From 76a15b46819041ec7b7efd2d7dc93a8d44e711e8 Mon Sep 17 00:00:00 2001 From: Max Fowler Date: Tue, 3 Nov 2020 17:26:52 +0100 Subject: [PATCH 1/8] Simple ansible template --- README.md | 5 +- ansible/deploy.yml | 64 ++++++++++++++++++++++ ansible/setup.yml | 85 +++++++++++++++++++++++++++++ ansible/templates/hello_webapp.conf | 10 ++++ ansible/templates/nginx.conf | 31 +++++++++++ ansible/templates/nginx_site.conf | 10 ++++ ansible/vars.yaml | 12 ++++ deploy.sh | 2 + setup.sh | 2 + 9 files changed, 220 insertions(+), 1 deletion(-) create mode 100644 ansible/deploy.yml create mode 100644 ansible/setup.yml create mode 100644 ansible/templates/hello_webapp.conf create mode 100644 ansible/templates/nginx.conf create mode 100644 ansible/templates/nginx_site.conf create mode 100644 ansible/vars.yaml create mode 100644 deploy.sh create mode 100644 setup.sh diff --git a/README.md b/README.md index 7828353..ab18446 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ -# peach-vps # simple-ansible-template + + +# generate deploy key +`ssh-keygen -t rsa -b 4096 -C "email@email.com"` diff --git a/ansible/deploy.yml b/ansible/deploy.yml new file mode 100644 index 0000000..ec9d90b --- /dev/null +++ b/ansible/deploy.yml @@ -0,0 +1,64 @@ +--- + +- hosts: webservers + user: ubuntu + sudo: True + + tasks: + - include_vars: vars.yaml + + - name: ensure log directory + action: file dest={{log_dir}} state=directory + + - name: deploy code from repository + git: repo={{repo_url}} dest={{src_dir}} remote={{repo_remote}} version={{repo_branch}} accept_hostkey=yes + notify: + - restart nginx + - restart webapp + + - name: install python requirements + action: pip requirements={{src_dir}}/requirements.txt state=present + + - name: copy hellow_webapp.ini + action: template src=templates/hello_webapp.ini dest={{src_dir}}/hello_webapp.ini + + - name: create nginx site config + action: template src=templates/nginx_site.conf dest=/etc/nginx/sites-available/{{app_name}}.conf + notify: + - restart nginx + + - name: link nginx config + action: file src=/etc/nginx/sites-available/{{app_name}}.conf dest=/etc/nginx/sites-enabled/{{app_name}}.conf state=link + + - name: create upstart script for webapp + action: template src=templates/hello_webapp.conf dest=/etc/init/hello_webapp.conf + + - name: ensure secrets directory + action: file dest={{src_dir}}/devops/secret_files state=directory + + - name: Copy secret.json file + copy: src=secret_files/secret.json dest={{src_dir}}/devops/secret_files/secret.json + + - name: make src_dir writeable by webgroup + action: file path={{src_dir}} mode=u=rwX,g=rwX,o=X recurse=yes group=webgroup + + - name: make log_dir writeable by webgroup + action: file path={{log_dir}} mode=u=rwX,g=rwX,o=X recurse=yes group=webgroup + +# - name: crontab to check alerts +# cron: name="check alerts" minute="*" job="curl {{prod_url}}/get_all_tix/" + + - name: restart server and webapp + command: /bin/true + notify: + - restart nginx + - restart webapp + + + handlers: + + - name: restart nginx + action: service name=nginx state=restarted + + - name: restart webapp + action: service name={{app_name}} state=restarted diff --git a/ansible/setup.yml b/ansible/setup.yml new file mode 100644 index 0000000..dc1211d --- /dev/null +++ b/ansible/setup.yml @@ -0,0 +1,85 @@ +--- + +- hosts: webservers + user: ubuntu + sudo: True + + tasks: + - include_vars: vars.yaml + + - name: add nginx ppa + action: apt_repository repo=ppa:nginx/stable state=present + + - name: install common packages needed for python application development + action: apt pkg=$item state=installed + with_items: + - libpq-dev + - libmysqlclient-dev + - libxml2-dev + - libjpeg62 + - libjpeg62-dev + - libfreetype6 + - libfreetype6-dev + - zlib1g-dev + - mysql-client + - python-dev + - python-setuptools + - python-imaging + - python-mysqldb + - python-psycopg2 + - git-core + - nginx + + - name: install pip + action: easy_install name=pip + + - name: install virtualenv and uwsgi + action: pip name={{item.name}} version={{item.version}} + with_items: + - { name: 'virtualenv', version: '14.0.6' } + - { name: 'uwsgi', version: '2.0.12' } + + - name: symlink imaging library files + action: file src=/usr/lib/x86_64-linux-gnu/libfreetype.so dest=/usr/lib/libfreetype.so state=link + + - name: symlink imaging library files + action: file src=/usr/lib/x86_64-linux-gnu/libz.so dest=/usr/lib/libz.so state=link + + - name: symlink imaging library files + action: file src=/usr/lib/x86_64-linux-gnu/libjpeg.so.62 dest=/usr/lib/x86_64-linux-gnu/libjpeg.so state=link + + - name: symlink imaging library files + action: file src=/usr/lib/x86_64-linux-gnu/libjpeg.so dest=/usr/lib/libjpeg.so state=link + + - name: remove default nginx site + action: file path=/etc/nginx/sites-enabled/default state=absent + + - name: write nginx.conf + action: template src=templates/nginx.conf dest=/etc/nginx/nginx.conf + + - name: create webgroup if it doesn't exist + group: name=webgroup state=present + tags: + - debug + + - name: ensure wsgi-user belongs to webgroup + user: name=wsgi-user groups=webgroup append=yes + tags: + - debug + + - name: ensure wsgi-user belongs to webgroup + user: name=www-data groups=webgroup append=yes + tags: + - debug + + - name: ensure ubuntu belongs to webgroup + user: name=ubuntu groups=webgroup append=yes + tags: + - debug + + - name: copy over ssh keys for deploy purposes + action: copy src={{item.from}} dest={{item.to}} mode={{item.mode}} + with_items: + - { from: 'secret_files/deploy_rsa.pub', to: '/root/.ssh/id_rsa.pub', mode: '0644' } + - { from: 'secret_files/deploy_rsa', to: '/root/.ssh/id_rsa', mode: '0600' } + diff --git a/ansible/templates/hello_webapp.conf b/ansible/templates/hello_webapp.conf new file mode 100644 index 0000000..eddac09 --- /dev/null +++ b/ansible/templates/hello_webapp.conf @@ -0,0 +1,10 @@ +description "uWSGI server instance configured to serve hello_webapp" + +start on runlevel [2345] +stop on runlevel [!2345] + +setuid wsgi-user +setgid webgroup + +chdir {{src_dir}} +exec uwsgi --ini hello_webapp.ini \ No newline at end of file diff --git a/ansible/templates/nginx.conf b/ansible/templates/nginx.conf new file mode 100644 index 0000000..1bb9b60 --- /dev/null +++ b/ansible/templates/nginx.conf @@ -0,0 +1,31 @@ +user www-data webgroup; +worker_processes 1; +worker_rlimit_nofile 8192; + +events { + worker_connections 3000; +} + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} \ No newline at end of file diff --git a/ansible/templates/nginx_site.conf b/ansible/templates/nginx_site.conf new file mode 100644 index 0000000..9420f5c --- /dev/null +++ b/ansible/templates/nginx_site.conf @@ -0,0 +1,10 @@ +server { + listen 80; + server_name ec2-52-90-110-188.compute-1.amazonaws.com; + + location / { + include uwsgi_params; + uwsgi_pass unix:{{src_dir}}/{{app_name}}.sock; + } + +} \ No newline at end of file diff --git a/ansible/vars.yaml b/ansible/vars.yaml new file mode 100644 index 0000000..ad70040 --- /dev/null +++ b/ansible/vars.yaml @@ -0,0 +1,12 @@ +app_name: hello_webapp +repo_url: git@github.com:mhfowler/alembic_flask_ansible_ec2_template.git +repo_remote: origin +repo_branch: master +src_dir: /srv/hello_webapp +log_dir: /srv/log +aws_key_name: maxhfowler_dec8 +aws_security_group: citigroup_apps +aws_instance_name: aws_default +aws_key_location: /Users/maxfowler/Desktop/cs/ec2/dec8/maxhfowler_dec8.pem +aws_subnet: subnet-1b647733 +prod_url: http://52.91.169.141/ \ No newline at end of file diff --git a/deploy.sh b/deploy.sh new file mode 100644 index 0000000..eca6bc2 --- /dev/null +++ b/deploy.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +ansible-playbook -i ansible/hosts ansible/deploy.yml \ No newline at end of file diff --git a/setup.sh b/setup.sh new file mode 100644 index 0000000..fb484bc --- /dev/null +++ b/setup.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +ansible-playbook -i ansible/hosts ansible/setup.yml -- 2.49.0 From c4f2fdc2a429213f6e65119a4b7e47d3f7545346 Mon Sep 17 00:00:00 2001 From: Max Fowler Date: Tue, 3 Nov 2020 18:24:52 +0100 Subject: [PATCH 2/8] Basics of ansible --- .gitignore | 2 + README.md | 1 + ansible/deploy.yml | 61 ++++------------ ansible/hosts | 2 + ansible/setup.yml | 108 +++++++++-------------------- ansible/templates/index.html | 1 + ansible/templates/nginx.conf | 2 +- ansible/templates/nginx_peach.conf | 10 +++ ansible/templates/nginx_site.conf | 10 --- ansible/vars.yaml | 13 +--- deploy.sh | 0 setup.sh | 0 ssh.sh | 1 + 13 files changed, 67 insertions(+), 144 deletions(-) create mode 100644 .gitignore create mode 100644 ansible/hosts create mode 100644 ansible/templates/index.html create mode 100644 ansible/templates/nginx_peach.conf delete mode 100644 ansible/templates/nginx_site.conf mode change 100644 => 100755 deploy.sh mode change 100644 => 100755 setup.sh create mode 100755 ssh.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4e2b0f1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +secret_files* +secret* \ No newline at end of file diff --git a/README.md b/README.md index ab18446..78466cc 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # simple-ansible-template +tested with ansible-playbook 2.9.3 # generate deploy key `ssh-keygen -t rsa -b 4096 -C "email@email.com"` diff --git a/ansible/deploy.yml b/ansible/deploy.yml index ec9d90b..668db64 100644 --- a/ansible/deploy.yml +++ b/ansible/deploy.yml @@ -1,64 +1,31 @@ ---- - -- hosts: webservers - user: ubuntu - sudo: True - +- hosts: vps + user: root tasks: - include_vars: vars.yaml - - name: ensure log directory - action: file dest={{log_dir}} state=directory + - name: deploy code from github + git: repo={{item.repo_url}} dest={{item.destination}} remote={{item.remote}} version={{item.branch}} accept_hostkey=yes + loop: + - { repo_url: 'https://github.com/peachcloud/peach-vps.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-vps' } - - name: deploy code from repository - git: repo={{repo_url}} dest={{src_dir}} remote={{repo_remote}} version={{repo_branch}} accept_hostkey=yes - notify: - - restart nginx - - restart webapp - - - name: install python requirements - action: pip requirements={{src_dir}}/requirements.txt state=present - - - name: copy hellow_webapp.ini - action: template src=templates/hello_webapp.ini dest={{src_dir}}/hello_webapp.ini - - - name: create nginx site config - action: template src=templates/nginx_site.conf dest=/etc/nginx/sites-available/{{app_name}}.conf + - name: create nginx site configs + action: template src={{item.template}} dest=/etc/nginx/sites-enabled/{{item.name}} + loop: + - { template: 'templates/nginx_peach.conf', name: 'peach.conf' } notify: - restart nginx - - name: link nginx config - action: file src=/etc/nginx/sites-available/{{app_name}}.conf dest=/etc/nginx/sites-enabled/{{app_name}}.conf state=link - - - name: create upstart script for webapp - action: template src=templates/hello_webapp.conf dest=/etc/init/hello_webapp.conf - - - name: ensure secrets directory - action: file dest={{src_dir}}/devops/secret_files state=directory - - - name: Copy secret.json file - copy: src=secret_files/secret.json dest={{src_dir}}/devops/secret_files/secret.json - - - name: make src_dir writeable by webgroup - action: file