Compare commits
2 Commits
619bd7a5d2
...
449a0a6cca
| Author | SHA1 | Date | |
|---|---|---|---|
449a0a6cca
|
|||
|
31d7f0fd35
|
@ -17,7 +17,6 @@ This project was largely inspired by his own [infra](https://github.com/notthebe
|
||||
* Nginx webserver
|
||||
* MediaWiki farm
|
||||
* Navidrome music server
|
||||
* SFTP (not really a service, included in sshd)
|
||||
* Syncthing
|
||||
* Firewall (UFW)
|
||||
|
||||
|
||||
@ -20,12 +20,9 @@ admin_username: maestro
|
||||
# Username for unpriviledged user
|
||||
username: dogeystamp
|
||||
|
||||
# Create an SFTP read-only user (leave blank to disable)
|
||||
sftp_ro_username: dogeystamp-mobile
|
||||
|
||||
# Git repos (could be localhost if Gitea is installed)
|
||||
dots_repo: http://localhost:3000/dogeystamp/dots.git
|
||||
site_repo: http://localhost:3000/dogeystamp/wb4.git
|
||||
site_repo: http://localhost:3000/dogeystamp/wb5.git
|
||||
|
||||
# Drive with all the data stored on it (should be separate from OS drive)
|
||||
# This is the raw partition, and not the mapped crypt device
|
||||
@ -35,8 +32,8 @@ secondary_disk: /dev/sda1
|
||||
# This is the raw partition, and not the mapped crypt device
|
||||
backup_disk: /dev/sda2
|
||||
|
||||
# Title used for the static website generator
|
||||
web_name: dogeystamp
|
||||
# Username for website deployment
|
||||
web_username: ianitor
|
||||
|
||||
# Web root for nginx and other applications
|
||||
webroot: /srv/http
|
||||
@ -53,6 +50,8 @@ util_pack:
|
||||
- tmux
|
||||
- git
|
||||
- cronie
|
||||
# for chronic
|
||||
- moreutils
|
||||
- progress
|
||||
- rsync
|
||||
- man-db
|
||||
@ -270,9 +269,6 @@ enable_navidrome: yes
|
||||
# Personal website
|
||||
enable_website: yes
|
||||
|
||||
# SFTP read-only user
|
||||
enable_sftpr: no
|
||||
|
||||
# Syncthing
|
||||
enable_syncthing: yes
|
||||
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
- name: Create sftp read group
|
||||
group:
|
||||
name: sftpr
|
||||
|
||||
- name: Create sftp read-only user
|
||||
user:
|
||||
name: "{{ sftp_ro_username }}"
|
||||
groups:
|
||||
- sftpr
|
||||
|
||||
- name: Deploy SSH key to sftp user
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ sftp_ro_username }}"
|
||||
state: present
|
||||
key: "{{ lookup('file', '~/.ssh/keys/{{ ansible_hostname }}_sftp.pub')}}"
|
||||
@ -6,48 +6,61 @@
|
||||
set_fact:
|
||||
fullroot: "{{ webroot }}/{{ path }}"
|
||||
|
||||
- name: Create website deployment user
|
||||
user:
|
||||
name: "{{ web_username }}"
|
||||
|
||||
- name: Install required packages
|
||||
community.general.pacman:
|
||||
name:
|
||||
- cpio
|
||||
- git
|
||||
- make
|
||||
- lowdown
|
||||
- rsync
|
||||
state: present
|
||||
|
||||
- name: Create site source folder
|
||||
file:
|
||||
owner: http
|
||||
group: http
|
||||
path: "/srv/web_source"
|
||||
state: directory
|
||||
recurse: yes
|
||||
register: site_perm
|
||||
|
||||
- name: Fetch site source
|
||||
git:
|
||||
dest: "/srv/web_source"
|
||||
dest: "/home/{{ web_username }}/website"
|
||||
repo: "{{ site_repo }}"
|
||||
register: site_source
|
||||
become_user: http
|
||||
become_user: "{{ web_username }}"
|
||||
|
||||
- name: Make site directory in web root
|
||||
file:
|
||||
group: http
|
||||
owner: http
|
||||
owner: "{{ web_username }}"
|
||||
path: "{{ fullroot }}"
|
||||
state: directory
|
||||
register: site_folder
|
||||
|
||||
- name: Deploy source to web root
|
||||
shell:
|
||||
cmd: "./ssg6 src {{ fullroot }} '{{ web_name }}' 'https://{{ path }}'"
|
||||
chdir: /srv/web_source
|
||||
when: site_source.changed or site_folder.changed or site_perm.changed
|
||||
become_user: http
|
||||
make:
|
||||
chdir: "/home/{{ web_username }}/website"
|
||||
target: deploy
|
||||
params:
|
||||
OUTPUT: "{{ fullroot }}"
|
||||
when: site_source.changed or site_folder.changed
|
||||
become_user: "{{ web_username }}"
|
||||
|
||||
- name: Send deployment script
|
||||
template:
|
||||
src: deploy.sh.j2
|
||||
dest: "/home/{{ web_username }}/deploy.sh"
|
||||
mode: 0700
|
||||
owner: "{{ web_username }}"
|
||||
|
||||
- name: Tell cron to mail to root
|
||||
cron:
|
||||
user: "{{ web_username }}"
|
||||
name: MAILTO
|
||||
env: yes
|
||||
job: root
|
||||
|
||||
- name: Cronjob to deploy source
|
||||
cron:
|
||||
user: http
|
||||
user: "{{ web_username }}"
|
||||
name: "Update and deploy website source"
|
||||
minute: 0
|
||||
hour: "*/4"
|
||||
job: "git -C /srv/web_source/ pull && /srv/web_source/ssg6 /srv/web_source/src {{ fullroot }} '{{ web_name }}' 'https://{{ path }}'"
|
||||
hour: "*/1"
|
||||
job: "chronic /home/{{ web_username }}/deploy.sh"
|
||||
|
||||
7
roles/services/website/templates/deploy.sh.j2
Normal file
7
roles/services/website/templates/deploy.sh.j2
Normal file
@ -0,0 +1,7 @@
|
||||
#!/bin/sh
|
||||
# website deployment script
|
||||
|
||||
set -e
|
||||
|
||||
git -C /home/{{ web_username }}/website pull
|
||||
OUTPUT={{ fullroot }} make -C /home/{{ web_username }}/website deploy
|
||||
Reference in New Issue
Block a user