# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
# License: GPL-3.0 or later.
+- name: Install certbot
+ package:
+ name:
+ - certbot
+ - python3-certbot-nginx
+ become: true
- name: Obtain a certificate for {{ item.certificate }}
command: |
certbot certonly --keep-until-expiring --nginx --agree-tos \
+++ /dev/null
-# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
-# License: GPL-3.0 or later.
-
-- hosts: servers
- tasks:
- - name: Restart postgresql
- service:
- name: postgresql
- state: restarted
- become: yes
- - name: Restore database from backup
- command: psql --username=postgres --file=/tmp/database
# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
# License: GPL-3.0 or later.
+- name: Install gdrive_knife
+ pip:
+ name: gdrive_knife
+ extra_args: --break-system-packages
+ become: true
- name: Create directory {{ item.dest }}
file:
path: "{{ item.dest }}"
+++ /dev/null
-# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
-# License: GPL-3.0 or later.
-
-- hosts: servers
- tasks:
- - name: Install gdrive_knife
- pip:
- name: gdrive_knife
- extra_args: --break-system-packages
- state: latest
- become: true
- - include_tasks: download.yaml
- with_items: "{{ inputs }}"
# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
# License: GPL-3.0 or later.
-- hosts: servers
- tasks:
- - name: Copy the SSH key for user {{ users }}
- authorized_key:
- user: "{{ item }}"
- state: present
- key: "{{ public_key }}"
- key_options: >
- "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"
- become: true
- with_items: "{{ users }}"
+- name: Copy the SSH key for user {{ item }}
+ authorized_key:
+ user: "{{ item }}"
+ state: present
+ key: "{{ public_key }}"
+ key_options: >
+ "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"
+ become: true
+++ /dev/null
-# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
-# License: GPL-3.0 or later.
-
-- hosts: servers
- vars:
- certificates:
- - certificate: mail
- domains:
- - mail.dobity.eu.org
- - ekhem.eu.org
- - mail.ekhem.eu.org
- email: jakub@ekhem.eu.org
- - certificate: ekhem
- domains:
- - ekhem.eu.org
- - git.ekhem.eu.org
- email: jakub@ekhem.eu.org
- - certificate: dobity
- domains:
- - drive.dobity.eu.org
- - git.dobity.eu.org
- - matrix.dobity.eu.org
- - pass.dobity.eu.org
- - yt.dobity.eu.org
- email: jakub@ekhem.eu.org
- - certificate: postgres
- domains:
- - psql.dobity.eu.org
- email: jakub@ekhem.eu.org
- tasks:
- - name: Install certbot
- package:
- name:
- - certbot
- - python3-certbot-nginx
- state: latest
- become: true
- - include_tasks: certify.yaml
- with_items: "{{ certificates }}"
auth_token: "{{ lookup('file', '{{ token }}') | to_nice_json }}"
encryption_key: "{{ lookup('file', '{{ key }}') }}"
inputs: "{{ lookup('file', 'sources.yaml') | from_yaml }}"
+ certificates: "{{ lookup('file', 'certificates.yaml') | from_yaml }}"
public_key: "{{ lookup('file', '{{ ssh_key }}') }}"
users:
- git
- "{{ default_user }}"
-- import_playbook: install/sources_from_drive.yaml
-- import_playbook: install/ssl_certificates.yaml
-
-- hosts: servers
- tasks:
+ - name: Install ansible and pip
+ package:
+ name:
+ - ansible
+ - python3-pip
+ become: true
+ - include_tasks: install/download.yaml
+ with_items: "{{ inputs }}"
+ - include_tasks: install/certify.yaml
+ with_items: "{{ certificates }}"
- find:
paths: "/srv/git"
file_type: file
register: post_receive_scripts
- shell: ansible-playbook --connection=local {{ item.path }}
with_items: "{{ post_receive_scripts.files }}"
-
-- import_playbook: install/database_from_save.yaml
-- import_playbook: install/ssh_public_keys.yaml
+ - name: Restart postgresql
+ service:
+ name: postgresql
+ state: restarted
+ become: yes
+ - name: Restore database from backup
+ command: psql --username=postgres --file=/tmp/database
+ - include_tasks: install/ssh_public_keys.yaml
+ with_items: "{{ users }}"
projects / turnup.git / commitdiff