hatecomputers.club ansible roles
Go to file
Elizabeth Hunt fac223d9b8 add certbot 2024-03-18 17:36:03 -04:00
group_vars add certbot 2024-03-18 17:36:03 -04:00
playbooks add certbot 2024-03-18 17:36:03 -04:00
.gitignore initial commit 2024-03-17 18:21:46 -04:00
.yamllint initial commit 2024-03-17 18:21:46 -04:00
README.md initial commit 2024-03-17 18:21:46 -04:00
ansible-vault-init.sh initial commit 2024-03-17 18:21:46 -04:00
ansible.cfg initial commit 2024-03-17 18:21:46 -04:00
deploy.yml add certbot 2024-03-18 17:36:03 -04:00
inventory add certbot 2024-03-17 19:24:23 -04:00
requirements.yml initial commit 2024-03-17 18:21:46 -04:00
secrets.txt add certbot 2024-03-17 19:24:23 -04:00

README.md

hatecomputers.club infra

A collection of playbooks to deploy the hatecomputers.club infra

Prerequisites

  • ansible
  • yamllint
  • ansible-lint
  • an ssh key accepted on the root of each host in the inventory

Setup

Vault

Secrets are managed via ansible-vault. Initialize or update your vault with new secrets via our custom ./ansible-vault-init.sh script.

Additionally if you want to only update a single secret, use ./ansible-vault-init.sh <secret_name>.

If you don't want to be prompted to enter your password every time you deploy something, put your password as plain text into secrets.pwd as a single line in the root src directory:

echo "<your_password>" > secrets.pwd

Then you can add --vault-password-file secrets.pwd each time you run a deployment (or you know, use pass or something if you're paranoid).

Pre-commit hooks

  1. clone the repo

    git clone git@git.hatecomputers.club:hatecomputers.club/infra
    cd infra
    
  2. add a pre-commit hook

    cd .git/hooks
    touch pre-commit
    
  3. insert into pre-commit the following contents:

    #!/bin/sh
    
    set -e
    
    # lint yaml files
    echo "running yamllint..."
    yamllint --strict .
    
    # follow ansible best-practices
    echo "running ansible-lint"
    ansible-lint
    
  4. make it executable

    chmod +x pre-commit
    

Running

ansible-playbook -e @secrets.enc deploy.yml will run each respectively added playbook in deploy.yml using the vault intialized in the previous steps.

Though in development, one should be testing individual playbooks, and deploy.yml should be left for an idea of general order of things, or for a full deployment after testing.

NOTE: It is highly advised to run ansible-playbook in an ssh-agent session to avoid retyping your password over and over. Something along the lines of:

ssh-agent $(echo $SHELL)
ssh-add ~/.ssh/<private-key>