From 61b120d1da4e9c8c7c542db6148aa513f8120f66 Mon Sep 17 00:00:00 2001
From: Andreas Kloeckner <inform@tiker.net>
Date: Fri, 14 Feb 2020 19:25:07 -0600
Subject: [PATCH] Initial docker/Ansible deployment work

---
 deploy/Dockerfile           | 14 ++++++++++++++
 deploy/inventory.yml        |  4 ++++
 deploy/relate-nginx-site.j2 | 33 +++++++++++++++++++++++++++++++++
 deploy/relate.yml           | 31 +++++++++++++++++++++++++++++++
 4 files changed, 82 insertions(+)
 create mode 100644 deploy/Dockerfile
 create mode 100644 deploy/inventory.yml
 create mode 100644 deploy/relate-nginx-site.j2
 create mode 100644 deploy/relate.yml

diff --git a/deploy/Dockerfile b/deploy/Dockerfile
new file mode 100644
index 000000000..194e54f9a
--- /dev/null
+++ b/deploy/Dockerfile
@@ -0,0 +1,14 @@
+FROM inducer/debian-amd64-minbase
+MAINTAINER Andreas Kloeckner <inform@tiker.net>
+# EXPOSE 9941
+# RUN useradd runcode
+
+RUN echo 'APT::Default-Release "testing";' >> /etc/apt/apt.conf
+
+RUN apt update
+RUN apt -y -o APT::Install-Recommends=0 -o APT::Install-Suggests=0 install ansible python3-distutils
+RUN mkdir /root/ansible
+COPY *.yml /root/ansible/
+COPY *.j2 /root/ansible/
+RUN cd /root/ansible && ansible-playbook -i inventory.yml relate.yml
+
diff --git a/deploy/inventory.yml b/deploy/inventory.yml
new file mode 100644
index 000000000..7b0bc44e9
--- /dev/null
+++ b/deploy/inventory.yml
@@ -0,0 +1,4 @@
+webservers:
+  hosts:
+    mycontainer:
+      ansible_connection: local
diff --git a/deploy/relate-nginx-site.j2 b/deploy/relate-nginx-site.j2
new file mode 100644
index 000000000..a39fc5be1
--- /dev/null
+++ b/deploy/relate-nginx-site.j2
@@ -0,0 +1,33 @@
+server {
+  listen *:80;
+  listen [::]:80;
+  server_name {{relate_server_name}};
+
+  rewrite ^ https://$server_name$request_uri? permanent;  # enforce https
+
+  add_header X-Frame-Options SAMEORIGIN;
+}
+
+server {
+  listen *:443 ssl;
+  listen [::]:443 ssl;
+
+  ssl_certificate {{ relate_cert.cert }};
+  ssl_certificate_key {{ relate_cert.key }};
+
+  client_max_body_size 100M;
+
+  location / {
+    include uwsgi_params;
+    uwsgi_read_timeout 300;
+    uwsgi_pass unix:/tmp/uwsgi-relate.sock;
+  }
+  location /static {
+    alias /home/relate/relate/static;
+  }
+  location /media {
+    alias /home/relate/relate/media;
+  }
+
+  add_header X-Frame-Options SAMEORIGIN;
+}
diff --git a/deploy/relate.yml b/deploy/relate.yml
new file mode 100644
index 000000000..6f0af278a
--- /dev/null
+++ b/deploy/relate.yml
@@ -0,0 +1,31 @@
+---
+- hosts: webservers
+  vars:
+    relate_server_name: relate.localhost
+    self_signed_cert:
+      key: /etc/ssl/private/server.key
+      cert: /etc/ssl/certs/server.crt
+    relate_cert:
+      key: "{{ self_signed_cert.key }}"
+      cert: "{{ self_signed_cert.cert }}"
+
+  remote_user: root
+  tasks:
+
+  - name: Create self-signed certificate, if configured.
+    command: >
+      openssl req -x509 -nodes -subj '/CN={{ relate_server_name }}' -days 365
+      -newkey rsa:4096 -sha256 -keyout {{ self_signed_cert.key }} -out {{ self_signed_cert.cert }}
+      creates={{ self_signed_cert.cert }}
+
+  - name: Ensure nginx is at the latest version
+    apt:
+      name: nginx-light
+      state: latest
+
+  - name: Write nginx config file
+    template:
+      src: relate-nginx-site.j2
+      dest: /etc/nginx/sites-available/relate-nginx-site
+
+# vim: shiftwidth=2