PeachCloud/peach-package-builder
0
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Basic working debian repository with reprepro and mdbook builder #1

Closed
mhfowler wants to merge 8 commits from first-branch into main
pull from: first-branch
merge into: PeachCloud:main
Conversation 6 Commits 8 Files Changed 17 +328 -2
17 changed files with 328 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
secret_files*
secret*
deploy.sh
setup.sh
ssh.sh
ansible/test.yml

48
README.md
View File

@ -1,2 +1,46 @@
# peach-vps
# simple-ansible-template
# peach-vps config
Code for configuring the peachcloud vps for various hosting and automation
- debian repository of microservices
- mdbook builder for devdocs
using ansible 2.9.3
[instructions to install ansible locally](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
# setup
locally run:
`mkdir ansible/secret_files`
(and make sure you get the required secret_files which are hosted off git)
gpg key creation is still not automated,
so after creating the server generate a gpg key on the server,
`gpg --gen-key`
put the gpg_key_id into vars.yaml and then run setup locally:
`ansible-playbook -i ansible/hosts ansible/setup.yml`
# deploy
`ansible-playbook -i ansible/hosts ansible/deploy.yml`
# building releases (to be automated later)
## building for arm64
```cd /srv/src/peach-oled
cargo-deb
cd /srv/www/repos/apt/debian
reprepro includedeb buster /srv/src/peach-oled/target/debian/peach-oled_0.1.0_amd64.deb
```
## building for aarch64
```cd /srv/src/peach-oled
cargo build --release --target=aarch64-unknown-linux-gnu
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/aarch64-linux-gnu-gcc cargo-deb --release --target=aarch64-unknown-linux-gnu
```
# misc
based off this tutorial:
https://wiki.debian.org/DebianRepository/SetupWithReprepro

40
ansible/debianrep.yml Normal file
View File

@ -0,0 +1,40 @@
---
- name: ensure debian rep directory
action: file dest="{{debian_rep_dir}}" state=directory
- name: ensure debian rep conf directory
action: file dest="{{debian_rep_dir}}/conf" state=directory
- name: create debian distributions file
template:
src: debian/distributions
dest: "{{debian_rep_dir}}/conf/distributions"
- name: create debian options file
action: template src=debian/options dest="{{debian_rep_dir}}/conf/options"
- name: create debian override file
action: template src=debian/override.buster dest="{{debian_rep_dir}}/conf/override.buster"
# couldn't easily figure out how to automate gpg key creation, so this step can be manual
# gpg --gen-key
- name: export public gpg key to be served by web server
command: gpg --armor --output {{web_dir}}/repos/apt/peach_pub.gpg --export {{gpg_key_id}}
args:
creates: "{{web_dir}}/repos/apt/peach_pub.gpg"
- name: install reprepro
apt: pkg=reprepro
- name: install toolchain for cross-compilation
command: /root/.cargo/bin/rustup toolchain install nightly-aarch64-unknown-linux-gnu
- name: install aarch644 gcc
apt: pkg=gcc-aarch64-linux-gnu
- name: create debian repo nginx site config
action: template src=templates/debian/nginx_debian.conf dest=/etc/nginx/sites-enabled/debianrep.conf
notify:
- restart nginx

38
ansible/deploy.yml Normal file
View File

@ -0,0 +1,38 @@
- hosts: vps
user: root
tasks:
- include_vars: vars.yaml
tags:
- always
- name: deploy microservices code from github
git: repo={{item.repo_url}} dest={{item.destination}} remote={{item.remote}} version={{item.branch}} accept_hostkey=yes
loop:
- { repo_url: 'https://github.com/peachcloud/peach-web.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-web' }
- { repo_url: 'https://github.com/peachcloud/peach-oled.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-oled' }
- { repo_url: 'https://github.com/peachcloud/peach-stats.git', remote: 'main', branch: 'main', destination: '{{src_dir}}/peach-stats' }
- name: tasks for creating debian repository
include_tasks: debianrep.yml
- name: tasks for devdocs
include_tasks: devdocs.yml
- name: ensure automation folder
action: file dest=/srv/automation state=directory
- name: deploy code for automation
git: repo=https://github.com/peachcloud/peach-vps.git dest={{automation_dir}}/peach-vps remote=main version=main accept_hostkey=yes
- name: copy welcome file
template: src=welcome dest=/srv/welcome
- name: restart nginx
command: /bin/true
notify:
- restart nginx
handlers:
- name: restart nginx
action: service name=nginx state=restarted

31
ansible/devdocs.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: ensure devdocs_bare
action: file dest={{automation_dir}}/devdocs_bare state=directory
- name: initialize devdocs_bare git repo
command: git init --bare {{automation_dir}}/devdocs_bare
args:
creates: '{{src_dir}}/devdocs_bare/.git'
- name: ensure devdocs_build
action: file dest={{automation_dir}}/devdocs_build state=directory
- name: ensure git hooks directory
action: file dest={{automation_dir}}/devdocs_bare/hooks state=directory
- name: copy devdocs githook
action: template src=devdocs/git-post-receive dest="{{automation_dir}}/devdocs_bare/hooks/post-receive" mode='770'
- name: ensure devdocs web directory
action: file dest={{web_dir}}/docs:peachcloud:org/html state=directory
- name: install mdbook
shell: /root/.cargo/bin/cargo install mdbook
args:
creates: /root/.cargo/bin/mdbook
- name: create devdocs nginx site config
action: template src=templates/devdocs/nginx_devdocs.conf dest=/etc/nginx/sites-enabled/devdocs.conf
notify:
- restart nginx

