{"id":16058581,"url":"https://github.com/shey/railroad","last_synced_at":"2025-03-17T21:31:23.507Z","repository":{"id":182133036,"uuid":"667954675","full_name":"shey/railroad","owner":"shey","description":"Ready-To-Go Rails 7 environment: Ubuntu 20.04, Rbenv, Niginx, Certbot, Unicorn, Postgres","archived":false,"fork":false,"pushed_at":"2024-01-09T00:37:31.000Z","size":51,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-28T04:57:01.748Z","etag":null,"topics":["ansible","rails"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shey.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-07-18T17:16:36.000Z","updated_at":"2023-10-04T04:46:05.000Z","dependencies_parsed_at":"2023-07-22T23:01:50.812Z","dependency_job_id":"772c914d-10c4-4517-ab8e-3db70b0a69e1","html_url":"https://github.com/shey/railroad","commit_stats":{"total_commits":10,"total_committers":1,"mean_commits":10.0,"dds":0.0,"last_synced_commit":"29a9ed42b308d84363a5891420ecbde250fa66be"},"previous_names":["shey/rails-ubuntu-ansible"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shey%2Frailroad","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shey%2Frailroad/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shey%2Frailroad/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shey%2Frailroad/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shey","download_url":"https://codeload.github.com/shey/railroad/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243885994,"owners_count":20363649,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","rails"],"created_at":"2024-10-09T03:21:58.670Z","updated_at":"2025-03-17T21:31:23.193Z","avatar_url":"https://github.com/shey.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# railroad\n\nWelcome to Railroad, [Railcar's companion project](https://github.com/shey/railcar). A repository with Ansible playbooks and roles to configure a Ubuntu 20.04 server with a Rails 7 environment (Rbenv, Nginx, LetsEncrypt/TLS, Unicorn, and Postgres).\n\n## Usage Notes\n### Idempotency\n\nThe `build.yml` playbook, as currently set up, is not idempotent. The most effective way to utilize this playbook is through tag slicing. For instance, to update the nginx config for the Rails app, run `ansible-playbook -i inventory/production playbooks/build.yml -v --diff --tags=nginx-site-config`.\n\nTo achieve idempotency, you can move the destructive roles into a separate playbook. The prime candidates for this move would be the `nginx-reverse-proxy` and `nginx-certbot` roles. Further implementing logic to determine when to reload a service, rather than restarting it, could also improve idempotency.\n\n### Deployment\n#### Preparing SSH-Agent\nEnsure ssh-agent is operational by running:\n```\npkill ssh-agent \u0026\u0026 eval `ssh-agent` \u0026\u0026 ssh-add ~/.ssh/id_rsa.\n```\n\nUpdate your `.ssh/config` to enable *KeyForwarding* to your host. See [GitHub's SSH agent forwarding guide](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding).\n\n#### Running Ansible\nAfter configuring the project, run the `ansible-playbook` command to apply the roles and confgs to the production server.\n\n```sh\nansible-playbook -i inventory/production playbooks/build.yml -v --diff\n```\n\n## Installation and Configuration\n### Installing Ansible\n1. Create a local Python virtual environment with `make venv`.\n1. Activate the environment using `source venv/bin/activate`.\n1. Install Ansible and its dependencies with `make install`.\n\n### Handling Secrets with Ansible Vault\nThis project uses [Ansible Vault](https://docs.ansible.com/ansible/latest/vault_guide/index.html) to store secrets and keys.\n\n1. With the virtual environment active, `run ENV=production make ansible_vaults` to set up the Ansible Vault password and create empty vault files.\n1. Generate a secret key with `bin/rails secret` from a Rails app root directory. Assign this to `v_secret_key_base` in your vault.\n1. Generate a random password for PostgreSQL database access and assign to `v_app_db_user_password`.\n\n#### Certbot Variables Configuration\n1. Replace `1.1.1.1` in `inventory/production` with your server's IP.\n1. Set `server_name` to your domain in `inventory/group_vars/production/vars.yml`. Ensure DNS entry matches IP above.\n1. Assign `admin_email` to your email where LetsEncrypt will send expiry notifications.\n\n#### SSH Keys Configuration\n1. Update `ssh_key` for rails user in `inventory/group_vars/production/vars.yml` with your public SSH key.\n1. Replace _shey_ with your preferred login username and update the `ssh_key`.\n\n### Caution\n1. Always protect your host with a firewall.\n1. The method for handling secrets is best suited for a one or two-person team.\n1. The `build.yml` playbook is not idempotent.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshey%2Frailroad","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshey%2Frailroad","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshey%2Frailroad/lists"}