chesterbr · chesterbr · Feb 14, 2024 · Feb 14, 2024 · Feb 14, 2024 · Feb 14, 2024
diff --git a/README.md b/README.md
@@ -26,6 +26,10 @@ Back-end for a Pebble app that finds the nearest bus/streetcar stops and shows h
 
 This is a simple Java app that listens on the 6912 port, handling communication between [miniTruco][2] clients and spawning bot players to fill incomplete tables (a miniTruco table requires 4 players).
 
+### staticman
+
+A fork of [Staticman](https://staticman.net/) that I use to handle comments on my [blog][4]. It's a Node.js app that listens on port 3002.
+
 ## Older scripts (not actively maintained)
 
 ### Home automation Raspberry Pi

diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -30,3 +30,6 @@ totransit_app_dir: /home/server/totransit/source/server
 # Minitruco (server)
 minitruco_checkout_dir: /home/server/minitruco/source
 minitruco_log_file: /var/log/supervisor/minitruco.log
+
+# Staticman (comments for chester.me)
+staticman_checkout_dir: /home/server/staticman/source
diff --git a/roles/chesterbr.nginx/templates/site.j2 b/roles/chesterbr.nginx/templates/site.j2
@@ -27,8 +27,24 @@ server {
 
   server {
     listen 443;
-    server_name {{ item.server.https_server_name }};
-    root {{ item.server.root }};
+
+    access_log /var/log/nginx/{{ item.server.file_name }}-access.log;
+    error_log /var/log/nginx/{{ item.server.file_name }}-error.log;
+
+    {% for k,v in item.server.items() %}
+    {% if k.find('location') == -1 and k != 'file_name' and k != 'https_server_name' %}
+    {{ k }} {{ v }};
+    {% endif %}
+    {% endfor %}
+
+    {% for k,v in item.server.items() if k.find('location') != -1 %}
+    location {{ v.name }} {
+    {% for x,y in v.items() if x != 'name' %}
+    {{ x }} {{ y }};
+    {% endfor %}
+    }
+    {% endfor %}
+
 
     ssl on;
     ssl_certificate {{ ssl_certificate_dir }}/fullchain.pem;

diff --git a/roles/chesterbr.vault/vars/vault.yml b/roles/chesterbr.vault/vars/vault.yml
diff --git a/roles/chesterbr.vault/vars/vault.yml.SAMPLE b/roles/chesterbr.vault/vars/vault.yml.SAMPLE
@@ -6,4 +6,6 @@
 #
 sptrans_username: 'username you created on http://www.sptrans.com.br/desenvolvedores/'
 sptrans_password: 'password for username above'
-cruzalinhas_secret_key_base: 'generate one with rake secret or your favorite method'
+cruzalinhas_secret_key_base: 'generate one with rake secret or your favorite method'
+staticman_github_app_private_key: 'see staticman docs; comes from the github app'
+staticman_rsa_private_key: 'see staticman docs; can gen with oepnssl genrsa'
diff --git a/staticman.yml b/staticman.yml
@@ -0,0 +1,83 @@
+---
+- hosts: production
+  remote_user: "{{ admin_user }}"
+
+  handlers:
+    - name: reload supervisor
+      shell: "service supervisor restart; supervisorctl reload"
+      become: yes
+
+    - name: restart app
+      shell: "supervisorctl restart staticman"
+      become: yes
+
+  roles:
+    - role: chesterbr.vault
+    - role: chesterbr.nginx
+      nginx_sites:
+        - server:
+            file_name: staticman.chester.me
+            root: "{{ staticman_checkout_dir }}/public"
+            server_name: staticman.chester.me
+            https_server_name: staticman.chester.me
+            location1: { name: '~ .*', proxy_pass: 'http://staticman_node' }
+    - role: geerlingguy.certbot
+      tags: certbot
+      become: yes
+      certbot_create_if_missing: true
+      certbot_auto_renew: true
+      certbot_auto_renew_user: root
+      certbot_admin_email: "{{ admin_email }}"
+      certbot_certs:
+        - domains:
+            - staticman.chester.me
+
+  tasks:
+    - name: Install prereq packages
+      apt: name={{ packages }} state=present
+      become: yes
+      vars:
+        packages:
+          - git
+          - nodejs
+          - npm
+          - supervisor
+
+    - name: Add staticman upstream to server config
+      become: yes
+      lineinfile: dest=/etc/nginx/sites-enabled/staticman.chester.me insertbefore="BOF" line="upstream staticman_node { server 127.0.0.1:3002; }"
+      notify:
+       - reload nginx
+
+    - name: Ensure code repository is at latest version
+      git: repo=https://github.com/chesterbr/staticman
+           accept_hostkey=true
+           dest={{ staticman_checkout_dir }}
+           version=master
+      notify: restart app
+      become: yes
+      become_user: "{{ server_user }}"
+      tags:
+        - update_app
+
+    - name: Ensure we have all node dependencies for staticman
+      command: bash -lc "cd {{ staticman_checkout_dir }}; npm install"
+      changed_when: false
+      become: yes
+      become_user: "{{ server_user }}"
+      tags:
+        - update_app
+
+    - name: Copies staticman infrastructure configuration
+      template: src=templates/staticman_infrastructure_config.json.j2 dest={{ staticman_checkout_dir }}/config.production.json
+      become: yes
+      become_user: "{{ server_user }}"
+      notify: reload supervisor
+
+    - name: Configures staticman to run under supervisor (from source dir)
+      template: src=templates/staticman.conf.supervisor.j2 dest=/etc/supervisor/conf.d/staticman.conf
+      become: yes
+      notify: reload supervisor
+      tags:
+        - configure_supervisor
+
diff --git a/templates/staticman.conf.supervisor.j2 b/templates/staticman.conf.supervisor.j2
@@ -0,0 +1,5 @@
+[program:staticman]
+command=sudo -u {{ server_user }} bash -lc "cd {{ staticman_checkout_dir }}; NODE_ENV=production npm start"
+stopasgroup=true
+killasgroup=true
+stopsignal=KILL
diff --git a/templates/staticman_infrastructure_config.json.j2 b/templates/staticman_infrastructure_config.json.j2
@@ -0,0 +1,6 @@
+{
+  "githubAppID": 825928,
+  "githubPrivateKey": "{{ staticman_github_app_private_key }}",
+  "rsaPrivateKey": "{{ staticman_rsa_private_key }}",
+  "port": 3002,
+}