From 6162919df9853d64044794bc7ec5905001ca5017 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Thu, 23 Nov 2023 20:54:15 +0100
Subject: [PATCH] [gdrive_proxy] Configure automatic deployment and document
 the repository.

---
 gdrive_proxy.git/deploy.yaml        | 70 +++++++++++++++++++++++++++++
 gdrive_proxy.git/description        |  1 +
 gdrive_proxy.git/hooks/post-receive | 13 ++++++
 3 files changed, 84 insertions(+)
 create mode 100644 gdrive_proxy.git/deploy.yaml
 create mode 100644 gdrive_proxy.git/description
 create mode 100755 gdrive_proxy.git/hooks/post-receive

diff --git a/gdrive_proxy.git/deploy.yaml b/gdrive_proxy.git/deploy.yaml
new file mode 100644
index 0000000..fdbd2db
--- /dev/null
+++ b/gdrive_proxy.git/deploy.yaml
@@ -0,0 +1,70 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+  vars:
+    dest: "{{ ansible_local.env.vars.prod_dir }}/gdrive_proxy"
+    repo: "{{ ansible_local.env.vars.git_home_dir }}/gdrive_proxy.git"
+    site: gdrive_proxy.conf
+  tasks:
+    - name: Install gdrive_knife
+      pip:
+        name: gdrive_knife
+        extra_args: --break-system-packages
+        state: latest
+      become: true
+
+    - name: Create destination directory
+      file:
+        path: "{{ dest }}"
+        state: directory
+        mode: 0775
+        owner: git
+        group: www-data
+      become: true
+    - name: Checkout scripts to the destination directory
+      command: git --work-tree={{ dest }} --git-dir={{ repo }} checkout main \
+        --force *.sh
+      become: true
+    - find:
+        paths: "{{ dest }}"
+        file_type: file
+        patterns: "*.sh"
+      register: scripts
+    - name: Make gdrive_proxy scripts executable
+      file:
+        path: "{{ item.path }}"
+        mode: 0744
+        owner: www-data
+        group: www-data
+      become: true
+      with_items: "{{ scripts.files }}"
+
+    - name: Install fcgiwrap and nginx
+      package:
+        name:
+          - fcgiwrap
+          - nginx
+        state: latest
+      become: true
+    - name: Checkout site to /etc/nginx/sites-available
+      command: git --work-tree=/etc/nginx/sites-available --git-dir={{ repo }} \
+        checkout main --force {{ site }}
+      become: true
+    - name: Checkout fcgiwrap.service to /usr/lib/systemd/system
+      command: git --work-tree=/usr/lib/systemd/system --git-dir={{ repo }} \
+        checkout main --force fcgiwrap.service
+      become: true
+    - name: Enable site in nginx
+      shell: envsubst < /etc/nginx/sites-available/{{ site }} \
+        > /etc/nginx/sites-enabled/{{ site }}
+      environment: "{{ ansible_local.env.vars }}"
+      become: true
+    - name: Restart fcgiwrap and nginx
+      service:
+        name: "{{ item }}"
+        state: restarted
+      become: true
+      with_items:
+        - fcgiwrap
+        - nginx
diff --git a/gdrive_proxy.git/description b/gdrive_proxy.git/description
new file mode 100644
index 0000000..8fdbd75
--- /dev/null
+++ b/gdrive_proxy.git/description
@@ -0,0 +1 @@
+Proxy for Google Drive which archives and encrypts files.
diff --git a/gdrive_proxy.git/hooks/post-receive b/gdrive_proxy.git/hooks/post-receive
new file mode 100755
index 0000000..8226a87
--- /dev/null
+++ b/gdrive_proxy.git/hooks/post-receive
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+while read old_revision new_revision branch
+do
+    if [ "${branch}" != "refs/heads/main" ]
+    then
+        echo "${branch} is not the main branch so not deploying."
+        exit 0
+    fi
+    sudo ansible-playbook --connection=local deploy.yaml
+done
-- 
2.39.5