localhost:3000/dogeystamp/wb5.git site_repo: http://localhost:3000/dogeystamp/wb4.git
# Drive with all the data stored on it (should be separate from OS drive) # Drive with all the data stored on it (should be separate from OS drive)
# This is the raw partition, and not the mapped crypt device # This is the raw partition, and not the mapped crypt device
@ -32,8 +35,8 @@ secondary_disk: /dev/sda1
# This is the raw partition, and not the mapped crypt device # This is the raw partition, and not the mapped crypt device
backup_disk: /dev/sda2 backup_disk: /dev/sda2
# Username for website deployment # Title used for the static website generator
web_username: ianitor web_name: dogeystamp
# Web root for nginx and other applications # Web root for nginx and other applications
webroot: /srv/http webroot: /srv/http
@ -50,8 +53,6 @@ util_pack:
- tmux - tmux
- git - git
- cronie - cronie
# for chronic
- moreutils
- progress - progress
- rsync - rsync
- man-db - man-db
@ -269,6 +270,9 @@ enable_navidrome: yes
# Personal website # Personal website
enable_website: yes enable_website: yes
# SFTP read-only user
enable_sftpr: no
# Syncthing # Syncthing
enable_syncthing: yes enable_syncthing: yes

15
roles/services/sftp/tasks/main.yml Normal file
View File

@ -0,0 +1,15 @@
- name: Create sftp read group
group:
name: sftpr
- name: Create sftp read-only user
user:
name: "{{ sftp_ro_username }}"
groups:
- sftpr
- name: Deploy SSH key to sftp user
ansible.posix.authorized_key:
user: "{{ sftp_ro_username }}"
state: present
key: "{{ lookup('file', '~/.ssh/keys/{{ ansible_hostname }}_sftp.pub')}}"

55
roles/services/website/tasks/main.yml
View File

@ -6,61 +6,48 @@
set_fact: set_fact:
fullroot: "{{ webroot }}/{{ path }}" fullroot: "{{ webroot }}/{{ path }}"
- name: Create website deployment user
user:
name: "{{ web_username }}"
- name: Install required packages - name: Install required packages
community.general.pacman: community.general.pacman:
name: name:
- git - cpio
- make
- lowdown - lowdown
- rsync
state: present state: present
- name: Create site source folder
file:
owner: http
group: http
path: "/srv/web_source"
state: directory
recurse: yes
register: site_perm
- name: Fetch site source - name: Fetch site source
git: git:
dest: "/home/{{ web_username }}/website" dest: "/srv/web_source"
repo: "{{ site_repo }}" repo: "{{ site_repo }}"
register: site_source register: site_source
become_user: "{{ web_username }}" become_user: http
- name: Make site directory in web root - name: Make site directory in web root
file: file:
group: http group: http
owner: "{{ web_username }}" owner: http
path: "{{ fullroot }}" path: "{{ fullroot }}"
state: directory state: directory
register: site_folder register: site_folder
- name: Deploy source to web root - name: Deploy source to web root
make: shell:
chdir: "/home/{{ web_username }}/website" cmd: "./ssg6 src {{ fullroot }} '{{ web_name }}' 'https://{{ path }}'"
target: deploy chdir: /srv/web_source
params: when: site_source.changed or site_folder.changed or site_perm.changed
OUTPUT: "{{ fullroot }}" become_user: http
when: site_source.changed or site_folder.changed
become_user: "{{ web_username }}"
- name: Send deployment script
template:
src: deploy.sh.j2
dest: "/home/{{ web_username }}/deploy.sh"
mode: 0700
owner: "{{ web_username }}"
- name: Tell cron to mail to root
cron:
user: "{{ web_username }}"
name: MAILTO
env: yes
job: root
- name: Cronjob to deploy source - name: Cronjob to deploy source
cron: cron:
user: "{{ web_username }}" user: http
name: "Update and deploy website source" name: "Update and deploy website source"
minute: 0 minute: 0
hour: "*/1" hour: "*/4"
job: "chronic /home/{{ web_username }}/deploy.sh" job: "git -C /srv/web_source/ pull && /srv/web_source/ssg6 /srv/web_source/src {{ fullroot }} '{{ web_name }}' 'https://{{ path }}'"

7
roles/services/website/templates/deploy.sh.j2
View File

@ -1,7 +0,0 @@
#!/bin/sh
# website deployment script
set -e
git -C /home/{{ web_username }}/website pull
OUTPUT={{ fullroot }} make -C /home/{{ web_username }}/website deploy

5
run.yml
View File

@ -55,6 +55,11 @@
- nameserver - nameserver
when: enable_nameserver when: enable_nameserver
- role: services/sftp
tags:
- sftp
when: enable_sftpr
- role: services/mail - role: services/mail
tags: tags:
- mail - mail