Deprecating old stuff that isnt used anymore

deprecated/playbooks/.ssh/config

@@ -0,0 +1,25 @@
+Host alpha-host
+	HostName 54.215.74.195
+	IdentityFile /home/shockrah/GitRepos/vpc/infra/keys/alpha/id_ssh
+	User ubuntu
+	
+Host atlas-host
+	HostName 54.215.74.195
+	IdentityFile /home/shockrah/GitRepos/vpc/infra/keys/atlas/id_ssh
+	User ubuntu
+
+Host beta-host
+	HostName 54.241.104.37
+	IdentityFile ../infra/keys/beta/id_ssh
+	User ubuntu
+
+Host web-host
+	HostName 54.241.104.37
+	IdentityFile ../infra/keys/beta-web/beta_web
+	User web
+
+Host docker-host
+	HostName 54.215.74.195
+	IdentityFile /home/shockrah/GitRepos/vpc/infra/keys/dockerlass/id_ssh
+	User dockerlass
+

deprecated/playbooks/.ssh/known_hosts

@@ -0,0 +1,5 @@
+
+54.241.104.37 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv1XSgIiVhlOiDLhSGRNhUtpMRacOrJ7lhI7SKy6VC8
+shockrah.xyz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv1XSgIiVhlOiDLhSGRNhUtpMRacOrJ7lhI7SKy6VC8
+|1|5pyfR6GIeNlW0EbYZTnO9Uy85Xw=|Ef9X9NBkhCu6qjhIvIVLCd8bxw0= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjACbiHsV9hvrIjcNGktKJTGVtGBXAgojvhLw0CwwDc
+54.215.74.195 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZKurmFz86dCDtoC8oF0fdUFx8UpOjU2Qij/iVRsnt9

deprecated/playbooks/.ssh/local-config

@@ -0,0 +1,5 @@
+Host alpha-host
+	HostName 192.168.1.23
+	IdentityFile ../infra/keys/alpha/id_ssh
+	User motheradmin
+

deprecated/playbooks/alpha/certbot.yml

@@ -0,0 +1,15 @@
+---
+- hosts: alpha
+  remote_user: ubuntu
+  become: yes
+  become_method: sudo
+  tasks:
+    - name: Install New Certificate for all sites
+      command: >
+        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
+        --domains "{{item}}"
+      loop:
+        - search.project-athens.xyz
+        - clips.shockrah.xyz
+        - files.leftcoast.space
+

deprecated/playbooks/alpha/clips/setup.yml

@@ -0,0 +1,31 @@
+---
+- hosts: alpha
+  become: yes
+  vars:
+    CLIPPABLE_ROOT: /mnt/drive1
+  tasks:
+    - name: Create mountpoints for volumes
+      file:
+        state: directory
+        path: "{{ CLIPPABLE_ROOT }}/{{ item }}"
+      loop:
+        - clips/
+        - thumbnails/
+
+    - name: Pull latest Clippable Image
+      community.docker.docker_container:
+        name: clippable
+        image: registry.gitlab.com/shockrah/clippable:latest
+        pull: yes
+        restart_policy: always
+        recreate: yes
+        env:
+          SITE_NAME: "Shockrah's Clips"
+          SITE_DESC: "Short clips of random stuff I do"
+          SITE_URL: "https://clips.shockrah.xyz"
+        ports:
+          - "8482:8482"
+        volumes:
+          - "{{CLIPPABLE_ROOT}}/clips:/media/clips"
+          - "{{CLIPPABLE_ROOT}}/thumbnails:/media/thumbnails"
+

deprecated/playbooks/alpha/docker-config.yml

@@ -0,0 +1,15 @@
+# Here we basically install a config that limits all containers to having
+# a maxium amount of logs on disk. We do this to save on storage space
+---
+- hosts: alpha
+  become: yes
+  tasks:
+    - name: Copy over daemon.json config
+      copy:
+        src: docker/daemon.json
+        dest: /etc/daemon.json
+
+    - name: Restart Docker service
+      systemd:
+        name: docker
+        state: restarted

deprecated/playbooks/alpha/docker-user.yml

@@ -0,0 +1,39 @@
+# This playbook creates an ssh accessed user that is part of the docker group
+# The reason for this is to create a user that can access docker services but
+# not have root permissions to the host machine itself.
+
+---
+- hosts: alpha
+  remote_user: ubuntu
+  become:  yes
+  vars:
+    NAME: dockerlass
+  tasks:
+    - name: Ensure Docker Group exists
+      group:
+        name: docker 
+        state: present
+
+    - name: Ensure Docker-Only User exists and is part of the Docker group
+      user:
+        state: present
+        name: "{{ NAME }}"
+        create_home: true
+        groups: docker
+
+    - name: Ensure safe ~/.ssh directory
+      file:
+        path: "/home/{{NAME}}/.ssh"
+        state: directory
+        mode: 0700
+        owner: "{{ NAME }}"
+
+    - name: Ensure safe Authorized keys file
+      copy:
+        src: "{{ DOCKERLASS_PUB_KEY_PATH }}"
+        dest: "/home/{{NAME}}/.ssh/authorized_keys"
+        mode: 0600
+        owner: "{{ NAME }}"
+      
+   
+

