Merge branch 'main' into use_sudo

Merge pull request 'Remove Pinafore' (#148 ) from removal/pinafore into main
Reviewed-on: #148
2023-03-07 22:00:59 +01:00 · 2023-03-07 11:16:32 +00:00 · 2023-03-06 22:27:53 +01:00 · 2023-03-06 20:43:12 +01:00 · 2023-03-06 13:38:52 +01:00 · 2023-01-22 19:28:08 +01:00
11 changed files with 26 additions and 36 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@ playbook.retry
 *.log
 .idea/
 venv/
+/ansible.cfg
--- a/10
+++ b/10
@ -1,4 +1,10 @@
-init: create_venv install_pre_commit install_ansible_galaxy_modules
+init: create_ansible_cfg create_venv install_pre_commit install_ansible_galaxy_modules
+
+.ONESHELL:
+create_ansible_cfg:
+	read -rp "Enter remote username: " REMOTE_USER
+	cp ansible.cfg.sample ansible.cfg
+	sed -i "s/REMOTE_USER/$$REMOTE_USER/g" ansible.cfg

 create_venv:
 	python3 -m venv venv
@ -9,4 +15,4 @@ install_pre_commit:
 	venv/bin/pre-commit install

 install_ansible_galaxy_modules:
-	venv/bin/ansible-galaxy collection install community.general
+	venv/bin/ansible-galaxy collection install community.general
--- a/ansible.cfg.sample
+++ b/ansible.cfg.sample
@ -1,4 +1,4 @@
 [defaults]
-remote_user = root
+remote_user = REMOTE_USER
 inventory = datacoop_hosts
 use_persistent_connections = True
--- a/2
+++ b/2
@ -1,3 +1,3 @@
 ######################################
 ### All hosts
-85.209.118.131 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3
+hevonen.servers.data.coop ansible_port=19022 ansible_python_interpreter=/usr/bin/python3
--- a/deploy.sh
+++ b/deploy.sh
@ -8,7 +8,7 @@ usage () {
    } >&2
 }

-BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
+BASE_CMD="ansible-playbook playbook.yml --ask-become-pass --ask-vault-pass"

 if [ "$1" = "--vagrant" ]; then
    BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@ -49,10 +49,11 @@ services:

  restic:
    file: restic_backup.yml
-    user: "dc-user"
-    domain: "rynkeby.skovgaard.tel"
+    user: dc-user
+    domain: rynkeby.skovgaard.tel
+    host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
    volume_folder: "{{ volume_root_folder }}/restic"
-    repository: "restic"
+    repository: restic
    version: "1.6.0"
    disabled_in_vagrant: true

@ -199,11 +200,6 @@ services:
    postgres_version: 14-alpine
    allowed_sender_domain: true

-  pinafore:
-    file: pinafore.yml
-    domain: "pinafore.{{ base_domain }}"
-    version: v2.5.0
-
  membersystem:
    file: membersystem.yml
    domain: "member.{{ base_domain }}"
--- a/roles/docker/tasks/services/gitea.yml
+++ b/roles/docker/tasks/services/gitea.yml
@ -29,8 +29,6 @@
      GITEA__mailer__FROM: "noreply@{{ services.gitea.domain }}"
      GITEA__mailer__MAILER_TYPE: "smtp"
      GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
-      GITEA__mailer__USER: "noop"
-      GITEA__mailer__PASSWD: "noop"
      GITEA__security__LOGIN_REMEMBER_DAYS: "60"
      GITEA__security__PASSWORD_COMPLEXITY: "off"
      GITEA__security__MIN_PASSWORD_LENGTH: "8"
--- a/roles/docker/tasks/services/pinafore.yml
+++ b/roles/docker/tasks/services/pinafore.yml
@ -1,14 +0,0 @@
-# vim: ft=yaml.ansible
---
- name: Set up Pinafore
-  docker_container:
-    name: pinafore
-    image: "docker.data.coop/pinafore:{{ services.pinafore.version }}"
-    restart_policy: unless-stopped
-    networks:
-      - name: external_services
-    env:
-      VIRTUAL_HOST: "{{ services.pinafore.domain }}"
-      VIRTUAL_PORT: "4002"
-      LETSENCRYPT_HOST: "{{ services.pinafore.domain }}"
-      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
--- a/roles/docker/tasks/services/restic_backup.yml
+++ b/roles/docker/tasks/services/restic_backup.yml
@ -5,7 +5,7 @@
    path: "{{ services.restic.volume_folder }}/ssh"
    owner: root
    group: root
-    mode: '0700'
+    mode: '0755'
    state: directory

 - name: Copy private SSH key
@ -39,6 +39,14 @@
    group: root
    mode: '0600'

+- name: Create SSH known_hosts file
+  template:
+    src: restic.ssh.known_hosts.j2
+    dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
+    owner: root
+    group: root
+    mode: '0600'
+
 - name: Setup restic backup
  docker_compose:
    project_name: restic_backup
--- a/roles/docker/templates/restic.ssh.known_hosts.j2
+++ b/roles/docker/templates/restic.ssh.known_hosts.j2
@ -0,0 +1 @@
+{{ services.restic.domain }} {{ services.restic.host_key }}
--- a/roles/ubuntu_base/tasks/users.yml
+++ b/roles/ubuntu_base/tasks/users.yml
@ -15,9 +15,3 @@
    key: "{{ item.ssh_keys | join('\n') }}"
    exclusive: true
  loop: "{{ users | default([]) }}"
-
- name: "Add ssh authorized_keys to root user"
-  ansible.posix.authorized_key:
-    user: "root"
-    key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
-    exclusive: true
Author	SHA1	Message	Date
Sam A.	63414b60dd	Merge branch 'main' into use_sudo	2023-03-07 22:00:59 +01:00
Sam A.	5cae83c557	Merge pull request 'Remove Pinafore' (#148 ) from removal/pinafore into main Reviewed-on: #148	2023-03-07 11:16:32 +00:00
Sam A.	e9410c4f8f	Use domain name instead of IP in inventory file	2023-03-06 22:27:53 +01:00
Reynir Björnsson	ef5ef78ccb	Merge remote-tracking branch 'data.coop/vhs.data.coop'	2023-03-06 20:43:12 +01:00
Sam A.	9d4c7be801	Add known_hosts to Restic's SSH folder	2023-03-06 13:38:52 +01:00
Sam A.	be450fc8b8	Merge branch 'main' into removal/pinafore	2023-01-22 19:28:08 +01:00
Sam A.	34f95f31e4	Remove Pinafore	2023-01-14 17:14:31 +01:00
				`@ -0,0 +1 @@`
				`{{ services.restic.domain }} {{ services.restic.host_key }}`