Compare commits
3 Commits
004bc2a612
...
b10ee60b74
Author | SHA1 | Date | |
---|---|---|---|
b10ee60b74 | |||
7d34d5e931 | |||
579b2fa296 |
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
*.swp
|
||||
.cache
|
||||
private.pem
|
||||
|
@ -17,6 +17,10 @@ before_script:
|
||||
- touch /vaultpw
|
||||
- chmod 0600 /vaultpw
|
||||
- echo "$ANSIBLE_VAULT_PASSWORD" > /vaultpw
|
||||
# Dump the Netbox key
|
||||
- touch private.pem
|
||||
- chmod 0600 private.pem
|
||||
- echo "$NETBOX_USER_KEY" > private.pem
|
||||
# Fix perms on the playbook root
|
||||
- chmod -R 0750 .
|
||||
# Join the Zerotier management network
|
||||
|
@ -64,13 +64,14 @@ apache_ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||
##RESERVED
|
||||
|
||||
# For gulagbot
|
||||
secret_gulagbot_db_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63386534643137613234643962663831353461356464363732613030626364366661626134643837
|
||||
6466653931366539656662323330333363633732613061360a306565643932613635353435663039
|
||||
61386334626437323934366634343162643932393834313235356664623537636162376464613061
|
||||
3966393761626133320a646465376235346239333036326530363538306238626438653232623632
|
||||
37616561326538636534393533613037336665333865613735646532656163373233
|
||||
secret_gulagbot_db_pass: "{{ query('netbox.netbox.nb_lookup', 'secrets', api_filter='name=secret_gulagbot_db_pass', api_endpoint='https://netbox.desu.ltd', token=netbox_token, key_file='private.pem')[0].value.plaintext }}"
|
||||
#secret_gulagbot_db_pass: !vault |
|
||||
# $ANSIBLE_VAULT;1.1;AES256
|
||||
# 63386534643137613234643962663831353461356464363732613030626364366661626134643837
|
||||
# 6466653931366539656662323330333363633732613061360a306565643932613635353435663039
|
||||
# 61386334626437323934366634343162643932393834313235356664623537636162376464613061
|
||||
# 3966393761626133320a646465376235346239333036326530363538306238626438653232623632
|
||||
# 37616561326538636534393533613037336665333865613735646532656163373233
|
||||
secret_gulagbot_discord_token: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37613664393766353738353139323365346639393538653834643633613564646537616532316336
|
||||
|
37
playbooks/all.yml
Executable file
37
playbooks/all.yml
Executable file
@ -0,0 +1,37 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# Preambulatory system configuration
|
||||
- hosts: all
|
||||
tasks:
|
||||
- name: collect service facts
|
||||
service_facts:
|
||||
tags: [ always ]
|
||||
roles:
|
||||
- role: common
|
||||
tags: [ common ]
|
||||
- role: adminuser
|
||||
tags: [ adminuser, common ]
|
||||
- role: docker
|
||||
tags: [ docker, common, skip-pull ]
|
||||
- role: motd
|
||||
vars:
|
||||
motd_watch_services_extra:
|
||||
- docker
|
||||
- kubelet
|
||||
- postgresql
|
||||
tags: [ motd, common ]
|
||||
- role: sshd
|
||||
vars:
|
||||
sshd:
|
||||
AcceptEnv: "LANG LC_*"
|
||||
ChallengeResponseAuthentication: no
|
||||
Compression: yes
|
||||
PasswordAuthentication: no
|
||||
PermitRootLogin: no
|
||||
PrintMotd: no
|
||||
PubkeyAuthentication: yes
|
||||
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
||||
UsePAM: yes
|
||||
X11Forwarding: no
|
||||
tags: [ sshd, common ]
|
36
site.yml
36
site.yml
@ -2,41 +2,7 @@
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# Preambulatory system configuration
|
||||
- hosts: all
|
||||
tasks:
|
||||
- name: collect service facts
|
||||
service_facts:
|
||||
tags: [ always ]
|
||||
roles:
|
||||
- role: common
|
||||
tags: [ common ]
|
||||
- role: adminuser
|
||||
tags: [ adminuser, common ]
|
||||
- role: docker
|
||||
tags: [ docker, common, skip-pull ]
|
||||
- role: motd
|
||||
vars:
|
||||
motd_watch_services_extra:
|
||||
- apache2
|
||||
- docker
|
||||
- kubelet
|
||||
- php7.4-fpm
|
||||
- postgresql
|
||||
tags: [ motd, common ]
|
||||
- role: sshd
|
||||
vars:
|
||||
sshd:
|
||||
AcceptEnv: "LANG LC_*"
|
||||
ChallengeResponseAuthentication: no
|
||||
Compression: yes
|
||||
PasswordAuthentication: no
|
||||
PermitRootLogin: no
|
||||
PrintMotd: no
|
||||
PubkeyAuthentication: yes
|
||||
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
||||
UsePAM: yes
|
||||
X11Forwarding: no
|
||||
tags: [ sshd, common ]
|
||||
- import_playbook: playbooks/all.yml
|
||||
# Manufacturer configuration
|
||||
- import_playbook: playbooks/manufacturers_raspi.yml
|
||||
- import_playbook: playbooks/manufacturers_s76.yml
|
||||
|
Loading…
Reference in New Issue
Block a user