initial commit

9 files changed, 244 insertions, 0 deletions

diff --git a/cmd/ansible/.gitignore b/cmd/ansible/.gitignore
new file mode 100644
index 0000000..eeb2d6a
--- /dev/null
+++ b/cmd/ansible/.gitignore
@@ -0,0 +1,3 @@
+*.retry*
+roles/nginx
+roles/certbot
diff --git a/cmd/ansible/ansible.cfg b/cmd/ansible/ansible.cfg
new file mode 100644
index 0000000..d48a88f
--- /dev/null
+++ b/cmd/ansible/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+inventory = hosts
+roles_path = roles/
diff --git a/cmd/ansible/conf.toml.j2 b/cmd/ansible/conf.toml.j2
new file mode 100644
index 0000000..5f08a26
--- /dev/null
+++ b/cmd/ansible/conf.toml.j2
@@ -0,0 +1,17 @@
+log_level="info"
+mode="production"
+log_out="/var/cryptoportfolio-app/app.log"
+port="8080"
+
+[db]
+user="{{ postgres_user }}"
+password="{{ postgres_password }}"
+database="{{ postgres_database }}"
+address="localhost:5432"
+
+[api]
+domain="{{ app_domain }}"
+jwt_secret="{{ jwt_secret }}"
+
+[app]
+public_dir="/var/cryptoportfolio-app/static"
diff --git a/cmd/ansible/cryptoportfolio-app.j2 b/cmd/ansible/cryptoportfolio-app.j2
new file mode 100644
index 0000000..40979d6
--- /dev/null
+++ b/cmd/ansible/cryptoportfolio-app.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Cryptoportfolio app
+ 
+[Service]
+Type=simple
+ 
+User={{ app_user }}
+Group={{ app_user }}
+UMask=007
+ 
+ExecStart=/usr/bin/cryptoportfolio-app -conf /var/cryptoportfolio-app/conf.toml
+ 
+Restart=on-failure
diff --git a/cmd/ansible/deploy.yml b/cmd/ansible/deploy.yml
new file mode 100644
index 0000000..b56c581
--- /dev/null
+++ b/cmd/ansible/deploy.yml
@@ -0,0 +1,105 @@
+---
+- hosts: jloup-home
+
+  tasks:
+    - include_vars: vars.yml
+
+    - name: install myservice systemd unit file
+      template: src=cryptoportfolio-app.j2 dest=/etc/systemd/system/cryptoportfolio-app.service
+      become: yes
+
+    - name: stop cryptoportfolio-app
+      systemd: state=stopped name=cryptoportfolio-app
+      become: yes
+
+    - name: Creates cryptoportfolio-app directory
+      file: path=/var/cryptoportfolio-app state=directory owner={{ app_user }}
+      become: yes
+
+    - name: Set log file.
+      file: path=/var/cryptoportfolio-app/app.log owner={{ app_user }} state=touch
+      become: yes
+
+    - name: Copy server app binary from github 'https://github.com/jloup/dist/releases/download/crypto-v{{ version }}/cryptoportfolio-linux-{{ linux_arch }}'.
+      get_url:
+        url: "https://github.com/jloup/dist/releases/download/crypto-v{{ version }}/cryptoportfolio-linux-{{ linux_arch }}"
+        dest: /usr/bin/cryptoportfolio-app
+        owner: "{{ app_user }}"
+        mode: "u=rwx,g=r,o=r"
+      become: yes
+
+    - name: Copy server app configuration file. 
+      template:
+        src: conf.toml.j2
+        dest: /var/cryptoportfolio-app/conf.toml
+        owner: "{{ app_user }}"
+      become: yes
+
+    - name: Create webapp directory.
+      file: path=/var/cryptoportfolio-app/static state=directory owner={{ app_user }}
+      become: yes
+
+    - name: Copy webapp files from github 'https://github.com/jloup/dist/releases/download/crypto-v{{ version }}/webapp.tar.gz'.
+      unarchive:
+        src: "https://github.com/jloup/dist/releases/download/crypto-v{{ version }}/webapp.tar.gz"
+        dest: /var/cryptoportfolio-app/static
+        remote_src: yes
+        owner: "{{ app_user }}"
+        mode: "u=rwx,g=r,o=r"
+      become: yes
+
+    - import_role:
+        name: nginx
+      become: yes
+      vars:
+        nginx_vhosts:
+          - listen: "443 ssl"
+            server_name: "{{ app_domain }}"
+            filename: "{{ app_domain }}.443.conf"
+            extra_parameters: |
+              ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem;
+              ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem;
+              location / {
+                proxy_pass "http://127.0.0.1:8080";
+              }
+
+          - listen: "80"
+            server_name: "{{ app_domain }}"
+            filename: "{{ app_domain}}.80.conf"
+            return: "301 https://{{ app_domain }}$request_uri"
+
+    - import_role:
+        name: certbot
+      become: yes
+      vars:
+        certbot_admin_email: jeanloup.jamet@gmail.com
+        certbot_create_if_missing: yes
+        certbot_create_standalone_stop_services: []
+        certbot_create_method: standalone
+        certbot_certs:
+          - domains:
+            - "{{ app_domain }}"
+
+    - name: Create postgres user.
+      user: name=postgres
+
+    - name: Add cryptoportfolio database.