path={{src_dir}} mode=u=rwX,g=rwX,o=X recurse=yes group=webgroup - - - name: make log_dir writeable by webgroup - action: file path={{log_dir}} mode=u=rwX,g=rwX,o=X recurse=yes group=webgroup - -# - name: crontab to check alerts -# cron: name="check alerts" minute="*" job="curl {{prod_url}}/get_all_tix/" + - name: copy index.html + action: template src=index.html dest=/srv/www/index.html + notify: + - restart nginx - name: restart server and webapp command: /bin/true notify: - restart nginx - - restart webapp - handlers: - - name: restart nginx action: service name=nginx state=restarted - - name: restart webapp - action: service name={{app_name}} state=restarted diff --git a/ansible/hosts b/ansible/hosts new file mode 100644 index 0000000..7adf73f --- /dev/null +++ b/ansible/hosts @@ -0,0 +1,2 @@ +[vps] +159.89.5.141 ansible_ssh_user=root ansible_ssh_private_key_file=ansible/secret_files/do_rsa \ No newline at end of file diff --git a/ansible/setup.yml b/ansible/setup.yml index dc1211d..3d9eb85 100644 --- a/ansible/setup.yml +++ b/ansible/setup.yml @@ -1,85 +1,43 @@ ---- - -- hosts: webservers - user: ubuntu - sudo: True - +- hosts: vps + user: root tasks: - include_vars: vars.yaml - - name: add nginx ppa - action: apt_repository repo=ppa:nginx/stable state=present + - name: Setup users and groups + block: + - name: Ensure groups exist + group: + name: peach + state: present - - name: install common packages needed for python application development - action: apt pkg=$item state=installed - with_items: - - libpq-dev - - libmysqlclient-dev - - libxml2-dev - - libjpeg62 - - libjpeg62-dev - - libfreetype6 - - libfreetype6-dev - - zlib1g-dev - - mysql-client - - python-dev - - python-setuptools - - python-imaging - - python-mysqldb - - python-psycopg2 - - git-core - - nginx - - - name: install pip - action: easy_install name=pip - - - name: install virtualenv and uwsgi - action: pip name={{item.name}} version={{item.version}} - with_items: - - { name: 'virtualenv', version: '14.0.6' } - - { name: 'uwsgi', version: '2.0.12' } - - - name: symlink imaging library files - action: file src=/usr/lib/x86_64-linux-gnu/libfreetype.so dest=/usr/lib/libfreetype.so state=link - - - name: symlink imaging library files - action: file src=/usr/lib/x86_64-linux-gnu/libz.so dest=/usr/lib/libz.so state=link - - - name: symlink imaging library files - action: file src=/usr/lib/x86_64-linux-gnu/libjpeg.so.62 dest=/usr/lib/x86_64-linux-gnu/libjpeg.so state=link - - - name: symlink imaging library files - action: file src=/usr/lib/x86_64-linux-gnu/libjpeg.so dest=/usr/lib/libjpeg.so state=link - - - name: remove default nginx site - action: file path=/etc/nginx/sites-enabled/default state=absent - - - name: write nginx.conf - action: template src=templates/nginx.conf dest=/etc/nginx/nginx.conf - - - name: create webgroup if it doesn't exist - group: name=webgroup state=present - tags: - - debug - - - name: ensure wsgi-user belongs to webgroup - user: name=wsgi-user groups=webgroup append=yes - tags: - - debug - - - name: ensure wsgi-user belongs to webgroup - user: name=www-data groups=webgroup append=yes - tags: - - debug - - - name: ensure ubuntu belongs to webgroup - user: name=ubuntu groups=webgroup append=yes - tags: - - debug + - name: Ensure users exist + ansible.builtin.user: + name: "{{ item }}" + state: present + groups: "peach" + loop: + - notplants + - glyph - name: copy over ssh keys for deploy purposes action: copy src={{item.from}} dest={{item.to}} mode={{item.mode}} - with_items: + loop: - { from: 'secret_files/deploy_rsa.pub', to: '/root/.ssh/id_rsa.pub', mode: '0644' } - { from: 'secret_files/deploy_rsa', to: '/root/.ssh/id_rsa', mode: '0600' } + - name: ensure log directory + action: file dest={{log_dir}} state=directory + + - name: ensure src directory + action: file dest={{src_dir}} state=directory + + - name: ensure www directory + action: file dest=/srv/www state=directory + + - name: install packages + apt: + pkg: + - git + - nginx + + diff --git a/ansible/templates/index.html b/ansible/templates/index.html new file mode 100644 index 0000000..966598a --- /dev/null +++ b/ansible/templates/index.html @@ -0,0 +1 @@ +hello cat landing page \ No newline at end of file diff --git a/ansible/templates/nginx.conf b/ansible/templates/nginx.conf index 1bb9b60..71b1ec6 100644 --- a/ansible/templates/nginx.conf +++ b/ansible/templates/nginx.conf @@ -1,4 +1,4 @@ -user www-data webgroup; +user www-data peach; worker_processes 1; worker_rlimit_nofile 8192; diff --git a/ansible/templates/nginx_peach.conf b/ansible/templates/nginx_peach.conf new file mode 100644 index 0000000..0eb37a3 --- /dev/null +++ b/ansible/templates/nginx_peach.conf @@ -0,0 +1,10 @@ +server { + listen 80; + server_name 159.89.5.141; + + location / { + root /srv/www/; + index index.html; + try_files $uri $uri/ /index.html; + } +} \ No newline at end of file diff --git a/ansible/templates/nginx_site.conf b/ansible/templates/nginx_site.conf deleted file mode 100644 index 9420f5c..0000000 --- a/ansible/templates/nginx_site.conf +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - server_name ec2-52-90-110-188.compute-1.amazonaws.com; - - location / { - include uwsgi_params; - uwsgi_pass unix:{{src_dir}}/{{app_name}}.sock; - } - -} \ No newline at end of file diff --git a/ansible/vars.yaml b/ansible/vars.yaml index ad70040..a52af74 100644 --- a/ansible/vars.yaml +++ b/ansible/vars.yaml @@ -1,12 +1,3 @@ -app_name: hello_webapp -repo_url: git@github.com:mhfowler/alembic_flask_ansible_ec2_template.git -repo_remote: origin -repo_branch: master -src_dir: /srv/hello_webapp +app_name: peach-vps