diff --git a/deploy/playbooks/setup.yml b/deploy/playbooks/setup.yml index cc2f00e..489dd8a 100644 --- a/deploy/playbooks/setup.yml +++ b/deploy/playbooks/setup.yml @@ -4,11 +4,33 @@ vars: email_address: "emi@matchu.dev" # TODO: Extract this to personal config? tasks: - - name: Create the app folder + - name: Disable root SSH login + become: yes + lineinfile: + dest: /etc/ssh/sshd_config + regexp: ^#?PermitRootLogin + line: PermitRootLogin no + + - name: Disable password-based SSH authentication + become: yes + lineinfile: + dest: /etc/ssh/sshd_config + regexp: ^#?PasswordAuthentication + line: PasswordAuthentication no + + - name: Install fail2ban firewall with default settings + become: yes + apt: + update_cache: yes + name: fail2ban + + - name: Create the app versions folder become: yes file: - path: /srv/impress-2020 + path: /srv/impress-2020/versions owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + state: directory - name: Add Nodesource apt key become: yes @@ -26,7 +48,6 @@ apt: update_cache: yes name: nodejs - state: present - name: Install Yarn become: yes @@ -34,6 +55,38 @@ name: yarn global: yes + - name: Check for a current app version + stat: + path: /srv/impress-2020/current + register: current_app_version + + - name: Check whether we already have a placeholder app + stat: + path: /srv/impress-2020/versions/initial-placeholder + register: existing_placeholder_app + when: not current_app_version.stat.exists + + - name: Create a placeholder app, to run until we deploy a real version + command: + chdir: /srv/impress-2020/versions + cmd: yarn create next-app initial-placeholder + when: | + not current_app_version.stat.exists and + not existing_placeholder_app.stat.exists + + - name: Build the placeholder app + command: + chdir: /srv/impress-2020/versions/initial-placeholder + cmd: yarn build + when: not current_app_version.stat.exists + + - name: Set the placeholder app as the current version + file: + src: /srv/impress-2020/versions/initial-placeholder + dest: /srv/impress-2020/current + state: link + when: not current_app_version.stat.exists + - name: Install pm2 become: yes npm: @@ -89,6 +142,12 @@ - name: Save pm2 startup script command: pm2 save + - name: Install nginx + become: yes + apt: + update_cache: yes + name: nginx + - name: Install core snap become: yes community.general.snap: @@ -104,12 +163,6 @@ become: yes command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains impress-2020-box.openneo.net" - - name: Install nginx - become: yes - apt: - update_cache: yes - name: nginx - - name: Add impress-2020 config file to nginx become: yes copy: diff --git a/package.json b/package.json index 010f689..b0dea43 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "vercel-build": "yum install libuuid-devel libmount-devel && cp /lib64/{libuuid,libmount,libblkid}.so.1 node_modules/canvas/build/Release/", "test": "jest test --env=jsdom", "lint": "next lint --dir src --dir pages", - "deploy-setup": "echo $'Setup requires you to become the root user. You\\'ll need to enter the password for your account on the remote web server below, and you must be part of the `sudoers` user group.' && ansible-playbook -K -i deploy/inventory.cfg deploy/playbooks/setup.yml", + "deploy-setup": "echo $'Setup requires you to become the root user. You\\'ll need to enter the password for your account on the remote web server below, and you must be part of the `sudo` user group.' && ansible-playbook -K -i deploy/inventory.cfg deploy/playbooks/setup.yml", "deploy": "ansible-playbook -i deploy/inventory.cfg deploy/playbooks/deploy.yml", "deploy-skip-build": "ansible-playbook -i deploy/inventory.cfg deploy/playbooks/deploy.yml --extra-vars='{\"skip_build\": true}'", "cypress": "cypress open",