added ansible playbook

ansible/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+inventory = ./hosts.ini
+set_remote_user = yes
+allow_world_readable_tmpfiles=true

ansible/deploy-to-prod.yaml

@@ -0,0 +1,15 @@
+---
+- name: Ping the hosts defined in hosts.ini
+  hosts: prod
+  vars_files:
+    - ./vars/vault.yaml
+    - ./vars/vars.yaml
+
+  gather_facts: yes
+
+  tasks:
+    - name: Ping the hosts
+      ping:
+
+  roles:
+    - weekly

ansible/hosts.ini

@@ -0,0 +1,8 @@
+[dev]
+fd20:2184:8045:4973:5054:ff:fe6c:13d1 ansible_connection=local
+
+[prod]
+weekly.24unix.net ansible_user=tracer ansible_become_password=
+
+
+

ansible/roles/weekly/tasks/main.yaml

@@ -0,0 +1,91 @@
+---
+- name: Check if base_dir exists
+  stat:
+    path: "{{ prod_base_dir }}"
+  register: base_dir_status
+
+- name: Fetch latest code
+  git:
+    repo: "{{ git_repo }}"
+    dest: "{{ prod_base_dir }}"
+    version: "master"
+    update: yes
+    force: true
+  register: git_result
+
+- debug:
+    var: git_result
+
+- name: Download and installs all libs and dependencies
+  community.general.composer:
+    command: install
+    arguments: --no-dev --optimize-autoloader
+    working_dir: "{{ prod_base_dir }}"
+    php_path: /usr/bin/keyhelp-php84
+
+- name: Install node_modules
+  npm:
+    path: "{{ prod_base_dir }}"
+    state: present
+  when: git_result.changed
+
+- name: Build frontend
+  command: "npm run build"
+  args:
+    chdir: "{{ prod_base_dir }}"
+
+- name: Clear config cache
+  command: "keyhelp-php84 artisan config:clear"
+  args:
+    chdir: "{{ prod_base_dir }}"
+
+- name: Clear application cache
+  command: "keyhelp-php84 artisan cache:clear"
+  args:
+    chdir: "{{ prod_base_dir }}"
+
+- name: Create database backup directory
+  file:
+    path: "{{ prod_base_dir }}/backups"
+    state: directory
+    mode: '0755'
+
+- name: Backup database before migrations
+  shell: |
+    cd {{ prod_base_dir }}
+    DB_USERNAME=$(grep DB_USERNAME .env | cut -d '=' -f2)
+    DB_PASSWORD=$(grep DB_PASSWORD .env | cut -d '=' -f2)
+    DB_DATABASE=$(grep DB_DATABASE .env | cut -d '=' -f2)
+    BACKUP_FILE="{{ prod_base_dir }}/backups/db_backup_$(date +%Y%m%d_%H%M%S).sql"
+    mysqldump -u "$DB_USERNAME" -p"$DB_PASSWORD" "$DB_DATABASE" > "$BACKUP_FILE"
+    echo "$BACKUP_FILE"
+  register: backup_result
+
+- name: Display backup location
+  debug:
+    msg: "Database backed up to: {{ backup_result.stdout }}"
+
+- name: Run database migrations safely
+  command: "keyhelp-php84 artisan migrate:safe --force"
+  args:
+    chdir: "{{ prod_base_dir }}"
+  register: migrate_result
+  failed_when: migrate_result.rc != 0
+
+- name: Display migration result
+  debug:
+    var: migrate_result
+
+- name: Remove old database backups (keep last 10)
+  shell: |
+    cd {{ prod_base_dir }}/backups
+    ls -t db_backup_*.sql | tail -n +11 | xargs -r rm
+  ignore_errors: yes
+
+- name: Run version fetch command
+  command: "keyhelp-php84 artisan version:fetch"
+  args:
+    chdir: "{{ prod_base_dir }}"
+
+- name: Reload PHP-FPM to clear OPcache
+  command: sudo /usr/bin/systemctl reload keyhelp-php84-fpm.service

ansible/vars/vars.yaml

@@ -0,0 +1,5 @@
+---
+git_repo: "gitea@git.24unix.net:tracer/weekly.git"
+prod_base_dir: "/home/users/tracer/www/weekly.24unix.net/weekly"
+
+prod_become_user: "{{ vault_prod_become_user }}"

ansible/vars/vault.yaml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+31623264303535663263613235356231623137333734626164376138656532623937316534333835
+3661666237386534373466356136393566333162326562330a383833363737323637363738616666
+62393164326465376634356666303861613362313430656161653531373733353530636265353738
+3863633131313834390a356663373338346137373662356161643336636534626130313466343566
+36653636333838633938323363646335663935646135613632356434396436326131323361366561
+32633939346163356131663266346539323330613536333838616332646139313731326133646165
+31343763636337306263646631353562646462323631383439353738333035623664623163303839
+34343261383738396534