m5p3nc3r/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to use secrets to get container from github workflow

Browse Source
This commit is contained in:
Matt Spencer
2024-10-15 17:45:38 +01:00
parent 11f55cd96c
commit 87ce6d5b9d
7 changed files with 44 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
README.md Normal file → Executable file
View File

@@ -1,3 +1,26 @@
```bash ```bash
# install roles and collections
ansible-galaxy install -r requirements.yml
# Install the playbook
ansible-playbook -i inventory frontend.yaml ansible-playbook -i inventory frontend.yaml
# Check the cron jobs
crontab -u matt -l
```
TODO: Update the pre/post scripts at /etc/letsencrypt/renewal-hooks to stop/start docker reverse_proxy
TODO: Update cron to run certbot as root
If the above is done, I'm not sure the blow is needed...
TODO: Ensure /var/log/letsencrypt, /var/lib/letsencryprt and maybe /etc/letsencrypt are writable as the ansible user.
Something like
```bash
chgrp adm /var/log/letsencrypt
chmod g+rwx /var/log/letsencrypt
chgrp -R adm /etc/letsencrypt/
chmod -R g+rwx /etc/letsencrypt/
chgrp adm /var/lib/letsencrypt
chmod g+rwx /var/lib/letsencrypt
``` ```

0
apptabulous/reverseproxy/conf.d/reverse_proxy.conf Normal file → Executable file
View File

11
frontend.yaml Normal file → Executable file
View File

@@ -18,11 +18,14 @@
- "apptabulous.co.uk" - "apptabulous.co.uk"
- "www.apptabulous.co.uk" - "www.apptabulous.co.uk"
- "hub.apptabulous.co.uk" - "hub.apptabulous.co.uk"
- "m5p3nc3r.co.uk"
- "www.m5p3nc3r.co.uk"
certbot_repo: https://github.com/certbot/certbot.git certbot_repo: https://github.com/certbot/certbot.git
certbot_version: master certbot_version: master
certbot_keep_updated: true certbot_keep_updated: true
certbot_dir: /opt/certbot certbot_dir: /opt/certbot
certbot_create_extra_args: ""
docker_add_repo: true docker_add_repo: true
docker_users: docker_users:
@@ -65,12 +68,18 @@
- "5000:5000" - "5000:5000"
state: started state: started
- name: Log into ghcf.io registry
community.general.docker_login:
registry: ghcr.io
username: "{{ secrets.GITHUB_ACTOR }}"
password: "{{ secrets.GITHUB_TOKEN }}"
# NOTE: This will fail on the first run because the container has not been # NOTE: This will fail on the first run because the container has not been
# uploaded to the registry yet # uploaded to the registry yet
- name: Start website - name: Start website
community.docker.docker_container: community.docker.docker_container:
name: website name: website
image: hub.apptabulous.co.uk/apptabulous/website image: ghcr.io/m5p3nc3r/website:main
restart_policy: always restart_policy: always
ports: ports:
- "3000:3000" - "3000:3000"

2
inventory Normal file → Executable file
View File

@@ -2,4 +2,4 @@
kiosk@kiosk.local kiosk@kiosk.local
[frontend] [frontend]
rpi4-2.local rpi4-2.localdomain

0
kiosk.yaml Normal file → Executable file
View File

0
requirements.yml Normal file → Executable file
View File

10
secrets.enc Executable file
View File

@@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
65396135303665363764323463613764666332663837623035663634316463643635613066616461
6665383135363364303437613731363463653831666432610a386132303963653963663331626135
34393566626133323436373237323562616432336136396233643035373464323937363830316534
6666313366633064650a303963393438373065666232633334353932663334616335633531363130
64363232306265393833323036376134313230633862306535366138623664343363346463363031
61306339383639636137363334663266393331333033643432626435666230663166343133346663
38616464336130336461373865353963363066373233633334633838363465613064303935663634
61333831666233383966633431623933383831306337343232396232636162616339386539386432
6338