infra/README.md

86 lines
1.9 KiB
Markdown
Raw Normal View History

2024-03-17 18:21:46 -04:00
# hatecomputers.club infra
A collection of playbooks to deploy the hatecomputers.club infra
## Prerequisites
- `ansible`
- `yamllint`
- `ansible-lint`
- an ssh key accepted on the root of each host in the `inventory`
## Setup
### Vault
Secrets are managed via `ansible-vault`. Initialize or update your vault
with new secrets via our custom `./ansible-vault-init.sh` script.
Additionally if you want to only update a single secret, use
`./ansible-vault-init.sh <secret_name>`.
If you don't want to be prompted to enter your password every time you
deploy something, put your password as plain text into `secrets.pwd` as
a single line in the root src directory:
```bash
echo "<your_password>" > secrets.pwd
```
Then you can add `--vault-password-file secrets.pwd` each time you run a
deployment (or you know, use `pass` or something if you're paranoid).
### Pre-commit hooks
1. clone the repo
```bash
git clone git@git.hatecomputers.club:hatecomputers.club/infra
cd infra
```
2. add a pre-commit hook
```bash
cd .git/hooks
touch pre-commit
```
3. insert into `pre-commit` the following contents:
```bash
#!/bin/sh
set -e
# lint yaml files
echo "running yamllint..."
yamllint --strict .
# follow ansible best-practices
echo "running ansible-lint"
ansible-lint
```
4. make it executable
```bash
chmod +x pre-commit
```
## Running
`ansible-playbook -e @secrets.enc deploy.yml` will run each respectively added playbook in `deploy.yml`
using the vault intialized in the previous steps.
Though in development, one should be testing individual playbooks, and `deploy.yml`
should be left for an idea of general order of things, or for a
full deployment after testing.
NOTE: It is highly advised to run `ansible-playbook` in an `ssh-agent` session to avoid retyping your password over and over. Something along the lines of:
```bash
ssh-agent $(echo $SHELL)
ssh-add ~/.ssh/<private-key>
```