45a6b7f0c9 | ||
---|---|---|
borg | ||
docs | ||
group_vars | ||
playbooks | ||
.gitignore | ||
.yamllint | ||
README.md | ||
TODO.md | ||
ansible-vault-init.sh | ||
ansible.cfg | ||
deploy.yml | ||
inventory | ||
requirements.yml | ||
secrets.txt |
README.md
hatecomputers.club infra
A collection of playbooks to deploy the hatecomputers.club infra
Prerequisites
ansible
yamllint
ansible-lint
- an ssh key accepted on the root of each host in the
inventory
Setup
Vault
Secrets are managed via ansible-vault
. Initialize or update your vault
with new secrets via our custom ./ansible-vault-init.sh
script.
Additionally if you want to only update a single secret, use
./ansible-vault-init.sh <secret_name>
.
If you don't want to be prompted to enter your password every time you
deploy something, put your password as plain text into secrets.pwd
as
a single line in the root src directory:
echo "<your_password>" > secrets.pwd
Then you can add --vault-password-file secrets.pwd
each time you run a
deployment (or you know, use pass
or something if you're paranoid).
Pre-commit hooks
-
clone the repo
git clone git@git.hatecomputers.club:hatecomputers.club/infra cd infra
-
add a pre-commit hook
cd .git/hooks touch pre-commit
-
insert into
pre-commit
the following contents:#!/bin/sh set -e # lint yaml files echo "running yamllint..." yamllint --strict . # follow ansible best-practices echo "running ansible-lint" ansible-lint
-
make it executable
chmod +x pre-commit
Running
ansible-playbook -e @secrets.enc deploy.yml
will run each respectively added playbook in deploy.yml
using the vault intialized in the previous steps.
Though in development, one should be testing individual playbooks, and deploy.yml
should be left for an idea of general order of things, or for a
full deployment after testing.
NOTE: It is highly advised to run ansible-playbook
in an ssh-agent
session to avoid retyping your password over and over. Something along the lines of:
ssh-agent $(echo $SHELL)
ssh-add ~/.ssh/<private-key>