Misc. refactoring, less changes per rerun. Reruns should have no effect on a fully-setup vps now

2022-05-31 13:48:01 -05:00 · 2022-05-31 13:48:01 -05:00 · 6eabfaac36
parent 01b043e13f
commit 6eabfaac36
6 changed files with 17 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -9,9 +9,11 @@ This is my failsafe (and also my helpful migration tool) for restoring the OpenP
 - my shell theme (zsh + powerlevel10k)
 - deadswitch (& the ssh + git config to allow pushes)

+This playbook assumes the target VPS is running the latest debian stable release.
+
 ## Notes to my future self

-The deadswitch is disabled by default. Delete the file lock at `/root/.deadlock` to enable it.
+The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set.

 ## Usage

--- a/tasks/deadswitch.yml
+++ b/tasks/deadswitch.yml
@ -21,9 +21,9 @@
    src: secrets/dead.md
    dest: /root/deadman/dead.md

- name: Install deadlock, disabling the deadswitch
+- name: Install deadtrigger
  file:
-    name: /root/.deadlock
+    name: /root/.deadtrigger
    state: touch

 - name: Install deadlock cronjob
--- a/tasks/essential.yml
+++ b/tasks/essential.yml
@ -40,4 +40,5 @@
 - name: Install .zshrc
  copy:
    src: templates/.zshrc
-    dest: /root/.zshrc
+    dest: /root/.zshrc
+    force: no
--- a/tasks/git.yml
+++ b/tasks/git.yml
@ -16,6 +16,7 @@
    dest: /root/.ssh/known_hosts
    owner: root
    mode: u=rw,g=,o=
+    force: no # if we already have a known_hosts file, ignore!

 - name: Install ssh priv key
  copy:
--- a/tasks/gitea.yml
+++ b/tasks/gitea.yml
@ -4,11 +4,7 @@
    src: templates/gitea/app.ini
    dest: /etc/gitea/app.ini
    owner: gitea
-
- name: Setup Gitea database
-  become: yes
-  become_user: gitea
-  shell: gitea migrate -c /etc/gitea/app.ini
+    force: no # we don't want to kill our existing config D:

 - name: Reload Gitea
  systemd:
--- a/tasks/nginx.yml
+++ b/tasks/nginx.yml
@ -14,26 +14,34 @@
    src: templates/nginx/nginx.conf
    dest: /etc/nginx/nginx.conf

+# setup our configs for each host (we don't want to 
+# overwrite certbot's changes, so if it already exists,
+# don't copy!)
+
 - name: Install nginx config for {{ domain }}
  template:
    src: templates/nginx/site.conf
    dest: /etc/nginx/conf.d/{{ domain }}.conf
+    force: no

 - name: Install nginx config for git.{{ domain }}
  template:
    src: templates/nginx/gitea.conf
    dest: /etc/nginx/conf.d/git.{{ domain }}.conf
+    force: no

 - name: Install nginx config for our Hidden Service
  template:
    src: templates/nginx/tor.conf
    dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
+    force: no

 - name: Reload nginx to activate specified site
  service:
    name: nginx
    state: restarted

+# certbot is a life saver. thank you certbot devs!
 - name: Setup certbot
  shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"