diff --git a/group_vars/bastion/vars.yml b/group_vars/bastion/vars.yml index d73de74..f539ce5 100644 --- a/group_vars/bastion/vars.yml +++ b/group_vars/bastion/vars.yml @@ -7,5 +7,6 @@ - "sshd" - "ddclient" - "caddy" + - "website" - "nameserver" - "mailserver" diff --git a/roles/caddy/defaults/main.yml b/roles/caddy/defaults/main.yml new file mode 100644 index 0000000..ce6508b --- /dev/null +++ b/roles/caddy/defaults/main.yml @@ -0,0 +1,7 @@ +--- + +# these are defaults +# override these in group/host vars + +# web root directory +website_path: /srv/http diff --git a/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml new file mode 100644 index 0000000..f5ff787 --- /dev/null +++ b/roles/caddy/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- name: Install Caddy packages + community.general.pacman: + name: caddy + state: present + +- name: Configure Caddy + template: + src: Caddyfile.j2 + dest: /etc/caddy/Caddyfile + +- name: Enable Caddy service + service: + name: caddy + state: started + enabled: yes diff --git a/roles/caddy/templates/Caddyfile.j2 b/roles/caddy/templates/Caddyfile.j2 new file mode 100644 index 0000000..1a8943e --- /dev/null +++ b/roles/caddy/templates/Caddyfile.j2 @@ -0,0 +1,6 @@ +{% if website in servcices %} +www.{{ domain }} { + root * {{ website_path }} + file_server +} +{% endif %} diff --git a/roles/website/defaults/main.yml b/roles/website/defaults/main.yml new file mode 100644 index 0000000..db19815 --- /dev/null +++ b/roles/website/defaults/main.yml @@ -0,0 +1,13 @@ +--- + +# these are defaults +# override these in group/host vars + +# this user takes care of building the website +# caddy will serve it +website_username: ianitor + +site_repo: https://git.dogeystamp.com/dogeystamp/wb5 + +# site gets deployed here +website_path: /srv/http diff --git a/roles/website/tasks/main.yml b/roles/website/tasks/main.yml new file mode 100644 index 0000000..06dac87 --- /dev/null +++ b/roles/website/tasks/main.yml @@ -0,0 +1,59 @@ +- name: Create website deployment user + user: + name: "{{ website_username }}" + +- name: Install required packages + community.general.pacman: + name: + - git + - make + - moreutils + - lowdown + - rsync + state: present + +- name: Fetch site source + git: + dest: "/home/{{ website_username }}/website" + repo: "{{ site_repo }}" + register: site_source + become_user: "{{ website_username }}" + +- name: Make site directory in web root + file: + group: caddy + owner: "{{ website_username }}" + path: "{{ website_path }}" + state: directory + register: site_folder + +- name: Deploy source to web root + make: + chdir: "/home/{{ website_username }}/website" + target: deploy + params: + OUTPUT: "{{ website_path }}" + when: site_source.changed or site_folder.changed + become_user: "{{ website_username }}" + +- name: Send deployment script + template: + src: deploy.sh.j2 + dest: "/home/{{ website_username }}/deploy.sh" + mode: 0700 + owner: "{{ website_username }}" + +- name: Tell cron to mail to root + cron: + user: "{{ website_username }}" + name: MAILTO + env: yes + job: root + +- name: Cronjob to deploy source + cron: + user: "{{ website_username }}" + name: "Update and deploy website source" + minute: 0 + hour: "*/1" + job: "chronic /home/{{ website_username }}/deploy.sh" diff --git a/roles/website/templates/deploy.sh.j2 b/roles/website/templates/deploy.sh.j2 new file mode 100644 index 0000000..06ef608 --- /dev/null +++ b/roles/website/templates/deploy.sh.j2 @@ -0,0 +1,7 @@ +#!/bin/sh +# website deployment script + +set -e + +git -C /home/{{ web_username }}/website pull +make -C /home/{{ web_username }}/website build diff --git a/run.yml b/run.yml index d498737..6e9b6e4 100644 --- a/run.yml +++ b/run.yml @@ -67,3 +67,8 @@ dotfile_users: - "{{ ansible_user }}" - "{{ username }}" + + - role: services/website + tags: + - website + when: website in services