From 6eabfaac363a77da570c400dd6a4d1c21c694071 Mon Sep 17 00:00:00 2001 From: CPunch Date: Tue, 31 May 2022 13:48:01 -0500 Subject: [PATCH] Misc. refactoring, less changes per rerun. Reruns should have no effect on a fully-setup vps now --- README.md | 4 +++- tasks/deadswitch.yml | 4 ++-- tasks/essential.yml | 3 ++- tasks/git.yml | 1 + tasks/gitea.yml | 6 +----- tasks/nginx.yml | 8 ++++++++ 6 files changed, 17 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 3bcddfb..daabf9b 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,11 @@ This is my failsafe (and also my helpful migration tool) for restoring the OpenP - my shell theme (zsh + powerlevel10k) - deadswitch (& the ssh + git config to allow pushes) +This playbook assumes the target VPS is running the latest debian stable release. + ## Notes to my future self -The deadswitch is disabled by default. Delete the file lock at `/root/.deadlock` to enable it. +The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set. ## Usage diff --git a/tasks/deadswitch.yml b/tasks/deadswitch.yml index 80da666..93d9f3b 100644 --- a/tasks/deadswitch.yml +++ b/tasks/deadswitch.yml @@ -21,9 +21,9 @@ src: secrets/dead.md dest: /root/deadman/dead.md -- name: Install deadlock, disabling the deadswitch +- name: Install deadtrigger file: - name: /root/.deadlock + name: /root/.deadtrigger state: touch - name: Install deadlock cronjob diff --git a/tasks/essential.yml b/tasks/essential.yml index 9a621f7..0f60b41 100644 --- a/tasks/essential.yml +++ b/tasks/essential.yml @@ -40,4 +40,5 @@ - name: Install .zshrc copy: src: templates/.zshrc - dest: /root/.zshrc \ No newline at end of file + dest: /root/.zshrc + force: no \ No newline at end of file diff --git a/tasks/git.yml b/tasks/git.yml index 54c103a..f25c4d2 100644 --- a/tasks/git.yml +++ b/tasks/git.yml @@ -16,6 +16,7 @@ dest: /root/.ssh/known_hosts owner: root mode: u=rw,g=,o= + force: no # if we already have a known_hosts file, ignore! - name: Install ssh priv key copy: diff --git a/tasks/gitea.yml b/tasks/gitea.yml index 2a531f3..a082780 100644 --- a/tasks/gitea.yml +++ b/tasks/gitea.yml @@ -4,11 +4,7 @@ src: templates/gitea/app.ini dest: /etc/gitea/app.ini owner: gitea - -- name: Setup Gitea database - become: yes - become_user: gitea - shell: gitea migrate -c /etc/gitea/app.ini + force: no # we don't want to kill our existing config D: - name: Reload Gitea systemd: diff --git a/tasks/nginx.yml b/tasks/nginx.yml index ef9cd57..4f49951 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -14,26 +14,34 @@ src: templates/nginx/nginx.conf dest: /etc/nginx/nginx.conf +# setup our configs for each host (we don't want to +# overwrite certbot's changes, so if it already exists, +# don't copy!) + - name: Install nginx config for {{ domain }} template: src: templates/nginx/site.conf dest: /etc/nginx/conf.d/{{ domain }}.conf + force: no - name: Install nginx config for git.{{ domain }} template: src: templates/nginx/gitea.conf dest: /etc/nginx/conf.d/git.{{ domain }}.conf + force: no - name: Install nginx config for our Hidden Service template: src: templates/nginx/tor.conf dest: /etc/nginx/conf.d/tor-{{ domain }}.conf + force: no - name: Reload nginx to activate specified site service: name: nginx state: restarted +# certbot is a life saver. thank you certbot devs! - name: Setup certbot shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"