Debian webserver deployment for the Codex of the Damned and KRCG
List the target server in the inventory file hosts.ini
Copy your SSH key to the target server. Use the user and password you received by e-mail after your server setup.
ssh-copy-id -i ~/.ssh/id_rsa.pub <username>@<hostname_or_ip>
You should be able to connect to the server without password
ssh <username>@<hostname_or_ip>
Install required Ansible packages
ansible-galaxy install -r requirements.yml
Now run the initial setup, maybe limit to the server you're installing
ansible-playbook --user <provided_user> initial.yml -l krcg_gra
ansible-playbook setup.yml
You can now get the server public RSA key in case you need it:
ssh krcg.org
$> cd ~/.ssh
$> cat id_rsa.pub
You might need an additional public key for deployments.
It is used by Github automation to deploy purely static websites, like static.krcg.org
and lackey.krcg.org
. Generate another SSH key, upload the private key to Github,
and the public key to your server, like this:
ansible-playbook add-pubkey.yml -e "pubkey_file=~/.ssh/deploy_key.pub"
You might also need to update Giuthub secrets accordingly, including the host pubkey. Just run this command locally, and paste one of the keys as your Github secret.
ssh-keyscan krcg.org
You need a personal token for the codex-krcg Github user,
use ansible-vault
to encode it:
ansible-vault encrypt_string '<github_token>' --name 'GITHUB_TOKEN'
Copy the resulting string to krcg-api.yaml
(replace the old GITHUB_PASSWORD:
value).
You can now deploy:
ansible-playbook krcg-api.yml
You need to get the bot token from discord and use ansible-vault
to encode it:
ansible-vault encrypt_string '<bot_token>' --name 'DISCORD_TOKEN'
Copy the resulting string to krcg-bot.yaml
(replace the old DISCORD_TOKEN:
value).
You can now deploy:
ansible-playbook krcg-bot.yml
You need to get the bot token from discord and use ansible-vault
to encode it:
ansible-vault encrypt_string '<bot_token>' --name 'DISCORD_TOKEN'
Copy the resulting string to timer-bot.yaml
(replace the old DISCORD_TOKEN:
value).
You can now deploy:
ansible-playbook timer-bot.yml
Get a backup of the Archon database:
ansible-playbook archon-backup.yml
The backup is saved in your local backups
folder. You can restore it with:
ansible-playbook archon-restore.yml -e "backup_file=2024-02-06-21:22:39/archon.dump.gz"
Note you should provide the backup file name without the backups/
folder prefix.
ansible-playbook codex-beta.yml
ansible-playbook codex.yml
For a simple package update (no change on the service or webserver configurations), you can use the deploy
tag:
ansible-playbook codex.yml --tags=deploy
If you only need to update TLS certificates, use:
ansible-playbook codex.yml --tags=certs