Ansible playbook to set up build server for fsfe.org https://status.fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Max Mehl eeff18c70b
make REUSE compliant
1 week ago
.reuse make REUSE compliant 1 week ago
LICENSES make REUSE compliant 1 week ago
files make REUSE compliant 1 week ago
group_vars make REUSE compliant 3 months ago
roles/certbot-standalone make REUSE compliant 3 months ago
tasks syncing time stamps is no longer necessary 1 month ago
templates use TLS certs for LDAP 1 month ago
README.md syncing time stamps is no longer necessary 1 month ago
ansible.cfg make REUSE compliant 3 months ago
hosts.ini Rename hosts file to prevent future problems 3 months ago
setup.yml make REUSE compliant 3 months ago
vaultpw.gpg add reinhard 3 months ago
vaultpw.gpg.license make REUSE compliant 3 months ago
vaultpw.sh make REUSE compliant 3 months ago

README.md

FSFE Build Server

REUSE status

This Ansible playbook automatically sets up the build server for the FSFE website.

Features

  • Set up build server from scratch
  • Enable build server to access the webserver(s)
  • Clone the git repos for fsfe-website (master and test branch)
  • Configure the web build status page incl. TLS cert
  • Set up cronjob to make the website build automatically

Deploy

To deploy the while playbook, just run:

ansible-playbook -i hosts.ini setup.yml

This will make all edits as described. Please note that you will have to be able to decrypt vaultpw.gpg.

Playbook Structure

The playbook is logically split in multiple tasks, all initiated from setup.yml. It also includes a role copied from webserver-bunsen for certbot.

All variables are defined in group_vars/all.

Build server structure

The build runs as an unprivileged user, currently build.

All significant build files reside under /srv/www (or {{ build_dir }} respectively). There also in a crontab file and of course the Apache2 config and Let's Encrypt files.

Notes

  • There is one encrypted string and three files for the LDAP authentication to run a full build. The files are encrypted with the GPG keys of the System Hackers coordinators.
  • The build server's public SSH key needs to be set as deploy key in the Git repo. Instructions will appear in the output if access to Git does not seem to be possible.