paul/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Compare commits

base: paul:a1cac6b8a3376267ff8a2c93ba93403558bd47b4
Branches Tags
paul:main
paul:nixos-gilgamesh
paul:feature/gitea-actions
...
compare: paul:1b61394afd1318d4c8da0845b15b0be92fa6bc99
Branches Tags
paul:main
paul:nixos-gilgamesh
paul:feature/gitea-actions

2 Commits
a1cac6b8a3 ... 1b61394afd

Author SHA1 Message Date
Paul Brinkmeier
1b61394afd Use vault password secret in CI
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-01-27 04:59:29 +01:00
Paul Brinkmeier
9f40b38886 Add encrypted .env files 2023-01-27 04:59:12 +01:00
9 changed files with 82 additions and 3 deletions
Show Stats Expand all files Collapse all files

8
.drone.yml
View File

@ -19,11 +19,17 @@ steps:
environment: environment:
SSH_KEY: SSH_KEY:
from_secret: ssh_key from_secret: ssh_key
VAULT_PASSWORD:
from_secret: vault_password
commands: commands:
- pip install ansible==6.4.0 > /dev/null 2> /dev/null - pip install ansible==6.4.0 > /dev/null 2> /dev/null
- mkdir "$HOME/.ssh" - mkdir "$HOME/.ssh"
- echo "$SSH_KEY" > "$HOME/.ssh/id" - echo "$SSH_KEY" > "$HOME/.ssh/id"
- chmod 0600 ~/.ssh/id - chmod 0600 ~/.ssh/id
- ssh-keyscan -p 2309 vmd98928.contaboserver.net > "$HOME/.ssh/known_hosts" - ssh-keyscan -p 2309 vmd98928.contaboserver.net > "$HOME/.ssh/known_hosts"
- echo "$VAULT_PASSWORD" > "$HOME/vault_password"
- cd ansible - cd ansible
- ansible-playbook --private-key "$HOME/.ssh/id" --check playbooks/misc-all.yaml - ansible-playbook --private-key "$HOME/.ssh/id" --vault-password-file "$HOME/vault_password" --check playbooks/misc-all.yaml

1
.gitignore vendored
View File

@ -1,2 +1 @@
*.env
backups backups

1
ansible/.gitignore vendored
View File

@ -1 +0,0 @@
venv

19
ansible/playbooks/misc-docker.yaml
View File

@ -40,6 +40,25 @@
mode: u=rw,g=,o= mode: u=rw,g=,o=
# Directories should be listable # Directories should be listable
directory_mode: u=rwx,g=rx,o=rx directory_mode: u=rwx,g=rx,o=rx
- name: Upload and decrypt docker environment vars
become: true
ansible.builtin.copy:
src: "../../docker/envs/{{ item.name }}/.env"
dest: /etc/pbri/docker/{{ item.name }}/.env
# Files should inaccessible to non-root users.
mode: u=rw,g=,o=
# This is true by default but I put it here anyways to emphasize what's happening
decrypt: true
# Not quite happy with all the seperate loops yet.
loop:
- name: codi
state: present
- name: drone
state: present
- name: factorio
state: absent
- name: gitea
state: present
- name: Create directory for docker volumes - name: Create directory for docker volumes
become: true become: true
ansible.builtin.file: ansible.builtin.file:

4
docker/README.md Normal file
View File

@ -0,0 +1,4 @@
## Folders
- `docker`: Contains `docker-compose` configurations for projects
- `envs`: Contains `.env` files encrypted using `ansible-vault`. These files are decrypted and uploaded next to their corresponding `docker-compose.yaml` file.

20
docker/envs/codi/.env Normal file
View File

@ -0,0 +1,20 @@
$ANSIBLE_VAULT;1.1;AES256
63343763623732396235363736376438623538373363346631336332386538346465353530646633
6332316539323765623066386163646362653862393638340a326564363761646430376466383030
35303562633737323166646530383433373034306266366231306662353936323465616633326538
6539373133343437620a323663363235366139373663353362393737643634666131316634343165
61336634656466626535336638646338303764316337386136323739343564323833366666643665
32356635383335303361363637353564343132393066643966303733386265363961313366333532
64313430313463353461646334376431316139383235313738636464656162646261383234376634
37653336373039643832323038386634616465323334616636316531636466336431633836303334
39373863366139326566366564653037323936383163363265383636303232613032353832346234
65643566666463353232373331333163303232323938663264353431616430633333653139363963
33343335313530666232643463623535613162636166343834303264376366353138326665623738
39616364383035383066393465653736303638313638643638633865373131633963633062303232
65623334353766313762303031366435343735613939343937316630633735623230616336383138
63633861356235613033393338303065353339343632333331646664306230356561633530623565
38396338666166343739643438643731613165343133626363326433396334386136653836326636
37306665346136633433653134656636616432653765373765346139313636353862373066306232
31383761356339396636623137346565306662363365646638336565393433613530653262656566
63323364663964353035353031303230666434366133323735373739303163313739333838303266
316139366661396333646161323536386461

14
docker/envs/drone/.env Normal file
View File

@ -0,0 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256
31333834393366333930346366373931333930646233383664643463393965303238613430646638
6461373434616433353337643131396462326537346434380a386562633335346436303662336362
62333739626237323334333666633162616338313932393261303231353539623237383638643030
3364393934653232310a383065386530373433393635313665353532666361303436613337316565
32306233336134383531633232393862303466373331373764376462653736663861663366323762
65666263366461396362386264613830336435346234386234333562616131653938386439336566
34386461343433346363336161373038303434383563303564653533623939613937323030636362
66636639643963613236366138646335393831366432333637333065326162646237643561336666
61323833333337633861646462393930663733333266336233663630396532366566303835653431
38363365383166393765343735363030363562313837643837313864373735643264663264643633
66306261633666616363666562306632613032373231633730313638383033633761653661383738
39623630643766663438656635653530626664313765633430646330356333306239653437373839
3933

7
docker/envs/factorio/.env Normal file
View File

@ -0,0 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256
32356463313330336636636363646138393236636233326132623165353962623565356364396530
3636336532396665333637653432353332643434643962390a313162343836306435383536313937
36656632356366303561366536373535383538303730386239386437323466346533353634306436
3930633464353235360a653936333734353137313363316261366666353238366566613865366463
32393431343439383733343766323831643561663938376264336331306139646337343633346536
3236343538323032636666366639303539316236393535323661

11
docker/envs/gitea/.env Normal file
View File

@ -0,0 +1,11 @@
$ANSIBLE_VAULT;1.1;AES256
32303131323835666635366533363238303766643063633934353139323837396336373734393263
6334616639373630616437646437626666343161373338310a323234313330323839663165653038
66386266373562363966643666653234656337373166626131383565313334333234373532633133
6265656232613337380a393531323765373332613162346365373831373733623166363136326239
66386262393836343634353061363131313936666665343634326430393939633336656666626530
32633762306136356464386262633132646633373066316434343437356636313831313462366533
37343864636265666166613761386639316534386365343439623634373039383237353839656130
36353036623336653336663738636632326238326133663039633330656530376335343539646465
61663436626235306462336636393332313562646633373637396664636661333131663864393138
6161396237323233333961353231643236393232623635303465