From 3d46e6b4117d3fd4c2949866b196f8b20e720be6 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 29 Jul 2018 09:32:19 -0500
Subject: [PATCH] websites: Add role for dustin.hatch.name

The *websites/dustin.hatch.name* role configures a server to host
http://dustin.hatch.name/. The role only applies basic configuration;
the actual website application is published by Jenkins.
---
 .../files/dustin.hatch.name.httpd.conf        | 20 +++++++
 .../dustin.hatch.name/handlers/main.yml       |  8 +++
 .../websites/dustin.hatch.name/tasks/main.yml | 53 +++++++++++++++++++
 3 files changed, 81 insertions(+)
 create mode 100644 roles/websites/dustin.hatch.name/files/dustin.hatch.name.httpd.conf
 create mode 100644 roles/websites/dustin.hatch.name/handlers/main.yml
 create mode 100644 roles/websites/dustin.hatch.name/tasks/main.yml

diff --git a/roles/websites/dustin.hatch.name/files/dustin.hatch.name.httpd.conf b/roles/websites/dustin.hatch.name/files/dustin.hatch.name.httpd.conf
new file mode 100644
index 0000000..3f57438
--- /dev/null
+++ b/roles/websites/dustin.hatch.name/files/dustin.hatch.name.httpd.conf
@@ -0,0 +1,20 @@
+# vim: set ft=apache :
+
+WSGIDaemonProcess dchwww \
+	user=webapp.dchwww \
+	group=webapp.dchwww \
+	python-home=/srv/www/dustin.hatch.name/venv \
+	display-name=%{GROUP}
+
+
+<VirtualHost *:80>
+	ServerName dustin.hatch.name
+
+	WSGIScriptAlias / /srv/www/dustin.hatch.name/site.py \
+		process-group=dchwww
+	Alias /static /srv/www/dustin.hatch.name/static
+
+	<Location />
+		Require all granted
+	</Location>
+</VirtualHost>
diff --git a/roles/websites/dustin.hatch.name/handlers/main.yml b/roles/websites/dustin.hatch.name/handlers/main.yml
new file mode 100644
index 0000000..68662db
--- /dev/null
+++ b/roles/websites/dustin.hatch.name/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: restart httpd
+  service:
+    name=httpd
+    state=restarted
+- name: reload httpd
+  service:
+    name=httpd
+    state=reloaded
diff --git a/roles/websites/dustin.hatch.name/tasks/main.yml b/roles/websites/dustin.hatch.name/tasks/main.yml
new file mode 100644
index 0000000..e692f68
--- /dev/null
+++ b/roles/websites/dustin.hatch.name/tasks/main.yml
@@ -0,0 +1,53 @@
+- name: ensure mod_wsgi is installed
+  package:
+    name=python3-mod_wsgi
+    state=present
+  notify: restart httpd
+  tags:
+  - install
+
+- name: ensure rsync is installed
+  package:
+    name=rsync
+    state=present
+  tags:
+  - install
+
+- name: ensure app group exists
+  group:
+    name=webapp.dchwww
+    state=present
+- name: ensure app user exists
+  user:
+    name=webapp.dchwww
+    group=webapp.dchwww
+    home=/srv/www/dustin.hatch.name
+    createhome=yes
+    state=present
+
+- name: ensure app home directory permissions are set
+  file:
+    path=/srv/www/dustin.hatch.name
+    mode=0755
+    state=directory
+
+- name: ensure publisher keys are trusted
+  authorized_key:
+    key: "{{ dchwww_publisher_keys|join('\n') }}"
+    user: webapp.dchwww
+    exclusive: true
+
+- name: ensure virtualenv exists
+  become: true
+  become_user: webapp.dchwww
+  pip:
+    name: pip
+    virtualenv: /srv/www/dustin.hatch.name/venv
+    virtualenv_command: /usr/bin/python3 -m venv
+
+- name: ensure apache is configured to serve dustin.hatch.name
+  copy:
+    src=dustin.hatch.name.httpd.conf
+    dest=/etc/httpd/conf.d/dustin.hatch.name.conf
+    mode=0644
+  notify: reload httpd