churn/ansible/deploy-butter-portal.yml

---
- name: Deploy butter portal
  hosts: all
  become: true

  tasks:
    - name: "Ensure /tmp/butter-portal is absent"
      ansible.builtin.file:
        path: "/home/{{ butter_user }}/butter-portal"
        state: absent

    - name: "Clone the portal repo"
      ansible.builtin.git:
        repo: "https://guardianproject.dev/butter/butter-portal"
        dest: "/home/{{ butter_user }}/butter-portal"
        version: main

    - name: Install requirements
      ansible.builtin.pip:
        requirements: "/home/{{ butter_user }}/butter-portal/requirements.txt"
        virtualenv: "/home/{{ butter_user }}/portal_env"
        virtualenv_python: python3

    - name: Seed database
      ansible.builtin.shell: |
        echo "Starting db initialisation!"
        source /home/{{ butter_user }}/portal_env/bin/activate
        flask db init
        flask db migrate
        flask db upgrade
        flask seed-settings
      args:
        chdir: "/home/{{ butter_user }}/butter-portal"
        executable: /bin/bash
        creates: "/home/{{ butter_user }}/butter-portal/app.db"
      register: database_init

    - name: Template portal systemd service file
      ansible.builtin.template:
        src: templates/butterbox-portal.service.j2
        dest: /lib/systemd/system/butterbox-portal.service
        owner: root
        group: root
        mode: '0644'

    - name: Template portal change manager service file
      ansible.builtin.template:
        src: templates/change-manager.service.j2
        dest: /lib/systemd/system/change-manager.service
        owner: root
        group: root
        mode: '0644'

    - name: Template nginx config
      ansible.builtin.template:
        src: templates/nginx-config.j2
        dest: /etc/nginx/sites-available/default
        owner: root
        group: root
        mode: '0644'

    - name: Enable portal by symlink
      ansible.builtin.file:
        src: /lib/systemd/system/butterbox-portal.service
        dest: /etc/systemd/system/multi-user.target.wants/butterbox-portal.service
        state: link

    - name: Enable change manager by symlink
      ansible.builtin.file:
        src: /lib/systemd/system/change-manager.service
        dest: /etc/systemd/system/multi-user.target.wants/change-manager.service
        state: link

    - name: Ensure butter_user owns portal directory
      ansible.builtin.file:
        path: "/home/{{ butter_user }}/butter-portal"
        state: directory
        recurse: true
        owner: "{{ butter_user }}"
        group: "{{ butter_user }}"
#    - name: Template portal reverse proxy config for Lighttpd
#      ansible.builtin.get_url:
#        src: templates/50-butter-portal-reverse-proxy.conf
#        dest: /etc/lighttpd/conf-available/50-butter-portal-reverse-proxy.conf
#        owner: root
#        group: root
#        mode: '0644'
#
#    - name: Ensure old symlink is removed if it exists
#      ansible.builtin.file:
#        path: /etc/lighttpd/conf-enabled/50-butter-portal-reverse-proxy.conf
#        state: absent
#        force: true
#
#    - name: Enable reverse proxy config for portal in Lighttpd
#      ansible.builtin.file:
#        src: /etc/lighttpd/conf-available/50-butter-portal-reverse-proxy.conf
#        dest: /etc/lighttpd/conf-enabled/50-butter-portal-reverse-proxy.conf
#        state: link
#        force: true
#
    # - debug: var=database_init.stdout_lines
Initial changes to integrate new portal 2026-03-06 09:04:11 +00:00			`---`
			`- name: Deploy butter portal`
			`hosts: all`
			`become: true`

			`tasks:`
			`- name: "Ensure /tmp/butter-portal is absent"`
			`ansible.builtin.file:`
			`path: "/home/{{ butter_user }}/butter-portal"`
			`state: absent`

			`- name: "Clone the portal repo"`
			`ansible.builtin.git:`
			`repo: "https://guardianproject.dev/butter/butter-portal"`
			`dest: "/home/{{ butter_user }}/butter-portal"`
			`version: main`

			`- name: Install requirements`
			`ansible.builtin.pip:`
			`requirements: "/home/{{ butter_user }}/butter-portal/requirements.txt"`
			`virtualenv: "/home/{{ butter_user }}/portal_env"`
			`virtualenv_python: python3`

			`- name: Seed database`
			`ansible.builtin.shell: \|`
			`echo "Starting db initialisation!"`
			`source /home/{{ butter_user }}/portal_env/bin/activate`
			`flask db init`
			`flask db migrate`
			`flask db upgrade`
			`flask seed-settings`
			`args:`
			`chdir: "/home/{{ butter_user }}/butter-portal"`
			`executable: /bin/bash`
			`creates: "/home/{{ butter_user }}/butter-portal/app.db"`
			`register: database_init`

			`- name: Template portal systemd service file`
			`ansible.builtin.template:`
			`src: templates/butterbox-portal.service.j2`
			`dest: /lib/systemd/system/butterbox-portal.service`
			`owner: root`
			`group: root`
			`mode: '0644'`

Make all templates local, ensure ssh keys for amd64 builds are generated on first boot 2026-03-24 11:25:10 +00:00			`- name: Template portal change manager service file`
			`ansible.builtin.template:`
			`src: templates/change-manager.service.j2`
			`dest: /lib/systemd/system/change-manager.service`
			`owner: root`
			`group: root`
			`mode: '0644'`

Initial changes to integrate new portal 2026-03-06 09:04:11 +00:00			`- name: Template nginx config`
			`ansible.builtin.template:`
			`src: templates/nginx-config.j2`
			`dest: /etc/nginx/sites-available/default`
			`owner: root`
			`group: root`
			`mode: '0644'`

			`- name: Enable portal by symlink`
			`ansible.builtin.file:`
			`src: /lib/systemd/system/butterbox-portal.service`
			`dest: /etc/systemd/system/multi-user.target.wants/butterbox-portal.service`
			`state: link`

Make all templates local, ensure ssh keys for amd64 builds are generated on first boot 2026-03-24 11:25:10 +00:00			`- name: Enable change manager by symlink`
			`ansible.builtin.file:`
			`src: /lib/systemd/system/change-manager.service`
			`dest: /etc/systemd/system/multi-user.target.wants/change-manager.service`
			`state: link`

Initial changes to integrate new portal 2026-03-06 09:04:11 +00:00			`- name: Ensure butter_user owns portal directory`
			`ansible.builtin.file:`
			`path: "/home/{{ butter_user }}/butter-portal"`
			`state: directory`
			`recurse: true`
			`owner: "{{ butter_user }}"`
			`group: "{{ butter_user }}"`
			`# - name: Template portal reverse proxy config for Lighttpd`
			`# ansible.builtin.get_url:`
			`# src: templates/50-butter-portal-reverse-proxy.conf`
			`# dest: /etc/lighttpd/conf-available/50-butter-portal-reverse-proxy.conf`
			`# owner: root`
			`# group: root`
			`# mode: '0644'`
			`#`
			`# - name: Ensure old symlink is removed if it exists`
			`# ansible.builtin.file:`
			`# path: /etc/lighttpd/conf-enabled/50-butter-portal-reverse-proxy.conf`
			`# state: absent`
			`# force: true`
			`#`
			`# - name: Enable reverse proxy config for portal in Lighttpd`
			`# ansible.builtin.file:`
			`# src: /etc/lighttpd/conf-available/50-butter-portal-reverse-proxy.conf`
			`# dest: /etc/lighttpd/conf-enabled/50-butter-portal-reverse-proxy.conf`
			`# state: link`
			`# force: true`
			`#`
			`# - debug: var=database_init.stdout_lines`