OpenPunk/openpunk-ansible
1
0
Fork 0
mirror of https://github.com/CPunch/openpunk-ansible.git synced 2024-11-22 15:30:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: OpenPunk:e8fe024b770f554ec37522f1136f08255a66f71e
Branches Tags
OpenPunk:main
OpenPunk:rewrite
OpenPunk:v1.0.2
OpenPunk:v1.0.1
OpenPunk:v1.0.0
..
compare: OpenPunk:5cdc63e35a6e9b1f3f405c6670401ff6e89d919b
Branches Tags
OpenPunk:main
OpenPunk:rewrite
OpenPunk:v1.0.2
OpenPunk:v1.0.1
OpenPunk:v1.0.0

No commits in common. "e8fe024b770f554ec37522f1136f08255a66f71e" and "5cdc63e35a6e9b1f3f405c6670401ff6e89d919b" have entirely different histories.
e8fe024b77 ... 5cdc63e35a

5 changed files with 53 additions and 41 deletions
Show Stats Expand all files Collapse all files

27
.github/workflows/deploy.yaml vendored Normal file
View File

@ -0,0 +1,27 @@
# name: Run Playbook
# on:
# push:
# tags:
# - "v*.*.*"
# jobs:
# deploy:
# runs-on: ubuntu-latest
# steps:
# - name: Set up Git repository
# uses: actions/checkout@v3
# with:
# ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
# submodules: recursive
# - name: Run Ansible-Playbook
# uses: dawidd6/action-ansible-playbook@v2
# with:
# playbook: run.yml
# key: ${{ secrets.SSH_PRIVATE_KEY }}
# inventory: |
# [hosts]
# openpunk-vps ansible_host=96.30.199.68 ansible_user=root ansible_connection=ssh
# vault_password: ${{ secrets.VAULT_PASSWORD }}
# options: |
# --extra-vars domain=openpunk.com

21
roles/essential/tasks/main.yml
View File

@ -1,4 +1,17 @@
--- ---
# TODO: make idempotent
- name: Add Gitea repo key
shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import
# TODO: make idempotent
- name: Set key perms
shell: sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
- name: Add Gitea repo
apt_repository:
filename: morph027-gitea
repo: deb https://packaging.gitlab.io/gitea gitea main
- name: Upgrade Packages - name: Upgrade Packages
apt: apt:
update_cache: yes update_cache: yes
@ -8,6 +21,7 @@
package: package:
name: name:
- hugo - hugo
- gitea
- git - git
- nginx - nginx
- tor - tor
@ -18,10 +32,9 @@
- zsh # :D - zsh # :D
- python3-certbot-nginx - python3-certbot-nginx
- name: Setup zsh # TODO: make idempotent
user: - name: Setup default shell (zsh)
name: "{{ ansible_user }}" shell: chsh -s /usr/bin/zsh
shell: /usr/bin/zsh
- name: Clone Powerlevel10k theme - name: Clone Powerlevel10k theme
git: git:

15
roles/git/tasks/main.yml
View File

@ -9,22 +9,21 @@
# make sure our vps trusts the github.com key signature. we pipe the output # make sure our vps trusts the github.com key signature. we pipe the output
# of ssh-keyscan into .ssh/known_hosts # of ssh-keyscan into .ssh/known_hosts
# TODO: make idempotent
- name: Scan for SSH host keys - name: Scan for SSH host keys
command: ssh-keyscan github.com 2>/dev/null command: ssh-keyscan github.com 2>/dev/null
register: ssh_scan register: ssh_scan
changed_when: false
- name: Update .ssh/known_hosts - name: Update known_hosts
blockinfile: copy:
path: /root/.ssh/known_hosts content: "{{ ssh_scan.stdout_lines|join('\n') }}"
block: "{{ ssh_scan.stdout_lines|join('\n') }}" dest: /root/.ssh/known_hosts
insertbefore: BOF
create: yes
owner: root owner: root
mode: u=rw,g=,o= mode: u=rw,g=,o=
force: no # if we already have a known_hosts file, ignore!
# this keypair is trusted under my github account, so it allows my vps to make pushes # this keypair is trusted under my github account, so it allows my vps to make pushes
# to the main branch of my openpunk repository. (see roles/deadswitchfiles/imdead.sh) # to the main branch of my openpunk repository. (for my deadswitch: see static/blog/imdead.sh)
- name: Install ssh priv key - name: Install ssh priv key
copy: copy:

29
roles/gitea/tasks/main.yml
View File

@ -1,34 +1,7 @@
--- ---
- name: Check if Gitea is installed
shell: gitea --version
register: validate_gitea
changed_when: no
- name: Add Gitea key && repository
block:
- name: Check for Gitea gpg key
stat:
path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg
register: gitea_key
- name: Import Gitea key
shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
when: gitea_key.stat.exists == false or gitea_key.stat.mode != "0644"
- name: Add Gitea repository
apt_repository:
filename: morph027-gitea
repo: deb https://packaging.gitlab.io/gitea gitea main
when: '"not found" in validate_gitea.stdout'
- name: Install Gitea
package:
name:
- gitea
- name: Configure Gitea - name: Configure Gitea
template: template:
src: templates/app.ini src: app.ini
dest: /etc/gitea/app.ini dest: /etc/gitea/app.ini
owner: gitea owner: gitea
force: no # we don't want to kill our existing config D: force: no # we don't want to kill our existing config D:

2
roles/tor/tasks/main.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: Install torrc - name: Install torrc
template: template:
src: templates/torrc src: torrc
dest: /etc/tor/torrc dest: /etc/tor/torrc
owner: root owner: root
group: root group: root