cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-01 07:39:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
Christer Warén
2025-08-25 12:10:41 +03:00
parent 63f6266f2c
commit 742e77a1fc
9 changed files with 60 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible.cfg
View File

@@ -1,5 +1,5 @@
[defaults] [defaults]
inventory = inventories/pvjjk-1vos-tjas inventory = inventories/pvjjk-1vos-niinisalo
hash_behaviour = merge hash_behaviour = merge
gathering = smart gathering = smart
display_skipped_hosts = false display_skipped_hosts = false

6
files/nginx/conf/000-default.conf
View File

@@ -37,8 +37,8 @@ server {
# http2 on; # http2 on;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-tjas/fullchain.pem; # ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-tjas/privkey.pem; # ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3; # ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ecdh_curve X25519:prime256v1:secp384r1; # ssl_ecdh_curve X25519:prime256v1:secp384r1;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
@@ -46,7 +46,7 @@ server {
# ssl_session_cache shared:SSL:20m; # ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 180m; # ssl_session_timeout 180m;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-tjas/chain.pem; # ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
# expires off; # expires off;
# etag off; # etag off;

14
init.sh
View File

@@ -35,11 +35,11 @@ ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnall
apt-get install -y python3-pip python3-venv jq git curl lsb-release apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n" echo -e "\n\n"
mkdir -p /root/.ssh/keys/pvjjk-1vos-tjas &> /dev/null mkdir -p /root/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
if [[ ! -f /root/.ssh/keys/pvjjk-1vos-tjas/infra ]] if [[ ! -f /root/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
then then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..." ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn) ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n" echo -e "\n\n"
fi fi
@@ -60,7 +60,7 @@ ti-header "Asennetaan Ansible kokoelmat..."
echo -e "\n\n" echo -e "\n\n"
ti-header "Lisää SSH-avain Infra-repon käyttöön..." ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat /root/.ssh/keys/pvjjk-1vos-tjas/infra.pub cat /root/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]" echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]] while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -70,7 +70,7 @@ done
echo -e "\n\n" echo -e "\n\n"
mkdir -p /root/.ansible/vault &> /dev/null mkdir -p /root/.ansible/vault &> /dev/null
if [[ ! -f /root/.ansible/vault/pvjjk-1vos-tjas ]] if [[ ! -f /root/.ansible/vault/pvjjk-1vos-niinisalo ]]
then then
ti-header "Syötä Ansible Vaultin salasana..." ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: " echo -n "Salasana: "
@@ -80,14 +80,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]] if [[ ! -z $VAULT_PASSWORD ]]
then then
echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-tjas echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-niinisalo
fi fi
done done
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Suoritetaan Infran asennus..." ti-header "Suoritetaan Infran asennus..."
/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer /root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
echo -e "\n\n" echo -e "\n\n"
echo " echo "

42
inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas Normal file
View File

@@ -0,0 +1,42 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
33353437353561323566336635356239333339343163306335613265633931323164633966633432
3334663031336637356131353161303136333063396561330a346633303561623137323964306630
66663134396266386665386566643033613364613038626562343134376235383466363966653864
6539646166353836340a633539663236386337636433333334346633646536653335336532303132
36373030613335623465386233376338623263326461373638336538626538356462663138333736
62326639653739373438636466633461386238363630623262626361383636396665373765313231
62376236626161386265313932643361306538343535663161366538653037633661323134386661
61663433343837653732313435646263353835366561383734383162363861653261636534393661
31363934616239333364373961393238343161616565326135663831353837633033613432323835
37376134663937613234373664343264303636323363613466346161303266373239646362393334
31313932623234636436643132643439313434363231646230663432356436316264373339373564
62636437663563363562303663383831333035643765313332393338316163626537656638363739
62303633663164633566343362656462353737303935313837613738316564656639383537613737
63633863663864326339386537633330383235373866643563396139313638643831396264336138
37343238386234623962643130306666316361653537306466653133333437616533643535366638
63386236653535396133313430306231613938303462386134613230303432346537396133623134
64646261353561656664333132646364303732656234303237316635376239646635333435323766
61643136623339373463393032363462353963623535616230623366613163323538333461363937
64373132313837623435323830633038386664333262353734333637303761663933393732323463
65613464643766373034333261373233353132356466343066306538656537303434306633643530
63323930643562663032633062343335333266393931663661643731346563386161623263323935
34386461333566623535656335623338316563386232356462623566613363333539316536613234
31366533333962643735393733326134313932326565346166333064616633363964326637653761
33396435313663633237366166613936383335326231393738663166326664633161623532326636
32343130383438633732613863366562386131326538643838663364363434656533623566663334
63396563626430343437346636663530363933356365633637326634656530326431653335366631
33333136306136396639326566303336646635653435356430663631646666633164646535303830
64313565323134366566343939626638646230336131373166383935313062373630646665343633
31623938363763653364643763353462356537616638306338643165353164306139303134663361
32376331313531326664303563336338393836383665323762336564366438623066643962623833
66363466613539626431373335636533313536303231666435333132383030643836633361343930
62393337373831393061656434393635656537633432636562333237633963643964336331666130
62316530316235393765306666353739663434356664343363633036366166363836356530343437
30336632373765353231636261393839323531613139346338313437626565646331336638373262
63643663616236646532663562663536646364303231356236326136646665393739326535636363
65626136356138373530623137396637623438383338623466323835326137356264666532313566
36383035663763636536303830383532313638363135363539643961343038613762346638633262
65343833363761373431663634333663373132333635363332383861366134643439383038336563
61626263336264373933313662383362373562656639356138616639663033306464643531356339
31343764383234336464383561333635623238363331383164366162336332343165323933313966
3831