deprecated/playbooks/alpha/docker/daemon.json

@@ -0,0 +1,7 @@
+{
+	"log-driver" : "local",
+	"log-opts": {
+		"max-size": "10m",
+		"max-file": "3"
+	}
+}

deprecated/playbooks/alpha/filebrowser/main.yml

@@ -0,0 +1,22 @@
+# This playbook goes through the process of setting up a simple FTP server on
+# the target host.
+---
+- hosts: alpha
+  become: yes
+  vars:
+    MOUNTPOINT: /mnt/fam-files
+  tasks:
+    - name: Setup Filebrowser Container
+      community.docker.docker_container:
+        name: filebrowser
+        image: filebrowser/filebrowser
+        restart_policy: always
+        volumes:
+          - "{{MOUNTPOINT}}/data:/srv"
+        ports:
+          - "8000:80"
+        user: "0:0"
+    
+
+
+

deprecated/playbooks/alpha/init.yml

@@ -0,0 +1,46 @@
+---
+- hosts: alpha
+  remote_user: ubuntu
+  tasks:
+    - name: Install docker dependencies
+      become: yes
+      become_method: sudo
+      apt:
+        name: "{{item}}"
+        update_cache: yes
+      loop:
+        - apt-transport-https
+        - ca-certificates
+        - curl
+        - gnupg
+        - software-properties-common
+        - lsb-release
+
+    - name: Install docker GPG key
+      become: yes
+      become_method: sudo
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker Apt Repo
+      become: yes
+      become_method: sudo
+      apt_repository:
+        repo: deb https://download.docker.com/linux/ubuntu impish stable
+        state: present
+
+    - name: Install Docker components
+      become: yes
+      become_method: sudo
+      apt:
+        name: "{{item}}"
+        update_cache: yes
+      loop:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+
+
+
+

deprecated/playbooks/alpha/nginx/clippable.yml

@@ -0,0 +1,30 @@
+# It is important to keep in mind that these websites are to be served under
+# either port 80 or port 443. The reasoning for allowing port 80 connections
+# is because the content here is not sensitive and I'm 100% sure I'm going
+# to get traffic from glow-friends so there
+
+---
+- hosts: beta
+  become: yes
+  tasks:
+    - name: Push clips.shockrah.xyz config(nginx)
+      copy:
+        src: "clips.shockrah.xyz"
+        dest: "/etc/nginx/sites-available/clips.shockrah.xyz"
+
+    - name: Enable clips nginx config
+      file:
+        src: /etc/nginx/sites-available/clips.shockrah.xyz
+        dest: /etc/nginx/sites-enabled/clips.shockrah.xyz
+        state: link
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install New Certificate for all sites
+      command: >
+        certbot -n --nginx -m "dev@shockrah.xyz" --agree-tos
+        --domains clips.shockrah.xyz
+

deprecated/playbooks/alpha/nginx/clips.shockrah.xyz

@@ -0,0 +1,12 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name clips.shockrah.xyz;
+	location / {
+		proxy_pass http://127.0.0.1:8482;
+	}
+}
+
+

deprecated/playbooks/alpha/nginx/disable-default.yml

@@ -0,0 +1,10 @@
+---
+- hosts: alpha
+  tasks:
+    - name: Disable Default Nginx Site
+      become: yes
+      file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+
+

deprecated/playbooks/alpha/nginx/files.leftcoast.space

@@ -0,0 +1,14 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name files.leftcoast.space;
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+	}
+	# Because we take large video/image file uploads
+	client_max_body_size 0;
+}
+
+

deprecated/playbooks/alpha/nginx/main.yml

@@ -0,0 +1,41 @@
+# This playbook just installs nginx so that it is ready to configure
+# we don't bother with extra user accounts like with Beta because we
+# are only concerned with using nginx to serve fully containerized
+# applications. Not static files
+---
+- hosts: alpha
+  become: yes
+  vars:
+    SITES:
+      - search.project-athens.xyz
+      - files.leftcoast.space
+      - clips.shockrah.xyz
+  tasks:
+    - name: Install Certbot
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Push Configs
+      copy:
+        src:  "{{item}}"
+        dest: "/etc/nginx/sites-available/{{item}}"
+      loop: "{{ SITES }}"
+
+    - name: Enable Sites in Nginx
+      file: 
+        src: "/etc/nginx/sites-available/{{item}}"
+        dest: "/etc/nginx/sites-enabled/{{item}}"
+        state: link
+      loop: "{{ SITES }}"
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install Certificates for all sites on this host
+      command: >
+        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
+        --domains "{{item}}"
+      loop: "{{ SITES }}"

deprecated/playbooks/alpha/nginx/search.project-athens.xyz

@@ -0,0 +1,11 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name search.project-athens.xyz;
+	location / {
+		proxy_pass http://127.0.0.1:8080;
+	}
+}
+

