Deploy ansible playbook automagically

better file permissions
2025-10-21 16:20:19 +00:00 · 2022-10-04 12:21:22 -05:00 · 2022-10-04 11:29:40 -05:00
4 changed files with 31 additions and 8 deletions
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -0,0 +1,27 @@
+name: Run Playbook
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Git repository
+        uses: actions/checkout@v3
+        with:
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
+          submodules: recursive
+      - name: Run Ansible-Playbook
+        uses: dawidd6/action-ansible-playbook@v2
+        with:
+          playbook: run.yml
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          inventory: |
+            [hosts]
+            openpunk-vps ansible_host=96.30.199.68 ansible_user=root ansible_connection=ssh
+          vault_password: ${{ secrets.VAULT_PASSWORD }}
+          options: |
+            --extra-vars domain=openpunk.com
--- a/README.md
+++ b/README.md
@@ -1,5 +1,4 @@
 # OpenPunk's Ansible playbook
-
 This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including:

 - gitea
@@ -12,18 +11,15 @@ This is my failsafe (and also my helpful migration tool) for restoring the OpenP
 This playbook assumes the target VPS is running the latest debian stable release.

 ## Notes to my future self
-
 The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set.

 ## Usage
-
 ```sh
 ansible-playbook -i hosts --ask-vault-pass run.yml
 ```
 > NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files)

 ## Example hosts file
-
 ```
 [hosts]
 openpunk-vps ansible_host=104.238.138.76 ansible_user=root ansible_connection=ssh
--- a/tasks/blog.yml
+++ b/tasks/blog.yml
@@ -13,7 +13,7 @@
  template:
    src: templates/blog/updateBlog
    dest: /usr/local/bin/updateBlog
-    mode: u+rwx
+    mode: u+rx

 # Rebuild blog every hour
 - name: Setup blog cron job
--- a/tasks/deadswitch.yml
+++ b/tasks/deadswitch.yml
@@ -8,19 +8,19 @@
  copy:
    src: static/blog/deadswitch
    dest: /usr/local/bin/deadswitch
-    mode: u+rwx
+    mode: u+rx

 - name: Install imdead.sh
  copy:
    src: static/blog/imdead.sh
    dest: /root/deadman/imdead.sh
-    mode: u+rwx
+    mode: u+rx

 - name: Copy dead patch
  copy:
    src: secrets/dead.patch
    dest: /root/deadman/dead.patch
-    mode: u+rwx
+    mode: u+rw

 - name: Install deadtrigger
  file:
Author	SHA1	Message	Date
CPunch	ec89c70336	Deploy ansible playbook automagically	2022-10-04 12:21:22 -05:00
CPunch	281e98f030	better file permissions	2022-10-04 11:29:40 -05:00