From 50d0af489296a42f8773066ffc37265dab1d5b0a Mon Sep 17 00:00:00 2001 From: Joshua Hull Date: Sun, 15 Jan 2023 10:49:21 +0100 Subject: sky: homepage: set up the frontpage of labitat.dk esmil: - use timer to update the homepage - git clone/update and install gems as the homepage user --- roles/sky/files/update-homepage.service | 13 ++++++ roles/sky/files/update-homepage.timer | 12 +++++ roles/sky/handlers/main.yml | 8 ++++ roles/sky/tasks/homepage.yml | 82 +++++++++++++++++++++++++++++++++ roles/sky/tasks/main.yml | 2 + roles/sky/templates/homepage.nginx.j2 | 28 +++++++++++ roles/sky/vars/main.yml | 3 ++ 7 files changed, 148 insertions(+) create mode 100644 roles/sky/files/update-homepage.service create mode 100644 roles/sky/files/update-homepage.timer create mode 100644 roles/sky/handlers/main.yml create mode 100644 roles/sky/tasks/homepage.yml create mode 100644 roles/sky/templates/homepage.nginx.j2 (limited to 'roles/sky') diff --git a/roles/sky/files/update-homepage.service b/roles/sky/files/update-homepage.service new file mode 100644 index 0000000..d4fc777 --- /dev/null +++ b/roles/sky/files/update-homepage.service @@ -0,0 +1,13 @@ +[Unit] +Description=Update Homepage +Requires=network-online.target +After=network-online.target + +[Service] +Type=oneshot +ExecStart=/home/homepage/homepage/make +WorkingDirectory=/home/homepage/homepage +User=homepage +Group=homepage +ProtectSystem=full +PrivateTmp=yes diff --git a/roles/sky/files/update-homepage.timer b/roles/sky/files/update-homepage.timer new file mode 100644 index 0000000..34a6a57 --- /dev/null +++ b/roles/sky/files/update-homepage.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Update homepage every minute + +[Timer] +Unit=update-homepage.service +OnBootSec=1min +OnUnitActiveSec=1min +AccuracySec=1min +Persistent=no + +[Install] +WantedBy=timers.target diff --git a/roles/sky/handlers/main.yml b/roles/sky/handlers/main.yml new file mode 100644 index 0000000..a73bd25 --- /dev/null +++ b/roles/sky/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: restart update-homepage + systemd: + name: update-homepage.timer + state: restarted + daemon_reload: yes + +# vim: set ts=2 sw=2 et: diff --git a/roles/sky/tasks/homepage.yml b/roles/sky/tasks/homepage.yml new file mode 100644 index 0000000..54872ed --- /dev/null +++ b/roles/sky/tasks/homepage.yml @@ -0,0 +1,82 @@ +--- +- name: Create homepage user + user: + comment: 'user for homepage' + name: homepage + group: homepage + uid: 3000 + shell: '/bin/bash' + +- name: Clone/update homepage git repo + git: + dest: '~homepage/homepage' + repo: 'https://github.com/labitat/homepage' + version: main + remote: origin + #single_branch: yes + #accept_newhostkey: yes + clone: yes + update: yes + become_user: homepage + register: homepage_git + +- name: Deploy new homepage + block: + - name: Delete old gems + file: + path: '~homepage/homepage/{{ item }}' + state: absent + with_items: + - Gemfile.lock + - lib + - bin + - name: Install dependencies + command: /usr/bin/bundle + args: + chdir: '~homepage/homepage' + become_user: homepage + - name: Create build and out directories + file: + path: '~homepage/homepage/{{ item }}' + state: directory + owner: homepage + group: homepage + mode: 0755 + with_items: + - build + - out + when: homepage_git is changed + +- name: Create update-homepage service and timer + copy: + dest: '/etc/systemd/system/{{ item }}' + src: '{{ item }}' + owner: root + group: root + mode: 0644 + with_items: + - update-homepage.service + - update-homepage.timer + notify: + - restart update-homepage + +- name: Enable update-homepage timer + systemd: + name: update-homepage.timer + enabled: yes + masked: no + state: started + +- name: Install nginx site for homepage + template: + dest: '/etc/nginx/sites-enabled/homepage' + src: homepage.nginx.j2 + owner: root + group: root + mode: 0644 + notify: + - reload nginx + tags: + - nginx + +# vim: set ts=2 sw=2 et: diff --git a/roles/sky/tasks/main.yml b/roles/sky/tasks/main.yml index 6144e82..9d04b9f 100644 --- a/roles/sky/tasks/main.yml +++ b/roles/sky/tasks/main.yml @@ -11,5 +11,7 @@ - import_tasks: certbot.yml tags: certbot +- import_tasks: homepage.yml + tags: homepage # vim: set ts=2 sw=2 et: diff --git a/roles/sky/templates/homepage.nginx.j2 b/roles/sky/templates/homepage.nginx.j2 new file mode 100644 index 0000000..cf31da9 --- /dev/null +++ b/roles/sky/templates/homepage.nginx.j2 @@ -0,0 +1,28 @@ +# generated 2023-01-14, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration +# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 +server { + listen *:443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ domain_name }}; + + ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 1d; + ssl_session_tickets off; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + root /home/homepage/homepage/build; + + location = / { + try_files $uri /out.html; + } +} diff --git a/roles/sky/vars/main.yml b/roles/sky/vars/main.yml index ecdaefa..fdb1fbe 100644 --- a/roles/sky/vars/main.yml +++ b/roles/sky/vars/main.yml @@ -35,6 +35,9 @@ apt_sources_role: apt_packages_role: 'nginx': present 'certbot': present + 'ruby': present + 'bundler': present + 'curl': present journald_conf_role: 'Journal.Storage': 'persistent' -- cgit v1.2.1