Ansible project used for my production server for https://openpunk.com
Go to file
2023-01-16 17:17:07 -06:00
.github/workflows github: disabled deploy workflow 2023-01-14 17:31:46 -06:00
.vscode blog: maintain two separate builds of the site; one for tor, one for https 2023-01-16 17:17:07 -06:00
group_vars blog: maintain two separate builds of the site; one for tor, one for https 2023-01-16 17:17:07 -06:00
roles blog: maintain two separate builds of the site; one for tor, one for https 2023-01-16 17:17:07 -06:00
secrets@e643deb62e minor README changes 2023-01-14 17:36:51 -06:00
.gitignore Added secrets submodule 2022-05-31 13:20:17 -05:00
.gitmodules Added secrets submodule 2022-05-31 13:20:17 -05:00
README.md minor README changes 2023-01-14 17:36:51 -06:00
run.yml switched to roles 2023-01-14 17:26:17 -06:00

OpenPunk's Ansible playbook

This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including:

  • gitea
    • sadly, no db migration is supported right now. maybe a future todo?
  • blog
  • tor mirror
  • nginx (for the above mentioned)
  • my shell theme (zsh + powerlevel10k)
  • deadswitch (& the ssh + git config to allow pushes)

This playbook assumes the target VPS is running the latest debian stable release.

Notes to my future self

The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set.

Some DNS records also need to be set:

  • an A record with a git.* subdomain

Usage

ansible-playbook -i hosts --ask-vault-pass run.yml

NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files)

Example hosts file

[hosts]
openpunk-vps ansible_host=104.238.138.76 ansible_user=root ansible_connection=ssh