mirror of
https://github.com/CPunch/openpunk-ansible.git
synced 2024-11-22 15:30:05 +00:00
Compare commits
5 Commits
5cdc63e35a
...
e8fe024b77
| Author | SHA1 | Date | |
|---|---|---|---|
| e8fe024b77 | |||
| 3d75ac18e7 | |||
| c6ea8eaf38 | |||
| e3d3ec37fd | |||
| 2d3fbfe484 |
27
.github/workflows/deploy.yaml
vendored
27
.github/workflows/deploy.yaml
vendored
@ -1,27 +0,0 @@
|
|||||||
# name: Run Playbook
|
|
||||||
|
|
||||||
# on:
|
|
||||||
# push:
|
|
||||||
# tags:
|
|
||||||
# - "v*.*.*"
|
|
||||||
|
|
||||||
# jobs:
|
|
||||||
# deploy:
|
|
||||||
# runs-on: ubuntu-latest
|
|
||||||
# steps:
|
|
||||||
# - name: Set up Git repository
|
|
||||||
# uses: actions/checkout@v3
|
|
||||||
# with:
|
|
||||||
# ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
|
|
||||||
# submodules: recursive
|
|
||||||
# - name: Run Ansible-Playbook
|
|
||||||
# uses: dawidd6/action-ansible-playbook@v2
|
|
||||||
# with:
|
|
||||||
# playbook: run.yml
|
|
||||||
# key: ${{ secrets.SSH_PRIVATE_KEY }}
|
|
||||||
# inventory: |
|
|
||||||
# [hosts]
|
|
||||||
# openpunk-vps ansible_host=96.30.199.68 ansible_user=root ansible_connection=ssh
|
|
||||||
# vault_password: ${{ secrets.VAULT_PASSWORD }}
|
|
||||||
# options: |
|
|
||||||
# --extra-vars domain=openpunk.com
|
|
||||||
@ -1,17 +1,4 @@
|
|||||||
---
|
---
|
||||||
# TODO: make idempotent
|
|
||||||
- name: Add Gitea repo key
|
|
||||||
shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import
|
|
||||||
|
|
||||||
# TODO: make idempotent
|
|
||||||
- name: Set key perms
|
|
||||||
shell: sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
|
|
||||||
|
|
||||||
- name: Add Gitea repo
|
|
||||||
apt_repository:
|
|
||||||
filename: morph027-gitea
|
|
||||||
repo: deb https://packaging.gitlab.io/gitea gitea main
|
|
||||||
|
|
||||||
- name: Upgrade Packages
|
- name: Upgrade Packages
|
||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
@ -21,7 +8,6 @@
|
|||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- hugo
|
- hugo
|
||||||
- gitea
|
|
||||||
- git
|
- git
|
||||||
- nginx
|
- nginx
|
||||||
- tor
|
- tor
|
||||||
@ -32,9 +18,10 @@
|
|||||||
- zsh # :D
|
- zsh # :D
|
||||||
- python3-certbot-nginx
|
- python3-certbot-nginx
|
||||||
|
|
||||||
# TODO: make idempotent
|
- name: Setup zsh
|
||||||
- name: Setup default shell (zsh)
|
user:
|
||||||
shell: chsh -s /usr/bin/zsh
|
name: "{{ ansible_user }}"
|
||||||
|
shell: /usr/bin/zsh
|
||||||
|
|
||||||
- name: Clone Powerlevel10k theme
|
- name: Clone Powerlevel10k theme
|
||||||
git:
|
git:
|
||||||
|
|||||||
@ -9,21 +9,22 @@
|
|||||||
# make sure our vps trusts the github.com key signature. we pipe the output
|
# make sure our vps trusts the github.com key signature. we pipe the output
|
||||||
# of ssh-keyscan into .ssh/known_hosts
|
# of ssh-keyscan into .ssh/known_hosts
|
||||||
|
|
||||||
# TODO: make idempotent
|
|
||||||
- name: Scan for SSH host keys
|
- name: Scan for SSH host keys
|
||||||
command: ssh-keyscan github.com 2>/dev/null
|
command: ssh-keyscan github.com 2>/dev/null
|
||||||
register: ssh_scan
|
register: ssh_scan
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Update known_hosts
|
- name: Update .ssh/known_hosts
|
||||||
copy:
|
blockinfile:
|
||||||
content: "{{ ssh_scan.stdout_lines|join('\n') }}"
|
path: /root/.ssh/known_hosts
|
||||||
dest: /root/.ssh/known_hosts
|
block: "{{ ssh_scan.stdout_lines|join('\n') }}"
|
||||||
|
insertbefore: BOF
|
||||||
|
create: yes
|
||||||
owner: root
|
owner: root
|
||||||
mode: u=rw,g=,o=
|
mode: u=rw,g=,o=
|
||||||
force: no # if we already have a known_hosts file, ignore!
|
|
||||||
|
|
||||||
# this keypair is trusted under my github account, so it allows my vps to make pushes
|
# this keypair is trusted under my github account, so it allows my vps to make pushes
|
||||||
# to the main branch of my openpunk repository. (for my deadswitch: see static/blog/imdead.sh)
|
# to the main branch of my openpunk repository. (see roles/deadswitchfiles/imdead.sh)
|
||||||
|
|
||||||
- name: Install ssh priv key
|
- name: Install ssh priv key
|
||||||
copy:
|
copy:
|
||||||
|
|||||||
@ -1,7 +1,34 @@
|
|||||||
---
|
---
|
||||||
|
- name: Check if Gitea is installed
|
||||||
|
shell: gitea --version
|
||||||
|
register: validate_gitea
|
||||||
|
changed_when: no
|
||||||
|
|
||||||
|
- name: Add Gitea key && repository
|
||||||
|
block:
|
||||||
|
- name: Check for Gitea gpg key
|
||||||
|
stat:
|
||||||
|
path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg
|
||||||
|
register: gitea_key
|
||||||
|
|
||||||
|
- name: Import Gitea key
|
||||||
|
shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
|
||||||
|
when: gitea_key.stat.exists == false or gitea_key.stat.mode != "0644"
|
||||||
|
|
||||||
|
- name: Add Gitea repository
|
||||||
|
apt_repository:
|
||||||
|
filename: morph027-gitea
|
||||||
|
repo: deb https://packaging.gitlab.io/gitea gitea main
|
||||||
|
when: '"not found" in validate_gitea.stdout'
|
||||||
|
|
||||||
|
- name: Install Gitea
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- gitea
|
||||||
|
|
||||||
- name: Configure Gitea
|
- name: Configure Gitea
|
||||||
template:
|
template:
|
||||||
src: app.ini
|
src: templates/app.ini
|
||||||
dest: /etc/gitea/app.ini
|
dest: /etc/gitea/app.ini
|
||||||
owner: gitea
|
owner: gitea
|
||||||
force: no # we don't want to kill our existing config D:
|
force: no # we don't want to kill our existing config D:
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
- name: Install torrc
|
- name: Install torrc
|
||||||
template:
|
template:
|
||||||
src: torrc
|
src: templates/torrc
|
||||||
dest: /etc/tor/torrc
|
dest: /etc/tor/torrc
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user