shockrah/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renaming stuff to note that it's not used anymore

Browse Source
This commit is contained in:
shockrah
2025-05-12 00:17:30 -07:00
parent 47b69d7f49
commit 5227bea568
9 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ansible/playbooks-deprecated/harden.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- hosts: webhost
remote_user: root
tasks:
- name: Setup UFW
import_tasks: ../tasks/ufw-setup.yml
- name: Harden ssh configuration
import_tasks: ../tasks/ssh.yml

17
ansible/playbooks-deprecated/lets-encrypt.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- hosts: webhost
remote_user: root
vars:
websites:
- shockrah.xyz
- git.shockrah.xyz
- resume.shockrah.xyz
- temper.tv
tasks:
- name: Ensure certbot is setup
import_tasks: ../tasks/certbot-installation.yml
- name: Get certificate
command: certbot -n --nginx certonly -d {{ item }}
args:
creates: "/etc/letsencrypt/live/{{ item }}"
loop: "{{ websites }}"

30
ansible/playbooks-deprecated/refresh-nginx.yml Normal file
View File

@@ -0,0 +1,30 @@
---
- hosts: webhost
remote_user: root
vars:
websites:
- shockrah.xyz
- git.shockrah.xyz
- temper.tv
- resume.shockrah.xyz
tasks:
- name: Upload configs
copy:
src: "../files/{{ item }}.conf"
dest: "/etc/nginx/sites-available/{{ item }}"
loop: "{{ websites }}"
- name: Enable the site configs with sym links
file:
src: "/etc/nginx/sites-available/{{ item }}"
dest: "/etc/nginx/sites-enabled/{{ item }}"
state: link
loop: "{{ websites }}"
- name: Ensure no default available
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Restart nginx conf to pick up new config changes
service:
name: nginx
state: restarted

7
ansible/playbooks-deprecated/run-docker-compose.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
- hosts: webhost
remote_user: webadmin
tasks:
- name: Run docker-compose up
community.docker.docker_compose_v2:
project_src: ../../../containers/

54
ansible/playbooks-deprecated/secure-ssh-user.yml Normal file
View File

@@ -0,0 +1,54 @@
# This playbook is to be executed when first setting up
# the machine so we'll have to login as root, but in doing so
# we'll setup a user which can use sudo and use pem based authentication
# this should remove the ability to login as root with a janky password
---
- hosts: webhost
remote_user: root
tasks:
- name: Ensure sudo is available
apt:
state: present
update_cache: true
pkg:
- sudo
- zsh
- name: Create webadmin user
user:
name: webadmin
state: present
shell: /bin/zsh
groups:
- nginx
append: yes
- name: webadmin key copy
authorized_key:
user: webadmin
state: present
key: "{{ lookup('file', '~/.ssh/vultr/webadmin.pem.pub') }}"
- name: Add webadmin to sudoers
copy:
dest: "/etc/sudoers.d/webadmin"
content: "webadmin ALL=(ALL) NOPASSWD: ALL"
- name: Disable Password Authentication
lineinfile:
dest: /etc/ssh/sshd_config
line: PasswordAuthentication no
state: present
backup: yes
notify:
- restart ssh
- name: Disable root login
lineinfile:
dest: /etc/ssh/sshd_config
line: PermitRootLogin no
state: present
backup: yes
notify:
- restart ssh
handlers:
- name: restart ssh
service:
name: sshd
state: restarted

47
ansible/playbooks-deprecated/setup-docker-compose.yaml Normal file
View File

@@ -0,0 +1,47 @@
---
- hosts: webhost
remote_user: webadmin
become: true
tasks:
- name: Install docker and docker-compose
apt:
update_cache: true
pkg:
- ca-certificates
- curl
- name: Setup keyring
command:
cmd: "install -m 0755 -d /etc/apt/keyrings"
- name: Download docker gpg key
get_url:
url: https://download.docker.com/linux/ubuntu/gpg
dest: /etc/apt/keyrings/docker.asc
- name: Set perms on /etc/apt/keyrings/docker.asc
file:
dest: /etc/apt/keyrings/docker.asc
mode: a+r
- name: Ensure docker.lst exists
copy:
content: ''
dest: /etc/apt/sources.list.d/docker.list
force: false
group: root
owner: root
mode: 0644
- name: Ensure docker.lst is present for apt
lineinfile:
line: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu jammy stable\n"
dest: /etc/apt/sources.list.d/docker.list
state: present
- name: install docker packages
apt:
update_cache: true
pkg:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin

25
ansible/playbooks-deprecated/setup-git-web-deployer.yml Normal file
View File

@@ -0,0 +1,25 @@
---
- name: Setup all attributes of the html-deployer user for static website CI
hosts: webhost
vars:
username: html-deployer
remote_user: webadmin
tasks:
- name: Create user for git actions to deploy html
become: true
ansible.builtin.user:
name: "{{ username }}"
comment: Used for deploying html from Gitea Actions
group: nginx
- name: Set the authorized keys
become: true
ansible.posix.authorized_key:
user: "{{ username }}"
state: present
key: "{{ lookup('file', '~/.ssh/vultr/html-deployer.pem.pub') }}"
- name: Ensure /opt/nginx website folders are owned by html-deployer
ansible.builtin.file:
path: "/opt/nginx/{{ item }}"
recurse: true
owner: "{{ username }}"
group: "nginx"

16
ansible/playbooks-deprecated/static-host-setup.yml Normal file
View File

@@ -0,0 +1,16 @@
# This playbook basically guarantees that the host is in a production ready state
---
- hosts: webhost
remote_user: root
vars:
websites:
- shockrah.xyz
- temper.tv
- resume.shockrah.xyz
tasks:
- name: Setup nginx
import_tasks: ../tasks/nginx-setup.yml
- name: Test local sites
import_tasks: ../tasks/tests/local-site-presence.yml
- name: Ensure AWS is setup
import_tasks: ../tasks/setup-aws-cli.yml

20
ansible/playbooks-deprecated/update.yml Normal file
View File

@@ -0,0 +1,20 @@
# Purpose: General update to the system to keep packages up to date
---
- hosts: webhost
remote_user: webadmin
tasks:
- name: Informational Dump of what is upgradeable
ansible.builtin.command: apt list --upgradable
register: pkg
- name: Show list of packages to upgrade
ansible.builtin.debug:
msg: "{{ pkg.stdout_lines }}"
- name: Update the packages at the system level to the latest versions
become: true
ansible.builtin.apt:
name: "*"
state: latest