+      postgresql_db: name={{ postgres_database }}
+      become: yes
+      become_user: postgres
+      vars:
+        ansible_ssh_pipelining: true
+
+    - name: Add cryptoportfolio user.
+      postgresql_user: user={{ postgres_user }} db={{ postgres_database }} password={{ postgres_password }}
+      become: yes
+      become_user: postgres
+      vars:
+        ansible_ssh_pipelining: true
+
+    - file: path=/www/{{ app_user }} state=directory owner={{ app_user }}
+      become: yes
+
+    - name: start cryptoportfolio-app
+      systemd: state=started name=cryptoportfolio-app daemon_reload=yes
+      become: yes
diff --git a/cmd/ansible/hosts b/cmd/ansible/hosts
new file mode 100644
index 0000000..64969e8
--- /dev/null
+++ b/cmd/ansible/hosts
@@ -0,0 +1,15 @@
+[jloup-home]
+jlj.am
+
+[jloup-home:vars]
+  ansible_port=21
+  ansible_user=ansible-deploy
+
+  app_user=jloup
+  app_domain=jlj.am
+
+  postgres_database=cryptoportfolio
+  postgres_user=cryptoportfolio
+  postgres_password=cryptoportfolio-dev
+
+  linux_arch=386
\ No newline at end of file
diff --git a/cmd/ansible/release.yml b/cmd/ansible/release.yml
new file mode 100644
index 0000000..4cd005c
--- /dev/null
+++ b/cmd/ansible/release.yml
@@ -0,0 +1,59 @@
+---
+- name: Release to github repo
+  hosts: 127.0.0.1
+  connection: local
+  tasks:
+    - include_vars: vars.yml
+
+    # Create release.
+    - github_release:
+        token: "{{ github_release_token }}"
+        user: jloup
+        repo: dist
+        action: create_release
+        tag: "crypto-v{{ version }}"
+        target: master
+        name: Crypto Release
+        body: "NOTE: this repo does not include any source code."
+
+    # Build server app.
+    - make:
+        chdir: ../app
+        target: release
+    - shell:
+        github-release upload                          \
+        -s "{{ github_release_token }}"                \
+        -u jloup                                       \
+        -r dist                                        \
+        -t crypto-v{{ version }}                       \
+        -n "cryptoportfolio-linux-amd64"               \
+        -l "cryptoportfolio binary (linux amd64)"      \
+        -R                                             \
+        -f ../app/dist/linux_amd64/cryptoportfolio-app
+    - shell:
+        github-release upload                        \
+        -s "{{ github_release_token }}"              \
+        -u jloup                                     \
+        -r dist                                      \
+        -t crypto-v{{ version }}                     \
+        -n "cryptoportfolio-linux-386"               \
+        -l "cryptoportfolio binary (linux 386)"      \
+        -R                                           \
+        -f ../app/dist/linux_386/cryptoportfolio-app
+
+    # Build webapp.
+    - make:
+        chdir: ../web
+        target: release
+        params:
+          ENV: prod
+    - shell:
+        github-release upload                       \
+        -s "{{ github_release_token }}"             \
+        -u jloup                                    \
+        -r dist                                     \
+        -t crypto-v{{ version }}                    \
+        -n "webapp.tar.gz"                          \
+        -R                                          \
+        -f ../web/build/webapp.tar.gz
+
diff --git a/cmd/ansible/requirements.yml b/cmd/ansible/requirements.yml
new file mode 100644
index 0000000..bacd7a8
--- /dev/null
+++ b/cmd/ansible/requirements.yml
@@ -0,0 +1,7 @@
+- src: geerlingguy.nginx
+  name: nginx
+  version: 2.5.0
+
+- src: geerlingguy.certbot
+  name: certbot
+  version: 3.0.0
diff --git a/cmd/ansible/vars.yml b/cmd/ansible/vars.yml
new file mode 100644
index 0000000..1de7413
--- /dev/null
+++ b/cmd/ansible/vars.yml
@@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+63613535333830393037646665363566636635366534636261623839326130663431653839346266
+3832643338623561313362663837323234663537663439350a313034326663383235663964626132
+38343964396265323539396439383731336464393337383833653666643736303539626136383431
+6536316338376538360a343862626636363031353037626462333364623433613861393137353336
+37396664663030363530333364633266653862393538313835326138663465626638326363656561
+30393836386664633834663838666432383836623432363936343635313835303166393531643966
+33313361383565363232373066306534613465386534386266306564383365373762613361366365
+61366530623863623336643531346463323233323539333139336335383439373132373233663031
+39666535633362383135376534376532333663636136366130653762643164333436313261646137
+37353139633361636163326366616234613466393731373631616138386263383131663537633533
+31393763316561623134623063623735356334363833623939313437386330323837626131356332
+30383863373535366137366138633832623566613061313138396539306536633763633934313562
+35383763653532336539346632623935303634353866636264373262363839326439313837313765
+36303539613734646238636432393166616438666665363363323331373437633362613838653564
+64393639346661646333383466363162633638643838386666383564366665656266333836363435
+35643231323362323566303535303561626139333830393538383635326631656666323166343863
+31393566346531653535393738326166303261376238316532373833616432306638326139353234
+32653132323764316231393634663262313765393230656232343833373438636430643663353965
+36333931303731646333316430646534383531313264353936396565336338663530303434643036
+34356663373533663137636235386164646334356262336464363862643332636661313339303531
+35663833656564393331636139663738323834373862623436633666306661373166