1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
---
- hosts: virtualmachines
vars_files:
- vars.yaml
vars:
app_dir: /var/www/mataroa
django_manage: /home/deploy/.local/bin/uv run python manage.py
systemd_unit_templates:
- mataroa-notifications.timer.j2
- mataroa-notifications.service.j2
- mataroa-exports.timer.j2
- mataroa-exports.service.j2
- mataroa-backup.timer.j2
- mataroa-backup.service.j2
- mataroa-dailysummary.timer.j2
- mataroa-dailysummary.service.j2
become: yes
tasks:
# smoke test and essential dependencies
- name: ping
ansible.builtin.ping:
- name: essentials
ansible.builtin.apt:
update_cache: yes
name:
- gcc
- git
- rclone
- vim
state: present
# caddy
- name: add caddy key
ansible.builtin.apt_key:
id: 65760C51EDEA2017CEA2CA15155B6D79CA56EA34
url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
keyring: /etc/apt/trusted.gpg.d/caddy-stable.gpg
state: present
- name: add caddy repositories
ansible.builtin.apt_repository:
repo: "{{ item }}"
loop:
- "deb [signed-by=/etc/apt/trusted.gpg.d/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
- "deb-src [signed-by=/etc/apt/trusted.gpg.d/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
- name: install caddy
ansible.builtin.apt:
update_cache: yes
name: caddy
- name: caddyfile
ansible.builtin.template:
src: Caddyfile.j2
dest: /etc/caddy/Caddyfile
owner: root
group: root
mode: '0644'
notify: restart caddy
- name: systemd environment file for mataroa
ansible.builtin.template:
src: mataroa.env.j2
dest: /etc/systemd/system/mataroa.env
owner: root
group: root
mode: '0640'
# deploy user and directory
- name: create user
ansible.builtin.user:
name: deploy
password: ""
shell: /bin/bash
groups:
- sudo
- www-data
append: yes
createhome: yes
skeleton: '/etc/skel'
generate_ssh_key: yes
ssh_key_type: 'ed25519'
- name: www directory
ansible.builtin.file:
path: /var/www
state: directory
mode: '0755'
owner: deploy
group: www-data
# postgresql setup
- name: pg user
community.general.postgresql_user:
name: "{{ postgres_username }}"
password: "{{ postgres_password }}"
expires: infinity
state: present
become_user: postgres
- name: pg database
community.general.postgresql_db:
name: mataroa
owner: "{{ postgres_username }}"
state: present
become_user: postgres
- name: pg permissions
community.postgresql.postgresql_privs:
db: mataroa
privs: ALL
objs: ALL_IN_SCHEMA
role: "{{ postgres_username }}"
grant_option: true
become_user: postgres
# repo and tooling (as deploy user)
- name: setup repo and tooling
become_user: deploy
block:
- name: uv
ansible.builtin.shell:
cmd: curl -LsSf https://astral.sh/uv/0.8.8/install.sh | sh
- name: clone
ansible.builtin.git:
repo: https://github.com/mataroablog/mataroa
dest: /var/www/mataroa
version: main
accept_hostkey: true
# systemd
- name: systemd main service
ansible.builtin.template:
src: mataroa.service.j2
dest: /etc/systemd/system/mataroa.service
owner: root
group: root
mode: '0644'
notify:
- reload systemd
- restart mataroa
- name: systemd timers and helper services
ansible.builtin.template:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item | regex_replace('\\.j2$', '') }}"
owner: root
group: root
mode: '0644'
loop: "{{ systemd_unit_templates }}"
notify: reload systemd
- name: install backup script
ansible.builtin.copy:
src: backup-database.sh
dest: /home/deploy/backup-database.sh
owner: deploy
group: deploy
mode: '0755'
- name: flush handlers before enabling timers
ansible.builtin.meta: flush_handlers
- name: systemd enable and start timers
ansible.builtin.systemd:
name: "{{ item }}"
enabled: yes
state: started
loop:
- mataroa-notifications.timer
- mataroa-exports.timer
- mataroa-backup.timer
- mataroa-dailysummary.timer
- name: systemd enable
ansible.builtin.systemd:
name: mataroa
enabled: yes
# deployment specific
- name: collectstatic
ansible.builtin.shell:
cmd: "{{ django_manage }} collectstatic --no-input"
chdir: "{{ app_dir }}"
args:
executable: /bin/bash
become_user: deploy
- name: migrations
ansible.builtin.shell:
cmd: "{{ django_manage }} migrate --no-input"
chdir: "{{ app_dir }}"
args:
executable: /bin/bash
environment:
DATABASE_URL: "{{ database_url }}"
become_user: deploy
- name: caddy enable
ansible.builtin.systemd:
name: caddy
enabled: yes
handlers:
- name: reload systemd
ansible.builtin.systemd:
daemon_reload: true
- name: restart mataroa
ansible.builtin.systemd:
name: mataroa
state: restarted
- name: restart caddy
ansible.builtin.systemd:
name: caddy
state: restarted