Fix some bugs running deploy-setup from scratch
As an exercise, I've wiped the box clean, and I'm reinstalling from the scripts! :3 I added the SSH hardening rules to the playbook instead of doing them by hand this time. I made a mistake with creating `/srv/impress-2020`, right, you need to *say* what it should be created *as* for the creation step to work! I also guess my recent pm2 changes made it not actually be willing to start the app anymore, because `/srv/impress-2020/current` doesn't exist or have `node_modules` yet. I'm doing a cute thing where I create a placeholder app during setup, so there's always something to run, without introducing the complexities of a real deploy to the setup process. And right, of course, we need to install nginx before running certbot! But we need to add certbot config *after* running certbot! And then just some misc cleanups for consistency and correctness!
This commit is contained in:
parent
1e3e8391b4
commit
9310a250d6
2 changed files with 63 additions and 10 deletions
|
|
@ -4,11 +4,33 @@
|
|||
vars:
|
||||
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
|
||||
tasks:
|
||||
- name: Create the app folder
|
||||
- name: Disable root SSH login
|
||||
become: yes
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: ^#?PermitRootLogin
|
||||
line: PermitRootLogin no
|
||||
|
||||
- name: Disable password-based SSH authentication
|
||||
become: yes
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: ^#?PasswordAuthentication
|
||||
line: PasswordAuthentication no
|
||||
|
||||
- name: Install fail2ban firewall with default settings
|
||||
become: yes
|
||||
apt:
|
||||
update_cache: yes
|
||||
name: fail2ban
|
||||
|
||||
- name: Create the app versions folder
|
||||
become: yes
|
||||
file:
|
||||
path: /srv/impress-2020
|
||||
path: /srv/impress-2020/versions
|
||||
owner: "{{ ansible_user_id }}"
|
||||
group: "{{ ansible_user_id }}"
|
||||
state: directory
|
||||
|
||||
- name: Add Nodesource apt key
|
||||
become: yes
|
||||
|
|
@ -26,7 +48,6 @@
|
|||
apt:
|
||||
update_cache: yes
|
||||
name: nodejs
|
||||
state: present
|
||||
|
||||
- name: Install Yarn
|
||||
become: yes
|
||||
|
|
@ -34,6 +55,38 @@
|
|||
name: yarn
|
||||
global: yes
|
||||
|
||||
- name: Check for a current app version
|
||||
stat:
|
||||
path: /srv/impress-2020/current
|
||||
register: current_app_version
|
||||
|
||||
- name: Check whether we already have a placeholder app
|
||||
stat:
|
||||
path: /srv/impress-2020/versions/initial-placeholder
|
||||
register: existing_placeholder_app
|
||||
when: not current_app_version.stat.exists
|
||||
|
||||
- name: Create a placeholder app, to run until we deploy a real version
|
||||
command:
|
||||
chdir: /srv/impress-2020/versions
|
||||
cmd: yarn create next-app initial-placeholder
|
||||
when: |
|
||||
not current_app_version.stat.exists and
|
||||
not existing_placeholder_app.stat.exists
|
||||
|
||||
- name: Build the placeholder app
|
||||
command:
|
||||
chdir: /srv/impress-2020/versions/initial-placeholder
|
||||
cmd: yarn build
|
||||
when: not current_app_version.stat.exists
|
||||
|
||||
- name: Set the placeholder app as the current version
|
||||
file:
|
||||
src: /srv/impress-2020/versions/initial-placeholder
|
||||
dest: /srv/impress-2020/current
|
||||
state: link
|
||||
when: not current_app_version.stat.exists
|
||||
|
||||
- name: Install pm2
|
||||
become: yes
|
||||
npm:
|
||||
|
|
@ -89,6 +142,12 @@
|
|||
- name: Save pm2 startup script
|
||||
command: pm2 save
|
||||
|
||||
- name: Install nginx
|
||||
become: yes
|
||||
apt:
|
||||
update_cache: yes
|
||||
name: nginx
|
||||
|
||||
- name: Install core snap
|
||||
become: yes
|
||||
community.general.snap:
|
||||
|
|
@ -104,12 +163,6 @@
|
|||
become: yes
|
||||
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains impress-2020-box.openneo.net"
|
||||
|
||||
- name: Install nginx
|
||||
become: yes
|
||||
apt:
|
||||
update_cache: yes
|
||||
name: nginx
|
||||
|
||||
- name: Add impress-2020 config file to nginx
|
||||
become: yes
|
||||
copy:
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@
|
|||
"vercel-build": "yum install libuuid-devel libmount-devel && cp /lib64/{libuuid,libmount,libblkid}.so.1 node_modules/canvas/build/Release/",
|
||||
"test": "jest test --env=jsdom",
|
||||
"lint": "next lint --dir src --dir pages",
|
||||
"deploy-setup": "echo $'Setup requires you to become the root user. You\\'ll need to enter the password for your account on the remote web server below, and you must be part of the `sudoers` user group.' && ansible-playbook -K -i deploy/inventory.cfg deploy/playbooks/setup.yml",
|
||||
"deploy-setup": "echo $'Setup requires you to become the root user. You\\'ll need to enter the password for your account on the remote web server below, and you must be part of the `sudo` user group.' && ansible-playbook -K -i deploy/inventory.cfg deploy/playbooks/setup.yml",
|
||||
"deploy": "ansible-playbook -i deploy/inventory.cfg deploy/playbooks/deploy.yml",
|
||||
"deploy-skip-build": "ansible-playbook -i deploy/inventory.cfg deploy/playbooks/deploy.yml --extra-vars='{\"skip_build\": true}'",
|
||||
"cypress": "cypress open",
|
||||
|
|
|
|||
Loading…
Reference in a new issue