OpenNeo/impress-2020
OpenNeo/impress-2020
1
0
Fork 0
Code Pull requests Activity
impress-2020/deploy/playbooks/setup.yml
Matchu 7131bc0ea9 Set up certbot during setup playbook 
You can see how, instead of the default experience where certbot edits your config for you, I've referenced the certificates in the config in the first place, and set up certbot to just generate them!

Also, I learned about certbot non-interactive mode! At first I wrote this with the Ansible `expect` module lol :p
2021-11-03 01:00:28 -07:00

159 lines
4.3 KiB
YAML
Raw Blame History

---
- name: Set up the environment for the impress-2020 app
hosts: webserver
vars:
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
tasks:
- name: Create web user group
become: yes
group:
name: web
- name: Add current user to web group
become: yes
user:
name: "{{ ansible_user_id }}"
group: web
append: yes
- name: Create the app folder
become: yes
file:
path: /srv/impress-2020
state: directory
# Root and the `web` group may read/write this folder. Everyone else
# may only read it.
group: web
mode: "u=rwx,g=rwx,o=rx"
- name: Add Nodesource apt key
become: yes
apt_key:
id: 9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
- name: Add Node v16 apt repository
become: yes
apt_repository:
repo: deb https://deb.nodesource.com/node_16.x focal main
- name: Install Node v16
become: yes
apt:
update_cache: yes
name: nodejs
state: present
- name: Install Yarn
become: yes
npm:
name: yarn
global: yes
- name: Install pm2
become: yes
npm:
name: pm2
global: yes
- name: Create pm2 startup script
# The current user is going to become the pm2 owner of the app server
# process. They'll be able to manage it without `sudo`, including during
# normal deploys, and run `pm2 monit` from their shell to see status.
become: yes
command: "pm2 startup systemd {{ ansible_user_id }} --hp /home/{{ ansible_user_id }}"
- name: Create pm2 ecosystem file
copy:
content: >
module.exports = {
apps: [
{
name: "impress-2020",
cwd: "/srv/impress-2020/current",
script: "yarn",
args: "start",
instances: "max",
exec_mode: "cluster",
}
]
}
dest: "/srv/impress-2020/ecosystem.config.js"
- name: Start pm2 ecosystem (even if the app isn't ready yet)
command:
chdir: "/srv/impress-2020"
cmd: "pm2 start ecosystem.config.js"
- name: Save pm2 startup script
command: pm2 save
- name: Install core snap
become: yes
community.general.snap:
name: core
- name: Install certbot as a snap
become: yes
community.general.snap:
name: certbot
classic: yes
- name: Set up certbot
become: yes
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains impress-2020-box.openneo.net"
- name: Install nginx
become: yes
apt:
update_cache: yes
name: nginx
- name: Add impress-2020 config file to nginx
become: yes
copy:
content: >
server {
server_name impress-2020-box.openneo.net;
listen 80;
if ($host = impress-2020-box.openneo.net) {
return 301 https://$host$request_uri;
}
}
server {
server_name impress-2020-box.openneo.net;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/impress-2020-box.openneo.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/impress-2020-box.openneo.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127
# TODO: Serve static files directly, instead of through the proxy
location / {
proxy_pass http://127.0.0.1:3000;
}
}
dest: /etc/nginx/sites-enabled/impress-2020
notify:
- Restart nginx
- name: Install dependencies for the npm module node-canvas
become: yes
apt:
update_cache: yes
name:
- build-essential
- libcairo2-dev
- libpango1.0-dev
- libjpeg-dev
- libgif-dev
- librsvg2-dev
handlers:
- name: Restart nginx
become: yes
service:
name: nginx
state: restarted
View git blame Copy permalink