Added dead switch

README.md

@@ -1,18 +1,24 @@
-# OpenPunk's ansible recovery
+# OpenPunk's Ansible playbook
 
 This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including:
 
 - gitea
 - blog
-- nginx
 - tor mirror
+- nginx (for the above mentioned)
+- my shell theme (zsh + powerlevel10k)
+- deadswitch (& the ssh + git config to allow pushes)
+
+## Notes to my future self
+
+The deadswitch is disabled by default. Delete the file lock at `/root/.deadlock` to enable it.
 
 ## Usage
 
 ```sh
 ansible-playbook -i hosts --ask-vault-pass run.yml
 ```
-> NOTE: The 'secrets' directory has been omitted from the repo
+> NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files)
 
 ## Example hosts file
 

run.yml

@@ -15,4 +15,5 @@
     - import_tasks: tasks/blog-setup.yml
     - import_tasks: tasks/gitea.yml
     - import_tasks: tasks/tor.yml
+    - import_tasks: tasks/deadswitch.yml
     - import_tasks: tasks/nginx.yml

tasks/blog-setup.yml

@@ -1,15 +1,9 @@
+---
 - name: Clone blog repository
   git:
     repo: "https://github.com/CPunch/openpunk.git"
     dest: "/var/www/{{ domain }}"
 
-- name: Setup git config
-  copy:
-    src: templates/.gitconfig
-    dest: /root/.gitconfig
-    owner: root
-    mode: u=rw,g=,o=
-
 - name: Build blog
   command:
     cmd: hugo

tasks/deadswitch.yml

@@ -0,0 +1,34 @@
+---
+- name: Create deadman directory
+  file:
+    name: /root/deadman
+    state: directory
+
+- name: Install deadswitch script
+  copy:
+    src: templates/blog/deadswitch
+    dest: /usr/local/bin/deadswitch
+    mode: u+rwx
+
+- name: Install imdead.sh
+  copy:
+    src: templates/blog/imdead.sh
+    dest: /root/deadman/imdead.sh
+    mode: u+rwx
+
+- name: Copy dead message
+  template:
+    src: secrets/dead.md
+    dest: /root/deadman/dead.md
+
+- name: Install deadlock, disabling the deadswitch
+  file:
+    name: /root/.deadlock
+    state: touch
+
+- name: Install deadlock cronjob
+  cron:
+    name: Run deadswitch
+    minute: 0
+    hour: 1
+    job: /usr/local/bin/deadswitch

tasks/essential.yml

@@ -32,7 +32,12 @@
   shell: chsh -s /usr/bin/zsh
 
 - name: Clone Powerlevel10k theme
-  shell: git clone --depth=1 https://github.com/romkatv/powerlevel10k.git /root/powerlevel10k
+  git:
+    repo: "https://github.com/romkatv/powerlevel10k.git"
+    dest: "/root/powerlevel10k"
+    depth: 1
 
-- name: Install Powerlevel10k theme
-  shell: echo 'source /root/powerlevel10k/powerlevel10k.zsh-theme' > /root/.zshrc
+- name: Install .zshrc
+  copy:
+    src: templates/.zshrc
+    dest: /root/.zshrc

tasks/git.yml

@@ -0,0 +1,26 @@
+---
+- name: Setup git config
+  copy:
+    src: templates/.gitconfig
+    dest: /root/.gitconfig
+    owner: root
+    mode: u=rw,g=,o=
+
+- name: Scan for SSH host keys.
+  local_action:
+    module: shell
+    cmd: ssh-keyscan git.{{ domain }} 2>/dev/null
+  changed_when: False
+  register: ssh_scan
+
+- name: Update known_hosts.
+  local_action:
+    module: known_hosts
+    key: "{{ item }}"
+    name: git.{{ domain }}
+  with_items: "{{ ssh_scan.stdout_lines }}"
+
+- name: Install ssh keys
+  clone:
+    src: secrets/id_ed25519
+    dest: /root/.ssh/id_ed25519

tasks/gitea.yml

@@ -1,3 +1,4 @@
+---
 - name: Configure Gitea
   template:
     src: templates/gitea/app.ini

tasks/nginx.yml

@@ -1,3 +1,4 @@
+---
 - name: Remove default nginx config
   file:
     name: /etc/nginx/sites-enabled

tasks/tor.yml

@@ -1,3 +1,4 @@
+---
 - name: Install torrc
   template:
     src: templates/tor/torrc

templates/.zshrc

@@ -0,0 +1 @@
+source /root/powerlevel10k/powerlevel10k.zsh-theme

templates/blog/deadswitch

@@ -1,4 +1,4 @@
-#! /bin/bash
+#!/bin/bash
 # This is meant to be run by cron, just setup a cronjob to run this script every day or so
 # This script checks if a file ($fileSwitch) is last modified > $dayLimit days ago & if so a script is run
 # On your computer or laptop, setup a cronjob to run an ssh command to modify $fileSwitch every couple hours or so.

templates/blog/imdead.sh

@@ -9,11 +9,11 @@ currDate=$(date '+%Y-%m-%d')
 git clone git@github.com:CPunch/openpunk.git
 cp $postTemplate $pageName
 
-# replace our {{DATE}} with the current date
-sed -i 's/{{DATE}}/'$currDate'/g' $pageName
+# replace our --DATE-- with the current date
+sed -i 's/--DATE--/'$currDate'/g' $pageName
 
 # commit & push the post
 cd openpunk
 git add .
-git commit -m "DeadSwitch: Posted dead message"
-git push
+git commit -m "DeadSwitch: No response from CPunch in 14 days, posting dead.md"
+git push --force