Misc. refactoring, less changes per rerun. Reruns should have no effect on a fully-setup vps now

This commit is contained in:
CPunch 2022-05-31 13:48:01 -05:00
parent 01b043e13f
commit 6eabfaac36
6 changed files with 17 additions and 9 deletions

View File

@ -9,9 +9,11 @@ This is my failsafe (and also my helpful migration tool) for restoring the OpenP
- my shell theme (zsh + powerlevel10k)
- deadswitch (& the ssh + git config to allow pushes)
This playbook assumes the target VPS is running the latest debian stable release.
## Notes to my future self
The deadswitch is disabled by default. Delete the file lock at `/root/.deadlock` to enable it.
The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set.
## Usage

View File

@ -21,9 +21,9 @@
src: secrets/dead.md
dest: /root/deadman/dead.md
- name: Install deadlock, disabling the deadswitch
- name: Install deadtrigger
file:
name: /root/.deadlock
name: /root/.deadtrigger
state: touch
- name: Install deadlock cronjob

View File

@ -41,3 +41,4 @@
copy:
src: templates/.zshrc
dest: /root/.zshrc
force: no

View File

@ -16,6 +16,7 @@
dest: /root/.ssh/known_hosts
owner: root
mode: u=rw,g=,o=
force: no # if we already have a known_hosts file, ignore!
- name: Install ssh priv key
copy:

View File

@ -4,11 +4,7 @@
src: templates/gitea/app.ini
dest: /etc/gitea/app.ini
owner: gitea
- name: Setup Gitea database
become: yes
become_user: gitea
shell: gitea migrate -c /etc/gitea/app.ini
force: no # we don't want to kill our existing config D:
- name: Reload Gitea
systemd:

View File

@ -14,26 +14,34 @@
src: templates/nginx/nginx.conf
dest: /etc/nginx/nginx.conf
# setup our configs for each host (we don't want to
# overwrite certbot's changes, so if it already exists,
# don't copy!)
- name: Install nginx config for {{ domain }}
template:
src: templates/nginx/site.conf
dest: /etc/nginx/conf.d/{{ domain }}.conf
force: no
- name: Install nginx config for git.{{ domain }}
template:
src: templates/nginx/gitea.conf
dest: /etc/nginx/conf.d/git.{{ domain }}.conf
force: no
- name: Install nginx config for our Hidden Service
template:
src: templates/nginx/tor.conf
dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
force: no
- name: Reload nginx to activate specified site
service:
name: nginx
state: restarted
# certbot is a life saver. thank you certbot devs!
- name: Setup certbot
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"