Add nginx config for debian repo

2020-11-11 13:28:41 +01:00 · 2020-11-11 13:28:41 +01:00 · 93564a63cc
parent 28fc6f3e00
commit 93564a63cc
11 changed files with 79 additions and 29 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,4 @@ secret*
 deploy.sh
 setup.sh
 ssh.sh
+ansible/test.yml
--- a/ansible/debianrep.yml
+++ b/ansible/debianrep.yml
@ -2,6 +2,9 @@
 - name: ensure debian rep directory
  action: file dest="{{debian_rep_dir}}" state=directory

+- name: ensure debian rep conf directory
+  action: file dest="{{debian_rep_dir}}/conf" state=directory
+
 - name: create debian distributions file
  template:
    src: debian/distributions
@ -13,12 +16,13 @@
 - name: create debian override file
  action: template src=debian/override.buster dest="{{debian_rep_dir}}/conf/override.buster"

- name: export public gpg key to be served by web server
-  command: gpg --armor --output {{web_dir}}/peach_pub.gpg --export {{gpg_key_id}}
-  args:
-    creates: "{{web_dir}}/peach_pub.gpg"
-
 # couldn't easily figure out how to automate gpg key creation, so this step can be manual
+# gpg --gen-key
+
+- name: export public gpg key to be served by web server
+  command: gpg --armor --output {{web_dir}}/repos/apt/peach_pub.gpg --export {{gpg_key_id}}
+  args:
+    creates: "{{web_dir}}/repos/apt/peach_pub.gpg"

 - name: install reprepro
  apt: pkg=reprepro
@ -29,3 +33,8 @@
 - name: install aarch644 gcc
  apt: pkg=gcc-aarch64-linux-gnu

+- name: create debian repo nginx site config
+  action: template src=templates/debian/nginx_debian.conf dest=/etc/nginx/sites-enabled/debianrep.conf
+  notify:
+    - restart nginx
+
--- a/ansible/deploy.yml
+++ b/ansible/deploy.yml
@ -5,32 +5,33 @@
      tags:
        - always

-    - name: deploy code from github
+    - name: deploy microservices code from github
      git: repo={{item.repo_url}} dest={{item.destination}} remote={{item.remote}} version={{item.branch}} accept_hostkey=yes
      loop:
-        - { repo_url: 'https://github.com/peachcloud/peach-vps.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-vps' }
        - { repo_url: 'https://github.com/peachcloud/peach-web.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-web' }
        - { repo_url: 'https://github.com/peachcloud/peach-oled.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-oled' }
        - { repo_url: 'https://github.com/peachcloud/peach-stats.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-stats' }

-    - name: create nginx site configs
-      action: template src={{item.template}} dest=/etc/nginx/sites-enabled/{{item.name}}
-      loop:
-        - { template: 'templates/nginx/nginx_devdocs.conf', name: 'devdocs.conf' }
-      notify:
-        - restart nginx
-
-    - name: restart server and webapp
-      command: /bin/true
-      notify:
-        - restart nginx
-
    - name: tasks for creating debian repository
      include_tasks: debianrep.yml

    - name: tasks for devdocs
      include_tasks: devdocs.yml

+    - name: ensure automation folder
+      action: file dest=/srv/automation state=directory
+
+    - name: deploy code for automation
+      git: repo=https://github.com/peachcloud/peach-vps.git dest={{automation_dir}}/peach-vps remote=main version=main accept_hostkey=yes
+
+    - name: copy welcome file
+      template: src=welcome dest=/srv/welcome
+
+    - name: restart nginx
+      command: /bin/true
+      notify:
+        - restart nginx
+
  handlers:
    - name: restart nginx
      action: service name=nginx state=restarted
--- a/ansible/devdocs.yml
+++ b/ansible/devdocs.yml
@ -1,20 +1,20 @@
 ---
 - name: ensure devdocs_bare
-  action: file dest={{src_dir}}/devdocs_bare state=directory
+  action: file dest={{automation_dir}}/devdocs_bare state=directory

 - name: initialize devdocs_bare git repo
-  command: git init --bare {{src_dir}}/devdocs_bare
+  command: git init --bare {{automation_dir}}/devdocs_bare
  args:
    creates: '{{src_dir}}/devdocs_bare/.git'

 - name: ensure devdocs_build
-  action: file dest={{src_dir}}/devdocs_build state=directory
+  action: file dest={{automation_dir}}/devdocs_build state=directory

 - name: ensure git hooks directory
-  action: file dest={{src_dir}}/devdocs_bare/hooks state=directory
+  action: file dest={{automation_dir}}/devdocs_bare/hooks state=directory

