Ansible playbook to set up build server for fsfe.org https://status.fsfe.org
Go to file
Tobias Diekershoff 7b5ada4228
All checks were successful
continuous-integration/drone/push Build is passing
update crontab
2024-10-16 11:16:39 +02:00
group_vars connect to LDAP via innernet instead of stunnel 2022-08-15 17:26:16 +02:00
inventory@6704314ee8 bump inventory 2021-10-12 15:47:50 +02:00
LICENSES Fix reuse 2024-08-06 16:27:36 +02:00
roles/certbot-standalone make REUSE compliant 2020-03-25 19:24:45 +01:00
tasks Changes necessary for FSFE/fsfe-website#4369 2024-08-13 11:33:31 +02:00
templates update crontab 2024-10-16 11:16:39 +02:00
.drone.yml adding drone CI for docs sync 2023-01-13 10:28:31 +01:00
.gitmodules make reuse compliant 2021-01-19 18:52:29 +01:00
ansible.cfg make run behind our ip-proxy 2021-07-16 17:29:42 +02:00
README.md added docs.fsfe.org badge to the README 2023-01-13 10:30:04 +01:00
REUSE.toml Fix reuse 2024-08-06 16:27:36 +02:00
setup.yml Fix serving git repo instead of built repo 2024-08-14 14:34:00 +02:00
vaultpw.gpg add tobiasd@fsfe.org's key to the vaultpw file 2024-08-10 17:37:17 +00:00
vaultpw.gpg.license make REUSE compliant 2020-03-25 19:24:45 +01:00
vaultpw.sh make REUSE compliant 2020-03-25 19:24:45 +01:00

FSFE Build Server

in docs.fsfe.org REUSE status

This Ansible playbook automatically sets up the build server for the FSFE website.

Clone this repo:

git clone --recurse-submodules git@git.fsfe.org:fsfe-system-hackers/build-server.git

Update the inventory submodule to reflect the newest changes to the list of our hosts and the groups that they are in:

git submodule update --remote inventory

Features

  • Set up build server from scratch
  • Enable build server to access the webserver(s)
  • Clone the git repos for fsfe-website (master and test branch)
  • Configure the web build status page incl. TLS cert
  • Set up cronjob to make the website build automatically

Deploy

To deploy the while playbook, just run:

ansible-playbook setup.yml \
        -l "buildserver,webserver,gitserver"

This will make all edits as described. Please note that you will have to be able to decrypt vaultpw.gpg.

Playbook Structure

The playbook is logically split in multiple tasks, all initiated from setup.yml. It also includes a role copied from webserver for certbot.

All variables are defined in group_vars/all.

Build server structure

The build runs as an unprivileged user, currently build.

All significant build files reside under /srv/www (or {{ build_dir }} respectively). There also in a crontab file and of course the Apache2 config and Let's Encrypt files.

Notes

  • There is one encrypted string and three files for the LDAP authentication to run a full build. The files are encrypted with the GPG keys of the System Hackers coordinators.
  • The build server's public SSH key needs to be set as deploy key in the Git repo. Instructions will appear in the output if access to Git does not seem to be possible.