deprecated/playbooks/alpha/searx/main.yml

@@ -0,0 +1,31 @@
+---
+- hosts: alpha
+  remote_user: ubuntu
+  become: yes
+  tasks:
+    - name: Create /var/www/ Configuration Directory
+      file:
+        path: /var/www/
+        state: directory
+
+    - name: Create /var/www/searx/ Searx configuration Directory
+      file:
+        path: /var/www/searx
+        state: directory
+
+    - name: Copy Searx Configuration to /var/www/searx
+      copy:
+        src: settings.yml
+        dest: /var/www/searx/settings.yml
+
+    - name: Pull latest Searx Repo patches
+      community.docker.docker_container:
+        name: searx
+        image: searx/searx
+        pull: yes
+        restart_policy: always
+        recreate: yes
+        volumes:
+          - "/var/www/searx/settings.yml:/etc/searx/settings.yml"
+        ports:
+          - "8080:8080"

deprecated/playbooks/alpha/searx/settings.yml

@@ -0,0 +1,24 @@
+use_default_settings: True
+
+general:
+  debug : False # Debug mode, only for development
+  instance_name : "Project Athens SearX" # displayed name
+
+search:
+  safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict
+  autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
+  default_lang : "" # Default search language - leave blank to detect from browser information or use codes from 'languages.py'
+
+server:
+  port : 8080
+  bind_address : "127.0.0.1" # explicitly only listen on localhost
+  secret_key : "VnnTHjYycpMerevPKQ5DAngpcZ3in5R8wgshvz2kW1LBDw6Z/ytWGdkZfXZTdY7zMb0oe6UXoZ9a"
+  base_url : "https://search.project-athens.xyz"
+  image_proxy : False # Proxying image results through searx
+
+# TODO: add morty proxy to the setup for cleaner results
+# uncomment below section if you have running morty proxy
+#result_proxy:
+#    url : http://127.0.0.1:3000/
+#    key : !!binary "your_morty_proxy_key"
+

deprecated/playbooks/alpha/setup-docker-plugin.yml

@@ -0,0 +1,18 @@
+---
+- hosts: alpha
+  remote_user: ubuntu
+  tasks:
+    - name: Install Pip3
+      become: yes
+      become_method: sudo
+      apt:
+        name: python3-pip
+        update_cache: yes
+
+    - name: Install Docker Pip Package
+      become: yes
+      become_method: sudo
+      pip:
+        name: docker
+
+

deprecated/playbooks/athens-common/touch.yml

@@ -0,0 +1,16 @@
+# This is purely here to check if things are 
+# working properly
+---
+- hosts: alpha, beta, gamma, sigma
+  remote_user: ubuntu
+  tasks:
+    - name: Echo
+      shell: echo 'This playbooks is just testing connectivity'
+
+    - name: Sample HTTP Request
+      shell: curl http://google.com
+
+    - name: Sample HTTPS Request
+      shell: curl -k https://gogle.com
+
+

deprecated/playbooks/athens-common/ufw.yml

@@ -0,0 +1,42 @@
+# This play book sets up a mirrored setup for both web service hosts
+# such that they accept web traffic in and out from anywhere
+# but only accept ssh connections from the internal network
+---
+- hosts: alpha,beta
+  remote_user: ubuntu
+  # UFW is only accessible to root so sudo is required for each task
+  become: yes
+  become_method: sudo
+  tasks:
+    - name: Install UFW in case it's not here
+      apt:
+        name: ufw
+        update_cache: yes
+    - name: Allow SSH connections from internal network
+      ufw:
+        rule: allow
+        port: ssh
+        direction: incoming
+
+    - name: Rate limit SSH connections
+      ufw:
+        rule: limit
+        direction: incoming
+        port: ssh
+        proto: tcp
+
+    - name: Allow Plain-HTTP traffic from anywhere
+      ufw:
+        rule: allow
+        port: 80
+        proto: tcp
+
+    - name: Allow HTTPS traffic from anywhere
+      ufw:
+        rule: allow
+        port: 443
+        proto: tcp
+
+
+
+

deprecated/playbooks/athens-common/update-certs.yml

@@ -0,0 +1,5 @@
+---
+- import_playbook: '../beta/certbot.yml'
+- import_playbook: '../alpha/certbot.yml'
+
+

deprecated/playbooks/atlas/init/clippable/main.yml

@@ -0,0 +1,34 @@
+---
+- hosts: atlas
+  become: yes
+  vars:
+    CLIPPABLE_ROOT: "{{ CLIPPABLE_MOUNT_POINT }}/clips"
+  tasks:
+    - name: Fetch vars for getting mount points
+      include_vars:
+        file: ../../vars/drives.yml
+    - name: Create mountpoints for volumes
+      file:
+        state: directory
+        path: "{{ CLIPPABLE_ROOT }}/{{ item }}"
+      loop:
+        - clips
+        - thumbnails
+
+    - name: Pull latest Clippable Image
+      community.docker.docker_container:
+        name: clippable
+        image: registry.gitlab.com/shockrah/clippable:latest
+        pull: yes
+        restart_policy: always
+        recreate: yes
+        env:
+          SITE_NAME: "Shockrah's Clips"
+          SITE_DESC: "Short clips of random stuff I do"
+          SITE_URL: "https://clips.shockrah.xyz"
+        ports:
+          - "8482:8482"
+        volumes:
+          - "{{CLIPPABLE_ROOT}}/clips:/media/clips"
+          - "{{CLIPPABLE_ROOT}}/thumbnails:/media/thumbnails"
+

