nodejs · kenperkins · Feb 20, 2015 · Feb 20, 2015 · Feb 20, 2015 · Feb 20, 2015
diff --git a/setup/www/ansible-playbook.yaml b/setup/www/ansible-playbook.yaml
@@ -24,8 +24,12 @@
       with_items: packages
       tags: general
 
-    - name: User | Add {{ server_user }} user
-      user: name="{{ server_user }}" shell=/bin/bash
+    - name: User | Add system users
+      user: name="{{ item }}" shell=/bin/bash
+      with_items:
+        - "{{ server_user }}"
+        - "{{ staging_user }}"
+        - "{{ dist_user }}"
       tags: user
 
     - name: User | Download pubkey(s)
@@ -39,17 +43,31 @@
       with_items: ssh_users
       tags: user
 
-    - name: General | Create authorized_keys for {{ server_user }}
-      authorized_key: user="{{ server_user }}" key="{{ lookup('file', '/tmp/' + item + '.keys') }}"
-      with_items: ssh_users
+    - name: General | authorized_keys for users
+      authorized_key: user="{{ item[0] }}" key="{{ lookup('file', '/tmp/' + item[1] + '.keys') }}"
+      with_nested:
+        - [ '{{ dist_user }}', '{{ server_user }}', '{{ staging_user }}' ]
+        - ssh_users
+      tags: user
+
+    - name: General | place ssh keys
+      copy: owner="{{ item[0] }}" group="{{ item[0] }}" src=resources/keys/{{ item[0] }}/{{ item[1].name }} dest=/home/{{ item[0] }}/.ssh/{{ item[1].name }} mode={{item[1].perms}}
+      with_nested:
+        - [ "{{ dist_user }}", "{{ staging_user }}" ]
+        - [ { name: 'id_rsa', perms: '0600' }, { name: 'id_rsa.pub', perms: '0644' } ]
+
+    - name: General | add id_rsa.pub to staging, dist authorized_keys
+      authorized_key: user="{{ item }}" key="{{ lookup('file', 'resources/keys/' + item + '/id_rsa.pub') }}"
+      with_items:
+        [ "{{ staging_user }}", "{{ dist_user }}" ]
       tags: user
 
     - name: GitHub Webhook | Install github-webhook
       command: "npm install github-webhook -g"
       tags: webhook
 
     - name: GitHub Webhook | Copy config
-      copy: src=./resources/github-webhook.json dest=/etc/github-webhook.json mode=0644
+      copy: src=resources/github-webhook.json dest=/etc/github-webhook.json mode=0644
       tags: webhook
 
     - name: GitHub Webhook | Copy secret to config
@@ -61,7 +79,7 @@
       tags: webhook
 
     - name: GitHub Webhook | Copy Upstart config
-      copy: src=./resources/github-webhook.conf dest=/etc/init/github-webhook.conf mode=0644
+      copy: src=resources/github-webhook.conf dest=/etc/init/github-webhook.conf mode=0644
       tags: webhook
 
     - name: GitHub Webhook | Start service
@@ -79,19 +97,23 @@
       tags: setup
 
     - name: nginx | Copy site config
-      copy: src=./resources/iojs.org dest=/etc/nginx/sites-available/iojs.org mode=0644
+      copy: src=resources/iojs.org dest=/etc/nginx/sites-available/iojs.org mode=0644
       tags: nginx
 
     - name: nginx | Create config symlink
       file: src=/etc/nginx/sites-available/iojs.org dest=/etc/nginx/sites-enabled/00-iojs.org state=link
       tags: nginx
 
+    - name: nginx | Creates ssl directory
+      file: path=/etc/nginx/ssl/ state=directory
+      tags: nginx
+
     - name: nginx | Generate DH params
-      command: "bash -c 'mkdir -p /etc/nginx/ssl/ && openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096'"
+      command: openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 creates=/etc/nginx/ssl/dhparam.pem
       tags: nginx
 
     - name: nginx | Copy site certificates
-      copy: src=./resources/{{ item }} dest=/etc/nginx/ssl/{{ item }} mode=0644
+      copy: src=resources/{{ item }} dest=/etc/nginx/ssl/{{ item }} mode=0644
       with_items:
         - iojs_chained.crt
         - iojs.key

diff --git a/setup/www/ansible-vars.yaml b/setup/www/ansible-vars.yaml
@@ -1,8 +1,11 @@
 ---
+dist_user: dist
 server_user: iojs
+staging_user: staging
 ssh_users:
   - rvagg
   - indutny
+  - kenperkins
 packages:
   - nodejs
   - nginx

diff --git a/setup/www/resources/iojs.org b/setup/www/resources/iojs.org
@@ -51,4 +51,26 @@ server {
         index index.html;
         default_type text/plain;
     }
-}
+
+    location /download {
+        alias /home/dist/public;
+        autoindex on;
+        default_type text/plain;
+    }
+
+    location /dist {
+        alias /home/dist/public/release/;
+        autoindex on;
+        default_type text/plain;
+    }
+
+    location /api {
+        alias /home/dist/public/release/latest/doc/api;
+        autoindex on;
+        default_type text/plain;
+    }
+
+    location /download-stats.json {
+        alias /home/iojs/download-stats.json;
+    }
+}
diff --git a/setup/www/resources/keys/dist/.gitignore b/setup/www/resources/keys/dist/.gitignore
@@ -0,0 +1,2 @@
+id_rsa
+
diff --git a/setup/www/resources/keys/dist/id_rsa.pub b/setup/www/resources/keys/dist/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCozo6s06UvMAJ4qryE860Hq1j+LgEPVXk8AWm8LjeUviUUTa2DOGCNbB8KFWqExn0rAfRDXapnyZ3Q96syFcJXCqwHhqfB+FKS1iApozlagwy9+dBzLgSvx4BQ3vqbiqFDyigycZNAnkzgK+gTp5nChhRsReJKNajy9mOzqG3dsRP277qZmU+/Hi3D5fO3lAvPPYmrCSYEWe/9NarlLWT9+dT4cArUJnLNoO8HvopGGJNHrK0tWFAcNl9LY2gzzyrl8onDq5stkgb4laaxDTYInTSsgtFh0nG65lq+8yOCLPXYiuLuWeJm8jZ14lQgWX7Ym3xoy4D58PnffGdyWDfr dist@iojs-www
diff --git a/setup/www/resources/keys/staging/.gitignore b/setup/www/resources/keys/staging/.gitignore
@@ -0,0 +1,2 @@
+id_rsa
+
diff --git a/setup/www/resources/keys/staging/id_rsa.pub b/setup/www/resources/keys/staging/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClQAc4DccrN86Rd5OrnjM8sikQRoU05NauvQUGziUK6cSKnx42So5pAyMcQDfzcN3bpabyRORge/T3svngMINP0CidAYhezg+yK6vWqhJPBJm4ijWpgAcUH/OvVWi7aPao4Uq4GlkZOtvr2BUsYCFzS/kK4yaLdXpO6rdAsrnLZpBPAcU1oU7zQ2YFHYDmU1eR32EQcswhP+NJ14zu04rGHUUlp6C8ZHpfnvRpD57j35FNTr42FxGMPB00kMWHPecXrPbQJx2/FyWZ6LBG8XNdT4W/XansuwfO/UXWMQWpjAz75mmB0cusRaliHG0ch52i9DYwYbAkwWsvDyytvCv3 staging@iojs-www