diff --git a/.forgejo/workflows/ansible-playbooks.yml b/.forgejo/workflows/ansible-playbooks.yml new file mode 100644 index 0000000..4a1ac9d --- /dev/null +++ b/.forgejo/workflows/ansible-playbooks.yml @@ -0,0 +1,91 @@ +name: Run Ansible Playbook + +on: + workflow_dispatch: + inputs: + playbook: + description: "Choose the Ansible playbook to run" + required: true + type: choice + options: + - apt.yml + - docker-count.yml + - docker-login.yml + - docker-prune.yml + - git-pull-reset.yml + - main-reboot-required.yml + - ntp.yml + - zsh.yml + +jobs: + run-playbook: + runs-on: docker + container: + image: mafyuh/ansible-bws:v1.0.8 + + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Get Secrets from Bitwarden + id: bitwarden-secrets + uses: https://github.com/bitwarden/sm-action@v2 + with: + access_token: ${{ secrets.BW_ACCESS_TOKEN }} + base_url: https://vault.bitwarden.com + secrets: | + 267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host + e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host + 6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host + 52512c15-b474-42c3-9835-b23e001edf35 > auth_host + 903364d9-1b29-4b7f-aa66-b23e001f7327 > jf_host + e4c5d8be-b91f-41ab-8071-b23e00203340 > kasm_host + 566329f5-5af3-4bcd-b187-b23e00216134 > netboot_host + fb62a8d1-6dd5-4fab-aff4-b23e0021e215 > npm_host + fe0a2fa5-8e2b-4b4f-ac68-b26100315b20 > plex_host + 90a16954-45df-49ad-9f45-b23e002273c5 > runner_host + a5b6fa4b-4643-4f85-988b-b23e00245e2f > ubu_host + 26b06759-9791-42d7-a076-b23e0063c4dd > ssh_private_key + + + - name: Create hosts.ini file + run: | + cat < ansible/hosts.ini + [iac] + arrs.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arrs_host }} ansible_user=mafyuh + ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424 + arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424 + auth.lan ansible_host=${{ steps.bitwarden-secrets.outputs.auth_host }} ansible_user=mafyuh + jf.lan ansible_host=${{ steps.bitwarden-secrets.outputs.jf_host }} ansible_user=mafyuh + kasm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.kasm_host }} ansible_user=mafyuh + netboot.lan ansible_host=${{ steps.bitwarden-secrets.outputs.netboot_host }} ansible_user=mafyuh + npm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.npm_host }} ansible_user=mafyuh + plex.lan ansible_host=${{ steps.bitwarden-secrets.outputs.plex_host }} ansible_user=mafyuh ansible_port=2009 + runner.lan ansible_host=${{ steps.bitwarden-secrets.outputs.runner_host }} ansible_user=mafyuh + ubu.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ubu_host }} ansible_user=mafyuh + EOF + + - name: Ensure SSH directory exists + run: | + mkdir -p /root/.ssh + chmod 700 /root/.ssh + + - name: Create Private key + run: | + cat < /root/.ssh/id_rsa + ${{ steps.bitwarden-secrets.outputs.ssh_private_key }} + EOF + + - name: Set permissions for private key + run: | + chmod 700 /root/.ssh/id_rsa + + - name: Set up SSH agent + run: | + eval $(ssh-agent -s) + ssh-add /root/.ssh/id_rsa + + - name: Run the selected playbook + run: | + ansible-playbook ./ansible/playbooks/${{ github.event.inputs.playbook }} \ + --extra-vars "bw_access_token=${{ secrets.BW_ACCESS_TOKEN }}" diff --git a/ansible/playbooks/docker-login.yml b/ansible/playbooks/docker-login.yml index e2b5023..40b9ee6 100644 --- a/ansible/playbooks/docker-login.yml +++ b/ansible/playbooks/docker-login.yml @@ -1,7 +1,7 @@ - hosts: "*" become: false vars: - docker_password: "{{ lookup('community.general.bitwarden', '3726555b-0ffc-442b-b66a-b257016f6ab9', access_token=lookup('env', 'BW_ACCESS_TOKEN')) }}" + docker_password: "{{ lookup('bitwarden.secrets.lookup', '3726555b-0ffc-442b-b66a-b257016f6ab9', access_token=lookup('env', 'BW_ACCESS_TOKEN')) }}" tasks: - name: Log into DockerHub docker_login: