From 3815a1293394a7842576d73fb40b309ac787fb53 Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Sun, 23 Feb 2020 23:16:33 +0100
Subject: [PATCH] Add role for ssh-deployable websites (like www.fsmpi)

---
 deployable-website/defaults/main.yml         |  6 ++
 deployable-website/tasks/main.yml            |  7 +++
 deployable-website/tasks/website.yml         | 59 ++++++++++++++++++++
 deployable-website/templates/authorized_keys |  1 +
 4 files changed, 73 insertions(+)
 create mode 100644 deployable-website/defaults/main.yml
 create mode 100644 deployable-website/tasks/main.yml
 create mode 100644 deployable-website/tasks/website.yml
 create mode 100644 deployable-website/templates/authorized_keys

diff --git a/deployable-website/defaults/main.yml b/deployable-website/defaults/main.yml
new file mode 100644
index 0000000..c23af32
--- /dev/null
+++ b/deployable-website/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+deployable_websites: []
+# - name: "name"
+#   pubkey: "ssh-…"
+#   subdirs: []
diff --git a/deployable-website/tasks/main.yml b/deployable-website/tasks/main.yml
new file mode 100644
index 0000000..f734f68
--- /dev/null
+++ b/deployable-website/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+
+- include_tasks: website.yml
+  with_items: "{{deployable_websites}}"
+  loop_control:
+    loop_var: website
+    label: "{{website.name}}"
diff --git a/deployable-website/tasks/website.yml b/deployable-website/tasks/website.yml
new file mode 100644
index 0000000..68f8938
--- /dev/null
+++ b/deployable-website/tasks/website.yml
@@ -0,0 +1,59 @@
+---
+
+- name: create a group
+  group:
+    name: "{{website.name}}"
+    system: true
+    state: present
+
+- name: create a user
+  user:
+    name: "{{website.name}}"
+    group: "{{website.name}}"
+    system: true
+    home: "/var/www/{{website.name}}"
+    shell: /bin/bash
+    createhome: false
+    state: present
+
+- name: create a home directory
+  file:
+    path: "/var/www/{{website.name}}"
+    state: "directory"
+    owner: "{{website.name}}"
+    group: "{{website.name}}"
+    mode: "0755"
+
+- name: create an ssh directory
+  file:
+    path: "/var/www/{{website.name}}/.ssh"
+    state: "directory"
+    owner: "{{website.name}}"
+    group: "{{website.name}}"
+    mode: "0755"
+
+- name: create a deploy directory
+  file:
+    path: "/var/www/{{website.name}}/deploy"
+    state: "directory"
+    owner: "{{website.name}}"
+    group: "{{website.name}}"
+    mode: "0755"
+
+- name: authorize the deploy key
+  template:
+    src: "authorized_keys"
+    dest: "/var/www/{{website.name}}/.ssh/authorized_keys"
+    owner: "{{website.name}}"
+    group: "{{website.name}}"
+    mode: "0644"
+
+- name: create deploy subdirectories
+  file:
+    path: "/var/www/{{website.name}}/deploy/{{item}}"
+    state: "directory"
+    owner: "{{website.name}}"
+    group: "{{website.name}}"
+    mode: "0755"
+  with_items: "{{website.subdirs|default([])}}"
+
diff --git a/deployable-website/templates/authorized_keys b/deployable-website/templates/authorized_keys
new file mode 100644
index 0000000..090be19
--- /dev/null
+++ b/deployable-website/templates/authorized_keys
@@ -0,0 +1 @@
+{{website.pubkey}}
-- 
GitLab