Dustin C. Hatch
168bfee911
I want to publish the _20125_ Status application to an F-Droid repository to make it easy for Tabitha to install and update. F-Droid repositories are similar to other package repositories: a collection of packages and some metadata files. Although there is a fully-fledged server-side software package that can manage F-Droid repositories, it's not required: the metadata files can be pre-generated and then hosted by a static web server just fine. This commit adds configuration for the web server and reverse proxy to host the F-Droid repository at _apps.du5t1n.xyz_.
56 lines
1.3 KiB
YAML
56 lines
1.3 KiB
YAML
- name: ensure rsync is installed
|
|
package:
|
|
name: rsync
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure app group exists
|
|
group:
|
|
name: webapp.appsxyz
|
|
state: present
|
|
- name: ensure app user exists
|
|
user:
|
|
name: webapp.appsxyz
|
|
group: webapp.appsxyz
|
|
home: /srv/www/apps.du5t1n.xyz
|
|
createhome: true
|
|
state: present
|
|
|
|
- name: ensure app home directory permissions are set
|
|
file:
|
|
path: /srv/www/apps.du5t1n.xyz
|
|
mode: u=rwx,go=rx
|
|
state: directory
|
|
|
|
- name: ensure app ssh home directory exists
|
|
file:
|
|
path: /srv/www/apps.du5t1n.xyz/.ssh
|
|
mode: '0700'
|
|
owner: webapp.appsxyz
|
|
group: webapp.appsxyz
|
|
setype: ssh_home_t
|
|
state: directory
|
|
- name: ensure publisher keys are trusted
|
|
authorized_key:
|
|
key: "{{ appsxyz_publisher_keys|join('\n') }}"
|
|
user: webapp.appsxyz
|
|
exclusive: true
|
|
- name: ensure authorized_keys file permissions are correct
|
|
file:
|
|
path: /srv/www/apps.du5t1n.xyz/.ssh/authorized_keys
|
|
mode: u=rw,go=
|
|
owner: webapp.appsxyz
|
|
group: webapp.appsxyz
|
|
setype: ssh_home_t
|
|
|
|
- name: ensure apache is configured to serve apps.du5t1n.xyz
|
|
copy:
|
|
src: apps.du5t1n.xyz.httpd.conf
|
|
dest: /etc/httpd/conf.d/apps.du5t1n.xyz.conf
|
|
mode: u=rw,go=r
|
|
notify: reload httpd
|
|
tags:
|
|
- httpd-config
|
|
|