mafyuh/iac
1
0
Fork 0
Code Issues 6 Pull requests 2 Projects 1 Wiki Activity Actions

init add ansible manual workflow

Browse source
This commit is contained in:
Matt Reeves 2025-01-12 17:46:35 -05:00
parent 5dc1be91fc
commit 8b18b15aaa
2 changed files with 92 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
.forgejo/workflows/ansible-playbooks.yml Normal file
View file

@ -0,0 +1,91 @@
name: Run Ansible Playbook
on:
workflow_dispatch:
inputs:
playbook:
description: "Choose the Ansible playbook to run"
required: true
type: choice
options:
- apt.yml
- docker-count.yml
- docker-login.yml
- docker-prune.yml
- git-pull-reset.yml
- main-reboot-required.yml
- ntp.yml
- zsh.yml
jobs:
run-playbook:
runs-on: docker
container:
image: mafyuh/ansible-bws:v1.0.8
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Get Secrets from Bitwarden
id: bitwarden-secrets
uses: https://github.com/bitwarden/sm-action@v2
with:
access_token: ${{ secrets.BW_ACCESS_TOKEN }}
base_url: https://vault.bitwarden.com
secrets: |
267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host
e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host
6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host
52512c15-b474-42c3-9835-b23e001edf35 > auth_host
903364d9-1b29-4b7f-aa66-b23e001f7327 > jf_host
e4c5d8be-b91f-41ab-8071-b23e00203340 > kasm_host
566329f5-5af3-4bcd-b187-b23e00216134 > netboot_host
fb62a8d1-6dd5-4fab-aff4-b23e0021e215 > npm_host
fe0a2fa5-8e2b-4b4f-ac68-b26100315b20 > plex_host
90a16954-45df-49ad-9f45-b23e002273c5 > runner_host
a5b6fa4b-4643-4f85-988b-b23e00245e2f > ubu_host
26b06759-9791-42d7-a076-b23e0063c4dd > ssh_private_key
- name: Create hosts.ini file
run: |
cat <<EOF > ansible/hosts.ini
[iac]
arrs.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arrs_host }} ansible_user=mafyuh
ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424
arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424
auth.lan ansible_host=${{ steps.bitwarden-secrets.outputs.auth_host }} ansible_user=mafyuh
jf.lan ansible_host=${{ steps.bitwarden-secrets.outputs.jf_host }} ansible_user=mafyuh
kasm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.kasm_host }} ansible_user=mafyuh
netboot.lan ansible_host=${{ steps.bitwarden-secrets.outputs.netboot_host }} ansible_user=mafyuh
npm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.npm_host }} ansible_user=mafyuh
plex.lan ansible_host=${{ steps.bitwarden-secrets.outputs.plex_host }} ansible_user=mafyuh ansible_port=2009
runner.lan ansible_host=${{ steps.bitwarden-secrets.outputs.runner_host }} ansible_user=mafyuh
ubu.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ubu_host }} ansible_user=mafyuh
EOF
- name: Ensure SSH directory exists
run: |
mkdir -p /root/.ssh
chmod 700 /root/.ssh
- name: Create Private key
run: |
cat <<EOF > /root/.ssh/id_rsa
${{ steps.bitwarden-secrets.outputs.ssh_private_key }}
EOF
- name: Set permissions for private key
run: |
chmod 700 /root/.ssh/id_rsa
- name: Set up SSH agent
run: |
eval $(ssh-agent -s)
ssh-add /root/.ssh/id_rsa
- name: Run the selected playbook
run: |
ansible-playbook ./ansible/playbooks/${{ github.event.inputs.playbook }} \
--extra-vars "bw_access_token=${{ secrets.BW_ACCESS_TOKEN }}"

2
ansible/playbooks/docker-login.yml
View file

@ -1,7 +1,7 @@
- hosts: "*"
become: false
vars:
docker_password: "{{ lookup('community.general.bitwarden', '3726555b-0ffc-442b-b66a-b257016f6ab9', access_token=lookup('env', 'BW_ACCESS_TOKEN')) }}"
docker_password: "{{ lookup('bitwarden.secrets.lookup', '3726555b-0ffc-442b-b66a-b257016f6ab9', access_token=lookup('env', 'BW_ACCESS_TOKEN')) }}"
tasks:
- name: Log into DockerHub
docker_login: