Misc. refactoring, less changes per rerun. Reruns should have no effect on a fully-setup vps now

This commit is contained in:
CPunch 2022-05-31 13:48:01 -05:00
parent 01b043e13f
commit 6eabfaac36
6 changed files with 17 additions and 9 deletions

View File

@ -9,9 +9,11 @@ This is my failsafe (and also my helpful migration tool) for restoring the OpenP
- my shell theme (zsh + powerlevel10k) - my shell theme (zsh + powerlevel10k)
- deadswitch (& the ssh + git config to allow pushes) - deadswitch (& the ssh + git config to allow pushes)
This playbook assumes the target VPS is running the latest debian stable release.
## Notes to my future self ## Notes to my future self
The deadswitch is disabled by default. Delete the file lock at `/root/.deadlock` to enable it. The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set.
## Usage ## Usage

View File

@ -21,9 +21,9 @@
src: secrets/dead.md src: secrets/dead.md
dest: /root/deadman/dead.md dest: /root/deadman/dead.md
- name: Install deadlock, disabling the deadswitch - name: Install deadtrigger
file: file:
name: /root/.deadlock name: /root/.deadtrigger
state: touch state: touch
- name: Install deadlock cronjob - name: Install deadlock cronjob

View File

@ -40,4 +40,5 @@
- name: Install .zshrc - name: Install .zshrc
copy: copy:
src: templates/.zshrc src: templates/.zshrc
dest: /root/.zshrc dest: /root/.zshrc
force: no

View File

@ -16,6 +16,7 @@
dest: /root/.ssh/known_hosts dest: /root/.ssh/known_hosts
owner: root owner: root
mode: u=rw,g=,o= mode: u=rw,g=,o=
force: no # if we already have a known_hosts file, ignore!
- name: Install ssh priv key - name: Install ssh priv key
copy: copy:

View File

@ -4,11 +4,7 @@
src: templates/gitea/app.ini src: templates/gitea/app.ini
dest: /etc/gitea/app.ini dest: /etc/gitea/app.ini
owner: gitea owner: gitea
force: no # we don't want to kill our existing config D:
- name: Setup Gitea database
become: yes
become_user: gitea
shell: gitea migrate -c /etc/gitea/app.ini
- name: Reload Gitea - name: Reload Gitea
systemd: systemd:

View File

@ -14,26 +14,34 @@
src: templates/nginx/nginx.conf src: templates/nginx/nginx.conf
dest: /etc/nginx/nginx.conf dest: /etc/nginx/nginx.conf
# setup our configs for each host (we don't want to
# overwrite certbot's changes, so if it already exists,
# don't copy!)
- name: Install nginx config for {{ domain }} - name: Install nginx config for {{ domain }}
template: template:
src: templates/nginx/site.conf src: templates/nginx/site.conf
dest: /etc/nginx/conf.d/{{ domain }}.conf dest: /etc/nginx/conf.d/{{ domain }}.conf
force: no
- name: Install nginx config for git.{{ domain }} - name: Install nginx config for git.{{ domain }}
template: template:
src: templates/nginx/gitea.conf src: templates/nginx/gitea.conf
dest: /etc/nginx/conf.d/git.{{ domain }}.conf dest: /etc/nginx/conf.d/git.{{ domain }}.conf
force: no
- name: Install nginx config for our Hidden Service - name: Install nginx config for our Hidden Service
template: template:
src: templates/nginx/tor.conf src: templates/nginx/tor.conf
dest: /etc/nginx/conf.d/tor-{{ domain }}.conf dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
force: no
- name: Reload nginx to activate specified site - name: Reload nginx to activate specified site
service: service:
name: nginx name: nginx
state: restarted state: restarted
# certbot is a life saver. thank you certbot devs!
- name: Setup certbot - name: Setup certbot
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}" shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"