log_dir: /srv/log -aws_key_name: maxhfowler_dec8 -aws_security_group: citigroup_apps -aws_instance_name: aws_default -aws_key_location: /Users/maxfowler/Desktop/cs/ec2/dec8/maxhfowler_dec8.pem -aws_subnet: subnet-1b647733 -prod_url: http://52.91.169.141/ \ No newline at end of file +src_dir: /srv/src diff --git a/deploy.sh b/deploy.sh old mode 100644 new mode 100755 diff --git a/setup.sh b/setup.sh old mode 100644 new mode 100755 diff --git a/ssh.sh b/ssh.sh new file mode 100755 index 0000000..33b6806 --- /dev/null +++ b/ssh.sh @@ -0,0 +1 @@ +ssh -i ansible/secret_files/do_rsa root@159.89.5.141 \ No newline at end of file -- 2.49.0 From 896076600c8647cf9f383e39abe22f1f3278ba28 Mon Sep 17 00:00:00 2001 From: Max Fowler Date: Sat, 7 Nov 2020 19:18:33 +0100 Subject: [PATCH 3/8] Basic working debian repository with reprepro --- ansible/debian_rep.yml | 24 ++++++++++++++++++++++++ ansible/deploy.yml | 16 +++++++++++++++- ansible/setup.yml | 14 ++++++++------ ansible/templates/debian/distributions | 8 ++++++++ ansible/templates/debian/options | 3 +++ ansible/templates/debian/override.buster | 4 ++++ ansible/vars.yaml | 7 +++++++ deploy.sh | 2 +- setup.sh | 1 + 9 files changed, 71 insertions(+), 8 deletions(-) create mode 100644 ansible/debian_rep.yml create mode 100644 ansible/templates/debian/distributions create mode 100644 ansible/templates/debian/options create mode 100644 ansible/templates/debian/override.buster diff --git a/ansible/debian_rep.yml b/ansible/debian_rep.yml new file mode 100644 index 0000000..b3efcae --- /dev/null +++ b/ansible/debian_rep.yml @@ -0,0 +1,24 @@ +--- +- name: ensure debian rep directory + action: file dest="{{debian_rep_dir}}" state=directory + +- name: create debian distributions file + template: + src: debian/distributions + dest: "{{debian_rep_dir}}/conf/distributions" + +- name: create debian options file + action: template src=debian/options dest="{{debian_rep_dir}}/conf/options" + +- name: create debian override file + action: template src=debian/override.buster dest="{{debian_rep_dir}}/conf/override.buster" + +- name: export public gpg key to be served by web server + command: gpg --armor --output {{web_dir}}/peach_pub.gpg --export {{gpg_key_id}} + args: + creates: "{{web_dir}}/peach_pub.gpg" + +# couldn't easily figure out how to automate gpg key creation, so this step can be manual + +- name: install reprepro + apt: pkg=reprepro diff --git a/ansible/deploy.yml b/ansible/deploy.yml index 668db64..71b7c31 100644 --- a/ansible/deploy.yml +++ b/ansible/deploy.yml @@ -2,11 +2,16 @@ user: root tasks: - include_vars: vars.yaml + tags: + - always - name: deploy code from github git: repo={{item.repo_url}} dest={{item.destination}} remote={{item.remote}} version={{item.branch}} accept_hostkey=yes loop: - { repo_url: 'https://github.com/peachcloud/peach-vps.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-vps' } + - { repo_url: 'https://github.com/peachcloud/peach-web.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-web' } + - { repo_url: 'https://github.com/peachcloud/peach-oled.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-oled' } + - { repo_url: 'https://github.com/peachcloud/peach-stats.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-stats' } - name: create nginx site configs action: template src={{item.template}} dest=/etc/nginx/sites-enabled/{{item.name}} @@ -16,7 +21,7 @@ - restart nginx - name: copy index.html - action: template src=index.html dest=/srv/www/index.html + action: template src=index.html dest="{{web_dir}}/index.html" notify: - restart nginx @@ -25,6 +30,15 @@ notify: - restart nginx + - name: tasks for creating debian repository + include_tasks: debian_rep.yml + args: + apply: + tags: + - debian + tags: + - debian + handlers: - name: restart nginx action: service name=nginx state=restarted diff --git a/ansible/setup.yml b/ansible/setup.yml index 3d9eb85..20f1e7e 100644 --- a/ansible/setup.yml +++ b/ansible/setup.yml @@ -19,12 +19,6 @@ - notplants - glyph - - name: copy over ssh keys for deploy purposes - action: copy src={{item.from}} dest={{item.to}} mode={{item.mode}} - loop: - - { from: 'secret_files/deploy_rsa.pub', to: '/root/.ssh/id_rsa.pub', mode: '0644' } - - { from: 'secret_files/deploy_rsa', to: '/root/.ssh/id_rsa', mode: '0600' } - - name: ensure log directory action: file dest={{log_dir}} state=directory @@ -39,5 +33,13 @@ pkg: - git - nginx + - curl + - build-essential + + - name: install rust by rustup + shell: curl https://sh.rustup.rs -sSf | sh -s -- -y + + - name: install cargo deb + shell: /root/.cargo/bin/cargo install cargo-deb diff --git a/ansible/templates/debian/distributions b/ansible/templates/debian/distributions new file mode 100644 index 0000000..f6fed0f --- /dev/null +++ b/ansible/templates/debian/distributions @@ -0,0 +1,8 @@ +Origin: PeachCloud +Label: PeachCloud +Codename: buster +Architectures: amd64 +Components: main +Description: Apt repository for PeachCloud debian packages +SignWith: {{gpg_key_id}} +DebOverride: override.buster diff --git a/ansible/templates/debian/options b/ansible/templates/debian/options new file mode 100644 index 0000000..5dd7345 --- /dev/null +++ b/ansible/templates/debian/options @@ -0,0 +1,3 @@ +verbose +basedir {{debian_rep_dir}} +ask-passphrase diff --git a/ansible/templates/debian/override.buster b/ansible/templates/debian/override.buster new file mode 100644 index 0000000..ec9fb2d --- /dev/null +++ b/ansible/templates/debian/override.buster @@ -0,0 +1,4 @@ +{% for service in services %} +{{service}} Priority optional +{{service}} Section net +{% endfor %} \ No newline at end of file diff --git a/ansible/vars.yaml b/ansible/vars.yaml index a52af74..6f2a21d 100644 --- a/ansible/vars.yaml +++ b/ansible/vars.yaml @@ -1,3 +1,10 @@ app_name: peach-vps log_dir: /srv/log src_dir: /srv/src +web_dir: /srv/www +debian_rep_dir: /srv/www/repos/apt/debian +gpg_key_id: E62CD13A85763FCEC3EDBA8EA98440817F1A3CE5 +services: + - peach-oled + - peach-stats + - peach-web \ No newline at end of file diff --git a/deploy.sh b/deploy.sh index eca6bc2..749a7bd 100755 --- a/deploy.sh +++ b/deploy.sh @@ -1,2 +1,2 @@ #!/usr/bin/env bash -ansible-playbook -i ansible/hosts ansible/deploy.yml \ No newline at end of file +ansible-playbook -i ansible/hosts ansible/deploy.yml --tags debian diff --git a/setup.sh b/setup.sh index fb484bc..4183dfa 100755 --- a/setup.sh +++ b/setup.sh @@ -1,2 +1,3 @@ #!/usr/bin/env bash ansible-playbook -i ansible/hosts ansible/setup.yml +ansible-playbook -i ansible/hosts ansible/deploy.yml -- 2.49.0 From 6762ef2582b3f53c535ef2bb43e8696c399fe0e1 Mon Sep 17 00:00:00 2001 From: Max Fowler Date: Mon, 9 Nov 2020 21:08:07 +0100 Subject: [PATCH 4/8] Working devdocs build with githooks --- .gitignore | 5 ++- README.md | 36 ++++++++++++++++--- ansible/{debian_rep.yml => debianrep.yml} | 7 ++++ ansible/deploy.yml | 18 ++++++---- ansible/devdocs.yml | 26 ++++++++++++++ ansible/setup.yml | 7 ++++ ansible/templates/devdocs/git-post-receive | 13 +++++++ ansible/templates/hello_webapp.conf | 10 ------ ansible/templates/index.html | 1 - ansible/templates/{ => nginx}/nginx.conf | 2 +- .../nginx_devdocs.conf} | 2 +- deploy.sh | 2 -- setup.sh | 3 -- ssh.sh | 1 - 14 files changed, 102 insertions(+), 31 deletions(-) rename ansible/{debian_rep.yml => debianrep.yml} (80%) create mode 100644 ansible/devdocs.yml create mode 100644 ansible/templates/devdocs/git-post-receive delete mode 100644 ansible/templates/hello_webapp.conf delete mode 100644 ansible/templates/index.html rename ansible/templates/{ => nginx}/nginx.conf (97%) rename ansible/templates/{nginx_peach.conf => nginx/nginx_devdocs.conf} (74%) delete mode 100755 deploy.sh delete mode 100755 setup.sh delete mode 100755 ssh.sh diff --git a/.gitignore b/.gitignore index 4e2b0f1..8adf888 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ secret_files* -secret* \ No newline at end of file +secret* +deploy.sh +setup.sh +ssh.sh diff --git a/README.md b/README.md index 78466cc..73a6997 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,34 @@ -# simple-ansible-template +# peach-vps config -tested with ansible-playbook 2.9.3 +Code for configuring the peachcloud vps for various hosting and automation +- debian repository of microservices +- mdbook builder for devdocs -# generate deploy key -`ssh-keygen -t rsa -b 4096 -C "email@email.com"` +using ansible 2.9.3 + +[instructions to install ansible locally](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) + +# setup +`ansible-playbook -i ansible/hosts ansible/setup.yml` + +gpg key creation is still not automated, +so after creating the server generate a gpg key on the server, +put the gpg_key_id into vars.yaml and then run setup + + +# deploy +`ansible-playbook -i ansible/hosts ansible/deploy.yml` + + +# building releases (to be automated later) + +## building for arm64 +`cd /srv/src/peach-oled +cargo-deb +cd /srv/www/repos/apt/debian +reprepro includedeb buster /srv/src/peach-oled/target/debian/peach-oled_0.1.0_amd64.deb` + +## building for aarch64 +`cd /srv/src/peach-oled +cargo build --release --target=aarch64-unknown-linux-gnu +CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/aarch64-linux-gnu-gcc cargo-deb --release --target=aarch64-unknown-linux-gnu` \ No newline at end of file diff --git a/ansible/debian_rep.yml b/ansible/debianrep.yml similarity index 80% rename from ansible/debian_rep.yml rename to ansible/debianrep.yml index b3efcae..1f04c55 100644 --- a/ansible/debian_rep.yml +++ b/ansible/debianrep.yml @@ -22,3 +22,10 @@ - name: install reprepro apt: pkg=reprepro + +- name: install toolchain for cross-compilation + command: /root/.cargo/bin/rustup toolchain install nightly-aarch64-unknown-linux-gnu + +- name: install aarch644 gcc + apt: pkg=gcc-aarch64-linux-gnu + diff --git a/ansible/deploy.yml b/ansible/deploy.yml index 71b7c31..d8a1177 100644 --- a/ansible/deploy.yml +++ b/ansible/deploy.yml @@ -16,12 +16,7 @@ - name: create nginx site configs action: template src={{item.template}} dest=/etc/nginx/sites-enabled/{{item.name}} loop: - - { template: 'templates/nginx_peach.conf', name: 'peach.conf' } - notify: - - restart nginx - - - name: copy index.html - action: template src=index.html dest="{{web_dir}}/index.html" + - { template: 'templates/nginx/nginx_devdocs.conf', name: 'devdocs.conf' } notify: - restart nginx @@ -31,7 +26,7 @@ - restart nginx - name: tasks for creating debian repository - include_tasks: debian_rep.yml + include_tasks: debianrep.yml args: apply: tags: @@ -39,6 +34,15 @@ tags: - debian + - name: tasks for devdocs + include_tasks: + file: devdocs.yml + apply: + tags: + - devdocs + tags: + - devdocs + handlers: - name: restart nginx action: service name=nginx state=restarted diff --git a/ansible/devdocs.yml b/ansible/devdocs.yml new file mode 100644 index 0000000..fd25193 --- /dev/null +++ b/ansible/devdocs.yml @@ -0,0 +1,26 @@ +--- +- name: ensure devdocs_bare + action: file dest={{src_dir}}/devdocs_bare state=directory + +- name: initialize devdocs_bare git repo + command: git init --bare {{src_dir}}/devdocs_bare + args: + creates: '{{src_dir}}/devdocs_bare/.git' + +- name: ensure devdocs_build + action: file dest={{src_dir}}/devdocs_build state=directory + +- name: ensure git hooks directory + action: file dest={{src_dir}}/devdocs_bare/hooks state=directory + +- name: copy devdocs githook + action: template src=devdocs/git-post-receive dest="{{src_dir}}/devdocs_bare/hooks/post-receive" mode='770' + +- name: ensure devdocs web directory + action: file dest={{web_dir}}/docs:peachcloud:org/html state=directory + +- name: install mdbook + shell: /root/.cargo/bin/cargo install mdbook + args: + creates: /root/.cargo/bin/mdbook + diff --git a/ansible/setup.yml b/ansible/setup.yml index 20f1e7e..bece68a 100644 --- a/ansible/setup.yml +++ b/ansible/setup.yml @@ -38,8 +38,15 @@ - name: install rust by rustup shell: curl https://sh.rustup.rs -sSf | sh -s -- -y + args: + creates: /root/.cargo/bin/rustc - name: install cargo deb shell: /root/.cargo/bin/cargo install cargo-deb + args: + creates: /root/.cargo/bin/cargo-deb + + - name: copy main nginx config + action: template src=nginx/nginx.conf dest=/etc/nginx/nginx.conf diff --git a/ansible/templates/devdocs/git-post-receive b/ansible/templates/devdocs/git-post-receive new file mode 100644 index 0000000..36b37bd --- /dev/null +++ b/ansible/templates/devdocs/git-post-receive @@ -0,0 +1,13 @@ +#!/bin/bash +while read oldrev newrev ref +do + if [[ $ref =~ .*/master$ ]]; + then + echo "Master ref received. Deploying master branch to build directory..." + git --work-tree={{src_dir}}/devdocs_build --git-dir={{src_dir}}/devdocs_bare checkout -f + echo "Building docs and deploying to production..." + /root/.cargo/bin/mdbook build {{src_dir}}/devdocs_build --dest-dir {{web_dir}}/docs:peachcloud:org/html + else + echo "Ref $ref successfully received. Doing nothing: only the master branch may be deployed on this server." + fi +done \ No newline at end of file diff --git a/ansible/templates/hello_webapp.conf b/ansible/templates/hello_webapp.conf deleted file mode 100644 index eddac09..0000000 --- a/ansible/templates/hello_webapp.conf +++ /dev/null @@ -1,10 +0,0 @@ -description "uWSGI server instance configured to serve hello_webapp" - -start on runlevel [2345] -stop on runlevel [!2345] - -setuid wsgi-user -setgid webgroup - -chdir {{src_dir}} -exec uwsgi --ini hello_webapp.ini \ No newline at end of file diff --git a/ansible/templates/index.html b/ansible/templates/index.html deleted file mode 100644 index 966598a..0000000 --- a/ansible/templates/index.html +++ /dev/null @@ -1 +0,0 @@ -hello cat landing page \ No newline at end of file diff --git a/ansible/templates/nginx.conf b/ansible/templates/nginx/nginx.conf similarity index 97% rename from ansible/templates/nginx.conf rename to ansible/templates/nginx/nginx.conf index 71b1ec6..668b54c 100644 --- a/ansible/templates/nginx.conf +++ b/ansible/templates/nginx/nginx.conf @@ -1,4 +1,4 @@ -user www-data peach; +user www-data; worker_processes 1; worker_rlimit_nofile 8192; diff --git a/ansible/templates/nginx_peach.conf b/ansible/templates/nginx/nginx_devdocs.conf similarity index 74% rename from ansible/templates/nginx_peach.conf rename to ansible/templates/nginx/nginx_devdocs.conf index 0eb37a3..c97291c 100644 --- a/ansible/templates/nginx_peach.conf +++ b/ansible/templates/nginx/nginx_devdocs.conf @@ -3,7 +3,7 @@ server { server_name 159.89.5.141; location / { - root /srv/www/; + root {{web_dir}}/docs:peachcloud:org/html; index index.html; try_files $uri $uri/ /index.html; } diff --git a/deploy.sh b/deploy.sh deleted file mode 100755 index 749a7bd..0000000 --- a/deploy.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -ansible-playbook -i ansible/hosts ansible/deploy.yml --tags debian diff --git a/setup.sh b/setup.sh deleted file mode 100755 index 4183dfa..0000000 --- a/setup.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash -ansible-playbook -i ansible/hosts ansible/setup.yml -ansible-playbook -i ansible/hosts ansible/deploy.yml diff --git a/ssh.sh b/ssh.sh deleted file mode 100755 index 33b6806..0000000 --- a/ssh.sh +++ /dev/null @@ -1 +0,0 @@ -ssh -i ansible/secret_files/do_rsa root@159.89.5.141 \ No newline at end of file -- 2.49.0 From b406babf2dba3b6d3dd0355aa4240fccc3646fd7 Mon Sep 17 00:00:00 2001 From: Max Fowler Date: Mon, 9 Nov 2020 21:49:58 +0100 Subject: [PATCH 5/8] More clear Readme --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 73a6997..6bc43c0 100644 --- a/README.md +++ b/README.md @@ -9,12 +9,16 @@ using ansible 2.9.3 [instructions to install ansible locally](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) # setup -`ansible-playbook -i ansible/hosts ansible/setup.yml` + +`mkdir ansible/secret_files` +(and make sure you get the required secret_files which are hosted off git) gpg key creation is still not automated, so after creating the server generate a gpg key on the server, put the gpg_key_id into vars.yaml and then run setup +`ansible-playbook -i ansible/hosts ansible/setup.yml` + # deploy `ansible-playbook -i ansible/hosts ansible/deploy.yml` -- 2.49.0 From 63868fac6478d4ec0330be550f969675535aefee Mon Sep 17 00:00:00 2001 From: Max Fowler Date: Mon, 9 Nov 2020 22:14:57 +0100 Subject: [PATCH 6/8] Remove tags from yml --- ansible/deploy.yml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/ansible/deploy.yml b/ansible/deploy.yml index d8a1177..11865b5 100644 --- a/ansible/deploy.yml +++ b/ansible/deploy.yml @@ -27,21 +27,9 @@ - name: tasks for creating debian repository include_tasks: debianrep.yml - args: - apply: - tags: - - debian - tags: - - debian - name: tasks for devdocs - include_tasks: - file: devdocs.yml - apply: - tags: - - devdocs - tags: - - devdocs + include_tasks: devdocs.yml handlers: - name: restart nginx -- 2.49.0 From 28fc6f3e0032481f15303da5697c11eb2308a6a1 Mon Sep 17 00:00:00 2001 From: Max Fowler Date: Wed, 11 Nov 2020 11:32:54 +0100 Subject: [PATCH 7/8] More clear README --- README.