mafyuh/iac
1
0
Fork 0
Code Issues 5 Pull requests 3 Projects 1 Wiki Activity Actions

misc updates

Browse source
This commit is contained in:
Matt Reeves 2025-01-12 23:31:45 -05:00
parent 3d94aee458
commit dd3bd1212e
5 changed files with 17 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.forgejo/workflows/CD.yml
View file

@ -104,6 +104,7 @@ jobs:
base_url: https://vault.bitwarden.com base_url: https://vault.bitwarden.com
secrets: | secrets: |
267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host 267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host
d9924181-b061-44e0-b7b9-b264004791eb > ag_main_host
e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host
6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host 6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host
52512c15-b474-42c3-9835-b23e001edf35 > auth_host 52512c15-b474-42c3-9835-b23e001edf35 > auth_host
@ -121,6 +122,7 @@ jobs:
run: | run: |
cat <<EOF > ansible/hosts.ini cat <<EOF > ansible/hosts.ini
[iac] [iac]
dns.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ag_main_host }} ansible_user=mafyuh
arrs.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arrs_host }} ansible_user=mafyuh arrs.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arrs_host }} ansible_user=mafyuh
ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424 ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424
arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424 arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424

2
.forgejo/workflows/ansible-playbooks.yml
View file

@ -38,6 +38,7 @@ jobs:
base_url: https://vault.bitwarden.com base_url: https://vault.bitwarden.com
secrets: | secrets: |
267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host 267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host
d9924181-b061-44e0-b7b9-b264004791eb > ag_main_host
e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host
6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host 6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host
52512c15-b474-42c3-9835-b23e001edf35 > auth_host 52512c15-b474-42c3-9835-b23e001edf35 > auth_host
@ -59,6 +60,7 @@ jobs:
ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424 ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424
arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424 arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424
auth.lan ansible_host=${{ steps.bitwarden-secrets.outputs.auth_host }} ansible_user=mafyuh auth.lan ansible_host=${{ steps.bitwarden-secrets.outputs.auth_host }} ansible_user=mafyuh
dns.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ag_main_host }} ansible_user=mafyuh
jf.lan ansible_host=${{ steps.bitwarden-secrets.outputs.jf_host }} ansible_user=mafyuh jf.lan ansible_host=${{ steps.bitwarden-secrets.outputs.jf_host }} ansible_user=mafyuh
kasm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.kasm_host }} ansible_user=mafyuh kasm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.kasm_host }} ansible_user=mafyuh
netboot.lan ansible_host=${{ steps.bitwarden-secrets.outputs.netboot_host }} ansible_user=mafyuh netboot.lan ansible_host=${{ steps.bitwarden-secrets.outputs.netboot_host }} ansible_user=mafyuh

3
README.md
View file

@ -1,5 +1,6 @@
[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions) [![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions) [![CD](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
[![Ansible](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/ansible-playbooks.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
[![Tofu](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/tofu.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions) [![Tofu](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/tofu.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
[![Renovate](https://git.mafyuh.dev/renovatebot/renovate/badges/workflows/renovate.yml/badge.svg)](https://git.mafyuh.dev/renovatebot/renovate/actions) [![Renovate](https://git.mafyuh.dev/renovatebot/renovate/badges/workflows/renovate.yml/badge.svg)](https://git.mafyuh.dev/renovatebot/renovate/actions)
[![Pulls](https://git.mafyuh.dev/mafyuh/iac/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/iac/pulls) [![Pulls](https://git.mafyuh.dev/mafyuh/iac/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/iac/pulls)

22
ansible/playbooks/deploy-docker.yml
View file

@ -2,8 +2,18 @@
hosts: "{{ target_host }}" hosts: "{{ target_host }}"
vars: vars:
repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder }}" repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder }}"
secrets_mapping_file: "/home/{{ ansible_user }}/iac/secret-mappings.yml" secrets_mapping_file: "/home/{{ ansible_user }}/iac/docker/secret-mappings.yml"
tasks: tasks:
- name: Ensure the repository is up-to-date
ansible.builtin.shell: git pull
args:
chdir: "{{ repo_path }}"
register: git_pull_output
- name: Display git pull output
ansible.builtin.debug:
var: git_pull_output.stdout_lines
- name: Read secret mapping - name: Read secret mapping
ansible.builtin.slurp: ansible.builtin.slurp:
src: "{{ secrets_mapping_file }}" src: "{{ secrets_mapping_file }}"
@ -25,16 +35,6 @@
{{ key }}={{ lookup('bitwarden.secrets.lookup', secret_id, access_token=bw_access_token) }} {{ key }}={{ lookup('bitwarden.secrets.lookup', secret_id, access_token=bw_access_token) }}
{% endfor %} {% endfor %}
- name: Ensure the repository is up-to-date
ansible.builtin.shell: git pull
args:
chdir: "{{ repo_path }}"
register: git_pull_output
- name: Display git pull output
ansible.builtin.debug:
var: git_pull_output.stdout_lines
- name: Restart services using Docker Compose - name: Restart services using Docker Compose
community.docker.docker_compose_v2: community.docker.docker_compose_v2:
project_src: "{{ repo_path }}" project_src: "{{ repo_path }}"

0
secret-mappings.yml → docker/secret-mappings.yml
View file