deprecated/playbooks/atlas/init/filebrowser/main.yml

@@ -0,0 +1,23 @@
+# This playbook goes through the process of setting up a simple FTP server on
+# the target host.
+---
+- hosts: atlas
+  become: yes
+  tasks:
+    - name: Fetch vars for getting mount points
+      include_vars:
+        file: ../../vars/drives.yml
+    - name: Setup Filebrowser Container
+      community.docker.docker_container:
+        name: filebrowser
+        image: filebrowser/filebrowser
+        restart_policy: always
+        volumes:
+          - "{{ FILEBROWSER_MOUNT_POINT }}/files:/srv"
+        ports:
+          - "8000:80"
+        user: "0:0"
+    
+
+
+

deprecated/playbooks/atlas/init/migrate-clips-files.yml

@@ -0,0 +1,14 @@
+---
+- hosts: atlas
+  tasks:
+    - name: Fetch vars for getting mount points
+      include_vars:
+        file: ../vars/drives.yml
+    - name: Copy over Filebrowser & Clippable data from local
+      become: yes
+      copy:
+        src:  "{{ item.src }}"
+        dest: "{{ item.dst }}"
+      loop:
+        - { src: "{{ filebrowser }}", dst: "{{ FILEBROWSER_MOUNT_POINT }}" }
+        - { src: "{{ clippable }}"  , dst: "{{ CLIPPABLE_MOUNT_POINT }}" }

deprecated/playbooks/atlas/init/perma-mount-drives.yml

@@ -0,0 +1,50 @@
+# This ensures that the mount points for our docker volumes are present and
+# populated correctly
+---
+- hosts: atlas
+  become: yes
+  vars:
+    filesystem: ext4
+  tasks:
+    - name: Fetch vars for getting mount points
+      include_vars:
+        file: ../vars/drives.yml
+
+    - name: Creat mountpoints for mounted volumes
+      file:
+        path: "{{ item }}"
+        state: directory
+        owner: ubuntu
+      loop:
+        - "{{ CLIPPABLE_MOUNT_POINT }}"
+        - "{{ FILEBROWSER_MOUNT_POINT }}"
+
+    - name: Partition Devices
+      community.general.parted:
+        device: "{{ item }}"
+        number: 1
+        label: gpt
+        part_start: 0%
+        part_end:   100%
+        name: data
+      loop:
+        - "{{ FILEBROWSER_DRIVE }}"
+        - "{{ CLIPPABLE_DRIVE }}"
+
+    - name: Format the drive for use
+      community.general.filesystem:
+        dev: "{{ item }}"
+        fstype: "{{ filesystem }}"
+      loop:
+        - "{{ FILEBROWSER_DRIVE }}"
+        - "{{ CLIPPABLE_DRIVE }}"
+
+    - name: Permanently Mount Drives
+      mount:
+        state: mounted
+        path: "{{ item.dst }}"
+        src:  "{{ item.src }}"
+        fstype: "{{ filesystem }}"
+      loop:
+        - { src: "{{ FILEBROWSER_DRIVE }}", dst: "{{ FILEBROWSER_MOUNT_POINT }}" }
+        - { src: "{{ CLIPPABLE_DRIVE }}",   dst: "{{ CLIPPABLE_MOUNT_POINT }}" }

deprecated/playbooks/atlas/init/searx/main.yml

@@ -0,0 +1,30 @@
+---
+- hosts: atlas
+  become: yes
+  tasks:
+    - name: Create /var/www/ Configuration Directory
+      file:
+        path: /var/www/
+        state: directory
+
+    - name: Create /var/www/searx/ Searx configuration Directory
+      file:
+        path: /var/www/searx
+        state: directory
+
+    - name: Copy Searx Configuration to /var/www/searx
+      copy:
+        src: settings.yml
+        dest: /var/www/searx/settings.yml
+
+    - name: Pull latest Searx Repo patches
+      community.docker.docker_container:
+        name: searx
+        image: searx/searx
+        pull: yes
+        restart_policy: always
+        recreate: yes
+        volumes:
+          - "/var/www/searx/settings.yml:/etc/searx/settings.yml"
+        ports:
+          - "8080:8080"

deprecated/playbooks/atlas/init/searx/settings.yml

@@ -0,0 +1,20 @@
+use_default_settings: True
+
+general:
+  debug : False # Debug mode, only for development
+  instance_name : "Project Athens SearX" # displayed name
+
+search:
+  safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict
+  autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
+  default_lang : "" # Default search language - leave blank to detect from browser information or use codes from 'languages.py'
+
+server:
+  port : 8080
+  bind_address : "127.0.0.1" # explicitly only listen on localhost
+  # This key only matters for API users which I don't care about
+  # Hence this is fine because meh.jpg
+  secret_key : "VnnTHjYycpMerevPKQ5DAngpcZ3in5R8wgshvz2kW1LBDw6Z/ytWGdkZfXZTdY7zMb0oe6UXoZ9a"
+  base_url : "https://search.project-athens.xyz"
+  image_proxy : False # Proxying image results through searx
+

deprecated/playbooks/atlas/init/setup-containers.yml

@@ -0,0 +1,8 @@
+# Here we just call other playbooks to setup the services in the same way
+# that the alpha host would set them up.
+# NOTE: lewdlad is not included here because it is deployed via pipeline
+# in it's own repository
+---
+- import_playbook: './searx/main.yml'
+- import_playbook: './filebrowser/main.yml'
+- import_playbook: './clippable/main.yml'

deprecated/playbooks/atlas/init/setup-reverse-proxy.yml

@@ -0,0 +1,48 @@
+
+# This playbook just installs nginx so that it is ready to configure
+# we don't bother with extra user accounts like with Beta because we
+# are only concerned with using nginx to serve fully containerized
+# applications. Not static files
+---
+- hosts: atlas
+  become: yes
+  vars:
+    CERT_EMAIL: "dev@shockrah.xyz"
+    SITES:
+      - search.project-athens.xyz
+      - files.leftcoast.space
+      - clips.shockrah.xyz
+  tasks:
+    - name: Install nginx
+      apt:
+        name: nginx
+        state: latest
+
+    - name: Install Certbot
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Push Configs
+      copy:
+        src:  "{{ '../nginx-plain-conf/' ~ item }}"
+        dest: "{{ '/etc/nginx/sites-available/' ~  item }}"
+      loop: "{{ SITES }}"
+
+    - name: Enable Sites in Nginx
+      file: 
+        src: "/etc/nginx/sites-available/{{item}}"
+        dest: "/etc/nginx/sites-enabled/{{item}}"
+        state: link
+      loop: "{{ SITES }}"
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install Certificates for all sites on this host
+      command: >
+        certbot -n --nginx -m "{{ CERT_EMAIL }}" --agree-tos
+        --domains "{{item}}"
+      loop: "{{ SITES }}"

deprecated/playbooks/atlas/init/system-deps.yml

@@ -0,0 +1,46 @@
+# This playbook downloads all the basic requirements to give containers
+# an environment where they can be brought up safely. We focus primarily
+# on the host with this playbook
+---
+- hosts: atlas
+  become: yes
+  become_method: sudo
+  tasks:
+    - name: Install docker dependencies
+      apt:
+        name: "{{item}}"
+        update_cache: yes
+      loop:
+        - apt-transport-https
+        - ca-certificates
+        - curl
+        - gnupg
+        - software-properties-common
+        - lsb-release
+        - python3
+        - python3-pip
+
+    - name: Install docker-py
+      pip:
+        name: docker-py
+        state: present
+
+    - name: Install docker GPG key
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker Apt Repo
+      apt_repository:
+        repo: deb https://download.docker.com/linux/ubuntu impish stable
+        state: present
+
+    - name: Install Docker components
+      apt:
+        name: "{{item}}"
+        update_cache: yes
+      loop:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+

deprecated/playbooks/atlas/nginx-plain-conf/clippable.yml

@@ -0,0 +1,30 @@
+# It is important to keep in mind that these websites are to be served under
+# either port 80 or port 443. The reasoning for allowing port 80 connections
+# is because the content here is not sensitive and I'm 100% sure I'm going
+# to get traffic from glow-friends so there
+
+---
+- hosts: beta
+  become: yes
+  tasks:
+    - name: Push clips.shockrah.xyz config(nginx)
+      copy:
+        src: "clips.shockrah.xyz"
+        dest: "/etc/nginx/sites-available/clips.shockrah.xyz"
+
+    - name: Enable clips nginx config
+      file:
+        src: /etc/nginx/sites-available/clips.shockrah.xyz
+        dest: /etc/nginx/sites-enabled/clips.shockrah.xyz
+        state: link
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install New Certificate for all sites
+      command: >
+        certbot -n --nginx -m "dev@shockrah.xyz" --agree-tos
+        --domains clips.shockrah.xyz
+

deprecated/playbooks/atlas/nginx-plain-conf/clips.shockrah.xyz

@@ -0,0 +1,12 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name clips.shockrah.xyz;
+	location / {
+		proxy_pass http://127.0.0.1:8482;
+	}
+}
+
+

deprecated/playbooks/atlas/nginx-plain-conf/disable-default.yml

@@ -0,0 +1,10 @@
+---
+- hosts: alpha
+  tasks:
+    - name: Disable Default Nginx Site
+      become: yes
+      file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+
+

deprecated/playbooks/atlas/nginx-plain-conf/files.leftcoast.space

@@ -0,0 +1,14 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name files.leftcoast.space;
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+	}
+	# Because we take large video/image file uploads
+	client_max_body_size 0;
+}
+
+

deprecated/playbooks/atlas/nginx-plain-conf/main.yml

@@ -0,0 +1,42 @@
+# This playbook just installs nginx so that it is ready to configure
+# we don't bother with extra user accounts like with Beta because we
+# are only concerned with using nginx to serve fully containerized
+# applications. Not static files
+---
+- hosts: alpha
+  become: yes
+  tasks:
+    - name: Install Certbot
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Push Configs
+      copy:
+        src:  "{{item}}"
+        dest: "/etc/nginx/sites-available/{{item}}"
+      loop:
+        - search.project-athens.xyz
+        - files.leftcoast.space
+
+    - name: Enable Sites in Nginx
+      file: 
+        src: "/etc/nginx/sites-available/{{item}}"
+        dest: "/etc/nginx/sites-enabled/{{item}}"
+        state: link
+      loop:
+        - search.project-athens.xyz
+        - files.leftcoast.space
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install Certificates for all sites on this host
+      command: >
+        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
+        --domains "{{item}}"
+      loop:
+        - search.project-athens.xyz
+        - files.leftcoast.space

