Update

.gitignore

@@ -1,3 +1,4 @@
 !/collections/.gitkeep
 /collections
+/vault
 __pycache__

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-inventory = inventory.yml
+inventory = inventories/mpp
 hash_behaviour = merge
 gathering = smart
 transport = local

files/certbot/nginx.sh

@@ -2,4 +2,4 @@
 
 echo -n "$CERTBOT_VALIDATION" > /root/nginx/html/.well-known/acme-challenge/$CERTBOT_TOKEN
 mkdir -p /root/nginx/html/.well-known/acme-challenge
-/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t nginx &> /dev/null
+/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t nginx &> /dev/null

files/nginx/html/index.html

@@ -1,59 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-    <head>
-        <title>{{ ansible_facts.fqdn }}</title>
-        <meta charset="UTF-8">
-        <meta name="robots" content="noindex">
-        <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
-        <style>
-            body {
-                background-color: #333333;
-                width: 100vw;
-                height: 100vh;
-                margin: 0;
-                display: flex;
-                align-items: center;
-                justify-content: center;
-                text-align: center;
-            }
-
-            *, *:active, *:focus, *:hover, *:visited, *:link {
-                color: #ffffff;
-                font-family: sans-serif;
-            }
-
-            p {
-                margin-bottom: 0px;
-                margin-top: 0px;
-            }
-
-            .org {
-                font-size: xx-large;
-            }
-
-            .link {
-                margin-top: 10px;
-            }
-
-            .server {
-                margin-top: 50px;
-            }
-
-            .server * {
-                color: #555555;
-            }
-        </style>
-    </head>
-    <body>
-        <div>
-            <p class="org">Musix Org</p>
-            <p class="link"><a href="https://musix-org.com">Visit website</a></p>
-
-            <div class="server">
-                <p class="name">{{ ansible_facts.fqdn }}</p>
-            </div>
-        </div>
-
-    </body>
-</html>

install.sh

@@ -7,7 +7,7 @@ fi
 echo "
 ==============================
 
-Multi Platform Project - Ansible
+MPP - Infra
 Install Script
 
 ------------------------------
@@ -31,8 +31,18 @@ python3 -m venv /opt/ansible &> /dev/null
 
 /opt/ansible/bin/ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
 
-/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t installer
+mkdir -p ~/.ansible &> /dev/null
 
+if [[ ! -f ~/.ansible/vault.yml ]]
+then
+    echo -n "Vault Password: "
+    read PASSWORD
+    echo "$PASSWORD" > ~/.ansible/vault.yml
+fi
+
+ssh-keyscan github.com 1> ~/.ssh/known_hosts 2> /dev/null
+
+/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t installer
 
 echo "
 ==============================

inventories/mpp/host_vars/mpp

@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+36633733326433396538646338333139653337336137336662666538363861353933386536313164
+3532643739643661356161653064346436623531656134610a363565386431393536626238356331
+31326564633533613763366431353661663238313562333763623638653832663236633266373437
+3061373230313636610a333834303633626663353237396237376465303631396363396535393932
+61636661373930323931643062343538623231643835636662316138646161626436323937366333
+35653031363730613166353033343038616534343464393761363033356133306164646666306536
+31643061333537393333623633366463303335646336656635343434396233333032383037613934
+31653262396436336537666563376463663430356564623034316634333139656333373863623433
+63663563383139663561356539393939366333363033666636653763373339336239356334633432
+37643264386531653265643637373363633038663532333531613963633039653134633465316239
+34626366373465646535643139363539633138653133623164616431353730313461616638373166
+34626363643334643663633561336566393437356338343339313661623136323839313066356164
+65353038626338663736356330333464363366373731646636633064373031616663

inventories/mpp/hosts

@@ -1,7 +1,7 @@
 ---
 all:
   hosts:
-    localhost:
+    mpp:
       vars:
         ansible_connection: local
         ansible_python_interpreter: "{{ansible_playbook_python}}"

protect.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+underline=`tput smul`
+nounderline=`tput rmul`
+bold=$(tput bold)
+normal=$(tput sgr0)
+
+echo "${bold}MPP / Infra / Protect${normal}"
+action=$1
+
+encrypt() {
+    echo "${underline}Encrypting...${nounderline}"
+    execute "ansible-vault encrypt --vault-id default@vault/mpp"
+}
+
+decrypt() {
+    echo "${underline}Decrypting...${nounderline}"
+    execute "ansible-vault decrypt --vault-id default@vault/mpp"
+}
+
+list() {
+    echo "${underline}Listing...${nounderline}"
+    i=0
+    for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+    do
+        i=$((i + 1))
+        echo $i")"$file
+    done
+}
+
+execute() {
+for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+    do
+        i=$((i + 1))
+        echo $i")"$file
+        $1 $file
+    done
+}
+
+
+case $action in
+    encrypt)
+        encrypt
+        ;;
+    decrypt)
+        decrypt
+        ;;
+    list)
+        list
+        ;;
+    help)
+        echo "encrypt, decrypt, list"
+        ;;
+    *)
+        echo "..."
+        ;;
+esac

tasks/deployer.yml

@@ -35,7 +35,7 @@
       - "/root/mariadb:/var/lib/mysql"
     restart_policy: always
     env:
-      MYSQL_ROOT_PASSWORD: "y9ZmTmUKLaRrZ4SA"
+      MYSQL_ROOT_PASSWORD: "{{ secrets.mariadb.users.root.password }}"
   register: deployerTask102
   when:
     - (deployerTask101 is defined and deployerTask101.changed) or deployerTask101 is undefined
@@ -55,7 +55,7 @@
 - name: "Deployer - MariaDB - Upgrade"
   containers.podman.podman_container_exec:
     name: mariadb
-    command: "mariadb-upgrade --host=127.0.0.1 --user=root --password=y9ZmTmUKLaRrZ4SA"
+    command: "mariadb-upgrade --host=127.0.0.1 --user=root --password={{ secrets.mariadb.users.root.password }}"
   register: task
   ignore_errors: yes
   changed_when:
@@ -70,10 +70,10 @@
   mysql_user:
     login_host: "127.0.0.1"
     login_user: root
-    login_password: "y9ZmTmUKLaRrZ4SA"
+    login_password: "{{ secrets.mariadb.users.root.password }}"
     name: "mpp"
     host: "%"
-    password: "JRrnk4Gia9gn24y5"
+    password: "{{ secrets.mariadb.users.mpp.password }}"
     priv: "mpp.*:ALL"
   vars:
     ansible_python_interpreter: "/opt/ansible/bin/python3"
@@ -86,7 +86,7 @@
   mysql_db:
     login_host: "127.0.0.1"
     login_user: "mpp"
-    login_password: "JRrnk4Gia9gn24y5"
+    login_password: "{{ secrets.mariadb.users.mpp.password }}"
     name: "mpp"
   vars:
     ansible_python_interpreter: "/opt/ansible/bin/python3"

tasks/installer.yml

@@ -171,7 +171,7 @@
     name: Maintenance
     hour: "*/3"
     minute: "0"
-    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t maintenance"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t maintenance"
   tags:
     - cron
 
@@ -179,6 +179,6 @@
   cron:
     name: Deployer
     minute: "*/5"
-    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t deployer"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t deployer"
   tags:
     - cron