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 6bc43c0..7013aab 100644 --- a/README.md +++ b/README.md @@ -10,12 +10,14 @@ using ansible 2.9.3 # setup +locally run: `mkdir ansible/secret_files` (and make sure you get the required secret_files which are hosted off git) gpg key creation is still not automated, so after creating the server generate a gpg key on the server, -put the gpg_key_id into vars.yaml and then run setup +`gpg --gen-key` +put the gpg_key_id into vars.yaml and then run setup locally: `ansible-playbook -i ansible/hosts ansible/setup.yml` @@ -27,12 +29,18 @@ put the gpg_key_id into vars.yaml and then run setup # building releases (to be automated later) ## building for arm64 -`cd /srv/src/peach-oled +```cd /srv/src/peach-oled cargo-deb cd /srv/www/repos/apt/debian -reprepro includedeb buster /srv/src/peach-oled/target/debian/peach-oled_0.1.0_amd64.deb` +reprepro includedeb buster /srv/src/peach-oled/target/debian/peach-oled_0.1.0_amd64.deb +``` ## building for aarch64 -`cd /srv/src/peach-oled +```cd /srv/src/peach-oled cargo build --release --target=aarch64-unknown-linux-gnu -CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/aarch64-linux-gnu-gcc cargo-deb --release --target=aarch64-unknown-linux-gnu` \ No newline at end of file +CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/aarch64-linux-gnu-gcc cargo-deb --release --target=aarch64-unknown-linux-gnu +``` + +# misc +based off this tutorial: +https://wiki.debian.org/DebianRepository/SetupWithReprepro \ No newline at end of file -- 2.49.0 From 93564a63cc267b247500bc44c8028967dcddeb62 Mon Sep 17 00:00:00 2001 From: Max Fowler Date: Wed, 11 Nov 2020 13:28:41 +0100 Subject: [PATCH 8/8] Add nginx config for debian repo --- .gitignore | 1 + ansible/debianrep.yml | 19 ++++++++---- ansible/deploy.yml | 29 ++++++++++--------- ansible/devdocs.yml | 15 ++++++---- ansible/hosts | 2 +- ansible/templates/automation/README | 7 +++++ ansible/templates/debian/nginx_debian.conf | 21 ++++++++++++++ ansible/templates/devdocs/git-post-receive | 4 +-- .../{nginx => devdocs}/nginx_devdocs.conf | 2 +- ansible/templates/welcome | 5 ++++ ansible/vars.yaml | 3 +- 11 files changed, 79 insertions(+), 29 deletions(-) create mode 100644 ansible/templates/automation/README create mode 100644 ansible/templates/debian/nginx_debian.conf rename ansible/templates/{nginx => devdocs}/nginx_devdocs.conf (81%) create mode 100644 ansible/templates/welcome diff --git a/.gitignore b/.gitignore index 8adf888..3cf8dbd 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ secret* deploy.sh setup.sh ssh.sh +ansible/test.yml \ No newline at end of file diff --git a/ansible/debianrep.yml b/ansible/debianrep.yml index 1f04c55..3513184 100644 --- a/ansible/debianrep.yml +++ b/ansible/debianrep.yml @@ -2,6 +2,9 @@ - name: ensure debian rep directory action: file dest="{{debian_rep_dir}}" state=directory +- name: ensure debian rep conf directory + action: file dest="{{debian_rep_dir}}/conf" state=directory + - name: create debian distributions file template: src: debian/distributions @@ -13,12 +16,13 @@ - name: create debian override file action: template src=debian/override.buster dest="{{debian_rep_dir}}/conf/override.buster" -- name: export public gpg key to be served by web server - command: gpg --armor --output {{web_dir}}/peach_pub.gpg --export {{gpg_key_id}} - args: - creates: "{{web_dir}}/peach_pub.gpg" - # couldn't easily figure out how to automate gpg key creation, so this step can be manual +# gpg --gen-key + +- name: export public gpg key to be served by web server + command: gpg --armor --output {{web_dir}}/repos/apt/peach_pub.gpg --export {{gpg_key_id}} + args: + creates: "{{web_dir}}/repos/apt/peach_pub.gpg" - name: install reprepro apt: pkg=reprepro @@ -29,3 +33,8 @@ - name: install aarch644 gcc apt: pkg=gcc-aarch64-linux-gnu +- name: create debian repo nginx site config + action: template src=templates/debian/nginx_debian.conf dest=/etc/nginx/sites-enabled/debianrep.conf + notify: + - restart nginx + diff --git a/ansible/deploy.yml b/ansible/deploy.yml index 11865b5..fb42610 100644 --- a/ansible/deploy.yml +++ b/ansible/deploy.yml @@ -5,32 +5,33 @@ tags: - always - - name: deploy code from github + - name: deploy microservices code from github git: repo={{item.repo_url}} dest={{item.destination}} remote={{item.remote}} version={{item.branch}} accept_hostkey=yes loop: - - { repo_url: 'https://github.com/peachcloud/peach-vps.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-vps' } - { repo_url: 'https://github.com/peachcloud/peach-web.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-web' } - { repo_url: 'https://github.com/peachcloud/peach-oled.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-oled' } - { repo_url: 'https://github.com/peachcloud/peach-stats.