mirror of
https://github.com/CPunch/openpunk-ansible.git
synced 2024-11-22 07:20:05 +00:00
Misc. refactoring, less changes per rerun. Reruns should have no effect on a fully-setup vps now
This commit is contained in:
parent
01b043e13f
commit
6eabfaac36
@ -9,9 +9,11 @@ This is my failsafe (and also my helpful migration tool) for restoring the OpenP
|
|||||||
- my shell theme (zsh + powerlevel10k)
|
- my shell theme (zsh + powerlevel10k)
|
||||||
- deadswitch (& the ssh + git config to allow pushes)
|
- deadswitch (& the ssh + git config to allow pushes)
|
||||||
|
|
||||||
|
This playbook assumes the target VPS is running the latest debian stable release.
|
||||||
|
|
||||||
## Notes to my future self
|
## Notes to my future self
|
||||||
|
|
||||||
The deadswitch is disabled by default. Delete the file lock at `/root/.deadlock` to enable it.
|
The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
@ -21,9 +21,9 @@
|
|||||||
src: secrets/dead.md
|
src: secrets/dead.md
|
||||||
dest: /root/deadman/dead.md
|
dest: /root/deadman/dead.md
|
||||||
|
|
||||||
- name: Install deadlock, disabling the deadswitch
|
- name: Install deadtrigger
|
||||||
file:
|
file:
|
||||||
name: /root/.deadlock
|
name: /root/.deadtrigger
|
||||||
state: touch
|
state: touch
|
||||||
|
|
||||||
- name: Install deadlock cronjob
|
- name: Install deadlock cronjob
|
||||||
|
@ -40,4 +40,5 @@
|
|||||||
- name: Install .zshrc
|
- name: Install .zshrc
|
||||||
copy:
|
copy:
|
||||||
src: templates/.zshrc
|
src: templates/.zshrc
|
||||||
dest: /root/.zshrc
|
dest: /root/.zshrc
|
||||||
|
force: no
|
@ -16,6 +16,7 @@
|
|||||||
dest: /root/.ssh/known_hosts
|
dest: /root/.ssh/known_hosts
|
||||||
owner: root
|
owner: root
|
||||||
mode: u=rw,g=,o=
|
mode: u=rw,g=,o=
|
||||||
|
force: no # if we already have a known_hosts file, ignore!
|
||||||
|
|
||||||
- name: Install ssh priv key
|
- name: Install ssh priv key
|
||||||
copy:
|
copy:
|
||||||
|
@ -4,11 +4,7 @@
|
|||||||
src: templates/gitea/app.ini
|
src: templates/gitea/app.ini
|
||||||
dest: /etc/gitea/app.ini
|
dest: /etc/gitea/app.ini
|
||||||
owner: gitea
|
owner: gitea
|
||||||
|
force: no # we don't want to kill our existing config D:
|
||||||
- name: Setup Gitea database
|
|
||||||
become: yes
|
|
||||||
become_user: gitea
|
|
||||||
shell: gitea migrate -c /etc/gitea/app.ini
|
|
||||||
|
|
||||||
- name: Reload Gitea
|
- name: Reload Gitea
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -14,26 +14,34 @@
|
|||||||
src: templates/nginx/nginx.conf
|
src: templates/nginx/nginx.conf
|
||||||
dest: /etc/nginx/nginx.conf
|
dest: /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
# setup our configs for each host (we don't want to
|
||||||
|
# overwrite certbot's changes, so if it already exists,
|
||||||
|
# don't copy!)
|
||||||
|
|
||||||
- name: Install nginx config for {{ domain }}
|
- name: Install nginx config for {{ domain }}
|
||||||
template:
|
template:
|
||||||
src: templates/nginx/site.conf
|
src: templates/nginx/site.conf
|
||||||
dest: /etc/nginx/conf.d/{{ domain }}.conf
|
dest: /etc/nginx/conf.d/{{ domain }}.conf
|
||||||
|
force: no
|
||||||
|
|
||||||
- name: Install nginx config for git.{{ domain }}
|
- name: Install nginx config for git.{{ domain }}
|
||||||
template:
|
template:
|
||||||
src: templates/nginx/gitea.conf
|
src: templates/nginx/gitea.conf
|
||||||
dest: /etc/nginx/conf.d/git.{{ domain }}.conf
|
dest: /etc/nginx/conf.d/git.{{ domain }}.conf
|
||||||
|
force: no
|
||||||
|
|
||||||
- name: Install nginx config for our Hidden Service
|
- name: Install nginx config for our Hidden Service
|
||||||
template:
|
template:
|
||||||
src: templates/nginx/tor.conf
|
src: templates/nginx/tor.conf
|
||||||
dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
|
dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
|
||||||
|
force: no
|
||||||
|
|
||||||
- name: Reload nginx to activate specified site
|
- name: Reload nginx to activate specified site
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
# certbot is a life saver. thank you certbot devs!
|
||||||
- name: Setup certbot
|
- name: Setup certbot
|
||||||
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
|
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user