diff --git a/.gitignore b/.gitignore
index 4862c4f..51fab92 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
!/collections/.gitkeep
/collections
+/vault
__pycache__
diff --git a/ansible.cfg b/ansible.cfg
index a4d75ac..4e90e9e 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
[defaults]
-inventory = inventory.yml
+inventory = inventories/mpp
hash_behaviour = merge
gathering = smart
transport = local
diff --git a/files/certbot/nginx.sh b/files/certbot/nginx.sh
index 95cfa47..4e6b623 100644
--- a/files/certbot/nginx.sh
+++ b/files/certbot/nginx.sh
@@ -2,4 +2,4 @@
echo -n "$CERTBOT_VALIDATION" > /root/nginx/html/.well-known/acme-challenge/$CERTBOT_TOKEN
mkdir -p /root/nginx/html/.well-known/acme-challenge
-/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t nginx &> /dev/null
+/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t nginx &> /dev/null
diff --git a/files/nginx/html/index.html b/files/nginx/html/index.html
deleted file mode 100644
index 7839b9c..0000000
--- a/files/nginx/html/index.html
+++ /dev/null
@@ -1,59 +0,0 @@
-
-
-
- {{ ansible_facts.fqdn }}
-
-
-
-
-
-
-
-
-
-
-
diff --git a/install.sh b/install.sh
index 4f38ff3..f978965 100644
--- a/install.sh
+++ b/install.sh
@@ -7,7 +7,7 @@ fi
echo "
==============================
-Multi Platform Project - Ansible
+MPP - Infra
Install Script
------------------------------
@@ -31,8 +31,18 @@ python3 -m venv /opt/ansible &> /dev/null
/opt/ansible/bin/ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
-/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t installer
+mkdir -p ~/.ansible &> /dev/null
+if [[ ! -f ~/.ansible/vault.yml ]]
+then
+ echo -n "Vault Password: "
+ read PASSWORD
+ echo "$PASSWORD" > ~/.ansible/vault.yml
+fi
+
+ssh-keyscan github.com 1> ~/.ssh/known_hosts 2> /dev/null
+
+/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t installer
echo "
==============================
diff --git a/inventories/mpp/host_vars/mpp b/inventories/mpp/host_vars/mpp
new file mode 100644
index 0000000..a87bef2
--- /dev/null
+++ b/inventories/mpp/host_vars/mpp
@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+36633733326433396538646338333139653337336137336662666538363861353933386536313164
+3532643739643661356161653064346436623531656134610a363565386431393536626238356331
+31326564633533613763366431353661663238313562333763623638653832663236633266373437
+3061373230313636610a333834303633626663353237396237376465303631396363396535393932
+61636661373930323931643062343538623231643835636662316138646161626436323937366333
+35653031363730613166353033343038616534343464393761363033356133306164646666306536
+31643061333537393333623633366463303335646336656635343434396233333032383037613934
+31653262396436336537666563376463663430356564623034316634333139656333373863623433
+63663563383139663561356539393939366333363033666636653763373339336239356334633432
+37643264386531653265643637373363633038663532333531613963633039653134633465316239
+34626366373465646535643139363539633138653133623164616431353730313461616638373166
+34626363643334643663633561336566393437356338343339313661623136323839313066356164
+65353038626338663736356330333464363366373731646636633064373031616663
diff --git a/inventory.yml b/inventories/mpp/hosts
similarity index 89%
rename from inventory.yml
rename to inventories/mpp/hosts
index 6027277..c06fea4 100644
--- a/inventory.yml
+++ b/inventories/mpp/hosts
@@ -1,7 +1,7 @@
---
all:
hosts:
- localhost:
+ mpp:
vars:
ansible_connection: local
ansible_python_interpreter: "{{ansible_playbook_python}}"
diff --git a/protect.sh b/protect.sh
new file mode 100755
index 0000000..1dfc26f
--- /dev/null
+++ b/protect.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+underline=`tput smul`
+nounderline=`tput rmul`
+bold=$(tput bold)
+normal=$(tput sgr0)
+
+echo "${bold}MPP / Infra / Protect${normal}"
+action=$1
+
+encrypt() {
+ echo "${underline}Encrypting...${nounderline}"
+ execute "ansible-vault encrypt --vault-id default@vault/mpp"
+}
+
+decrypt() {
+ echo "${underline}Decrypting...${nounderline}"
+ execute "ansible-vault decrypt --vault-id default@vault/mpp"
+}
+
+list() {
+ echo "${underline}Listing...${nounderline}"
+ i=0
+ for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+ do
+ i=$((i + 1))
+ echo $i")"$file
+ done
+}
+
+execute() {
+for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+ do
+ i=$((i + 1))
+ echo $i")"$file
+ $1 $file
+ done
+}
+
+
+case $action in
+ encrypt)
+ encrypt
+ ;;
+ decrypt)
+ decrypt
+ ;;
+ list)
+ list
+ ;;
+ help)
+ echo "encrypt, decrypt, list"
+ ;;
+ *)
+ echo "..."
+ ;;
+esac
diff --git a/tasks/deployer.yml b/tasks/deployer.yml
index a95f2a0..bc3723a 100644
--- a/tasks/deployer.yml
+++ b/tasks/deployer.yml
@@ -35,7 +35,7 @@
- "/root/mariadb:/var/lib/mysql"
restart_policy: always
env:
- MYSQL_ROOT_PASSWORD: "y9ZmTmUKLaRrZ4SA"
+ MYSQL_ROOT_PASSWORD: "{{ secrets.mariadb.users.root.password }}"
register: deployerTask102
when:
- (deployerTask101 is defined and deployerTask101.changed) or deployerTask101 is undefined
@@ -55,7 +55,7 @@
- name: "Deployer - MariaDB - Upgrade"
containers.podman.podman_container_exec:
name: mariadb
- command: "mariadb-upgrade --host=127.0.0.1 --user=root --password=y9ZmTmUKLaRrZ4SA"
+ command: "mariadb-upgrade --host=127.0.0.1 --user=root --password={{ secrets.mariadb.users.root.password }}"
register: task
ignore_errors: yes
changed_when:
@@ -70,10 +70,10 @@
mysql_user:
login_host: "127.0.0.1"
login_user: root
- login_password: "y9ZmTmUKLaRrZ4SA"
+ login_password: "{{ secrets.mariadb.users.root.password }}"
name: "mpp"
host: "%"
- password: "JRrnk4Gia9gn24y5"
+ password: "{{ secrets.mariadb.users.mpp.password }}"
priv: "mpp.*:ALL"
vars:
ansible_python_interpreter: "/opt/ansible/bin/python3"
@@ -86,7 +86,7 @@
mysql_db:
login_host: "127.0.0.1"
login_user: "mpp"
- login_password: "JRrnk4Gia9gn24y5"
+ login_password: "{{ secrets.mariadb.users.mpp.password }}"
name: "mpp"
vars:
ansible_python_interpreter: "/opt/ansible/bin/python3"
diff --git a/tasks/installer.yml b/tasks/installer.yml
index 8519aa1..30ad501 100644
--- a/tasks/installer.yml
+++ b/tasks/installer.yml
@@ -171,7 +171,7 @@
name: Maintenance
hour: "*/3"
minute: "0"
- job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t maintenance"
+ job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t maintenance"
tags:
- cron
@@ -179,6 +179,6 @@
cron:
name: Deployer
minute: "*/5"
- job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t deployer"
+ job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t deployer"
tags:
- cron