Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lobsters/lobsters-ansible

Ansible playbook for lobste.rs
https://github.com/lobsters/lobsters-ansible

ansible nginx rails

Last synced: 6 days ago
JSON representation

Ansible playbook for lobste.rs

Awesome Lists containing this project

README

        

# Lobste.rs Ansible Playbook

Ansible playbook for lobste.rs.
Lobsters is a technology-focused link aggregation site.

See the notes below if you're using this to set up your own site.

To run:

$ ansible-playbook -K prod.yml

When working on staging:

$ ansible-playbook --inventory=inventories/staging.ini -K staging.yml

## Inventory

The following host groups are available:

db - SQL server
dns - authoritative DNS
mx* - incoming email
smtp* - outgoing email
www* - http over SSL

groups marked with an asterisk (*) use public SSL certificates.

The following variables are available:

db_server - SQL server
dns_server - authoritative DNS server
mx_server - incoming mail server
smtp_server - outgoing mail server
www_server - http/s

When a host group has more than one hostname, the _server variable contains the authoritative name for the hosted sevice.
This playbook tries not to distinguish between host variables and group variables.

https://docs.ansible.com/ansible/latest/intro_inventory.html

## Roles

mariadb - SQL database.
lobsters - web application.
nginx - http proxy and SSL termination.
sysadm - accounts and ssh shell acess for system administrators.
postfix - MX and smtp server.
lobsters-puma - App server

https://docs.ansible.com/ansible/latest/playbooks.html
https://docs.ansible.com/ansible/latest/playbooks_reuse_roles.html

## SSH Keys

To use this playbook, you'll need an account in the sysadm role along with an SSH key pair.

## Setup Notes

This is a rough checklist for turning a new Ubuntu LTS VPS into a running instance of Lobsters.
If you're familiar with Linux sysadmin and Rails it should be pretty self-explanatory.
You can drop by `#lobsters` on irc.libera.chat if you have questions.

```
ssh root@now box
apt update
apt full-upgrade
reboot # will almost certainly be a new kernel
apt-get install certbot

time ansible-playbook -K prod.yml # should get an error about connecting to database

mysql -u root
create database lobsters;
select sha1(concat('mash keyboard', rand()));
create user lobsters@'localhost' identified by "[hash]"; # may need to be @'%' for any host, an ip, etc
grant all privileges on lobsters.* to 'lobsters'@'localhost'; # match host from prev

create /srv/lobste.rs/http/config/initializers/production.rb
create /srv/lobste.rs/http/config/database.yml
create /srv/lobste.rs/http/config/secrets.yml

bundle exec rails credentials:edit to create secret key base
echo "[email protected]" > /root/.forward
run ansible again to deploy code + build assets
reboot again # to see everything comes up properly automatically

# probably need to 'systemctl reset-failed lobsters-puma' regularly during setup
# when puma exits on start due to misconfig

# test puma worker serves pages:
curl --no-buffer --unix-socket /srv/lobste.rs/run/puma.sock http://localhost/about
```