--- /dev/null
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+ vars:
+ dest: "{{ ansible_local.env.vars.prod_dir }}/passwords"
+ repo: "{{ ansible_local.env.vars.git_home_dir }}/passwords.git"
+ site: pass.conf
+ tasks:
+ - name: Create destination directory
+ file:
+ path: "{{ dest }}"
+ state: directory
+ mode: 0775
+ owner: git
+ group: git
+ become: true
+ - name: Checkout password to the destination directory
+ command: /usr/bin/git --work-tree={{ dest }} --git-dir={{ repo }} \
+ checkout main --force
+ become: true
+
+ - name: Install nginx
+ package:
+ name:
+ - nginx
+ state: latest
+ become: true
+ - name: Move site to /etc/nginx/sites-available
+ command: /usr/bin/mv {{ dest }}/{{ site }} \
+ /etc/nginx/sites-available/{{ site }}
+ become: true
+ - name: Enable site in nginx
+ shell: envsubst < /etc/nginx/sites-available/{{ site }} \
+ > /etc/nginx/sites-enabled/{{ site }}
+ environment: "{{ ansible_local.env.vars }}"
+ become: true
+ - name: Restart nginx
+ service:
+ name: nginx
+ state: restarted
+ become: true
--- /dev/null
+#!/bin/sh
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+while read old_revision new_revision branch
+do
+ if [ "${branch}" != "refs/heads/main" ]
+ then
+ echo "${branch} is not the main branch so not deploying."
+ exit 0
+ fi
+ sudo /usr/bin/ansible-playbook --connection=local deploy.yaml
+done
projects / metadata.git / commitdiff