Go to file
2024-05-04 13:19:48 -07:00
docs init 2024-05-01 01:33:35 -07:00
group_vars borg 2024-05-04 13:19:48 -07:00
playbooks borg 2024-05-04 13:19:48 -07:00
.gitignore init 2024-05-01 01:33:35 -07:00
.yamllint init 2024-05-01 01:33:35 -07:00
ansible-vault-init.sh init 2024-05-01 01:33:35 -07:00
ansible.cfg init 2024-05-01 01:33:35 -07:00
deploy.yml borg 2024-05-04 13:19:48 -07:00
inventory borg 2024-05-04 13:19:48 -07:00
README.md init 2024-05-01 01:33:35 -07:00
requirements.yml init 2024-05-01 01:33:35 -07:00
secrets.txt borg 2024-05-04 13:19:48 -07:00
TODO.md init 2024-05-01 01:33:35 -07:00

hatecomputers.club infra

A collection of playbooks to deploy the hatecomputers.club infra

Prerequisites

  • ansible
  • yamllint
  • ansible-lint
  • an ssh key accepted on the root of each host in the inventory

Setup

Vault

Secrets are managed via ansible-vault. Initialize or update your vault with new secrets via our custom ./ansible-vault-init.sh script.

Additionally if you want to only update a single secret, use ./ansible-vault-init.sh <secret_name>.

If you don't want to be prompted to enter your password every time you deploy something, put your password as plain text into secrets.pwd as a single line in the root src directory:

echo "<your_password>" > secrets.pwd

Then you can add --vault-password-file secrets.pwd each time you run a deployment (or you know, use pass or something if you're paranoid).

Pre-commit hooks

  1. clone the repo

    git clone git@git.hatecomputers.club:hatecomputers.club/infra
    cd infra
    
  2. add a pre-commit hook

    cd .git/hooks
    touch pre-commit
    
  3. insert into pre-commit the following contents:

    #!/bin/sh
    
    set -e
    
    # lint yaml files
    echo "running yamllint..."
    yamllint --strict .
    
    # follow ansible best-practices
    echo "running ansible-lint"
    ansible-lint
    
  4. make it executable

    chmod +x pre-commit
    

Running

ansible-playbook -e @secrets.enc deploy.yml will run each respectively added playbook in deploy.yml using the vault intialized in the previous steps.

Though in development, one should be testing individual playbooks, and deploy.yml should be left for an idea of general order of things, or for a full deployment after testing.

NOTE: It is highly advised to run ansible-playbook in an ssh-agent session to avoid retyping your password over and over. Something along the lines of:

ssh-agent $(echo $SHELL)
ssh-add ~/.ssh/<private-key>