:wrench: merge deployment scripts

deploy/group_vars/all.yml

@@ -1,10 +1,8 @@
 ansible_user: "deploy"
 ansible_python_interpreter: /usr/bin/python3
-ansible_ssh_private_key_file: "{{inventory_dir}}/.ssh/id_ed25519"
+ansible_ssh_private_key_file: "{{ inventory_dir }}/.ssh/id_ed25519"
 #ansible_ssh_private_key_file: "{{inventory_dir}}/.ssh/id_rsa"
 
-app_deploy_target: "/opt/{{ app_vendor }}/{{ ansible_date_time.iso8601_basic }}"
-app_downloads: "{{ ansible_env.HOME }}/downloads"
-app_backup: "{{ ansible_env.HOME }}/backup"
+app_www_deploy_target: "/var/www/{{ inventory_hostname }}/{{ ansible_date_time.iso8601_basic }}"
 app_python_version: "3.11"
 app_php_version: "8.0"

deploy/mint.yml

@@ -4,16 +4,16 @@
     - ubuntu
     - python3
     - php
+    - mint-clone
 
-- hosts: db
+- hosts: www
   roles:
+    - mint-www
 
-- hosts:
-    - www
-    - 
+- hosts: assets
   roles:
-    - wikipali
+    - mint-assets
 
-- hosts: www
+- hosts: db
   roles:
-    - wikipali
+    - mint-db

deploy/roles/deploy/main.yml

@@ -1,5 +0,0 @@
-- name: Git checkout
-  ansible.builtin.git:
-    repo: 'https://foosball.example.org/path/to/repo.git'
-    dest: /srv/checkout
-    version: release-0.22

deploy/roles/mint-assets/files/.gitignore

@@ -0,0 +1 @@
+/public/

deploy/roles/mint-assets/tasks/main.yml

@@ -0,0 +1,16 @@
+- name: Upload assets folder
+  become: true
+  ansible.builtin.copy:
+    src: public
+    dest: /var/www/{{ inventory_hostname }}
+    owner: www-data
+    group: www-data
+
+- name: upload nginx.conf
+  bacame: true
+  ansible.builtin.template:
+    src: nginx.conf.j2
+    dest: "/etc/nginx/sites-enabled/{{ inventory_hostname }}"
+    owner: www-data
+    group: www-data
+    mode: '0400'

deploy/roles/mint-assets/templates/nginx.conf.j2

@@ -0,0 +1,10 @@
+server {
+    listen 80;
+
+    gzip on;
+    server_name {{ inventory_hostname }};
+    root /var/www/{{ inventory_hostname }};
+
+    access_log off;
+    error_log /var/log/nginx/{{ inventory_hostname }}.error.log warn;
+}

deploy/roles/mint-clone/main.yml

@@ -0,0 +1,63 @@
+- name: Creates directory
+  become: true
+  file:
+    path: "/var/www/{{ inventory_hostname }}"
+    state: directory
+    owner: "{{ ansible_user }}"
+
+- name: Git checkout source code
+  ansible.builtin.git:
+    repo: 'https://github.com/iapt-platform/mint.git'
+    dest: "{{ app_www_deploy_target }}"
+    version: laravel
+
+- name: Install v2 php dependencies
+  ansible.builtin.shell: composer install
+  args:
+    chdir: "{{ app_www_deploy_target }}"
+
+- name: Install v2 nodejs dependencies
+  ansible.builtin.shell: npm install
+  args:
+    chdir: "{{ app_www_deploy_target }}"
+
+# TODO will remove in future
+- name: Install v1 php dependencies
+  ansible.builtin.shell: composer install
+  args:
+    chdir: "{{ app_www_deploy_target }}/public"
+
+# TODO will remove in future
+- name: Install v1 nodejs dependencies
+  ansible.builtin.shell: npm install
+  args:
+    chdir: "{{ app_www_deploy_target }}/public"
+
+- name: .env(v2)
+  bacame: true
+  ansible.builtin.template:
+    src: env-v2.j2
+    dest: "{{ app_www_deploy_target }}/.env"
+    owner: www-data
+    group: www-data
+    mode: '0400'
+
+# TODO will remove in future
+- name: config.php(v1)
+  bacame: true
+  ansible.builtin.template:
+    src: config-v1.php.j2
+    dest: "{{ app_www_deploy_target }}/public/app/config.php"
+    owner: www-data
+    group: www-data
+    mode: '0400'
+
+# TODO will remove in future
+- name: config.js(v1)
+  bacame: true
+  ansible.builtin.template:
+    src: config-v1.js.j2
+    dest: "{{ app_www_deploy_target }}/public/app/config.js"
+    owner: www-data
+    group: www-data
+    mode: '0400'

deploy/roles/mint-clone/templates/config-v1.js.j2

@@ -0,0 +1,14 @@
+var RPC_SERVER="https://rpc.wikipali.org";
+
+/*
+  |---------------
+  |网站资源文件，非用户的图片，音频，视频
+  |---------------
+  |对应/public/tmp/ 目录 开发线可以设置为 http://127.0.0.1:8000/tmp
+  |所有文件存储在 https://drive.google.com/drive/folders/1-4dn4juD-0-lsKndDui2W9nT9wcS_Y33?usp=sharing
+  |开发线可自行下载放到/public/tmp/
+  |或直接引用离您最近的assets server
+  |------------------------
+*/
+
+var ASSETS_SERVER = "https://assets-hk.wikipali.org"

