diff --git a/.gitignore b/.gitignore index 6778a9c..c0baf1e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -*.env backups diff --git a/ansible/.gitignore b/ansible/.gitignore deleted file mode 100644 index 5ceb386..0000000 --- a/ansible/.gitignore +++ /dev/null @@ -1 +0,0 @@ -venv diff --git a/ansible/playbooks/misc-docker.yaml b/ansible/playbooks/misc-docker.yaml index 2cf744f..93558f6 100644 --- a/ansible/playbooks/misc-docker.yaml +++ b/ansible/playbooks/misc-docker.yaml @@ -40,6 +40,25 @@ mode: u=rw,g=,o= # Directories should be listable directory_mode: u=rwx,g=rx,o=rx + - name: Upload and decrypt docker environment vars + become: true + ansible.builtin.copy: + src: "../../docker/envs/{{ item.name }}/.env" + dest: /etc/pbri/docker/{{ item.name }}/.env + # Files should inaccessible to non-root users. + mode: u=rw,g=,o= + # This is true by default but I put it here anyways to emphasize what's happening + decrypt: true + # Not quite happy with all the seperate loops yet. + loop: + - name: codi + state: present + - name: drone + state: present + - name: factorio + state: absent + - name: gitea + state: present - name: Create directory for docker volumes become: true ansible.builtin.file: diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..6d09116 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,4 @@ +## Folders + +- `docker`: Contains `docker-compose` configurations for projects +- `envs`: Contains `.env` files encrypted using `ansible-vault`. These files are decrypted and uploaded next to their corresponding `docker-compose.yaml` file. diff --git a/docker/envs/codi/.env b/docker/envs/codi/.env new file mode 100644 index 0000000..a796b0e --- /dev/null +++ b/docker/envs/codi/.env @@ -0,0 +1,20 @@ +$ANSIBLE_VAULT;1.1;AES256 +63343763623732396235363736376438623538373363346631336332386538346465353530646633 +6332316539323765623066386163646362653862393638340a326564363761646430376466383030 +35303562633737323166646530383433373034306266366231306662353936323465616633326538 +6539373133343437620a323663363235366139373663353362393737643634666131316634343165 +61336634656466626535336638646338303764316337386136323739343564323833366666643665 +32356635383335303361363637353564343132393066643966303733386265363961313366333532 +64313430313463353461646334376431316139383235313738636464656162646261383234376634 +37653336373039643832323038386634616465323334616636316531636466336431633836303334 +39373863366139326566366564653037323936383163363265383636303232613032353832346234 +65643566666463353232373331333163303232323938663264353431616430633333653139363963 +33343335313530666232643463623535613162636166343834303264376366353138326665623738 +39616364383035383066393465653736303638313638643638633865373131633963633062303232 +65623334353766313762303031366435343735613939343937316630633735623230616336383138 +63633861356235613033393338303065353339343632333331646664306230356561633530623565 +38396338666166343739643438643731613165343133626363326433396334386136653836326636 +37306665346136633433653134656636616432653765373765346139313636353862373066306232 +31383761356339396636623137346565306662363365646638336565393433613530653262656566 +63323364663964353035353031303230666434366133323735373739303163313739333838303266 +316139366661396333646161323536386461 diff --git a/docker/envs/drone/.env b/docker/envs/drone/.env new file mode 100644 index 0000000..19bbbd6 --- /dev/null +++ b/docker/envs/drone/.env @@ -0,0 +1,14 @@ +$ANSIBLE_VAULT;1.1;AES256 +31333834393366333930346366373931333930646233383664643463393965303238613430646638 +6461373434616433353337643131396462326537346434380a386562633335346436303662336362 +62333739626237323334333666633162616338313932393261303231353539623237383638643030 +3364393934653232310a383065386530373433393635313665353532666361303436613337316565 +32306233336134383531633232393862303466373331373764376462653736663861663366323762 +65666263366461396362386264613830336435346234386234333562616131653938386439336566 +34386461343433346363336161373038303434383563303564653533623939613937323030636362 +66636639643963613236366138646335393831366432333637333065326162646237643561336666 +61323833333337633861646462393930663733333266336233663630396532366566303835653431 +38363365383166393765343735363030363562313837643837313864373735643264663264643633 +66306261633666616363666562306632613032373231633730313638383033633761653661383738 +39623630643766663438656635653530626664313765633430646330356333306239653437373839 +3933 diff --git a/docker/envs/factorio/.env b/docker/envs/factorio/.env new file mode 100644 index 0000000..cd898f0 --- /dev/null +++ b/docker/envs/factorio/.env @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +32356463313330336636636363646138393236636233326132623165353962623565356364396530 +3636336532396665333637653432353332643434643962390a313162343836306435383536313937 +36656632356366303561366536373535383538303730386239386437323466346533353634306436 +3930633464353235360a653936333734353137313363316261366666353238366566613865366463 +32393431343439383733343766323831643561663938376264336331306139646337343633346536 +3236343538323032636666366639303539316236393535323661 diff --git a/docker/envs/gitea/.env b/docker/envs/gitea/.env new file mode 100644 index 0000000..c7b192c --- /dev/null +++ b/docker/envs/gitea/.env @@ -0,0 +1,11 @@ +$ANSIBLE_VAULT;1.1;AES256 +32303131323835666635366533363238303766643063633934353139323837396336373734393263 +6334616639373630616437646437626666343161373338310a323234313330323839663165653038 +66386266373562363966643666653234656337373166626131383565313334333234373532633133 +6265656232613337380a393531323765373332613162346365373831373733623166363136326239 +66386262393836343634353061363131313936666665343634326430393939633336656666626530 +32633762306136356464386262633132646633373066316434343437356636313831313462366533 +37343864636265666166613761386639316534386365343439623634373039383237353839656130 +36353036623336653336663738636632326238326133663039633330656530376335343539646465 +61663436626235306462336636393332313562646633373637396664636661333131663864393138 +6161396237323233333961353231643236393232623635303465