From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Sun, 3 Dec 2023 22:38:41 +0000 (+0100)
Subject: Move everything to a single playbook.
X-Git-Url: https://git.ekhem.eu.org/?a=commitdiff_plain;h=3300784a031f9e9bb67e04cc171cc2abf1ebabfa;p=turnup.git

Move everything to a single playbook.
---

diff --git a/install/certify.yaml b/install/certify.yaml
index cb59b40..f862a98 100644
--- a/install/certify.yaml
+++ b/install/certify.yaml
@@ -1,6 +1,12 @@
 # Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
 # License: GPL-3.0 or later.
 
+- name: Install certbot
+  package:
+    name:
+      - certbot
+      - python3-certbot-nginx
+  become: true
 - name: Obtain a certificate for {{ item.certificate }}
   command: |
     certbot certonly --keep-until-expiring --nginx --agree-tos \
diff --git a/install/database_from_save.yaml b/install/database_from_save.yaml
deleted file mode 100644
index df87393..0000000
--- a/install/database_from_save.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
-# License: GPL-3.0 or later.
-
-- hosts: servers
-  tasks:
-    - name: Restart postgresql
-      service:
-        name: postgresql
-        state: restarted
-      become: yes
-    - name: Restore database from backup
-      command: psql --username=postgres --file=/tmp/database
diff --git a/install/download.yaml b/install/download.yaml
index 9cde662..19dd2d9 100644
--- a/install/download.yaml
+++ b/install/download.yaml
@@ -1,6 +1,11 @@
 # Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
 # License: GPL-3.0 or later.
 
+- name: Install gdrive_knife
+  pip:
+    name: gdrive_knife
+    extra_args: --break-system-packages
+  become: true
 - name: Create directory {{ item.dest }}
   file:
     path: "{{ item.dest }}"
diff --git a/install/sources_from_drive.yaml b/install/sources_from_drive.yaml
deleted file mode 100644
index 179810a..0000000
--- a/install/sources_from_drive.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
-# License: GPL-3.0 or later.
-
-- hosts: servers
-  tasks:
-    - name: Install gdrive_knife
-      pip:
-        name: gdrive_knife
-        extra_args: --break-system-packages
-        state: latest
-      become: true
-    - include_tasks: download.yaml
-      with_items: "{{ inputs }}"
diff --git a/install/ssh_public_keys.yaml b/install/ssh_public_keys.yaml
index d6400e8..12cdedd 100644
--- a/install/ssh_public_keys.yaml
+++ b/install/ssh_public_keys.yaml
@@ -1,14 +1,11 @@
 # Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
 # License: GPL-3.0 or later.
 
-- hosts: servers
-  tasks:
-    - name: Copy the SSH key for user {{ users }}
-      authorized_key:
-        user: "{{ item }}"
-        state: present
-        key: "{{ public_key }}"
-        key_options: >
-          "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"
-      become: true
-      with_items: "{{ users }}"
+- name: Copy the SSH key for user {{ item }}
+  authorized_key:
+    user: "{{ item }}"
+    state: present
+    key: "{{ public_key }}"
+    key_options: >
+      "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"
+  become: true
diff --git a/install/ssl_certificates.yaml b/install/ssl_certificates.yaml
deleted file mode 100644
index f7715bd..0000000
--- a/install/ssl_certificates.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
-# License: GPL-3.0 or later.
-
-- hosts: servers
-  vars:
-    certificates:
-      - certificate: mail
-        domains:
-          - mail.dobity.eu.org
-          - ekhem.eu.org
-          - mail.ekhem.eu.org
-        email: jakub@ekhem.eu.org
-      - certificate: ekhem
-        domains:
-          - ekhem.eu.org
-          - git.ekhem.eu.org
-        email: jakub@ekhem.eu.org
-      - certificate: dobity
-        domains:
-          - drive.dobity.eu.org
-          - git.dobity.eu.org
-          - matrix.dobity.eu.org
-          - pass.dobity.eu.org
-          - yt.dobity.eu.org
-        email: jakub@ekhem.eu.org
-      - certificate: postgres
-        domains:
-          - psql.dobity.eu.org
-        email: jakub@ekhem.eu.org
-  tasks:
-    - name: Install certbot
-      package:
-        name:
-          - certbot
-          - python3-certbot-nginx
-        state: latest
-      become: true
-    - include_tasks: certify.yaml
-      with_items: "{{ certificates }}"
diff --git a/turnup.yaml b/turnup.yaml
index 11f5d2c..f08b34a 100644
--- a/turnup.yaml
+++ b/turnup.yaml
@@ -7,15 +7,21 @@
         auth_token: "{{ lookup('file', '{{ token }}') | to_nice_json }}"
         encryption_key: "{{ lookup('file', '{{ key }}') }}"
         inputs: "{{ lookup('file', 'sources.yaml') | from_yaml }}"
+        certificates: "{{ lookup('file', 'certificates.yaml') | from_yaml }}"
         public_key: "{{ lookup('file', '{{ ssh_key }}') }}"
         users:
           - git
           - "{{ default_user }}"
-- import_playbook: install/sources_from_drive.yaml
-- import_playbook: install/ssl_certificates.yaml
-
-- hosts: servers
-  tasks:
+    - name: Install ansible and pip
+      package:
+        name:
+          - ansible
+          - python3-pip
+      become: true
+    - include_tasks: install/download.yaml
+      with_items: "{{ inputs }}"
+    - include_tasks: install/certify.yaml
+      with_items: "{{ certificates }}"
     - find:
         paths: "/srv/git"
         file_type: file
@@ -24,6 +30,12 @@
       register: post_receive_scripts
     - shell: ansible-playbook --connection=local {{ item.path }}
       with_items: "{{ post_receive_scripts.files }}"
-
-- import_playbook: install/database_from_save.yaml
-- import_playbook: install/ssh_public_keys.yaml
+    - name: Restart postgresql
+      service:
+        name: postgresql
+        state: restarted
+      become: yes
+    - name: Restore database from backup
+      command: psql --username=postgres --file=/tmp/database
+    - include_tasks: install/ssh_public_keys.yaml
+      with_items: "{{ users }}"