deprecated/playbooks/atlas/nginx-plain-conf/search.project-athens.xyz

@@ -0,0 +1,11 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name search.project-athens.xyz;
+	location / {
+		proxy_pass http://127.0.0.1:8080;
+	}
+}
+

deprecated/playbooks/atlas/vars/drives.yml

@@ -0,0 +1,5 @@
+# These vars are really only used to configure the host for the first time
+CLIPPABLE_MOUNT_POINT: /mnt/clippable
+CLIPPABLE_DRIVE:   /dev/nvme1n1
+FILEBROWSER_DRIVE: /dev/nvme2n1
+FILEBROWSER_MOUNT_POINT: /mnt/filebrowser

deprecated/playbooks/beta/base-site-conf/freechat.shockrah.xyz

@@ -0,0 +1,13 @@
+# This file basically contains the base configuration for freechat.shockrah.xyz
+# This is to be installed before running certbot against it as this only sets us
+# up for correct HTTP(not TLS) based connections
+
+server {
+	root /var/www/freechat;
+	index index.html;
+	server_name freechat.shockrah.xyz;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}

deprecated/playbooks/beta/base-site-conf/qrcodes.leftcoast.space

@@ -0,0 +1,13 @@
+# This file basically contains the base configuration for qrcodes.leftcoast.space
+# This is to be installed before running certbot against it as this only sets us
+# up for correct HTTP(not TLS) based connections
+
+server {
+	root /var/www/qrcodes.leftcoast.space;
+	index index.html;
+	server_name qrcodes.leftcoast.space;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}

deprecated/playbooks/beta/base-site-conf/resume.shockrah.xyz

@@ -0,0 +1,14 @@
+# This file basically contains the base configuration for freechat.shockrah.xyz
+# This is to be installed before running certbot against it as this only sets us
+# up for correct HTTP(not TLS) based connections
+
+server {
+	root /var/www/resume.shockrah.xyz;
+	index index.html;
+	server_name resume.shockrah.xyz;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+

deprecated/playbooks/beta/base-site-conf/shockrah.xyz

@@ -0,0 +1,14 @@
+# This file basically contains the base configuration for freechat.shockrah.xyz
+# This is to be installed before running certbot against it as this only sets us
+# up for correct HTTP(not TLS) based connections
+
+server {
+	root /var/www/shockrah.xyz;
+	index index.html;
+	server_name shockrah.xyz;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+

deprecated/playbooks/beta/certbot.yml

@@ -0,0 +1,19 @@
+# It is important to keep in mind that these websites are to be served under
+# either port 80 or port 443. The reasoning for allowing port 80 connections
+# is because the content here is not sensitive and I'm 100% sure I'm going
+# to get traffic from glow-friends so there
+
+---
+- hosts: beta
+  remote_user: ubuntu
+  become: yes
+  tasks:
+    - name: Install New Certificate for all sites
+      command: >
+        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
+        --domains "{{item}}"
+      loop:
+        - freechat.shockrah.xyz
+        - shockrah.xyz
+        - resume.shockrah.xyz
+        - qrcodes.leftcoast.space

deprecated/playbooks/beta/files/web.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9n/H/AMcDcz90L5q0zxGxZWU5ShveyLOUFZBlcJ6SBco3Vb2ZD/qwmgDpVrgaB8bRdmioSgBIEvjX1uv6oEPvhCNu9JoXgy9uqOkbV7vqALxxEbleFYT2KQl5aq/OK0f+3Do9yiyNH8xaJ/FgwLHDC3GIKijdLa++e0Ydk1xnmzxD1C+Ciu8s6RHeGjG89txWqE0iEgfc+VNbPYdve9TR3WApbokUkux2KwYYDi3naqNB+pYn4cScx/fHoibiZeTBCnqGrgk+ZDowOtsvrSUVzKqBqQzphKO1YlttoNlcktkRjoUoQUP3g/B3NJqGMZi1NAovy3uD/QG5p1DaFVgZll6WDY4NsfhmT3K1xjNqBf0SSsXwe/CUIQ4oTcLPKwaW8hKygO//727l2n8GtwVAU2v3aYYHPbZrPmz/+3iALq0cjhpFz97WX1ifPijiSFPJ9vvE9H4p24bmVn64mBVaYq8E088t8ycWgPj04makbc5sPu7K5CecUUaGD4MWDws= Beta SSH Key

deprecated/playbooks/beta/init.yml

@@ -0,0 +1,66 @@
+# This playbook goes through the process of setting up all the lower level
+# infrastructure we need to start deploying website files to the server
+# itself.
+---
+- hosts: beta
+  remote_user: ubuntu
+  become: yes
+  become_method: sudo
+  tasks:
+    - name: Install snapd package manager
+      apt:
+        name: snapd
+        update_cache: yes
+        state: present
+
+    - name: Install Nginx
+      apt:
+        name: nginx
+        update_cache: yes
+        state: present
+
+    - name: Update Snap
+      community.general.snap:
+        name: core
+        state: present
+
+    - name: Install Certbot Snap Package
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Create website admin group
+      group:
+        name: web
+        state: present
+
+    - name: Create website user account
+      user:
+        name: web
+        comment: Website maintainer account
+        state: present
+
+    - name: Create /home/web/.ssh directory
+      file:
+        path: /home/web/.ssh
+        state: directory
+        owner: web
+        group: web
+        mode: 0700
+
+    - name: Copy public web key to beta
+      authorized_key:
+        user: web
+        key: "{{ lookup('file', 'files/'+'web.pub') }}"
+
+
+    - name: Create Web root directory under new web account
+      file:
+        path: /var/www
+        state: directory
+        recurse: yes
+        owner: web
+        group: web
+
+
+

deprecated/playbooks/beta/setup-nginx-confs.yml

@@ -0,0 +1,34 @@
+---
+- hosts: beta
+  remote_user: ubuntu
+  become: yes
+  become_method: sudo
+  tasks:
+    - name: Push Nginx Site Configs into available site listings
+      copy:
+        src: "base-site-conf/{{item}}"
+        dest: /etc/nginx/sites-available/
+      loop:
+        - freechat.shockrah.xyz
+        - resume.shockrah.xyz
+        - shockrah.xyz
+        - qrcodes.leftcoast.space
+
+    - name: Enable Static Sites in Nginx
+      file:
+        src: "/etc/nginx/sites-available/{{item}}"
+        dest: "/etc/nginx/sites-enabled/{{item}}"
+        state: link
+      loop:
+        - freechat.shockrah.xyz
+        - resume.shockrah.xyz
+        - shockrah.xyz
+        - qrcodes.leftcoast.space
+
+    - name: Restart Nginx Service
+      service:
+        name: nginx
+        state: restarted
+
+  
+

deprecated/playbooks/beta/test-web-user.yml

@@ -0,0 +1,18 @@
+# This playbooks basically just ensures that the web user account is behaving
+# correctly and is installed in the correct places
+---
+- hosts: web
+  user: web
+  tasks:
+    - name: Echo something
+      shell: echo Hello
+      register: hi
+
+    - debug: var=hi.stdout
+
+    - name: Who am I
+      shell: whoami
+      register: whoami
+
+    - debug: var=whoami.stdout_lines
+

deprecated/playbooks/beta/vars/main.yml

@@ -0,0 +1,4 @@
+FC_LOCAL_DOCS: "/home/shockrah/GitRepos/freechat/docs/"
+RESUME_LOCAL_PUBLIC: "/home/shockrah/GitRepos/resume/"
+BLOG_LOCAL_PUBLIC: "/home/shockrah/GitRepos/shockrah-city/"
+CERT_EMAIL: "alejandros714@protonmail.com"

deprecated/playbooks/beta/websites/update-blog.yml

@@ -0,0 +1,8 @@
+---
+- hosts: beta
+  become: yes
+  tasks:
+    - name: Push blog content
+      copy:
+        src: "{{BLOG_LOCAL_PUBLIC}}/public/"
+        dest: /var/www/shockrah.xyz

deprecated/playbooks/beta/websites/update-fc-docs.yml

@@ -0,0 +1,8 @@
+---
+- hosts: beta
+  become: yes
+  tasks:
+    - name: Push docs content
+      copy:
+        src: "{{FC_LOCAL_DOCS}}/public"
+        dest: /var/www/freechat

deprecated/playbooks/beta/websites/update-qrcodes.yml

@@ -0,0 +1,12 @@
+---
+- hosts: beta
+  become: yes
+  tasks:
+    - name: Fetch variables from role specific vars file
+      include_vars:
+        file: ../vars/main.yml
+    - name: Push out qrcodes public content
+      copy:
+        src: "{{QRCODES_LOCAL_PUBLIC}}/public/"
+        dest: /var/www/qrcodes.leftcoast.space
+      

deprecated/playbooks/beta/websites/update-resume.yml

@@ -0,0 +1,11 @@
+---
+- hosts: beta
+  become: yes
+  tasks:
+    - name: Fetch variables from role specific vars file
+      include_vars:
+        file: ../vars/main.yml
+    - name: Push out resume public content
+      copy:
+        src: "{{RESUME_LOCAL_PUBLIC}}/public/"
+        dest: /var/www/resume.shockrah.xyz

deprecated/playbooks/check-syntax.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+for f in `find -name '*.yml'`; do
+	echo ansible-playbook -i hosts.ini --syntax-check $f
+	ansible-playbook -i hosts.ini --syntax-check $f
+done

deprecated/playbooks/connect.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# -_-
+
+set -x
+
+ssh -F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts $@

deprecated/playbooks/env/alpha.yml

@@ -0,0 +1,48 @@
+$ANSIBLE_VAULT;1.1;AES256
+35623361306666636339326632313237383635613761383063386465383731336430383036643037
+3839363734393463306266386137366262333736643737610a666234303965336135346161306530
+66383032333363386237636431613930333131376331663636373661636662323665343434316664
+6464323465363664340a313066633161653537356663646266656433396238653133613861626362
+32316332366634326161663163363233663635366532346437633738643138616462313735653733
+66623432383135376339353131613632333837356430393764316336303935343562363331616466
+66323639646631643533303338363532306439393835386539373532626234336437643734373461
+39386665326464663461323434663662393233303032646338376234663462656135323836383762
+38613336376436396465633334343632376133383661333234656634346532383636346639633661
+65343731656465323138323437386533343161646139663336333663343265623333613234323962
+34303332383330623037316365663139303539343366633537326239336237306132333736383561
+36396262383564383166303763636534313739373864663532616465386536303138333537643964
+31653766393963613539303765653737343966333833396664626332643162386130333363363634
+30306463666338653961616165353166333137663663313566613164663733663965363536343839
+32393238636639386364336264306430316134373537303263316333333639346439333336313735
+62373361323136393330333336363565336436393165633634383732663738623965376532336664
+65396135343939353837313664646137396138613565653831396233323032343335396239303837
+38653135613764326438353365613630346631313065643664633330383936353530623933346563
+30376133333432323636613663393766663364656563646233353037356561363937306535623638
+66306537356464353430633238373731633666633763343631356139373365656239633038383938
+35363737643164393639393232666664373763353835323234306463306366383634393133326635
+32306534636366666633663435623165393631643834613965663464613263636136383365353062
+35316136376334393634303861626338346338646534626364623530323634376331363864663738
+65313764343563663838333931646563313232383266323735313736663635663830363762306238
+30373030343361393330303363623434333532303661656131346434393236383131633264396232
+62663835663036643261346536316632343464373338363739393531366132376364383866656262
+65646139356231613364643765643135393132316634363266356431353833613066313432623766
+31616562623362636432646166356530323430626639303161653635636536373535373964323365
+39356532666532373937336265346137623031383735323063323639626435656331633464643735
+35653661633266366662626535633530393163613861643764633264343862666334643834633030
+35636363356533313062626362323162343838643736613735316336373938393236306532646261
+32316265646365656366393937383530376233306665333435376532313731303931333531636263
+35653563653639323762663463306235623336353438623237376331376366323661303636396466
+39386432316335656531333465336332306336303164346461376366343165336438336432666335
+61366533633332663536643637356665303066663130616236353561376662313236336466633335
+64666665393430336662393163656430386665656263333132363763333539623963393039396338
+61313833663963333065636537613461393334643130646664343434303133396533653434666632
+32383932633264623032313435343333366663353935313230386538363035626634616531666538
+37623738323233366638373530343234343030613036386138643462333762626630383666643762
+62363133613134303863643532656464383536393761653138356136623562316362363132653461
+39303635663362316234343462633534313930333365633335353033393062303839333131653233
+63363730356139373962363530633166666361343439656630633266373032343939313565623737
+66656535366539326437313461636236343037393532313366396265373466356237376135383362
+65633063666238333733323265336533643037626562656334326335343466323964653762643139
+32306261323835653536333734626363393039393831356463623132303966346234633032663730
+65653630623438653637383833373531653037356363613031363932313162623037396166313764
+393530663436386232333634666665396465

deprecated/playbooks/env/beta.yml

@@ -0,0 +1,5 @@
+RESUME_LOCAL_PUBLIC: /home/shockrah/GitRepos/resume
+FC_LOCAL_DOCS: /home/shockrah/GitRepos/freechat/docs
+BLOG_LOCAL_PUBLIC: /home/shockrah/GitRepos/shockrah-city
+QRCODES_LOCAL_PUBLIC: /home/shockrah/GitRepos/badge-app/qrcodes
+CERT_EMAIL: dev@shockrah.xyz

deprecated/playbooks/env/certbot.yml

@@ -0,0 +1,2 @@
+CERT_EMAIL: dev@shockrah.xyz
+

deprecated/playbooks/env/common.yml

@@ -0,0 +1 @@
+CERT_EMAIL: dev@shockrah.xyz

deprecated/playbooks/hosts.ini

@@ -0,0 +1,31 @@
+[alpha]
+alpha-host
+
+[alpha:vars]
+ansible_ssh_user=ubuntu
+ansible_ssh_private=../infra/keys/alpha/id_ssh
+ansible_ssh_common_args='-F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts'
+
+[atlas]
+atlas-host
+
+[atlas:vars]
+ansible_ssh_user=ubuntu
+ansible_ssh_private=../infra/keys/atlas/id_ssh
+ansible_ssh_common_args='-F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts'
+
+[beta]
+beta-host
+
+[beta:vars]
+ansible_ssh_user=ubuntu
+ansible_ssh_private=../infra/keys/beta/id_ssh
+ansible_ssh_common_args='-F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts'
+
+[web]
+web-host
+
+[web:vars]
+ansible_ssh_user=web
+ansible_ssh_private=../infra/keys/beta-web/beta_web
+ansible_ssh_common_args='-F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts'

deprecated/playbooks/readme

@@ -0,0 +1,5 @@
+Note about these playbooks: because the infrastructure is currently built on
+FARGATE and ECS there is no need to have these here however I keep them around
+in case they end up being of use somehow.
+
+In other words these are here for reference but not used.