mirror of
https://github.com/MatteZ02/infra.git
synced 2024-11-09 20:40:18 +00:00
Update
This commit is contained in:
parent
f226606aa5
commit
b26fb7d6ab
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
||||
!/collections/.gitkeep
|
||||
/collections
|
||||
/vault
|
||||
__pycache__
|
||||
|
@ -1,5 +1,5 @@
|
||||
[defaults]
|
||||
inventory = inventory.yml
|
||||
inventory = inventories/mpp
|
||||
hash_behaviour = merge
|
||||
gathering = smart
|
||||
transport = local
|
||||
|
@ -2,4 +2,4 @@
|
||||
|
||||
echo -n "$CERTBOT_VALIDATION" > /root/nginx/html/.well-known/acme-challenge/$CERTBOT_TOKEN
|
||||
mkdir -p /root/nginx/html/.well-known/acme-challenge
|
||||
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t nginx &> /dev/null
|
||||
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t nginx &> /dev/null
|
||||
|
@ -1,59 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<title>{{ ansible_facts.fqdn }}</title>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="robots" content="noindex">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<style>
|
||||
body {
|
||||
background-color: #333333;
|
||||
width: 100vw;
|
||||
height: 100vh;
|
||||
margin: 0;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
*, *:active, *:focus, *:hover, *:visited, *:link {
|
||||
color: #ffffff;
|
||||
font-family: sans-serif;
|
||||
}
|
||||
|
||||
p {
|
||||
margin-bottom: 0px;
|
||||
margin-top: 0px;
|
||||
}
|
||||
|
||||
.org {
|
||||
font-size: xx-large;
|
||||
}
|
||||
|
||||
.link {
|
||||
margin-top: 10px;
|
||||
}
|
||||
|
||||
.server {
|
||||
margin-top: 50px;
|
||||
}
|
||||
|
||||
.server * {
|
||||
color: #555555;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<p class="org">Musix Org</p>
|
||||
<p class="link"><a href="https://musix-org.com">Visit website</a></p>
|
||||
|
||||
<div class="server">
|
||||
<p class="name">{{ ansible_facts.fqdn }}</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</body>
|
||||
</html>
|
14
install.sh
14
install.sh
@ -7,7 +7,7 @@ fi
|
||||
echo "
|
||||
==============================
|
||||
|
||||
Multi Platform Project - Ansible
|
||||
MPP - Infra
|
||||
Install Script
|
||||
|
||||
------------------------------
|
||||
@ -31,8 +31,18 @@ python3 -m venv /opt/ansible &> /dev/null
|
||||
|
||||
/opt/ansible/bin/ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
|
||||
|
||||
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t installer
|
||||
mkdir -p ~/.ansible &> /dev/null
|
||||
|
||||
if [[ ! -f ~/.ansible/vault.yml ]]
|
||||
then
|
||||
echo -n "Vault Password: "
|
||||
read PASSWORD
|
||||
echo "$PASSWORD" > ~/.ansible/vault.yml
|
||||
fi
|
||||
|
||||
ssh-keyscan github.com 1> ~/.ssh/known_hosts 2> /dev/null
|
||||
|
||||
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t installer
|
||||
|
||||
echo "
|
||||
==============================
|
||||
|
14
inventories/mpp/host_vars/mpp
Normal file
14
inventories/mpp/host_vars/mpp
Normal file
@ -0,0 +1,14 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
36633733326433396538646338333139653337336137336662666538363861353933386536313164
|
||||
3532643739643661356161653064346436623531656134610a363565386431393536626238356331
|
||||
31326564633533613763366431353661663238313562333763623638653832663236633266373437
|
||||
3061373230313636610a333834303633626663353237396237376465303631396363396535393932
|
||||
61636661373930323931643062343538623231643835636662316138646161626436323937366333
|
||||
35653031363730613166353033343038616534343464393761363033356133306164646666306536
|
||||
31643061333537393333623633366463303335646336656635343434396233333032383037613934
|
||||
31653262396436336537666563376463663430356564623034316634333139656333373863623433
|
||||
63663563383139663561356539393939366333363033666636653763373339336239356334633432
|
||||
37643264386531653265643637373363633038663532333531613963633039653134633465316239
|
||||
