From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Mon, 29 May 2023 20:41:22 +0000 (+0200)
Subject: [passwords] Configure automatic deployment.
X-Git-Url: https://git.ekhem.eu.org/?a=commitdiff_plain;h=77e1173223b24c6a7d328ac7dd5f4ceab1d870d9;p=metadata.git

[passwords] Configure automatic deployment.
---

diff --git a/passwords.git/config b/passwords.git/config
new file mode 100644
index 0000000..4bd8276
--- /dev/null
+++ b/passwords.git/config
@@ -0,0 +1,5 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
+        sparseCheckout = true
diff --git a/passwords.git/deploy.yaml b/passwords.git/deploy.yaml
new file mode 100644
index 0000000..a888657
--- /dev/null
+++ b/passwords.git/deploy.yaml
@@ -0,0 +1,42 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+  vars:
+    dest: "{{ ansible_local.env.vars.prod_dir }}/passwords"
+    repo: "{{ ansible_local.env.vars.git_home_dir }}/passwords.git"
+    site: pass.conf
+  tasks:
+    - name: Create destination directory
+      file:
+        path: "{{ dest }}"
+        state: directory
+        mode: 0775
+        owner: git
+        group: git
+      become: true
+    - name: Checkout password to the destination directory
+      command: /usr/bin/git --work-tree={{ dest }} --git-dir={{ repo }} \
+        checkout main --force
+      become: true
+
+    - name: Install nginx
+      package:
+        name:
+          - nginx
+        state: latest
+      become: true
+    - name: Move site to /etc/nginx/sites-available
+      command: /usr/bin/mv {{ dest }}/{{ site }} \
+        /etc/nginx/sites-available/{{ site }}
+      become: true
+    - name: Enable site in nginx
+      shell: envsubst < /etc/nginx/sites-available/{{ site }} \
+        > /etc/nginx/sites-enabled/{{ site }}
+      environment: "{{ ansible_local.env.vars }}"
+      become: true
+    - name: Restart nginx
+      service:
+        name: nginx
+        state: restarted
+      become: true
diff --git a/passwords.git/hooks/post-receive b/passwords.git/hooks/post-receive
new file mode 100755
index 0000000..ac81bdc
--- /dev/null
+++ b/passwords.git/hooks/post-receive
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+while read old_revision new_revision branch
+do
+    if [ "${branch}" != "refs/heads/main" ]
+    then
+       echo "${branch} is not the main branch so not deploying."
+       exit 0
+    fi
+    sudo /usr/bin/ansible-playbook --connection=local deploy.yaml
+done
diff --git a/passwords.git/info/sparse-checkout b/passwords.git/info/sparse-checkout
new file mode 100644
index 0000000..a838f8c
--- /dev/null
+++ b/passwords.git/info/sparse-checkout
@@ -0,0 +1,2 @@
+/*
+!dummy.gpg