| docs | ||
| group_vars | ||
| playbooks | ||
| .gitignore | ||
| .yamllint | ||
| ansible-vault-init.sh | ||
| ansible.cfg | ||
| deploy.yml | ||
| inventory | ||
| README.md | ||
| requirements.yml | ||
| secrets.txt | ||
| TODO.md | ||
hatecomputers.club infra
A collection of playbooks to deploy the hatecomputers.club infra
Prerequisites
ansibleyamllintansible-lint- an ssh key accepted on the root of each host in the
inventory
Setup
Vault
Secrets are managed via ansible-vault. Initialize or update your vault
with new secrets via our custom ./ansible-vault-init.sh script.
Additionally if you want to only update a single secret, use
./ansible-vault-init.sh <secret_name>.
If you don't want to be prompted to enter your password every time you
deploy something, put your password as plain text into secrets.pwd as
a single line in the root src directory:
echo "<your_password>" > secrets.pwd
Then you can add --vault-password-file secrets.pwd each time you run a
deployment (or you know, use pass or something if you're paranoid).
Pre-commit hooks
-
clone the repo
git clone git@git.hatecomputers.club:hatecomputers.club/infra cd infra -
add a pre-commit hook
cd .git/hooks touch pre-commit -
insert into
pre-committhe following contents:#!/bin/sh set -e # lint yaml files echo "running yamllint..." yamllint --strict . # follow ansible best-practices echo "running ansible-lint" ansible-lint -
make it executable
chmod +x pre-commit
Running
ansible-playbook -e @secrets.enc deploy.yml will run each respectively added playbook in deploy.yml
using the vault intialized in the previous steps.
Though in development, one should be testing individual playbooks, and deploy.yml
should be left for an idea of general order of things, or for a
full deployment after testing.
NOTE: It is highly advised to run ansible-playbook in an ssh-agent session to avoid retyping your password over and over. Something along the lines of:
ssh-agent $(echo $SHELL)
ssh-add ~/.ssh/<private-key>