deploy/roles/mint-clone/templates/config-v1.php.j2

@@ -0,0 +1,60 @@
+<?php
+#目录设置，不能更改
+require_once __DIR__."/config.dir.php";
+
+#域名设置
+define("RPC_SERVER","https://rpc.wikipali.org");
+/*
+电子邮件设置
+PHPMailer
+*/
+define("Email", [
+				 "Host"=>"smtp.gmail.com",//Set the SMTP server to send through
+				 "SMTPAuth"=>true,//Enable SMTP authentication
+				 "Username"=>'your@gmail.com',//SMTP username
+				 "Password"=>'your_password',//SMTP password
+				 "Port"=>465,//TCP port to connect to 465; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
+				 "From"=>"your@gmail.com",
+				 "Sender"=>"sender"
+				 ]);
+
+/*
+数据库设置
+*/
+define("Database",[
+	"type"=>"pgsql",
+	"server"=>"localhost",
+	"port"=>5432,
+	"name"=>"mint",
+	"sslmode" => "disable",
+	"user" => "postgres",
+	"password" => "123456"
+]);
+
+
+/*
+Redis 设置，
+*/
+define("Redis",[
+	"host" => "{{ app_redis_host }}",
+	"port" => 6379,
+	"password" => "",
+	"prefix"=>"mint://"
+]);
+
+# 雪花id
+define("SnowFlake",[
+	"DatacenterId"=>1,
+	"WorkerId"=>1
+]);
+/*
+数据表
+*/
+#表设置，此行不能更改
+require_once __DIR__."/config.table.php";
+
+#表名设置，此行不能更改
+require_once __DIR__."/config.migrate.php";
+
+
+?>

deploy/roles/mint-clone/templates/env-v2.j2

@@ -0,0 +1,58 @@
+BASE_DIR="/workspace/.env.global"
+CACHE_DIR="${BASE_DIR}/cache"
+TMP_DIR="${BASE_DIR}/tmp"
+
+APP_NAME={{  }}
+APP_ENV=local
+APP_KEY=
+APP_DEBUG=true
+APP_URL=http://localhost
+
+LOG_CHANNEL=stack
+LOG_DEPRECATIONS_CHANNEL=null
+LOG_LEVEL=debug
+
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=mint_new
+DB_USERNAME=root
+DB_PASSWORD=
+
+BROADCAST_DRIVER=log
+CACHE_DRIVER=file
+FILESYSTEM_DRIVER=local
+QUEUE_CONNECTION=sync
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
+
+MEMCACHED_HOST=127.0.0.1
+
+REDIS_HOST=127.0.0.1
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+MAIL_MAILER=smtp
+MAIL_HOST=mailhog
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDRESS=null
+MAIL_FROM_NAME="${APP_NAME}"
+
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_DEFAULT_REGION=us-east-1
+AWS_BUCKET=
+AWS_USE_PATH_STYLE_ENDPOINT=false
+
+PUSHER_APP_ID=
+PUSHER_APP_KEY=
+PUSHER_APP_SECRET=
+PUSHER_APP_CLUSTER=mt1
+
+MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
+MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+
+ASSETS_SERVER="https://assets-{{ app_cluster_id }}.wikipali.org"

deploy/roles/mint-www/tasks/main.yml

@@ -0,0 +1,8 @@
+- name: upload nginx.conf
+  bacame: true
+  ansible.builtin.template:
+    src: nginx.conf.j2
+    dest: "/etc/nginx/sites-enabled/{{ inventory_hostname }}"
+    owner: www-data
+    group: www-data
+    mode: '0400'

deploy/roles/mint-www/templates/nginx.conf.j2

@@ -0,0 +1,33 @@
+server {
+    listen 80;
+
+    gzip on;
+    server_name {{ inventory_hostname }};
+    root {{ app_www_deploy_target }};
+    client_max_body_size 16M;
+
+    access_log off;
+    error_log /var/log/nginx/{{ inventory_hostname }}.error.log warn;
+
+    location / {
+        index index.html index.php;
+    }
+
+    location ~ /.git/ {
+        deny all;
+    }
+
+    location ~ \.php$ {
+        try_files $fastcgi_script_name =404;
+
+        include fastcgi_params;
+
+        fastcgi_pass			unix:/run/php/php{{ app_php_version }}-fpm.sock;
+        fastcgi_index			index.php;
+        fastcgi_buffers			8 16k;
+        fastcgi_buffer_size		32k;
+
+        fastcgi_param DOCUMENT_ROOT     $realpath_root;
+        fastcgi_param SCRIPT_FILENAME   $realpath_root$fastcgi_script_name;
+    }
+}

deploy/roles/ubuntu/tasks/main.yml

@@ -78,18 +78,22 @@
       - zip
       - unzip
       - nginx
+      - certbot
       - openvpn
       - snmpd
       - systemd-cron
       - systemd-timesyncd
       - screen
       - tmux
+      - hugo
       - python3
       - python3-pip
       - python3-distutils
       - python3-dev
-      - libpq5
-      
+      - libssl-dev
+      - libpq-dev
+      - libmysqlclient-dev
+
 
 - include: locales.yml
 
@@ -140,7 +144,6 @@
     enabled: yes
     masked: no
 
-
 - name: enable cron service
   become: true
   ansible.builtin.systemd:
@@ -148,6 +151,12 @@
     enabled: yes
     masked: no
 
+- name: enable certbot sync
+  ansible.builtin.cron:
+    name: "renew certbot"
+    special_time: monthly
+    job: "/usr/bin/certbot renew --force-renewal"
+
 - name: enable ssh service
   become: true
   ansible.builtin.systemd: