Ansible project used for my production server for https://openpunk.com
Go to file
2023-02-01 23:30:14 -06:00
.vscode blog: maintain two separate builds of the site; one for tor, one for https 2023-01-16 17:17:07 -06:00
group_vars gitea: can now backup the database remotely 2023-02-01 23:30:14 -06:00
roles gitea: can now backup the database remotely 2023-02-01 23:30:14 -06:00
secrets@e643deb62e minor README changes 2023-01-14 17:36:51 -06:00
.gitignore gitea: can now backup the database remotely 2023-02-01 23:30:14 -06:00
.gitmodules Added secrets submodule 2022-05-31 13:20:17 -05:00
README.md roles/deadswitch: role is now idempotent 2023-01-18 01:10:40 -06:00
run.yml gitea: can now backup the database remotely 2023-02-01 23:30:14 -06:00

OpenPunk's Ansible playbook

This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including:

  • gitea
    • sadly, no db migration is supported right now. maybe a future todo?
  • blog
  • tor mirror
  • nginx (for the above mentioned)
    • certbot's Let's Encrypt
  • my shell theme (zsh + powerlevel10k)
  • deadswitch (& the ssh + git config to allow pushes)

This playbook assumes the target VPS is running the latest debian stable release.

Notes to my future self

Add this to your local machine's crontab:

ssh openpunk 'touch /root/.deadtrigger'

Some DNS records also need to be set:

  • an A record with a git.* subdomain

Usage

ansible-playbook -i hosts --ask-vault-pass run.yml

NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files)

Example hosts file

[hosts]
openpunk-vps ansible_host=104.238.138.76 ansible_user=root ansible_connection=ssh