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-stats' } - - name: create nginx site configs - action: template src={{item.template}} dest=/etc/nginx/sites-enabled/{{item.name}} - loop: - - { template: 'templates/nginx/nginx_devdocs.conf', name: 'devdocs.conf' } - notify: - - restart nginx - - - name: restart server and webapp - command: /bin/true - notify: - - restart nginx - - name: tasks for creating debian repository include_tasks: debianrep.yml - name: tasks for devdocs include_tasks: devdocs.yml + - name: ensure automation folder + action: file dest=/srv/automation state=directory + + - name: deploy code for automation + git: repo=https://github.com/peachcloud/peach-vps.git dest={{automation_dir}}/peach-vps remote=main version=main accept_hostkey=yes + + - name: copy welcome file + template: src=welcome dest=/srv/welcome + + - name: restart nginx + command: /bin/true + notify: + - restart nginx + handlers: - name: restart nginx action: service name=nginx state=restarted diff --git a/ansible/devdocs.yml b/ansible/devdocs.yml index fd25193..eeb2425 100644 --- a/ansible/devdocs.yml +++ b/ansible/devdocs.yml @@ -1,20 +1,20 @@ --- - name: ensure devdocs_bare - action: file dest={{src_dir}}/devdocs_bare state=directory + action: file dest={{automation_dir}}/devdocs_bare state=directory - name: initialize devdocs_bare git repo - command: git init --bare {{src_dir}}/devdocs_bare + command: git init --bare {{automation_dir}}/devdocs_bare args: creates: '{{src_dir}}/devdocs_bare/.git' - name: ensure devdocs_build - action: file dest={{src_dir}}/devdocs_build state=directory + action: file dest={{automation_dir}}/devdocs_build state=directory - name: ensure git hooks directory - action: file dest={{src_dir}}/devdocs_bare/hooks state=directory + action: file dest={{automation_dir}}/devdocs_bare/hooks state=directory - name: copy devdocs githook - action: template src=devdocs/git-post-receive dest="{{src_dir}}/devdocs_bare/hooks/post-receive" mode='770' + action: template src=devdocs/git-post-receive dest="{{automation_dir}}/devdocs_bare/hooks/post-receive" mode='770' - name: ensure devdocs web directory action: file dest={{web_dir}}/docs:peachcloud:org/html state=directory @@ -24,3 +24,8 @@ args: creates: /root/.cargo/bin/mdbook +- name: create devdocs nginx site config + action: template src=templates/devdocs/nginx_devdocs.conf dest=/etc/nginx/sites-enabled/devdocs.conf + notify: + - restart nginx + diff --git a/ansible/hosts b/ansible/hosts index 7adf73f..1ffd7c3 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -1,2 +1,2 @@ [vps] -159.89.5.141 ansible_ssh_user=root ansible_ssh_private_key_file=ansible/secret_files/do_rsa \ No newline at end of file +46.101.107.168 ansible_ssh_user=root ansible_ssh_private_key_file=/Users/maxfowler/.ssh/peach_rsa \ No newline at end of file diff --git a/ansible/templates/automation/README b/ansible/templates/automation/README new file mode 100644 index 0000000..fb6506d --- /dev/null +++ b/ansible/templates/automation/README @@ -0,0 +1,7 @@ +Automation-related directories are stored in this directory. + +For example, bare Git Hooks directories and staging directories for automating the build and deployment of peach-devdocs to docs.peachcloud.org. + +See https://github.com/peachcloud/peach-devdocs/blob/master/GITHOOK_DEPLOYMENT.md for more info. + +In the future, this directory may also be home to automation for release builds and deb file builds. \ No newline at end of file diff --git a/ansible/templates/debian/nginx_debian.conf b/ansible/templates/debian/nginx_debian.conf new file mode 100644 index 0000000..9a02f85 --- /dev/null +++ b/ansible/templates/debian/nginx_debian.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name 46.101.107.168; + + access_log /srv/log/nginx-debian.log; + error_log /srv/log/nginx-debian.error; + + location / { + root {{web_dir}}/repos/apt; + index index.html; + autoindex on; + } + + location ~ /(.*)/conf { + deny all; + } + + location ~ /(.*)/db { + deny all; + } +} \ No newline at end of file diff --git a/ansible/templates/devdocs/git-post-receive b/ansible/templates/devdocs/git-post-receive index 36b37bd..8d1ec36 100644 --- a/ansible/templates/devdocs/git-post-receive +++ b/ansible/templates/devdocs/git-post-receive @@ -4,9 +4,9 @@ do if [[ $ref =~ .*/master$ ]]; then echo "Master ref received. Deploying master branch to build directory..." - git --work-tree={{src_dir}}/devdocs_build --git-dir={{src_dir}}/devdocs_bare checkout -f + git --work-tree={{automation_dir}}/devdocs_build --git-dir={{automation_dir}}/devdocs_bare checkout -f echo "Building docs and deploying to production..." - /root/.cargo/bin/mdbook build {{src_dir}}/devdocs_build --dest-dir {{web_dir}}/docs:peachcloud:org/html + /root/.cargo/bin/mdbook build {{automation_dir}}/devdocs_build --dest-dir {{web_dir}}/docs:peachcloud:org/html else echo "Ref $ref successfully received. Doing nothing: only the master branch may be deployed on this server." fi diff --git a/ansible/templates/nginx/nginx_devdocs.conf b/ansible/templates/devdocs/nginx_devdocs.conf similarity index 81% rename from ansible/templates/nginx/nginx_devdocs.conf rename to ansible/templates/devdocs/nginx_devdocs.conf index c97291c..68076b9 100644 --- a/ansible/templates/nginx/nginx_devdocs.conf +++ b/ansible/templates/devdocs/nginx_devdocs.conf @@ -1,6 +1,6 @@ server { listen 80; - server_name 159.89.5.141; + server_name reddeadnettle.network; location / { root {{web_dir}}/docs:peachcloud:org/html; diff --git a/ansible/templates/welcome b/ansible/templates/welcome new file mode 100644 index 0000000..011f334 --- /dev/null +++ b/ansible/templates/welcome @@ -0,0 +1,5 @@ +Welcome to the PeachCloud VPS. + +Users with membership to the `peach` group can write to this directory (`/srv/peachcloud`). + +All PeachCloud-related assets are to be stored in this directory. \ No newline at end of file diff --git a/ansible/vars.yaml b/ansible/vars.yaml index 6f2a21d..f1a7675 100644 --- a/ansible/vars.yaml +++ b/ansible/vars.yaml @@ -1,9 +1,10 @@ app_name: peach-vps log_dir: /srv/log src_dir: /srv/src +automation_dir: /srv/automation web_dir: /srv/www debian_rep_dir: /srv/www/repos/apt/debian -gpg_key_id: E62CD13A85763FCEC3EDBA8EA98440817F1A3CE5 +gpg_key_id: 74A8D514053AE40F15C407E5D5233F944CCA2DF5 services: - peach-oled - peach-stats -- 2.49.0