Initial commit

2023-11-10 14:21:47 +01:00
commit 4a08e4aa37
13 changed files with 917 additions and 0 deletions
--- a/roles/static-server/README.md
+++ b/roles/static-server/README.md
@@ -0,0 +1,11 @@
+
+This is an [Ansible](https://www.ansible.com/) role which installs [static_site_server](https://prometheus.io/docs/alerting/latest/static_site_server/) to run as a [Docker](https://www.docker.com/) container wrapped in a systemd service.
+
+This role *implicitly* depends on:
+
+- [`com.devture.ansible.role.playbook_help`](https://github.com/devture/com.devture.ansible.role.playbook_help)
+- [`com.devture.ansible.role.systemd_docker_base`](https://github.com/devture/com.devture.ansible.role.systemd_docker_base)
+
+Check [defaults/main.yml](defaults/main.yml) for the full list of supported options.
+
+For an Ansible playbook which integrates this role and makes it easier to use, see the [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook).
--- a/roles/static-server/defaults/main.yml
+++ b/roles/static-server/defaults/main.yml
@@ -0,0 +1,19 @@
+---
+# static_site_server sets up 
+static_site_server_enabled: true
+
+static_site_server_identifier: static_site_server
+
+static_site_user: 'static_site'
+static_site_group: 'static_site'
+
+# The hostname at which static_site_server is served.
+static_site_server_hostname: ''
+
+static_site_server_auth_users: []
+
+# The path at which static_site_server is served.
+# This value must either be `/` or not end with a slash (e.g. `/static_site_server`).
+static_site_server_path_prefix: /
+
+static_site_server_base_path: "/static_sites"
--- a/roles/static-server/justfile
+++ b/roles/static-server/justfile
@@ -0,0 +1,6 @@
+# show help by default
+default:
+    @just --list --justfile {{ justfile() }}
+
+lint:
+    ansible-lint .
--- a/roles/static-server/meta/main.yml
+++ b/roles/static-server/meta/main.yml
@@ -0,0 +1,21 @@
+galaxy_info:
+  author: Julian-Samuel Gebühr
+  company: Hyteck
+  role_name: static_site_server
+  namespace: mash
+  description: Setup of a static site server
+  platforms:
+    - name: Debian
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+    - name: ArchLinux
+      versions:
+        - all
+    - name: EL
+      versions:
+        - "7"
+  license: AGPL-3.0-or-later
+  min_ansible_version: '2.1'
--- a/roles/static-server/tasks/install.yml
+++ b/roles/static-server/tasks/install.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Ensure Static Sits are setup
+  ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_site.yml"
+  with_items: "{{ static_sites }}"
+  loop_control:
+    loop_var: site
+  no_log: true
--- a/roles/static-server/tasks/main.yml
+++ b/roles/static-server/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Run static_site_server installation tasks
+  tags:
+    - setup-all
+    - setup-static_site_server
+    - install-all
+    - install-static_site_server
+  block:
+    - when: static_site_server_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: static_site_server_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
+
+- name: Run static_site_server uninstallation tasks
+  tags:
+    - setup-all
+    - setup-static_site_server
+  block:
+    - when: not static_site_server_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
--- a/roles/static-server/tasks/setup_site.yml
+++ b/roles/static-server/tasks/setup_site.yml
@@ -0,0 +1,21 @@
+
+- name: Create site user group
+  ansible.builtin.group: name="{{ site.user }}" state=present
+
+- name: Create site user
+  user: name="{{ site.user }}" shell=/bin/bash home="{{ static_site_server_base_path }}/{{ site.user }}" createhome=yes group="{{ site.user }}" groups= state=present
+
+- name: Ensure public path is present
+  ansible.builtin.file: path="{{ static_site_server_base_path }}/{{ site.user }}/public" owner="{{ site.user }}" group="{{ site.user }}" mode=0700 state=directory
+
+- name: Ensure .ssh path is present
+  ansible.builtin.file: path="{{ static_site_server_base_path }}/{{ site.user }}/.ssh" owner="{{ static_site_user }}" group="{{ static_site_group }}" mode=0700 state=directory
+
+- name: Seting up authorized keys
+  ansible.posix.authorized_key:
+    user: "{{ site.user }}"
+    key: "{{ site.key }}"
+    state: present
+
+- name: Ensure correct permissions for authorized keys file
+  ansible.builtin.file: path="{{ static_site_server_base_path }}/{{ site.user }}/.ssh/authorized_keys" owner="{{ static_site_user }}" group="{{ static_site_group }}" mode=0600 state=file
--- a/roles/static-server/tasks/uninstall.yml
+++ b/roles/static-server/tasks/uninstall.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Ensure Static Sits are setup
+  ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_site.yml"
+  with_items: "{{ static_sites }}"
+  loop_control:
+    loop_var: site
+  no_log: true
--- a/roles/static-server/tasks/validate_config.yml
+++ b/roles/static-server/tasks/validate_config.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Fail if required static_site_server settings not defined
+  ansible.builtin.fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - static_sites