ansible/monorepo.liw.fi.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

- hosts: monorepo.liw.fi
  remote_user: root
  roles:
    - role: sane_debian_system
    - role: sshd
    - role: unix_users
    - role: apache_server
    - role: self-updating-system
  tasks:
    - apt:
        name:
          - curl
          - git
          - screen
    - shell: |
        a2enmod cgi alias env
    - copy:
        content: |
          <VirtualHost *:80>
                  ServerName monorepo.liw.fi
                  ServerAdmin liw@liw.fi
                  DocumentRoot /var/www/html

                  <Directory "/">
                      AllowOverride None
                      Order deny,allow
                      Allow from all
                  </Directory>

                  <Location "/>
                      Require all granted
                  </Location>

                  ErrorLog ${APACHE_LOG_DIR}/error.log
                  CustomLog ${APACHE_LOG_DIR}/access.log combined

                  SetEnv GIT_PROJECT_ROOT /home/liw/git
                  SetEnv GIT_HTTP_EXPORT_ALL
                  ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
          </VirtualHost>
        dest: /etc/apache2/sites-enabled/000-default.conf
    - copy:
        content: |
          <VirtualHost *:443>
                  ServerName monorepo.liw.fi
                  ServerAdmin liw@liw.fi
                  DocumentRoot /var/www/html
                  SSLEngine on
                  SSLCertificateFile      /etc/letsencrypt/live/monorepo.liw.fi/fullchain.pem
                  SSLCertificateKeyFile   /etc/letsencrypt/live/monorepo.liw.fi/privkey.pem

                  <Directory "/">
                      AllowOverride None
                      Order deny,allow
                      Allow from all
                  </Directory>

                  <Location "/>
                      Require all granted
                  </Location>

                  ErrorLog ${APACHE_LOG_DIR}/error.log
                  CustomLog ${APACHE_LOG_DIR}/access.log combined

                  SetEnv GIT_PROJECT_ROOT /home/liw/git
                  SetEnv GIT_HTTP_EXPORT_ALL
                  ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
          </VirtualHost>
        dest: /etc/apache2/sites-enabled/000-default.conf
    - systemd:
        name: apache2
        state: restarted

  vars:
    sane_debian_system_version: 2
    sane_debian_system_hostname: monorepo
    sane_debian_system_codename: bookworm
    sane_debian_system_mirror: deb.debian.org

    unix_users_version: 2
    unix_users:
      - username: liw
        comment: Lars Wirzenius
        sudo: yes

    letsencrypt: yes
    letsencrypt_email: liw@liw.fi
    letsencrypt_main_domain: monorepo.liw.fi
    certbot_debian_release: bookworm

    sshd_version: 1
    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key monorepo.liw.fi') }}"
    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 monorepo.liw.fi') }}"
    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"