2
ansible/hosts Normal file
View File

@ -0,0 +1,2 @@
[vps]
46.101.107.168 ansible_ssh_user=root ansible_ssh_private_key_file=/Users/maxfowler/.ssh/peach_rsa

52
ansible/setup.yml Normal file
View File

@ -0,0 +1,52 @@
- hosts: vps
user: root
tasks:
- include_vars: vars.yaml
- name: Setup users and groups
block:
- name: Ensure groups exist
group:
name: peach
state: present
- name: Ensure users exist
ansible.builtin.user:
name: "{{ item }}"
state: present
groups: "peach"
loop:
- notplants
- glyph
- name: ensure log directory
action: file dest={{log_dir}} state=directory
- name: ensure src directory
action: file dest={{src_dir}} state=directory
- name: ensure www directory
action: file dest=/srv/www state=directory
- name: install packages
apt:
pkg:
- git
- nginx
- curl
- build-essential
- name: install rust by rustup
shell: curl https://sh.rustup.rs -sSf | sh -s -- -y
args:
creates: /root/.cargo/bin/rustc
- name: install cargo deb
shell: /root/.cargo/bin/cargo install cargo-deb
args:
creates: /root/.cargo/bin/cargo-deb
- name: copy main nginx config
action: template src=nginx/nginx.conf dest=/etc/nginx/nginx.conf

7
ansible/templates/automation/README Normal file
View File

@ -0,0 +1,7 @@
Automation-related directories are stored in this directory.
For example, bare Git Hooks directories and staging directories for automating the build and deployment of peach-devdocs to docs.peachcloud.org.
See https://github.com/peachcloud/peach-devdocs/blob/master/GITHOOK_DEPLOYMENT.md for more info.
In the future, this directory may also be home to automation for release builds and deb file builds.

8
ansible/templates/debian/distributions Normal file
View File

@ -0,0 +1,8 @@
Origin: PeachCloud
Label: PeachCloud
Codename: buster
Architectures: amd64
Components: main
Description: Apt repository for PeachCloud debian packages
SignWith: {{gpg_key_id}}
DebOverride: override.buster

21
ansible/templates/debian/nginx_debian.conf Normal file
View File

@ -0,0 +1,21 @@
server {
listen 80;
server_name 46.101.107.168;
access_log /srv/log/nginx-debian.log;
error_log /srv/log/nginx-debian.error;
location / {
root {{web_dir}}/repos/apt;
index index.html;
autoindex on;
}
location ~ /(.*)/conf {
deny all;
}
location ~ /(.*)/db {
deny all;
}
}

3
ansible/templates/debian/options Normal file
View File

@ -0,0 +1,3 @@
verbose
basedir {{debian_rep_dir}}
ask-passphrase

4
ansible/templates/debian/override.buster Normal file
View File

@ -0,0 +1,4 @@
{% for service in services %}
{{service}} Priority optional
{{service}} Section net
{% endfor %}

13
ansible/templates/devdocs/git-post-receive Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
while read oldrev newrev ref
do
if [[ $ref =~ .*/master$ ]];
then
echo "Master ref received. Deploying master branch to build directory..."
git --work-tree={{automation_dir}}/devdocs_build --git-dir={{automation_dir}}/devdocs_bare checkout -f
echo "Building docs and deploying to production..."
/root/.cargo/bin/mdbook build {{automation_dir}}/devdocs_build --dest-dir {{web_dir}}/docs:peachcloud:org/html
else
echo "Ref $ref successfully received. Doing nothing: only the master branch may be deployed on this server."
fi
done

10
ansible/templates/devdocs/nginx_devdocs.conf Normal file
View File

@ -0,0 +1,10 @@
server {
listen 80;
server_name reddeadnettle.network;
location / {
root {{web_dir}}/docs:peachcloud:org/html;
index index.html;
try_files $uri $uri/ /index.html;
}
}

31
ansible/templates/nginx/nginx.conf Normal file
View File

@ -0,0 +1,31 @@
user www-data;
worker_processes 1;
worker_rlimit_nofile 8192;
events {
worker_connections 3000;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

5
ansible/templates/welcome Normal file
View File

@ -0,0 +1,5 @@
Welcome to the PeachCloud VPS.
Users with membership to the `peach` group can write to this directory (`/srv/peachcloud`).
All PeachCloud-related assets are to be stored in this directory.

11
ansible/vars.yaml Normal file
View File

@ -0,0 +1,11 @@
app_name: peach-vps
log_dir: /srv/log
src_dir: /srv/src
automation_dir: /srv/automation
web_dir: /srv/www
debian_rep_dir: /srv/www/repos/apt/debian
gpg_key_id: 74A8D514053AE40F15C407E5D5233F944CCA2DF5
services:
- peach-oled
- peach-stats
- peach-web