add personal blog

.gitignore

@@ -1,2 +1,3 @@
 inventory.ini
-venv/*
+venv/*
+.env

02_vps_core_services_setup.md

@@ -191,3 +191,34 @@ ntfy-emergency-app is a simple web application that allows trusted people to sen
     * `ntfy_emergency_app_ui_message`: Custom message displayed in the web interface
 * Make sure docker is available on the host.
 * Run the deployment playbook: `ansible-playbook -i inventory.ini services/ntfy-emergency-app/deploy_ntfy_emergency_app_playbook.yml`.
+
+
+## Personal Blog
+
+Personal blog is a static website served directly by Caddy.
+
+### Deploy
+
+* Decide what subdomain you want to serve the blog on and add it to `services/personal-blog/personal_blog_vars.yml` on the `personal_blog_subdomain`.
+    * Note that you will have to add a DNS entry to point to the VPS public IP.
+* Configure the git repository settings in `personal_blog_vars.yml`:
+    * `personal_blog_git_repo`: The HTTPS URL to your git repository (default: "https://forgejo.contrapeso.xyz/counterweight/pablohere.git")
+    * `personal_blog_source_folder`: The folder within the repo containing static files (default: "public")
+* Set up a Forgejo deploy token:
+    * Go to your repository → Settings → Deploy Tokens
+    * Create a new token with "Read" permissions
+    * Copy the token (you won't see it again)
+* Export the token as an environment variable: `export PERSONAL_BLOG_DEPLOY_TOKEN=your_token_here`
+* Run the deployment playbook: `ansible-playbook -i inventory.ini services/personal-blog/deploy_personal_blog_playbook.yml`.
+
+### Configure
+
+* The blog will be automatically updated every hour via a cron job that pulls the latest changes from the git repository.
+* Static files are served directly by Caddy from the configured webroot directory.
+* No additional configuration is needed - the site will be available at your configured domain.
+
+### Updating content
+
+* Simply push changes to the `master` branch of your git repository.
+* The cron job will automatically pull and deploy updates within an hour.
+* For immediate updates, you can manually run: `/usr/local/bin/update-personal-blog.sh` on the server.

ansible/services/personal-blog/deploy_personal_blog_playbook.yml

@@ -0,0 +1,100 @@
+- name: Deploy personal blog static site
+  hosts: vipy
+  become: yes
+  vars_files:
+    - ../../infra_vars.yml
+    - ./personal_blog_vars.yml
+
+  tasks:
+    - name: Install git
+      apt:
+        name: git
+        state: present
+
+    - name: Create source directory for blog
+      file:
+        path: "{{ personal_blog_source_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Create webroot directory
+      file:
+        path: "{{ personal_blog_webroot }}"
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: '0755'
+
+    - name: Clone blog repository with token authentication
+      git:
+        repo: "https://{{ personal_blog_git_username }}:{{ lookup('env', 'PERSONAL_BLOG_DEPLOY_TOKEN') }}@forgejo.contrapeso.xyz/counterweight/pablohere.git"
+        dest: "{{ personal_blog_source_dir }}"
+        version: master
+        force: yes
+      become_user: root
+
+    - name: Copy static files to webroot
+      shell: |
+        rsync -av --delete {{ personal_blog_source_dir }}/{{ personal_blog_source_folder }}/ {{ personal_blog_webroot }}/
+      args:
+        creates: "{{ personal_blog_webroot }}/index.html"
+
+    - name: Set ownership and permissions for webroot
+      file:
+        path: "{{ personal_blog_webroot }}"
+        owner: www-data
+        group: www-data
+        recurse: yes
+        state: directory
+
+    - name: Ensure Caddy sites-enabled directory exists
+      file:
+        path: "{{ caddy_sites_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Ensure Caddyfile includes import directive for sites-enabled
+      lineinfile:
+        path: /etc/caddy/Caddyfile
+        line: 'import sites-enabled/*'
+        insertafter: EOF
+        state: present
+        backup: yes
+
+    - name: Create Caddy static site configuration
+      copy:
+        dest: "{{ caddy_sites_dir }}/personal-blog.conf"
+        content: |
+          {{ personal_blog_domain }} {
+              root * {{ personal_blog_webroot }}
+              file_server
+          }
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Reload Caddy to apply new config
+      command: systemctl reload caddy
+
+    - name: Create update script for blog
+      copy:
+        dest: /usr/local/bin/update-personal-blog.sh
+        content: |
+          #!/bin/bash
+          cd {{ personal_blog_source_dir }}
+          git pull https://{{ personal_blog_git_username }}:${PERSONAL_BLOG_DEPLOY_TOKEN}@forgejo.contrapeso.xyz/counterweight/pablohere.git master
+          rsync -av --delete {{ personal_blog_source_dir }}/{{ personal_blog_source_folder }}/ {{ personal_blog_webroot }}/
+          chown -R www-data:www-data {{ personal_blog_webroot }}
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Add cron job to update blog every hour
+      cron:
+        name: "Update personal blog"
+        job: "0 * * * * PERSONAL_BLOG_DEPLOY_TOKEN={{ lookup('env', 'PERSONAL_BLOG_DEPLOY_TOKEN') }} /usr/local/bin/update-personal-blog.sh"
+        user: root

ansible/services/personal-blog/personal_blog_vars.yml

@@ -0,0 +1,8 @@
+caddy_sites_dir: /etc/caddy/sites-enabled
+personal_blog_subdomain: pablohere
+personal_blog_domain: pablohere.contrapeso.xyz
+personal_blog_git_repo: https://forgejo.contrapeso.xyz/counterweight/pablohere.git
+personal_blog_git_username: counterweight
+personal_blog_source_dir: /opt/personal-blog
+personal_blog_webroot: /var/www/pablohere.contrapeso.xyz
+personal_blog_source_folder: public