dogeystamp/homeserver-ansible
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: dogeystamp:619bd7a5d28b3abdd7d52c253c49c62fcb675298
Branches Tags
dogeystamp:main
...
compare: dogeystamp:449a0a6ccac8b9135e33ddfef43ccf9e544b88c7
Branches Tags
dogeystamp:main

2 Commits
619bd7a5d2 ... 449a0a6cca

Author SHA1 Message Date
dogeystamp
449a0a6cca
website: migrate to barf 
new more robust deployment system too
 2023-05-14 17:34:22 -04:00
dogeystamp
31d7f0fd35
sftp: removed service 2023-05-14 12:28:58 -04:00
6 changed files with 46 additions and 51 deletions
Show Stats Expand all files Collapse all files

1
README.md
View File

@ -17,7 +17,6 @@ This project was largely inspired by his own [infra](https://github.com/notthebe
* Nginx webserver * Nginx webserver
* MediaWiki farm * MediaWiki farm
* Navidrome music server * Navidrome music server
* SFTP (not really a service, included in sshd)
* Syncthing * Syncthing
* Firewall (UFW) * Firewall (UFW)

14
group_vars/all/vars.yml
View File

@ -20,12 +20,9 @@ admin_username: maestro
# Username for unpriviledged user # Username for unpriviledged user
username: dogeystamp username: dogeystamp
# Create an SFTP read-only user (leave blank to disable)
sftp_ro_username: dogeystamp-mobile
# Git repos (could be localhost if Gitea is installed) # Git repos (could be localhost if Gitea is installed)
dots_repo: http://localhost:3000/dogeystamp/dots.git dots_repo: http://localhost:3000/dogeystamp/dots.git
site_repo: http://localhost:3000/dogeystamp/wb4.git site_repo: http://localhost:3000/dogeystamp/wb5.git
# Drive with all the data stored on it (should be separate from OS drive) # Drive with all the data stored on it (should be separate from OS drive)
# This is the raw partition, and not the mapped crypt device # This is the raw partition, and not the mapped crypt device
@ -35,8 +32,8 @@ secondary_disk: /dev/sda1
# This is the raw partition, and not the mapped crypt device # This is the raw partition, and not the mapped crypt device
backup_disk: /dev/sda2 backup_disk: /dev/sda2
# Title used for the static website generator # Username for website deployment
web_name: dogeystamp web_username: ianitor
# Web root for nginx and other applications # Web root for nginx and other applications
webroot: /srv/http webroot: /srv/http
@ -53,6 +50,8 @@ util_pack:
- tmux - tmux
- git - git
- cronie - cronie
# for chronic
- moreutils
- progress - progress
- rsync - rsync
- man-db - man-db
@ -270,9 +269,6 @@ enable_navidrome: yes
# Personal website # Personal website
enable_website: yes enable_website: yes
# SFTP read-only user
enable_sftpr: no
# Syncthing # Syncthing
enable_syncthing: yes enable_syncthing: yes

15
roles/services/sftp/tasks/main.yml
View File

@ -1,15 +0,0 @@
- name: Create sftp read group
group:
name: sftpr
- name: Create sftp read-only user
user:
name: "{{ sftp_ro_username }}"
groups:
- sftpr
- name: Deploy SSH key to sftp user
ansible.posix.authorized_key:
user: "{{ sftp_ro_username }}"
state: present
key: "{{ lookup('file', '~/.ssh/keys/{{ ansible_hostname }}_sftp.pub')}}"

55
roles/services/website/tasks/main.yml
View File

@ -6,48 +6,61 @@
set_fact: set_fact:
fullroot: "{{ webroot }}/{{ path }}" fullroot: "{{ webroot }}/{{ path }}"
- name: Create website deployment user
user:
name: "{{ web_username }}"
- name: Install required packages - name: Install required packages
community.general.pacman: community.general.pacman:
name: name:
- cpio - git
- make
- lowdown - lowdown
- rsync
state: present state: present
- name: Create site source folder
file:
owner: http
group: http
path: "/srv/web_source"
state: directory
recurse: yes
register: site_perm
- name: Fetch site source - name: Fetch site source
git: git:
dest: "/srv/web_source" dest: "/home/{{ web_username }}/website"
repo: "{{ site_repo }}" repo: "{{ site_repo }}"
register: site_source register: site_source
become_user: http become_user: "{{ web_username }}"
- name: Make site directory in web root - name: Make site directory in web root
file: file:
group: http group: http
owner: http owner: "{{ web_username }}"
path: "{{ fullroot }}" path: "{{ fullroot }}"
state: directory state: directory
register: site_folder register: site_folder
- name: Deploy source to web root - name: Deploy source to web root
shell: make:
cmd: "./ssg6 src {{ fullroot }} '{{ web_name }}' 'https://{{ path }}'" chdir: "/home/{{ web_username }}/website"
chdir: /srv/web_source target: deploy
when: site_source.changed or site_folder.changed or site_perm.changed params:
become_user: http OUTPUT: "{{ fullroot }}"
when: site_source.changed or site_folder.changed
become_user: "{{ web_username }}"
- name: Send deployment script
template:
src: deploy.sh.j2
dest: "/home/{{ web_username }}/deploy.sh"
mode: 0700
owner: "{{ web_username }}"
- name: Tell cron to mail to root
cron:
user: "{{ web_username }}"
name: MAILTO
env: yes
job: root
- name: Cronjob to deploy source - name: Cronjob to deploy source
cron: cron:
user: http user: "{{ web_username }}"
name: "Update and deploy website source" name: "Update and deploy website source"
minute: 0 minute: 0
hour: "*/4" hour: "*/1"
job: "git -C /srv/web_source/ pull && /srv/web_source/ssg6 /srv/web_source/src {{ fullroot }} '{{ web_name }}' 'https://{{ path }}'" job: "chronic /home/{{ web_username }}/deploy.sh"

7
roles/services/website/templates/deploy.sh.j2 Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
# website deployment script
set -e
git -C /home/{{ web_username }}/website pull
OUTPUT={{ fullroot }} make -C /home/{{ web_username }}/website deploy

5
run.yml
View File

@ -55,11 +55,6 @@
- nameserver - nameserver
when: enable_nameserver when: enable_nameserver
- role: services/sftp
tags:
- sftp
when: enable_sftpr
- role: services/mail - role: services/mail
tags: tags:
- mail - mail