/automate

a simple Ansible framework to deploy Rails apps, Middleman sites, or simple HTML pages on Debian server(s), with free SSL certs and off-site nightly backups

Primary LanguageShellBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

our automate framework deploys on Debian servers the latest versions of:

  • ntp (time sync)
  • ufw (firewall, always active)
  • Passenger (for Ruby on Rails apps, or Flask/Django apps)
  • Nginx (web server) + Lets Encrypt SSL for all your apps
  • Percona mySQL (database)
  • Postfix (mail server w/ own TLS certificate) + OpenDKIM
  • tarsnap (encrypted backups stored remotely)
  • munin basic monitoring for nginx mysql passenger cpu ram
  • your latest HTML+CSS apps from your own git repository
  • your latest Middleman apps from your own git repository
  • your latest Ruby on Rails apps from your own git repo
  • keeps the latest 5 versions of all your deployed web apps
  • creates nightly (tarsnap) backups of your apps +DBs +SSLs
  • script to maintain & prune backups according to a schedule
  • deploy-time restores from backups of the Rails apps +DBs

Installing & running automate on OSX

  1. install brew and rvm
  2. install ansible latest/2.7+ with brew
  3. load your SSH keys into the ssh-agent (with ssh-add)
  4. ready*
  5. NOTE: you need to store your certbot and tarsnap keys to the files/ path
  6. see the README in files/, and your SSH (public) keys must go to public-keys/
  7. then, you need to update your DNS records, see https://wiki.debian.org/opendkim
  8. NOTE: when updating production ENVs, use -e backup=no (do NOT restore DBs/files)
  9. while OSX is not actually required, it could make your experience more rewarding 🤓

Running It

deploying all web apps [+from backups] on the target or group of servers called "minus"

ansible-playbook deploy.yml -i inventory.yml -e target=minus

deploying only certain web apps [+from backups] on the target which match the filter

ansible-playbook deploy.yml -i inventory.yml -e target=minus -e filter=tacsi

deploying only certain web apps [+from backups] and force recreating their SSL certs

ansible-playbook deploy.yml -i inventory.yml -e target=minus -e filter=tacsi -e certforce=yes

deploying only the rails web apps on the target (WILL restore their DB/files from backups)

ansible-playbook rails.yml -i inventory.yml -e target=minus

deploying only the rails web apps on the target, without restoring ANYthing from backups

ansible-playbook rails.yml -i inventory.yml -e target=minus -e backup=no

deploying only the middleman sites on the target

ansible-playbook middleman.yml -i inventory.yml -e target=minus

deploying only the static/plain/html sites on the target

ansible-playbook static.yml -i inventory.yml -e target=minus

creating/updating only the SSL certs & nginx site configs for all web apps

ansible-playbook certs.yml -i inventory.yml -e target=minus

deploying all web apps on the target w/o installing SSL certs, w/o activating their cron:s

ansible-playbook deploy.yml -i inventory.yml -e target=minus -e usessl=no -e active=no

deploying only nginx sites configs on the target w/o installing SSL certs, aka HTTP only

ansible-playbook domains.yml -i inventory.yml -e target=minus -e usessl=no