Fix some bugs running deploy-setup from scratch
As an exercise, I've wiped the box clean, and I'm reinstalling from the scripts! :3 I added the SSH hardening rules to the playbook instead of doing them by hand this time. I made a mistake with creating `/srv/impress-2020`, right, you need to *say* what it should be created *as* for the creation step to work! I also guess my recent pm2 changes made it not actually be willing to start the app anymore, because `/srv/impress-2020/current` doesn't exist or have `node_modules` yet. I'm doing a cute thing where I create a placeholder app during setup, so there's always something to run, without introducing the complexities of a real deploy to the setup process. And right, of course, we need to install nginx before running certbot! But we need to add certbot config *after* running certbot! And then just some misc cleanups for consistency and correctness!
This commit is contained in:
parent
1e3e8391b4
commit
9310a250d6
2 changed files with 63 additions and 10 deletions
|
@ -4,11 +4,33 @@
|
||||||
vars:
|
vars:
|
||||||
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
|
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
|
||||||
tasks:
|
tasks:
|
||||||
- name: Create the app folder
|
- name: Disable root SSH login
|
||||||
|
become: yes
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
regexp: ^#?PermitRootLogin
|
||||||
|
line: PermitRootLogin no
|
||||||
|
|
||||||
|
- name: Disable password-based SSH authentication
|
||||||
|
become: yes
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
regexp: ^#?PasswordAuthentication
|
||||||
|
line: PasswordAuthentication no
|
||||||
|
|
||||||
|
- name: Install fail2ban firewall with default settings
|
||||||
|
become: yes
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
name: fail2ban
|
||||||
|
|
||||||
|
- name: Create the app versions folder
|
||||||
become: yes
|
become: yes
|
||||||
file:
|
file:
|
||||||
path: /srv/impress-2020
|
path: /srv/impress-2020/versions
|
||||||
owner: "{{ ansible_user_id }}"
|
owner: "{{ ansible_user_id }}"
|
||||||
|
group: "{{ ansible_user_id }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Add Nodesource apt key
|
- name: Add Nodesource apt key
|
||||||
become: yes
|
become: yes
|
||||||
|
@ -26,7 +48,6 @@
|
||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
name: nodejs
|
name: nodejs
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Install Yarn
|
- name: Install Yarn
|
||||||
become: yes
|
become: yes
|
||||||
|
@ -34,6 +55,38 @@
|
||||||
name: yarn
|
name: yarn
|
||||||
global: yes
|
global: yes
|
||||||
|
|
||||||
|
- name: Check for a current app version
|
||||||
|
stat:
|
||||||
|
path: /srv/impress-2020/current
|
||||||
|
register: current_app_version
|
||||||
|
|
||||||
|
- name: Check whether we already have a placeholder app
|
||||||
|
stat:
|
||||||
|
path: /srv/impress-2020/versions/initial-placeholder
|
||||||
|
register: existing_placeholder_app
|
||||||
|
when: not current_app_version.stat.exists
|
||||||
|
|
||||||
|
- name: Create a placeholder app, to run until we deploy a real version
|
||||||
|
command:
|
||||||
|
chdir: /srv/impress-2020/versions
|
||||||
|
cmd: yarn create next-app initial-placeholder
|
||||||
|
when: |
|
||||||
|
not current_app_version.stat.exists and
|
||||||
|
not existing_placeholder_app.stat.exists
|
||||||
|
|
||||||
|
- name: Build the placeholder app
|
||||||
|
command:
|
||||||
|
chdir: /srv/impress-2020/versions/initial-placeholder
|
||||||
|
cmd: yarn build
|
||||||
|
when: not current_app_version.stat.exists
|
||||||
|
|
||||||
|
- name: Set the placeholder app as the current version
|
||||||
|
file:
|
||||||
|
src: /srv/impress-2020/versions/initial-placeholder
|
||||||
|
dest: /srv/impress-2020/current
|
||||||
|
state: link
|
||||||
|
when: not current_app_version.stat.exists
|
||||||
|
|
||||||
- name: Install pm2
|
- name: Install pm2
|
||||||
become: yes
|
become: yes
|
||||||
npm:
|
npm:
|
||||||
|
@ -89,6 +142,12 @@
|
||||||
- name: Save pm2 startup script
|
- name: Save pm2 startup script
|
||||||
command: pm2 save
|
command: pm2 save
|
||||||
|
|
||||||
|
- name: Install nginx
|
||||||
|
become: yes
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
name: nginx
|
||||||
|
|
||||||
- name: Install core snap
|
- name: Install core snap
|
||||||
become: yes
|
become: yes
|
||||||
community.general.snap:
|
community.general.snap:
|
||||||
|
@ -104,12 +163,6 @@
|
||||||
become: yes
|
become: yes
|
||||||
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains impress-2020-box.openneo.net"
|
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains impress-2020-box.openneo.net"
|
||||||
|
|
||||||
- name: Install nginx
|
|
||||||
become: yes
|
|
||||||
apt:
|
|
||||||
update_cache: yes
|
|
||||||
name: nginx
|
|
||||||
|
|
||||||
- name: Add impress-2020 config file to nginx
|
- name: Add impress-2020 config file to nginx
|
||||||
become: yes
|
become: yes
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -66,7 +66,7 @@
|
||||||
"vercel-build": "yum install libuuid-devel libmount-devel && cp /lib64/{libuuid,libmount,libblkid}.so.1 node_modules/canvas/build/Release/",
|
"vercel-build": "yum install libuuid-devel libmount-devel && cp /lib64/{libuuid,libmount,libblkid}.so.1 node_modules/canvas/build/Release/",
|
||||||
"test": "jest test --env=jsdom",
|
"test": "jest test --env=jsdom",
|
||||||
"lint": "next lint --dir src --dir pages",
|
"lint": "next lint --dir src --dir pages",
|
||||||
"deploy-setup": "echo $'Setup requires you to become the root user. You\\'ll need to enter the password for your account on the remote web server below, and you must be part of the `sudoers` user group.' && ansible-playbook -K -i deploy/inventory.cfg deploy/playbooks/setup.yml",
|
"deploy-setup": "echo $'Setup requires you to become the root user. You\\'ll need to enter the password for your account on the remote web server below, and you must be part of the `sudo` user group.' && ansible-playbook -K -i deploy/inventory.cfg deploy/playbooks/setup.yml",
|
||||||
"deploy": "ansible-playbook -i deploy/inventory.cfg deploy/playbooks/deploy.yml",
|
"deploy": "ansible-playbook -i deploy/inventory.cfg deploy/playbooks/deploy.yml",
|
||||||
"deploy-skip-build": "ansible-playbook -i deploy/inventory.cfg deploy/playbooks/deploy.yml --extra-vars='{\"skip_build\": true}'",
|
"deploy-skip-build": "ansible-playbook -i deploy/inventory.cfg deploy/playbooks/deploy.yml --extra-vars='{\"skip_build\": true}'",
|
||||||
"cypress": "cypress open",
|
"cypress": "cypress open",
|
||||||
|
|
Loading…
Reference in a new issue