Compare commits
12 Commits
63414b60dd
...
0fd11fee37
Author | SHA1 | Date |
---|---|---|
Sam A. | 0fd11fee37 | |
Sam A. | 1542b0faf0 | |
Sam A. | 04799e4a8f | |
reynir | 2ca0b8daba | |
Reynir Björnsson | 77e4d90589 | |
Sam A. | 9a255c692c | |
Sam A. | 5cae83c557 | |
Sam A. | e9410c4f8f | |
Reynir Björnsson | ef5ef78ccb | |
Sam A. | 9d4c7be801 | |
Sam A. | be450fc8b8 | |
Sam A. | 34f95f31e4 |
|
@ -4,3 +4,4 @@ playbook.retry
|
|||
*.log
|
||||
.idea/
|
||||
venv/
|
||||
/ansible.cfg
|
||||
|
|
10
Makefile
10
Makefile
|
@ -1,4 +1,10 @@
|
|||
init: create_venv install_pre_commit install_ansible_galaxy_modules
|
||||
init: create_ansible_cfg create_venv install_pre_commit install_ansible_galaxy_modules
|
||||
|
||||
.ONESHELL:
|
||||
create_ansible_cfg:
|
||||
read -rp "Enter remote username: " REMOTE_USER
|
||||
cp ansible.cfg.sample ansible.cfg
|
||||
sed -i "s/REMOTE_USER/$$REMOTE_USER/g" ansible.cfg
|
||||
|
||||
create_venv:
|
||||
python3 -m venv venv
|
||||
|
@ -9,4 +15,4 @@ install_pre_commit:
|
|||
venv/bin/pre-commit install
|
||||
|
||||
install_ansible_galaxy_modules:
|
||||
venv/bin/ansible-galaxy collection install community.general
|
||||
venv/bin/ansible-galaxy collection install community.general
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
[defaults]
|
||||
remote_user = root
|
||||
remote_user = REMOTE_USER
|
||||
inventory = datacoop_hosts
|
||||
use_persistent_connections = True
|
|
@ -1,3 +1,3 @@
|
|||
######################################
|
||||
### All hosts
|
||||
85.209.118.131 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3
|
||||
hevonen.servers.data.coop ansible_port=19022 ansible_python_interpreter=/usr/bin/python3
|
||||
|
|
|
@ -8,7 +8,7 @@ usage () {
|
|||
} >&2
|
||||
}
|
||||
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-become-pass --ask-vault-pass"
|
||||
|
||||
if [ "$1" = "--vagrant" ]; then
|
||||
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
|
||||
|
|
|
@ -49,10 +49,11 @@ services:
|
|||
|
||||
restic:
|
||||
file: restic_backup.yml
|
||||
user: "dc-user"
|
||||
domain: "rynkeby.skovgaard.tel"
|
||||
user: dc-user
|
||||
domain: rynkeby.skovgaard.tel
|
||||
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
||||
volume_folder: "{{ volume_root_folder }}/restic"
|
||||
repository: "restic"
|
||||
repository: restic
|
||||
version: "1.6.0"
|
||||
disabled_in_vagrant: true
|
||||
|
||||
|
@ -199,11 +200,6 @@ services:
|
|||
postgres_version: 14-alpine
|
||||
allowed_sender_domain: true
|
||||
|
||||
pinafore:
|
||||
file: pinafore.yml
|
||||
domain: "pinafore.{{ base_domain }}"
|
||||
version: v2.5.0
|
||||
|
||||
membersystem:
|
||||
file: membersystem.yml
|
||||
domain: "member.{{ base_domain }}"
|
||||
|
|
|
@ -29,8 +29,6 @@
|
|||
GITEA__mailer__FROM: "noreply@{{ services.gitea.domain }}"
|
||||
GITEA__mailer__MAILER_TYPE: "smtp"
|
||||
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
|
||||
GITEA__mailer__USER: "noop"
|
||||
GITEA__mailer__PASSWD: "noop"
|
||||
GITEA__security__LOGIN_REMEMBER_DAYS: "60"
|
||||
GITEA__security__PASSWORD_COMPLEXITY: "off"
|
||||
GITEA__security__MIN_PASSWORD_LENGTH: "8"
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Set up Pinafore
|
||||
docker_container:
|
||||
name: pinafore
|
||||
image: "docker.data.coop/pinafore:{{ services.pinafore.version }}"
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.pinafore.domain }}"
|
||||
VIRTUAL_PORT: "4002"
|
||||
LETSENCRYPT_HOST: "{{ services.pinafore.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -5,7 +5,7 @@
|
|||
path: "{{ services.restic.volume_folder }}/ssh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0700'
|
||||
mode: '0755'
|
||||
state: directory
|
||||
|
||||
- name: Copy private SSH key
|
||||
|
@ -39,6 +39,14 @@
|
|||
group: root
|
||||
mode: '0600'
|
||||
|
||||
- name: Create SSH known_hosts file
|
||||
template:
|
||||
src: restic.ssh.known_hosts.j2
|
||||
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
|
||||
- name: Setup restic backup
|
||||
docker_compose:
|
||||
project_name: restic_backup
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
{{ services.restic.domain }} {{ services.restic.host_key }}
|
|
@ -15,9 +15,3 @@
|
|||
key: "{{ item.ssh_keys | join('\n') }}"
|
||||
exclusive: true
|
||||
loop: "{{ users | default([]) }}"
|
||||
|
||||
- name: "Add ssh authorized_keys to root user"
|
||||
ansible.posix.authorized_key:
|
||||
user: "root"
|
||||
key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
|
||||
exclusive: true
|
||||
|
|
Loading…
Reference in New Issue