chore: add start of Ansible playbook for deploying ewww

Sponsored-by: author

6 files changed, 156 insertions, 0 deletions

diff --git a/debian/rules b/debian/rules
index aaa5a27..e3d7fd8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,6 +8,8 @@ override_dh_auto_build:
 
 override_dh_auto_install:
 	cargo install --path=. --root=debian/ewww
+	install -d debian/ewww/lib/systemd/system
+	install -m 0644 ewww.service debian/ewww/lib/systemd/system/ewww.service
 	rm -f debian/ewww/.crates.toml
 	rm -f debian/ewww/.crates2.json
 
diff --git a/ewww-vars.yml b/ewww-vars.yml
new file mode 100644
index 0000000..e66d32c
--- /dev/null
+++ b/ewww-vars.yml
@@ -0,0 +1,30 @@
+ci_prod_signing_key: |
+    -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+    mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp
+    5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS
+    +T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO
+    HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p
+    JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM
+    jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM
+    3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4
+    6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe
+    UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5
+    TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl
+    kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB
+    tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3
+    LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ
+    CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h
+    dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ
+    LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN
+    31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw
+    P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv
+    2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM
+    cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD
+    SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441
+    6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK
+    Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod
+    GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps
+    GSJSdir7NkZidgwoCPA7BTqsb5LN
+    =dXB0
+    -----END PGP PUBLIC KEY BLOCK-----
diff --git a/ewww.service b/ewww.service
new file mode 100644
index 0000000..add9477
--- /dev/null
+++ b/ewww.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=Ewww web server
+
+[Service]
+ExecStart=/usr/bin/ewww /etc/ewww.yaml
diff --git a/ewww.yaml b/ewww.yaml
new file mode 100644
index 0000000..5278fee
--- /dev/null
+++ b/ewww.yaml
@@ -0,0 +1,2 @@
+# A vmadm spec file for a ewww VM.
+ewww: {}
diff --git a/ewww.yml b/ewww.yml
new file mode 100644
index 0000000..d8a10af
--- /dev/null
+++ b/ewww.yml
@@ -0,0 +1,116 @@
+# An Ansible playbook to deploy ewww. This is currently for demo
+# purposes only, and installs a self-signed toy TLS certificate.
+
+- hosts: ewww
+  remote_user: debian
+  become: yes
+  roles:
+    - sane_debian_system
+  tasks:
+    - name: "Install ewww"
+      apt:
+        name:
+          - ewww
+          - psmisc
+          - curl
+        state: present
+    - name: "Create /srv/http"
+      file:
+        state: directory
+        path: /srv/http
+    - name: "Create ewww config directory"
+      file:
+        state: directory
+        path: /etc/ewww
+    - name: "Install ewww config"
+      copy:
+        content: |
+          webroot: /srv/http
+          listen: "0.0.0.0:443"
+          tls_cert: /etc/ewww/tls.pem
+          tls_key: /etc/ewww/tls.key
+        dest: /etc/ewww/ewww.yaml
+    - name: "Install TLS cert"
+      copy:
+        content: |
+          -----BEGIN CERTIFICATE-----
+          MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx
+          EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz
+          NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+          ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7
+          uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z
+          Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO
+          FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH
+          pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk
+          zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC
+          AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX
+          h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob
+          7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk
+          xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa
+          WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP
+          NdZiSNvGZAbEnmMnNCEYMO3wVA==
+          -----END CERTIFICATE-----
+        dest: /etc/ewww/tls.pem
+    - name: "Install TLS key"
+      copy:
+        content: |
+          -----BEGIN RSA PRIVATE KEY-----
+          MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP
+          +3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D
+          LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ
+          GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H
+          i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi
+          qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj
+          ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG
+          qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1
+          iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T
+          AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K
+          EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7
+          vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU
+          PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I
+          E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm
+          uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco
+          eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g
+          T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci
+          gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW
+          GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf
+          psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj
+          DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R
+          Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra
+          udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e
+          4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI
+          cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g==
+          -----END RSA PRIVATE KEY-----
+        dest: /etc/ewww/tls.key
+    - name: "Install systemd service"
+      copy:
+        content: |
+          [Unit]
+          Description=ewww web server
+
+          [Service]
+          ExecStart=/usr/bin/ewww /etc/ewww/ewww.yaml
+        dest: /lib/systemd/system/ewww.service
+    - name: "Enable and start ewww service"
+      systemd:
+        name: ewww
+        state: restarted
+        enabled: yes
+        daemon_reload: yes
+  vars:
+    sane_debian_system_version: 2
+    unix_users_version: 2
+
+    sane_debian_system_hostname: ewww
+    sane_debian_system_codename: buster
+    sane_debian_system_mirror: deb.debian.org
+
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users:
+      - username: static
+        comment: Static web site content
+        authorized_keys: |
+          {{ static_ssh_pub }}
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..1166a32
--- /dev/null
+++ b/hosts
@@ -0,0 +1 @@
+ewww
\ No newline at end of file