added jnss-web

2025-12-23 23:36:42 +01:00
parent bfd6f22f0e
commit 9bb9405b90
9 changed files with 529 additions and 49 deletions
--- a/playbooks/deploy-jnss-web.yml
+++ b/playbooks/deploy-jnss-web.yml
@@ -0,0 +1,133 @@
+---
+# ================================================================
+# jnss-web Static Site Deployment Playbook
+# ================================================================
+# Deploys the jnss-web SvelteKit static site to jnss.me
+#
+# Usage:
+#   ansible-playbook -i inventory/hosts.yml playbooks/deploy-jnss-web.yml
+#
+# This playbook:
+# - Clones the jnss-web repository (deploy branch) to a temp directory
+# - Syncs build artifacts to /var/www/jnss-web
+# - Deploys Caddy configuration for jnss.me with www redirect
+# - Reloads Caddy to serve the new site
+# ================================================================
+
+- name: Deploy jnss-web static site
+  hosts: homelab
+  become: true
+  
+  vars:
+    # Git repository configuration
+    jnss_web_repo_url: "https://git.jnss.me/joakim/jnss-web.git"
+    jnss_web_branch: "deploy"
+    
+    # Server paths
+    jnss_web_root: "/var/www/jnss-web"
+    
+    # Domain configuration
+    jnss_web_domain: "jnss.me"
+    
+    # Caddy configuration
+    caddy_user: "caddy"
+    caddy_sites_enabled_dir: "/etc/caddy/sites-enabled"
+  
+  tasks:
+    # ============================================================
+    # Git Repository Management
+    # ============================================================
+    
+    - name: Create temporary directory for git clone
+      tempfile:
+        state: directory
+        suffix: -jnss-web
+      register: temp_clone_dir
+      tags: [jnss-web, deploy]
+    
+    - name: Clone jnss-web repository to temp directory
+      git:
+        repo: "{{ jnss_web_repo_url }}"
+        dest: "{{ temp_clone_dir.path }}"
+        version: "{{ jnss_web_branch }}"
+        depth: 1
+      tags: [jnss-web, deploy]
+    
+    - name: Verify build directory exists in repository
+      stat:
+        path: "{{ temp_clone_dir.path }}/index.html"
+      register: build_dir
+      tags: [jnss-web, deploy]
+    
+    - name: Fail if index.html not found
+      fail:
+        msg: "Build index.html not found in repository root. Ensure the deploy branch contains the built artifacts."
+      when: not build_dir.stat.exists
+      tags: [jnss-web, deploy]
+    
+    # ============================================================
+    # Web Root Deployment
+    # ============================================================
+    
+    - name: Remove old web root
+      file:
+        path: "{{ jnss_web_root }}"
+        state: absent
+      tags: [jnss-web, deploy]
+    
+    - name: Create fresh web root directory
+      file:
+        path: "{{ jnss_web_root }}"
+        state: directory
+        owner: "{{ caddy_user }}"
+        group: "{{ caddy_user }}"
+        mode: '0755'
+      tags: [jnss-web, deploy]
+    
+    - name: Copy build files to web root
+      copy:
+        src: "{{ temp_clone_dir.path }}/"
+        dest: "{{ jnss_web_root }}/"
+        owner: "{{ caddy_user }}"
+        group: "{{ caddy_user }}"
+        mode: '0755'
+        remote_src: true
+      tags: [jnss-web, deploy]
+    
+    - name: Clean up temporary clone directory
+      file:
+        path: "{{ temp_clone_dir.path }}"
+        state: absent
+      tags: [jnss-web, deploy]
+    
+    # ============================================================
+    # Caddy Configuration
+    # ============================================================
+    
+    - name: Deploy Caddy configuration for jnss-web
+      template:
+        src: templates/jnss-web.caddy.j2
+        dest: "{{ caddy_sites_enabled_dir }}/jnss-web.caddy"
+        owner: root
+        group: "{{ caddy_user }}"
+        mode: '0644'
+      notify: reload caddy
+      tags: [jnss-web, caddy]
+    
+    - name: Validate Caddy configuration
+      command: caddy validate --config /etc/caddy/Caddyfile
+      register: caddy_validate
+      changed_when: false
+      tags: [jnss-web, caddy]
+    
+    - name: Display Caddy validation result
+      debug:
+        msg: "Caddy configuration is valid"
+      when: caddy_validate.rc == 0
+      tags: [jnss-web, caddy]
+  
+  handlers:
+    - name: reload caddy
+      systemd:
+        name: caddy
+        state: reloaded
--- a/playbooks/templates/jnss-web.caddy.j2
+++ b/playbooks/templates/jnss-web.caddy.j2
@@ -0,0 +1,57 @@
+# jnss-web Static Site Configuration
+# Generated by Ansible - DO NOT EDIT MANUALLY
+
+# WWW Redirect - apex is primary
+www.{{ jnss_web_domain }} {
+    redir https://{{ jnss_web_domain }}{uri} permanent
+}
+
+# Primary Domain
+{{ jnss_web_domain }} {
+    root * {{ jnss_web_root }}
+    file_server
+
+    # SPA routing - serve index.html for all routes
+    try_files {path} /index.html
+
+    # Security headers
+    header {
+        X-Frame-Options SAMEORIGIN
+        X-Content-Type-Options nosniff
+        X-XSS-Protection "1; mode=block"
+        Referrer-Policy strict-origin-when-cross-origin
+        Permissions-Policy "geolocation=(), microphone=(), camera=()"
+    }
+
+    # Cache static assets aggressively
+    @static {
+        path /_app/* /assets/* /icons/* *.ico *.png *.jpg *.jpeg *.svg *.webp *.woff *.woff2 *.css *.js
+    }
+    header @static {
+        Cache-Control "public, max-age=31536000, immutable"
+        Vary "Accept-Encoding"
+    }
+
+    # Cache HTML with shorter duration
+    @html {
+        path *.html /
+    }
+    header @html {
+        Cache-Control "public, max-age=3600, must-revalidate"
+    }
+
+    # Enable compression
+    encode gzip
+
+    # Logging
+    log {
+        output file /var/log/caddy/jnss-web.log {
+            roll_size 100mb
+            roll_keep 5
+        }
+        format json {
+            time_format "2006-01-02T15:04:05.000Z07:00"
+        }
+        level INFO
+    }
+}