From 46f3a37d95590d19e3554ef728e4db6da0b8d37b Mon Sep 17 00:00:00 2001
From: MichiK <michik@michik.net>
Date: Sun, 20 Dec 2020 03:58:55 +0100
Subject: [PATCH] Add playbook and role for angelguide deployment via CI

---
 host_vars/gabriel.c3heaven.de                    |  5 ++++-
 roles/angelguide-deployment/defaults/main.yml    |  4 ++++
 roles/angelguide-deployment/tasks/main.yml       | 16 ++++++++++++++++
 .../templates/authorized_keys.j2                 |  3 +++
 web-ci-deployment.yml                            |  8 ++++++++
 5 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 roles/angelguide-deployment/defaults/main.yml
 create mode 100644 roles/angelguide-deployment/tasks/main.yml
 create mode 100644 roles/angelguide-deployment/templates/authorized_keys.j2
 create mode 100644 web-ci-deployment.yml

diff --git a/host_vars/gabriel.c3heaven.de b/host_vars/gabriel.c3heaven.de
index 4bf9831..78f2a35 100644
--- a/host_vars/gabriel.c3heaven.de
+++ b/host_vars/gabriel.c3heaven.de
@@ -10,6 +10,8 @@ acmetool_cert_domains:
  - wiki.c3heaven.de
  - www.c3heaven.de
 
+angelguide_deployment_path: "/var/www/angelguide"
+
 nginx_https_sites:
  - name: "c3heaven.de"
    locations:
@@ -21,7 +23,8 @@ nginx_https_sites:
       config: "return 301 https://kanboard.c3heaven.de$1?$args;"
     - location: "~ /guide/(.*).pdf$"
       config: |-
-          root /var/www/html;
+          root {{ angelguide_deployment_path }};
+          rewrite ^/guide(.*)$ $1;
           add_header Access-Control-Allow-Origin *;
     - location: "/angelguide.pdf"
       config: "rewrite .* /guide/angelguide_$lang.pdf;"
diff --git a/roles/angelguide-deployment/defaults/main.yml b/roles/angelguide-deployment/defaults/main.yml
new file mode 100644
index 0000000..835ef55
--- /dev/null
+++ b/roles/angelguide-deployment/defaults/main.yml
@@ -0,0 +1,4 @@
+angelguide_deployment_user: angelguide
+angelguide_deployment_path: /var/www/angelguide
+angelguide_deployment_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf5VFP0+QmV+yzWDw+VHkJtORwJzM5dUtHV/grdRbcb
diff --git a/roles/angelguide-deployment/tasks/main.yml b/roles/angelguide-deployment/tasks/main.yml
new file mode 100644
index 0000000..a85442a
--- /dev/null
+++ b/roles/angelguide-deployment/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: create angelguide deployment user
+  user:
+    name: "{{ angelguide_deployment_user }}"
+    home: "{{ angelguide_deployment_path }}"
+    system: yes
+    shell: /bin/sh
+
+- name: create .ssh directory for the angelguide user
+  file:
+    path: "{{ angelguide_deployment_path }}/.ssh"
+    state: directory
+
+- name: copy angelguide deployment ssh keys
+  template:
+    src: authorized_keys.j2
+    dest: "{{ angelguide_deployment_path }}/.ssh/authorized_keys"
diff --git a/roles/angelguide-deployment/templates/authorized_keys.j2 b/roles/angelguide-deployment/templates/authorized_keys.j2
new file mode 100644
index 0000000..78038db
--- /dev/null
+++ b/roles/angelguide-deployment/templates/authorized_keys.j2
@@ -0,0 +1,3 @@
+{% for key in angelguide_deployment_keys %}
+command="/usr/local/bin/rrsync {{ angelguide_deployment_path }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding {{ key }}
+{% endfor %}
diff --git a/web-ci-deployment.yml b/web-ci-deployment.yml
new file mode 100644
index 0000000..56cc715
--- /dev/null
+++ b/web-ci-deployment.yml
@@ -0,0 +1,8 @@
+# Add directories, users, SSH keys etc. needed for automatic web deployment
+# of e.g. the angel guide via Gitlab CI
+
+- name: allow angelguide deployment
+  hosts: gabriel.c3heaven.de
+  become: yes
+  roles:
+   - angelguide-deployment
-- 
GitLab