2
inventories/pvjjk-1vos-tjas/hosts.yml → inventories/pvjjk-1vos-niinisalo/hosts.yml
View File

@@ -1,5 +1,5 @@
--- ---
pvjjk_1vos_tjas: pvjjk_1vos_niinisalo:
hosts: hosts:
olympus.juva.tjas: olympus.juva.tjas:
vars: vars:

42
inventories/pvjjk-1vos-tjas/host_vars/olympus.juva.tjas
View File

@@ -1,42 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas
36333262326535303062303034316566616661393864633434306135396637383732353833306434
6538373638316233346562343231656236646633366337650a613433663364363865343465653665
36303832626265373666333336366565393164373339326464376432663337643537373561343435
3832356131373466390a656566396365363931363062353564386163643335343165303264383265
31653738613561616164633130653736313037653165623261383662313262373937386262343562
62356330363261303039386231646265366264666633626662386332323461343565333661383433
35366430303931316631363331346237616230313664316138373239313138626639393831373965
38643763393832363763323331316538326337383965323962363563626165653064326434376563
63383763333630366662636663386365343731303366363030366634613339633863393137356634
65396332323234653439303966316230323634356139636666643635323237313365373361363831
61636238323530613164303965653931393337383139653630653761643039626332313462643064
65346637623264396462646662656534313861633162663665643164366330343134353633383462
62333433636635626330363438343766316263616235643833623165376265376330363832616664
31636265396431616335373934393661353835306162633262636362393165316537383631616637
35666362353731663264376364343162386466303462336261333734313665353034646430393030
36333665613264633464326133316333386561323532623966396434636135313531306366313539
33316533313437343534623133663866393832383633343664626239366335623964656339313666
39363530316333663665633638333830383037393731376463653630376133316532666462333430
37643364636534383036346666346666636439366365363830653664356138313330356334626632
33353363613735333138326231396562633437353730383063353663396437396532643961373565
63313831376666643263343235663666666331313734326465306330633464343038383038336531
32636261373532303835653536396163643030626138616566613033623336363237646534333266
39373665383338343965616231346331303939306330323239333130363839653839386131616561
64373865303338333530623763306664323738393535393737623364316439373232393636376438
65366330303663653332653835646237346134323062393362333361663732363261383066303266
32396166326633343338663136646633613164653238376463653962376163323333616630616362
33313330663233363764316539316538633636653461623534386537653531353337356233303934
62393136393566363239383963633530626237353133633332383537616537326233396438393335
33323430643235313138393533653230373631336636303063343136346237646530666561353636
63333739363364623130356333386362303663303863313236313631373332346237653865636263
61663166663131626666646531633039306336353339356638316336626137616238646231316434
35616536323633363732313236303134353431363937633466383463363738633863396436333966
62363833323530383634643635643435396164343762363366663435343765633534313166323331
38333733313437316537353866353635303633373934326436396138373232343831323162363163
62333634306161353434616563336439336137356130616562646338616436623865396664633633
35366231666338303139646136316539373738626536383639633632626166326431386239653339
64613162653731643230613330623861313630393562306439653837316439383634396331613332
62326533363239616338613234343032386663396563313831353166636663363535363636626465
65323933623538653133303137323765383164333238623963633330313939646435646133633838
39376438323966313566613733306562666439373639633430323933373162313438336464656232
6434

4
protect.sh
View File

@@ -10,12 +10,12 @@ action=$1
encrypt() { encrypt() {
echo "${underline}Encrypting...${nounderline}" echo "${underline}Encrypting...${nounderline}"
execute "ansible-vault encrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas" execute "ansible-vault encrypt --vault-id pvjjk-1vos-niinisalo@vault/pvjjk-1vos-niinisalo"
} }
decrypt() { decrypt() {
echo "${underline}Decrypting...${nounderline}" echo "${underline}Decrypting...${nounderline}"
execute "ansible-vault decrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas" execute "ansible-vault decrypt --vault-id pvjjk-1vos-niinisalo@vault/pvjjk-1vos-niinisalo"
} }
list() { list() {

4
tasks/deployer.yml
View File

@@ -69,7 +69,7 @@
- name: "Deployer - Yggdrasil - Build Image" - name: "Deployer - Yggdrasil - Build Image"
containers.podman.podman_image: containers.podman.podman_image:
name: pvjjk-1vos-tjas/yggdrasil name: pvjjk-1vos-niinisalo/yggdrasil
tag: latest tag: latest
path: "/root/data/yggdrasil" path: "/root/data/yggdrasil"
build: build:
@@ -80,7 +80,7 @@
- name: "Deployer - Yggdrasil - Run Container" - name: "Deployer - Yggdrasil - Run Container"
containers.podman.podman_container: containers.podman.podman_container:
name: yggdrasil name: yggdrasil
image: pvjjk-1vos-tjas/yggdrasil:latest image: pvjjk-1vos-niinisalo/yggdrasil:latest
state: started state: started
recreate: on recreate: on
network: host network: host

4
tasks/installer.yml
View File

@@ -241,7 +241,7 @@
name: "PVJJK 1.VOS TJAS - Infra - Maintenance" name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
hour: "*/3" hour: "*/3"
minute: "0" minute: "0"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance" job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
tags: tags:
- cron - cron
@@ -249,6 +249,6 @@
ansible.builtin.cron: ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Deployer" name: "PVJJK 1.VOS TJAS - Infra - Deployer"
minute: "*/5" minute: "*/5"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer" job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
tags: tags:
- cron - cron