/lobsters-ansible

Ansible playbook for lobste.rs

Primary LanguageShellISC LicenseISC

Lobste.rs Ansible Playbook

Ansible playbook for lobste.rs. Lobsters is a technology-focused link aggregation site.

See the notes below if you're using this to set up your own site.

To run:

$ ansible-playbook -K prod.yml

When working on staging:

$ ansible-playbook --inventory=inventories/staging.ini -K staging.yml

Inventory

The following host groups are available:

db              - SQL server
dns             - authoritative DNS
mx*             - incoming email
smtp*           - outgoing email
www*            - http over SSL

groups marked with an asterisk (*) use public SSL certificates.

The following variables are available:

db_server       - SQL server
dns_server      - authoritative DNS server
mx_server       - incoming mail server
smtp_server     - outgoing mail server
www_server      - http/s

When a host group has more than one hostname, the _server variable contains the authoritative name for the hosted sevice. This playbook tries not to distinguish between host variables and group variables.

https://docs.ansible.com/ansible/latest/intro_inventory.html

Roles

mariadb         - SQL database.
lobsters        - web application.
nginx           - http proxy and SSL termination.
sysadm          - accounts and ssh shell acess for system administrators.
postfix         - MX and smtp server.
lobsters-puma   - App server

https://docs.ansible.com/ansible/latest/playbooks.html https://docs.ansible.com/ansible/latest/playbooks_reuse_roles.html

SSH Keys

To use this playbook, you'll need an account in the sysadm role along with an SSH key pair.

Setup Notes

This is a rough checklist for turning a new Ubuntu LTS VPS into a running instance of Lobsters. If you're familiar with Linux sysadmin and Rails it should be pretty self-explanatory. You can drop by #lobsters on irc.libera.chat if you have questions.

  ssh root@now box
   apt update
   apt full-upgrade
   reboot # will almost certainly be a new kernel
   apt-get install certbot

 time ansible-playbook -K prod.yml # should get an error about connecting to database

 mysql -u root
   create database lobsters;
   select sha1(concat('mash keyboard', rand()));
   create user lobsters@'localhost' identified by "[hash]"; # may need to be @'%' for any host, an ip, etc
   grant all privileges on lobsters.* to 'lobsters'@'localhost'; # match host from prev

 create /srv/lobste.rs/http/config/initializers/production.rb
 create /srv/lobste.rs/http/config/database.yml
 create /srv/lobste.rs/http/config/secrets.yml

 bundle exec rails credentials:edit to create secret key base
 echo "your@email.com" > /root/.forward
 run ansible again to deploy code + build assets
 reboot again # to see everything comes up properly automatically

 # probably need to 'systemctl reset-failed lobsters-puma' regularly during setup
 # when puma exits on start due to misconfig

 # test puma worker serves pages:
 curl --no-buffer --unix-socket /srv/lobste.rs/run/puma.sock http://localhost/about