add ansible setup

Author: sirodoht

.envrc.example

@@ -4,13 +4,13 @@ venv/
 
 # environment
 .envrc
-.direnv/
-.pyenv/
-postgres-data/
 
 # generated static
 /static/
 
 # testing
 .coverage
 htmlcov/
+
+# database
+db.sqlite3

.gitignore

@@ -0,0 +1,18 @@
+# inventory.yaml
+
+# Server IP and user with ssh access
+export ANSIBLE_HOST=
+export ANSIBLE_USER=
+
+
+# vars.yaml
+
+# Show exceptions and tracebacks on errors
+export DEBUG=1
+
+# Used by Django to encrypt session login cookies
+export SECRET_KEY=xxx
+
+# SMTP credentials
+export EMAIL_HOST_USER=
+export EMAIL_HOST_PASSWORD=

ansible/.envrc.example

@@ -0,0 +1,3 @@
+[defaults]
+inventory = inventory.yaml
+pipelining = True

ansible/ansible.cfg

@@ -0,0 +1,13 @@
+collection.mataroa.blog {
+	route {
+		file_server /static/* {
+			root /var/www/illich
+		}
+		reverse_proxy 127.0.0.1:5006
+	}
+	encode zstd gzip
+	log {
+		output stdout
+		format console
+	}
+}

ansible/illich.caddy.j2

@@ -0,0 +1,20 @@
+[Unit]
+Description=illich
+After=network.target
+
+[Service]
+Type=simple
+User=deploy
+Group=www-data
+WorkingDirectory=/var/www/illich
+ExecStart=/var/www/illich/.venv/bin/gunicorn -b 127.0.0.1:5006 -w 4 illich.wsgi
+ExecReload=/bin/kill -HUP $MAINPID
+Environment="DEBUG={{ debug }}"
+Environment="SECRET_KEY={{ secret_key }}"
+Environment="EMAIL_HOST_USER={{ email_host_user }}"
+Environment="EMAIL_HOST_PASSWORD={{ email_host_password }}"
+TimeoutSec=15
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

ansible/illich.service.j2

@@ -0,0 +1,5 @@
+virtualmachines:
+  hosts:
+    brick:
+      ansible_host: "{{ lookup('env', 'ANSIBLE_HOST') }}"
+      ansible_user: "{{ lookup('env', 'ANSIBLE_USER') }}"

ansible/inventory.yaml

@@ -0,0 +1,132 @@
+---
+- hosts: virtualmachines
+  vars_files:
+    - vars.yaml
+  become: yes
+  tasks:
+    # smoke test and essential dependencies
+    - name: ping
+      ansible.builtin.ping:
+    - name: essentials
+      ansible.builtin.apt:
+        update_cache: yes
+        name:
+          - gcc
+          - git
+          - rclone
+          - vim
+        state: present
+
+    # caddy
+    - name: add caddy key
+      ansible.builtin.apt_key:
+        id: 65760C51EDEA2017CEA2CA15155B6D79CA56EA34
+        url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
+        keyring: /etc/apt/trusted.gpg.d/caddy-stable.gpg
+        state: present
+    - name: add caddy deb repository
+      ansible.builtin.apt_repository:
+        repo: deb [signed-by=/etc/apt/trusted.gpg.d/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
+    - name: add caddy deb-src repository
+      ansible.builtin.apt_repository:
+        repo: deb [signed-by=/etc/apt/trusted.gpg.d/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
+    - name: install caddy
+      ansible.builtin.apt:
+        update_cache: yes
+        name: caddy
+    - name: caddyfile
+      ansible.builtin.template:
+        src: illich.caddy.j2
+        dest: /etc/caddy/illich.caddy
+        owner: root
+        group: root
+        mode: '0644'
+
+    # deploy user and directory
+    - name: www directory
+      ansible.builtin.file:
+        path: /var/www
+        state: directory
+        mode: '0755'
+    - name: create user
+      ansible.builtin.user:
+        name: deploy
+        password: ""
+        shell: /bin/bash
+        groups:
+          - sudo
+          - www-data
+        append: yes
+        createhome: yes
+        skeleton: '/etc/skel'
+        generate_ssh_key: yes
+        ssh_key_type: 'ed25519'
+    - name: www ownership
+      ansible.builtin.file:
+        path: /var/www
+        owner: deploy
+        group: www-data
+        recurse: yes
+
+    # uv
+    - name: uv
+      ansible.builtin.shell:
+        cmd: curl -LsSf https://astral.sh/uv/0.9.17/install.sh | sh
+      become_user: deploy
+
+    # repository
+    - name: clone
+      ansible.builtin.git:
+        repo: https://github.com/mataroablog/illich
+        dest: /var/www/illich
+        version: main
+        accept_hostkey: true
+      become_user: deploy
+
+    # systemd
+    - name: systemd template
+      ansible.builtin.template:
+        src: illich.service.j2
+        dest: /etc/systemd/system/illich.service
+        owner: root
+        group: root
+        mode: '0644'
+    - name: systemd reload
+      ansible.builtin.systemd:
+        daemon_reload: true
+    - name: systemd enable
+      ansible.builtin.systemd:
+        name: illich
+        enabled: yes
+    - name: systemd start
+      ansible.builtin.systemd:
+        name: illich
+        state: restarted
+
+    # deployment specific
+    - name: collectstatic
+      ansible.builtin.shell:
+        cmd: |
+          source $HOME/.local/bin/env
+          uv run manage.py collectstatic --no-input
+        chdir: /var/www/illich
+      args:
+        executable: /bin/bash
+      become_user: deploy
+    - name: migrations
+      ansible.builtin.shell:
+        cmd: |
+          source $HOME/.local/bin/env
+          uv run manage.py migrate --no-input
+        chdir: /var/www/illich
+      args:
+        executable: /bin/bash
+      become_user: deploy
+    - name: gunicorn restart
+      ansible.builtin.systemd:
+        name: illich
+        state: restarted
+    - name: caddy restart
+      ansible.builtin.systemd:
+        name: caddy
+        state: restarted

ansible/playbook.yaml

@@ -0,0 +1,5 @@
+---
+debug: "{{ lookup('env', 'DEBUG') }}"
+secret_key: "{{ lookup('env', 'SECRET_KEY') }}"
+email_host_user: "{{ lookup('env', 'EMAIL_HOST_USER') }}"
+email_host_password: "{{ lookup('env', 'EMAIL_HOST_PASSWORD') }}"

ansible/vars.yaml

@@ -5,6 +5,7 @@ description = "mataroa collection engine"
 readme = "README.md"
 requires-python = ">=3.12"
 dependencies = [
+    "ansible>=13.1.0",
     "django>=6.0",
     "psycopg[binary]>=3.3.2",
 ]