This commit is contained in:
Christer Warén 2024-05-05 18:44:06 +03:00
parent f226606aa5
commit b26fb7d6ab
10 changed files with 94 additions and 71 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
!/collections/.gitkeep
/collections
/vault
__pycache__

View File

@ -1,5 +1,5 @@
[defaults]
inventory = inventory.yml
inventory = inventories/mpp
hash_behaviour = merge
gathering = smart
transport = local

View File

@ -2,4 +2,4 @@
echo -n "$CERTBOT_VALIDATION" > /root/nginx/html/.well-known/acme-challenge/$CERTBOT_TOKEN
mkdir -p /root/nginx/html/.well-known/acme-challenge
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t nginx &> /dev/null
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t nginx &> /dev/null

View File

@ -1,59 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>{{ ansible_facts.fqdn }}</title>
<meta charset="UTF-8">
<meta name="robots" content="noindex">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
body {
background-color: #333333;
width: 100vw;
height: 100vh;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
text-align: center;
}
*, *:active, *:focus, *:hover, *:visited, *:link {
color: #ffffff;
font-family: sans-serif;
}
p {
margin-bottom: 0px;
margin-top: 0px;
}
.org {
font-size: xx-large;
}
.link {
margin-top: 10px;
}
.server {
margin-top: 50px;
}
.server * {
color: #555555;
}
</style>
</head>
<body>
<div>
<p class="org">Musix Org</p>
<p class="link"><a href="https://musix-org.com">Visit website</a></p>
<div class="server">
<p class="name">{{ ansible_facts.fqdn }}</p>
</div>
</div>
</body>
</html>

View File

@ -7,7 +7,7 @@ fi
echo "
==============================
Multi Platform Project - Ansible
MPP - Infra
Install Script
------------------------------
@ -31,8 +31,18 @@ python3 -m venv /opt/ansible &> /dev/null
/opt/ansible/bin/ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t installer
mkdir -p ~/.ansible &> /dev/null
if [[ ! -f ~/.ansible/vault.yml ]]
then
echo -n "Vault Password: "
read PASSWORD
echo "$PASSWORD" > ~/.ansible/vault.yml
fi
ssh-keyscan github.com 1> ~/.ssh/known_hosts 2> /dev/null
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t installer
echo "
==============================

View File

@ -0,0 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256
36633733326433396538646338333139653337336137336662666538363861353933386536313164
3532643739643661356161653064346436623531656134610a363565386431393536626238356331
31326564633533613763366431353661663238313562333763623638653832663236633266373437
3061373230313636610a333834303633626663353237396237376465303631396363396535393932
61636661373930323931643062343538623231643835636662316138646161626436323937366333
35653031363730613166353033343038616534343464393761363033356133306164646666306536
31643061333537393333623633366463303335646336656635343434396233333032383037613934
31653262396436336537666563376463663430356564623034316634333139656333373863623433
63663563383139663561356539393939366333363033666636653763373339336239356334633432
37643264386531653265643637373363633038663532333531613963633039653134633465316239
34626366373465646535643139363539633138653133623164616431353730313461616638373166
34626363643334643663633561336566393437356338343339313661623136323839313066356164
65353038626338663736356330333464363366373731646636633064373031616663

View File

@ -1,7 +1,7 @@
---
all:
hosts:
localhost:
mpp:
vars:
ansible_connection: local
ansible_python_interpreter: "{{ansible_playbook_python}}"

57
protect.sh Executable file
View File

@ -0,0 +1,57 @@
#!/bin/bash
underline=`tput smul`
nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
echo "${bold}MPP / Infra / Protect${normal}"
action=$1
encrypt() {
echo "${underline}Encrypting...${nounderline}"
execute "ansible-vault encrypt --vault-id default@vault/mpp"
}
decrypt() {
echo "${underline}Decrypting...${nounderline}"
execute "ansible-vault decrypt --vault-id default@vault/mpp"
}
list() {
echo "${underline}Listing...${nounderline}"
i=0
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
done
}
execute() {
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
$1 $file
done
}
case $action in
encrypt)
encrypt
;;
decrypt)
decrypt
;;
list)
list
;;
help)
echo "encrypt, decrypt, list"
;;
*)
echo "..."
;;
esac

View File

@ -35,7 +35,7 @@
- "/root/mariadb:/var/lib/mysql"
restart_policy: always
env:
MYSQL_ROOT_PASSWORD: "y9ZmTmUKLaRrZ4SA"
MYSQL_ROOT_PASSWORD: "{{ secrets.mariadb.users.root.password }}"
register: deployerTask102
when:
- (deployerTask101 is defined and deployerTask101.changed) or deployerTask101 is undefined
@ -55,7 +55,7 @@
- name: "Deployer - MariaDB - Upgrade"
containers.podman.podman_container_exec:
name: mariadb
command: "mariadb-upgrade --host=127.0.0.1 --user=root --password=y9ZmTmUKLaRrZ4SA"
command: "mariadb-upgrade --host=127.0.0.1 --user=root --password={{ secrets.mariadb.users.root.password }}"
register: task
ignore_errors: yes
changed_when:
@ -70,10 +70,10 @@
mysql_user:
login_host: "127.0.0.1"
login_user: root
login_password: "y9ZmTmUKLaRrZ4SA"
login_password: "{{ secrets.mariadb.users.root.password }}"
name: "mpp"
host: "%"
password: "JRrnk4Gia9gn24y5"
password: "{{ secrets.mariadb.users.mpp.password }}"
priv: "mpp.*:ALL"
vars:
ansible_python_interpreter: "/opt/ansible/bin/python3"
@ -86,7 +86,7 @@
mysql_db:
login_host: "127.0.0.1"
login_user: "mpp"
login_password: "JRrnk4Gia9gn24y5"
login_password: "{{ secrets.mariadb.users.mpp.password }}"
name: "mpp"
vars:
ansible_python_interpreter: "/opt/ansible/bin/python3"

View File

@ -171,7 +171,7 @@
name: Maintenance
hour: "*/3"
minute: "0"
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t maintenance"
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t maintenance"
tags:
- cron
@ -179,6 +179,6 @@
cron:
name: Deployer
minute: "*/5"
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t deployer"
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t deployer"
tags:
- cron