 - name: copy devdocs githook
-  action: template src=devdocs/git-post-receive dest="{{src_dir}}/devdocs_bare/hooks/post-receive" mode='770'
+  action: template src=devdocs/git-post-receive dest="{{automation_dir}}/devdocs_bare/hooks/post-receive" mode='770'

 - name: ensure devdocs web directory
  action: file dest={{web_dir}}/docs:peachcloud:org/html state=directory
@ -24,3 +24,8 @@
  args:
    creates: /root/.cargo/bin/mdbook

+- name: create devdocs nginx site config
+  action: template src=templates/devdocs/nginx_devdocs.conf dest=/etc/nginx/sites-enabled/devdocs.conf
+  notify:
+    - restart nginx
+
--- a/ansible/hosts
+++ b/ansible/hosts
@ -1,2 +1,2 @@
 [vps]
-159.89.5.141 ansible_ssh_user=root ansible_ssh_private_key_file=ansible/secret_files/do_rsa
+46.101.107.168 ansible_ssh_user=root ansible_ssh_private_key_file=/Users/maxfowler/.ssh/peach_rsa
--- a/ansible/templates/automation/README
+++ b/ansible/templates/automation/README
@ -0,0 +1,7 @@
+Automation-related directories are stored in this directory.
+
+For example, bare Git Hooks directories and staging directories for automating the build and deployment of peach-devdocs to docs.peachcloud.org.
+
+See https://github.com/peachcloud/peach-devdocs/blob/master/GITHOOK_DEPLOYMENT.md for more info.
+
+In the future, this directory may also be home to automation for release builds and deb file builds.
--- a/ansible/templates/debian/nginx_debian.conf
+++ b/ansible/templates/debian/nginx_debian.conf
@ -0,0 +1,21 @@
+server {
+  listen 80;
+  server_name 46.101.107.168;
+
+  access_log /srv/log/nginx-debian.log;
+  error_log /srv/log/nginx-debian.error;
+
+  location / {
+    root {{web_dir}}/repos/apt;
+    index index.html;
+    autoindex on;
+  }
+
+  location ~ /(.*)/conf {
+    deny all;
+  }
+
+  location ~ /(.*)/db {
+    deny all;
+  }
+}
--- a/ansible/templates/devdocs/git-post-receive
+++ b/ansible/templates/devdocs/git-post-receive
@ -4,9 +4,9 @@ do
    if [[ $ref =~ .*/master$ ]];
    then
        echo "Master ref received.  Deploying master branch to build directory..."
-        git --work-tree={{src_dir}}/devdocs_build --git-dir={{src_dir}}/devdocs_bare checkout -f
+        git --work-tree={{automation_dir}}/devdocs_build --git-dir={{automation_dir}}/devdocs_bare checkout -f
        echo "Building docs and deploying to production..."
-        /root/.cargo/bin/mdbook build {{src_dir}}/devdocs_build --dest-dir {{web_dir}}/docs:peachcloud:org/html
+        /root/.cargo/bin/mdbook build {{automation_dir}}/devdocs_build --dest-dir {{web_dir}}/docs:peachcloud:org/html
    else
        echo "Ref $ref successfully received.  Doing nothing: only the master branch may be deployed on this server."
    fi
--- a/ansible/templates/devdocs/nginx_devdocs.conf
+++ b/ansible/templates/devdocs/nginx_devdocs.conf
@ -1,6 +1,6 @@
 server {
    listen 80;
-    server_name 159.89.5.141;
+    server_name reddeadnettle.network;

    location / {
        root {{web_dir}}/docs:peachcloud:org/html;
--- a/ansible/templates/welcome
+++ b/ansible/templates/welcome
@ -0,0 +1,5 @@
+Welcome to the PeachCloud VPS.
+
+Users with membership to the `peach` group can write to this directory (`/srv/peachcloud`).
+
+All PeachCloud-related assets are to be stored in this directory.
--- a/ansible/vars.yaml
+++ b/ansible/vars.yaml
@ -1,9 +1,10 @@
 app_name: peach-vps
 log_dir: /srv/log
 src_dir: /srv/src
+automation_dir: /srv/automation
 web_dir: /srv/www
 debian_rep_dir: /srv/www/repos/apt/debian
-gpg_key_id: E62CD13A85763FCEC3EDBA8EA98440817F1A3CE5
+gpg_key_id: 74A8D514053AE40F15C407E5D5233F944CCA2DF5
 services:
  - peach-oled
  - peach-stats