diff --git a/README.md b/README.md index 54be86e..3bcddfb 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,24 @@ -# OpenPunk's ansible recovery +# OpenPunk's Ansible playbook This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including: - gitea - blog -- nginx - tor mirror +- nginx (for the above mentioned) +- my shell theme (zsh + powerlevel10k) +- deadswitch (& the ssh + git config to allow pushes) + +## Notes to my future self + +The deadswitch is disabled by default. Delete the file lock at `/root/.deadlock` to enable it. ## Usage ```sh ansible-playbook -i hosts --ask-vault-pass run.yml ``` -> NOTE: The 'secrets' directory has been omitted from the repo +> NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files) ## Example hosts file diff --git a/run.yml b/run.yml index 2d17fc5..976c997 100644 --- a/run.yml +++ b/run.yml @@ -15,4 +15,5 @@ - import_tasks: tasks/blog-setup.yml - import_tasks: tasks/gitea.yml - import_tasks: tasks/tor.yml + - import_tasks: tasks/deadswitch.yml - import_tasks: tasks/nginx.yml \ No newline at end of file diff --git a/tasks/blog-setup.yml b/tasks/blog-setup.yml index 5d623ea..4da0cb6 100644 --- a/tasks/blog-setup.yml +++ b/tasks/blog-setup.yml @@ -1,15 +1,9 @@ +--- - name: Clone blog repository git: repo: "https://github.com/CPunch/openpunk.git" dest: "/var/www/{{ domain }}" -- name: Setup git config - copy: - src: templates/.gitconfig - dest: /root/.gitconfig - owner: root - mode: u=rw,g=,o= - - name: Build blog command: cmd: hugo diff --git a/tasks/deadswitch.yml b/tasks/deadswitch.yml index e69de29..80da666 100644 --- a/tasks/deadswitch.yml +++ b/tasks/deadswitch.yml @@ -0,0 +1,34 @@ +--- +- name: Create deadman directory + file: + name: /root/deadman + state: directory + +- name: Install deadswitch script + copy: + src: templates/blog/deadswitch + dest: /usr/local/bin/deadswitch + mode: u+rwx + +- name: Install imdead.sh + copy: + src: templates/blog/imdead.sh + dest: /root/deadman/imdead.sh + mode: u+rwx + +- name: Copy dead message + template: + src: secrets/dead.md + dest: /root/deadman/dead.md + +- name: Install deadlock, disabling the deadswitch + file: + name: /root/.deadlock + state: touch + +- name: Install deadlock cronjob + cron: + name: Run deadswitch + minute: 0 + hour: 1 + job: /usr/local/bin/deadswitch diff --git a/tasks/essential.yml b/tasks/essential.yml index a79469f..9a621f7 100644 --- a/tasks/essential.yml +++ b/tasks/essential.yml @@ -32,7 +32,12 @@ shell: chsh -s /usr/bin/zsh - name: Clone Powerlevel10k theme - shell: git clone --depth=1 https://github.com/romkatv/powerlevel10k.git /root/powerlevel10k + git: + repo: "https://github.com/romkatv/powerlevel10k.git" + dest: "/root/powerlevel10k" + depth: 1 -- name: Install Powerlevel10k theme - shell: echo 'source /root/powerlevel10k/powerlevel10k.zsh-theme' > /root/.zshrc \ No newline at end of file +- name: Install .zshrc + copy: + src: templates/.zshrc + dest: /root/.zshrc \ No newline at end of file diff --git a/tasks/git.yml b/tasks/git.yml new file mode 100644 index 0000000..c7ad97b --- /dev/null +++ b/tasks/git.yml @@ -0,0 +1,26 @@ +--- +- name: Setup git config + copy: + src: templates/.gitconfig + dest: /root/.gitconfig + owner: root + mode: u=rw,g=,o= + +- name: Scan for SSH host keys. + local_action: + module: shell + cmd: ssh-keyscan git.{{ domain }} 2>/dev/null + changed_when: False + register: ssh_scan + +- name: Update known_hosts. + local_action: + module: known_hosts + key: "{{ item }}" + name: git.{{ domain }} + with_items: "{{ ssh_scan.stdout_lines }}" + +- name: Install ssh keys + clone: + src: secrets/id_ed25519 + dest: /root/.ssh/id_ed25519 \ No newline at end of file diff --git a/tasks/gitea.yml b/tasks/gitea.yml index fa2d4f4..2a531f3 100644 --- a/tasks/gitea.yml +++ b/tasks/gitea.yml @@ -1,3 +1,4 @@ +--- - name: Configure Gitea template: src: templates/gitea/app.ini diff --git a/tasks/nginx.yml b/tasks/nginx.yml index 906bb8a..ef9cd57 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -1,3 +1,4 @@ +--- - name: Remove default nginx config file: name: /etc/nginx/sites-enabled diff --git a/tasks/tor.yml b/tasks/tor.yml index 2069816..ff4ddc6 100644 --- a/tasks/tor.yml +++ b/tasks/tor.yml @@ -1,3 +1,4 @@ +--- - name: Install torrc template: src: templates/tor/torrc diff --git a/templates/.zshrc b/templates/.zshrc new file mode 100644 index 0000000..76be5f5 --- /dev/null +++ b/templates/.zshrc @@ -0,0 +1 @@ +source /root/powerlevel10k/powerlevel10k.zsh-theme \ No newline at end of file diff --git a/templates/blog/deadswitch b/templates/blog/deadswitch index 3807054..02e35f8 100644 --- a/templates/blog/deadswitch +++ b/templates/blog/deadswitch @@ -1,4 +1,4 @@ -#! /bin/bash +#!/bin/bash # This is meant to be run by cron, just setup a cronjob to run this script every day or so # This script checks if a file ($fileSwitch) is last modified > $dayLimit days ago & if so a script is run # On your computer or laptop, setup a cronjob to run an ssh command to modify $fileSwitch every couple hours or so. diff --git a/templates/blog/imdead.sh b/templates/blog/imdead.sh index 0113bf7..6117164 100644 --- a/templates/blog/imdead.sh +++ b/templates/blog/imdead.sh @@ -9,11 +9,11 @@ currDate=$(date '+%Y-%m-%d') git clone git@github.com:CPunch/openpunk.git cp $postTemplate $pageName -# replace our {{DATE}} with the current date -sed -i 's/{{DATE}}/'$currDate'/g' $pageName +# replace our --DATE-- with the current date +sed -i 's/--DATE--/'$currDate'/g' $pageName # commit & push the post cd openpunk git add . -git commit -m "DeadSwitch: Posted dead message" -git push +git commit -m "DeadSwitch: No response from CPunch in 14 days, posting dead.md" +git push --force