1 files changed, 94 insertions, 0 deletions

diff --git a/ansible/monorepo.liw.fi.yml b/ansible/monorepo.liw.fi.yml
new file mode 100644
index 0000000..24dc5dd
--- /dev/null
+++ b/ansible/monorepo.liw.fi.yml
@@ -0,0 +1,94 @@
+- hosts: monorepo.liw.fi
+  remote_user: root
+  roles:
+    - role: sane_debian_system
+    - role: sshd
+    - role: unix_users
+    - role: apache_server
+    - role: self-updating-system
+  tasks:
+    - apt:
+        name:
+          - curl
+          - git
+          - screen
+    - shell: |
+        a2enmod cgi alias env
+    - copy:
+        content: |
+          <VirtualHost *:80>
+                  ServerName monorepo.liw.fi
+                  ServerAdmin liw@liw.fi
+                  DocumentRoot /var/www/html
+
+                  <Directory "/">
+                      AllowOverride None
+                      Order deny,allow
+                      Allow from all
+                  </Directory>
+
+                  <Location "/>
+                      Require all granted
+                  </Location>
+
+                  ErrorLog ${APACHE_LOG_DIR}/error.log
+                  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+                  SetEnv GIT_PROJECT_ROOT /home/liw/git
+                  SetEnv GIT_HTTP_EXPORT_ALL
+                  ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
+          </VirtualHost>
+        dest: /etc/apache2/sites-enabled/000-default.conf
+    - copy:
+        content: |
+          <VirtualHost *:443>
+                  ServerName monorepo.liw.fi
+                  ServerAdmin liw@liw.fi
+                  DocumentRoot /var/www/html
+                  SSLEngine on
+                  SSLCertificateFile      /etc/letsencrypt/live/monorepo.liw.fi/fullchain.pem
+                  SSLCertificateKeyFile   /etc/letsencrypt/live/monorepo.liw.fi/privkey.pem
+
+                  <Directory "/">
+                      AllowOverride None
+                      Order deny,allow
+                      Allow from all
+                  </Directory>
+
+                  <Location "/>
+                      Require all granted
+                  </Location>
+
+                  ErrorLog ${APACHE_LOG_DIR}/error.log
+                  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+                  SetEnv GIT_PROJECT_ROOT /home/liw/git
+                  SetEnv GIT_HTTP_EXPORT_ALL
+                  ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
+          </VirtualHost>
+        dest: /etc/apache2/sites-enabled/000-default.conf
+    - systemd:
+        name: apache2
+        state: restarted
+
+  vars:
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: monorepo
+    sane_debian_system_codename: bookworm
+    sane_debian_system_mirror: deb.debian.org
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+
+    letsencrypt: yes
+    letsencrypt_email: liw@liw.fi
+    letsencrypt_main_domain: monorepo.liw.fi
+    certbot_debian_release: bookworm
+
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key monorepo.liw.fi') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 monorepo.liw.fi') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"