From a690a4df8a042a6b35aea1652d77e11146c90d51 Mon Sep 17 00:00:00 2001
From: MichiK <michik@michik.net>
Date: Tue, 22 Dec 2020 15:40:56 +0100
Subject: [PATCH] Add role for static website deployment

---
 host_vars/gabriel.c3heaven.de                    |  3 ++-
 roles/website-deployment/defaults/main.yml       |  4 ++++
 roles/website-deployment/tasks/main.yml          | 16 ++++++++++++++++
 .../templates/authorized_keys.j2                 |  3 +++
 web-ci-deployment.yml                            |  3 ++-
 5 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 roles/website-deployment/defaults/main.yml
 create mode 100644 roles/website-deployment/tasks/main.yml
 create mode 100644 roles/website-deployment/templates/authorized_keys.j2

diff --git a/host_vars/gabriel.c3heaven.de b/host_vars/gabriel.c3heaven.de
index 5c6cabf..eff4a1e 100644
--- a/host_vars/gabriel.c3heaven.de
+++ b/host_vars/gabriel.c3heaven.de
@@ -11,12 +11,13 @@ acmetool_cert_domains:
  - www.c3heaven.de
 
 angelguide_deployment_path: "/var/www/angelguide"
+website_deployment_path: "/var/www/static"
 
 nginx_https_sites:
  - name: "c3heaven.de"
    locations:
     - location: "/"
-      config: "root /var/www/html;"
+      config: "root {{ website_deployment_path }};"
     - location: "~ /wiki(.*)$"
       config: "return 301 https://wiki.c3heaven.de$1?$args;"
     - location: "~ /kanboard(.*)$"
diff --git a/roles/website-deployment/defaults/main.yml b/roles/website-deployment/defaults/main.yml
new file mode 100644
index 0000000..621d685
--- /dev/null
+++ b/roles/website-deployment/defaults/main.yml
@@ -0,0 +1,4 @@
+website_deployment_user: website
+website_deployment_path: /var/www/static
+website_deployment_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMW+8/hse/foM2TWgM5MA6LuT4A/eb0/biFUQwLt85nN
diff --git a/roles/website-deployment/tasks/main.yml b/roles/website-deployment/tasks/main.yml
new file mode 100644
index 0000000..bf97a12
--- /dev/null
+++ b/roles/website-deployment/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: create website deployment user
+  user:
+    name: "{{ website_deployment_user }}"
+    home: "{{ website_deployment_path }}"
+    system: yes
+    shell: /bin/sh
+
+- name: create .ssh directory for the website user
+  file:
+    path: "{{ website_deployment_path }}/.ssh"
+    state: directory
+
+- name: copy website deployment ssh keys
+  template:
+    src: authorized_keys.j2
+    dest: "{{ website_deployment_path }}/.ssh/authorized_keys"
diff --git a/roles/website-deployment/templates/authorized_keys.j2 b/roles/website-deployment/templates/authorized_keys.j2
new file mode 100644
index 0000000..a298faa
--- /dev/null
+++ b/roles/website-deployment/templates/authorized_keys.j2
@@ -0,0 +1,3 @@
+{% for key in website_deployment_keys %}
+command="/usr/local/bin/rrsync {{ website_deployment_path }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding {{ key }}
+{% endfor %}
diff --git a/web-ci-deployment.yml b/web-ci-deployment.yml
index 56cc715..c4e756a 100644
--- a/web-ci-deployment.yml
+++ b/web-ci-deployment.yml
@@ -1,8 +1,9 @@
 # Add directories, users, SSH keys etc. needed for automatic web deployment
 # of e.g. the angel guide via Gitlab CI
 
-- name: allow angelguide deployment
+- name: allow website and angelguide deployment
   hosts: gabriel.c3heaven.de
   become: yes
   roles:
    - angelguide-deployment
+   - website-deployment
-- 
GitLab