[kwerenda] Configure automatic deployment.

diff --git a/kwerenda.git/deploy.yaml b/kwerenda.git/deploy.yaml
new file mode 100644 (file)
index 0000000..29beca3
--- /dev/null
+++ b/kwerenda.git/deploy.yaml
@@ -0,0 +1,66 @@
+# Copyright (c) 2025 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+  vars:
+    pgrest_bin: "linux-static-x64.tar.xz"
+    pgrest_page: "https://github.com/PostgREST/postgrest/releases/download"
+    pgrest_ver: "12.2.3"
+
+    dest: "{{ ansible_local.env.vars.prod_dir }}/kwerenda"
+    repo: "{{ ansible_local.env.vars.git_home_dir }}/kwerenda.git"
+    site: kwerenda.conf
+  tasks:
+    - name: Download PostgREST binary
+      get_url:
+        url: "{{ pgrest_page }}/v{{ pgrest_ver }}/postgrest-v{{ pgrest_ver }}-{{ pgrest_bin }}"
+        dest: "/tmp/postgrest.tar.xz"
+    - name: Install PostgREST
+      unarchive:
+        src: /tmp/postgrest.tar.xz
+        dest: /usr/bin
+        owner: root
+        group: root
+        mode: '0755'
+        remote_src: yes
+      become: true
+    - name: Checkout postgrest.conf to /etc
+      command: git --work-tree=/etc --git-dir={{ repo }} \
+        checkout main --force postgrest.conf
+      become: true
+    - name: Checkout postgrest.service to /usr/lib/systemd/system
+      command: git --work-tree=/usr/lib/systemd/system --git-dir={{ repo }} \
+        checkout main --force postgrest@.service
+      become: true
+    - name: Create user postgrest
+      user:
+        name: postgrest
+        create_home: no
+        shell: "/usr/sbin/nologin"
+    - name: Start a PostgREST server for each database
+      service:
+        name: "postgrest@{{ item }}"
+        enabled: true
+        state: restarted
+      become: true
+      with_items: "{{ ansible_local.env.vars.databases | split }}"
+
+    - name: Install nginx
+      package:
+        name: nginx
+        state: latest
+      become: true
+    - name: Checkout site to /etc/nginx/sites-available
+      command: git --work-tree=/etc/nginx/sites-available --git-dir={{ repo }} \
+        checkout main --force {{ site }}
+      become: true
+    - name: Enable site in nginx
+      shell: envsubst < /etc/nginx/sites-available/{{ site }} \
+        > /etc/nginx/sites-enabled/{{ site }}
+      environment: "{{ ansible_local.env.vars }}"
+      become: true
+    - name: Restart nginx
+      service:
+        name: nginx
+        state: restarted
+      become: true

diff --git a/kwerenda.git/hooks/post-receive b/kwerenda.git/hooks/post-receive
new file mode 100755 (executable)
index 0000000..bb14c36
--- /dev/null
+++ b/kwerenda.git/hooks/post-receive
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Copyright (c) 2025 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+while read old_revision new_revision branch
+do
+    if [ "${branch}" != "refs/heads/main" ]
+    then
+        echo "${branch} is not the main branch so not deploying."
+        exit 0
+    fi
+    sudo ansible-playbook --connection=local deploy.yaml
+done