Update to use secrets to get container from github workflow

README.md

@@ -1,3 +1,26 @@
 ```bash
+# install roles and collections
+ansible-galaxy install -r requirements.yml
+
+# Install the playbook
 ansible-playbook -i inventory frontend.yaml
+
+# Check the cron jobs
+crontab -u matt -l
+```
+
+TODO: Update the pre/post scripts at /etc/letsencrypt/renewal-hooks to stop/start docker reverse_proxy
+TODO: Update cron to run certbot as root
+
+If the above is done, I'm not sure the blow is needed...
+TODO: Ensure /var/log/letsencrypt, /var/lib/letsencryprt and maybe /etc/letsencrypt are writable as the ansible user.
+Something like
+
+```bash
+chgrp adm /var/log/letsencrypt
+chmod g+rwx /var/log/letsencrypt
+chgrp -R adm /etc/letsencrypt/
+chmod -R g+rwx /etc/letsencrypt/
+chgrp adm /var/lib/letsencrypt
+chmod g+rwx /var/lib/letsencrypt
 ```

frontend.yaml

@@ -18,11 +18,14 @@
           - "apptabulous.co.uk"
           - "www.apptabulous.co.uk"
           - "hub.apptabulous.co.uk"
+          - "m5p3nc3r.co.uk"
+          - "www.m5p3nc3r.co.uk"
 
     certbot_repo: https://github.com/certbot/certbot.git
     certbot_version: master
     certbot_keep_updated: true
     certbot_dir: /opt/certbot
+    certbot_create_extra_args: ""
 
     docker_add_repo: true
     docker_users:
@@ -65,12 +68,18 @@
           - "5000:5000"
         state: started
 
+    - name: Log into ghcf.io registry
+      community.general.docker_login:
+        registry: ghcr.io
+        username: "{{ secrets.GITHUB_ACTOR }}"
+        password: "{{ secrets.GITHUB_TOKEN }}"
+
     # NOTE: This will fail on the first run because the container has not been
     #       uploaded to the registry yet
     - name: Start website
       community.docker.docker_container:
         name: website
-        image: hub.apptabulous.co.uk/apptabulous/website
+        image: ghcr.io/m5p3nc3r/website:main
         restart_policy: always
         ports:
           - "3000:3000"

inventory

@@ -2,4 +2,4 @@
 kiosk@kiosk.local
 
 [frontend]
-rpi4-2.local
+rpi4-2.localdomain

secrets.enc

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+65396135303665363764323463613764666332663837623035663634316463643635613066616461
+6665383135363364303437613731363463653831666432610a386132303963653963663331626135
+34393566626133323436373237323562616432336136396233643035373464323937363830316534
+6666313366633064650a303963393438373065666232633334353932663334616335633531363130
+64363232306265393833323036376134313230633862306535366138623664343363346463363031
+61306339383639636137363334663266393331333033643432626435666230663166343133346663
+38616464336130336461373865353963363066373233633334633838363465613064303935663634
+61333831666233383966633431623933383831306337343232396232636162616339386539386432
+6338