34626366373465646535643139363539633138653133623164616431353730313461616638373166
|
||||
34626363643334643663633561336566393437356338343339313661623136323839313066356164
|
||||
65353038626338663736356330333464363366373731646636633064373031616663
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
all:
|
||||
hosts:
|
||||
localhost:
|
||||
mpp:
|
||||
vars:
|
||||
ansible_connection: local
|
||||
ansible_python_interpreter: "{{ansible_playbook_python}}"
|
57
protect.sh
Executable file
57
protect.sh
Executable file
@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
|
||||
underline=`tput smul`
|
||||
nounderline=`tput rmul`
|
||||
bold=$(tput bold)
|
||||
normal=$(tput sgr0)
|
||||
|
||||
echo "${bold}MPP / Infra / Protect${normal}"
|
||||
action=$1
|
||||
|
||||
encrypt() {
|
||||
echo "${underline}Encrypting...${nounderline}"
|
||||
execute "ansible-vault encrypt --vault-id default@vault/mpp"
|
||||
}
|
||||
|
||||
decrypt() {
|
||||
echo "${underline}Decrypting...${nounderline}"
|
||||
execute "ansible-vault decrypt --vault-id default@vault/mpp"
|
||||
}
|
||||
|
||||
list() {
|
||||
echo "${underline}Listing...${nounderline}"
|
||||
i=0
|
||||
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
|
||||
do
|
||||
i=$((i + 1))
|
||||
echo $i")"$file
|
||||
done
|
||||
}
|
||||
|
||||
execute() {
|
||||
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
|
||||
do
|
||||
i=$((i + 1))
|
||||
echo $i")"$file
|
||||
$1 $file
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
case $action in
|
||||
encrypt)
|
||||
encrypt
|
||||
;;
|
||||
decrypt)
|
||||
decrypt
|
||||
;;
|
||||
list)
|
||||
list
|
||||
;;
|
||||
help)
|
||||
echo "encrypt, decrypt, list"
|
||||
;;
|
||||
*)
|
||||
echo "..."
|
||||
;;
|
||||
esac
|
@ -35,7 +35,7 @@
|
||||
- "/root/mariadb:/var/lib/mysql"
|
||||
restart_policy: always
|
||||
env:
|
||||
MYSQL_ROOT_PASSWORD: "y9ZmTmUKLaRrZ4SA"
|
||||
MYSQL_ROOT_PASSWORD: "{{ secrets.mariadb.users.root.password }}"
|
||||
register: deployerTask102
|
||||
when:
|
||||
- (deployerTask101 is defined and deployerTask101.changed) or deployerTask101 is undefined
|
||||
@ -55,7 +55,7 @@
|
||||
- name: "Deployer - MariaDB - Upgrade"
|
||||
containers.podman.podman_container_exec:
|
||||
name: mariadb
|
||||
command: "mariadb-upgrade --host=127.0.0.1 --user=root --password=y9ZmTmUKLaRrZ4SA"
|
||||
command: "mariadb-upgrade --host=127.0.0.1 --user=root --password={{ secrets.mariadb.users.root.password }}"
|
||||
register: task
|
||||
ignore_errors: yes
|
||||
changed_when:
|
||||
@ -70,10 +70,10 @@
|
||||
mysql_user:
|
||||
login_host: "127.0.0.1"
|
||||
login_user: root
|
||||
login_password: "y9ZmTmUKLaRrZ4SA"
|
||||
login_password: "{{ secrets.mariadb.users.root.password }}"
|
||||
name: "mpp"
|
||||
host: "%"
|
||||
password: "JRrnk4Gia9gn24y5"
|
||||
password: "{{ secrets.mariadb.users.mpp.password }}"
|
||||
priv: "mpp.*:ALL"
|
||||
vars:
|
||||
ansible_python_interpreter: "/opt/ansible/bin/python3"
|
||||
@ -86,7 +86,7 @@
|
||||
mysql_db:
|
||||
login_host: "127.0.0.1"
|
||||
login_user: "mpp"
|
||||
login_password: "JRrnk4Gia9gn24y5"
|
||||
login_password: "{{ secrets.mariadb.users.mpp.password }}"
|
||||
name: "mpp"
|
||||
vars:
|
||||
ansible_python_interpreter: "/opt/ansible/bin/python3"
|
||||
|
@ -171,7 +171,7 @@
|
||||
name: Maintenance
|
||||
hour: "*/3"
|
||||
minute: "0"
|
||||
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t maintenance"
|
||||
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t maintenance"
|
||||
tags:
|
||||
- cron
|
||||
|
||||
@ -179,6 +179,6 @@
|
||||
cron:
|
||||
name: Deployer
|
||||
minute: "*/5"
|
||||
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t deployer"
|
||||
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-infra --accept-host-key --private-key ~/.ssh/id_rsa --vault-password-file ~/.ansible/vault.yml tasks.yml -t deployer"
|
||||
tags:
|
||||
- cron
|
||||
|
Loading…
Reference in New Issue
Block a user