mirror of
https://github.com/CPunch/openpunk-ansible.git
synced 2024-11-21 23:10:05 +00:00
Misc. refactoring, less changes per rerun. Reruns should have no effect on a fully-setup vps now
This commit is contained in:
parent
01b043e13f
commit
6eabfaac36
@ -9,9 +9,11 @@ This is my failsafe (and also my helpful migration tool) for restoring the OpenP
|
||||
- my shell theme (zsh + powerlevel10k)
|
||||
- deadswitch (& the ssh + git config to allow pushes)
|
||||
|
||||
This playbook assumes the target VPS is running the latest debian stable release.
|
||||
|
||||
## Notes to my future self
|
||||
|
||||
The deadswitch is disabled by default. Delete the file lock at `/root/.deadlock` to enable it.
|
||||
The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set.
|
||||
|
||||
## Usage
|
||||
|
||||
|
@ -21,9 +21,9 @@
|
||||
src: secrets/dead.md
|
||||
dest: /root/deadman/dead.md
|
||||
|
||||
- name: Install deadlock, disabling the deadswitch
|
||||
- name: Install deadtrigger
|
||||
file:
|
||||
name: /root/.deadlock
|
||||
name: /root/.deadtrigger
|
||||
state: touch
|
||||
|
||||
- name: Install deadlock cronjob
|
||||
|
@ -40,4 +40,5 @@
|
||||
- name: Install .zshrc
|
||||
copy:
|
||||
src: templates/.zshrc
|
||||
dest: /root/.zshrc
|
||||
dest: /root/.zshrc
|
||||
force: no
|
@ -16,6 +16,7 @@
|
||||
dest: /root/.ssh/known_hosts
|
||||
owner: root
|
||||
mode: u=rw,g=,o=
|
||||
force: no # if we already have a known_hosts file, ignore!
|
||||
|
||||
- name: Install ssh priv key
|
||||
copy:
|
||||
|
@ -4,11 +4,7 @@
|
||||
src: templates/gitea/app.ini
|
||||
dest: /etc/gitea/app.ini
|
||||
owner: gitea
|
||||
|
||||
- name: Setup Gitea database
|
||||
become: yes
|
||||
become_user: gitea
|
||||
shell: gitea migrate -c /etc/gitea/app.ini
|
||||
force: no # we don't want to kill our existing config D:
|
||||
|
||||
- name: Reload Gitea
|
||||
systemd:
|
||||
|
@ -14,26 +14,34 @@
|
||||
src: templates/nginx/nginx.conf
|
||||
dest: /etc/nginx/nginx.conf
|
||||
|
||||
# setup our configs for each host (we don't want to
|
||||
# overwrite certbot's changes, so if it already exists,
|
||||
# don't copy!)
|
||||
|
||||
- name: Install nginx config for {{ domain }}
|
||||
template:
|
||||
src: templates/nginx/site.conf
|
||||
dest: /etc/nginx/conf.d/{{ domain }}.conf
|
||||
force: no
|
||||
|
||||
- name: Install nginx config for git.{{ domain }}
|
||||
template:
|
||||
src: templates/nginx/gitea.conf
|
||||
dest: /etc/nginx/conf.d/git.{{ domain }}.conf
|
||||
force: no
|
||||
|
||||
- name: Install nginx config for our Hidden Service
|
||||
template:
|
||||
src: templates/nginx/tor.conf
|
||||
dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
|
||||
force: no
|
||||
|
||||
- name: Reload nginx to activate specified site
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
|
||||
# certbot is a life saver. thank you certbot devs!
|
||||
- name: Setup certbot
|
||||
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user