Merge branch 'master' of ssh://git.shockrah.xyz:2222/shockrah/infra

.gitea/workflows/ansible-lint.yaml

@@ -0,0 +1,15 @@
+name: Ansible Linting
+on:
+  - push
+
+jobs:
+  ansible-lint:
+    runs-on: ubuntu-latest
+    container:
+      image: shockrah/ansible
+    steps:
+      - name: Checkout repo content
+        uses: actions/checkout@v4
+      - run: ansible-lint
+        working-directory: ansible/
+

.gitea/workflows/demo.yaml

@@ -1,21 +0,0 @@
-name: Actions demo
-run-name: ${{ gitea.actor }} is testing the actions
-on:
-  - push
-
-jobs:
-  simple-echo:
-    runs-on: gitea-main
-    steps:
-      - run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event."
-      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
-      - run: echo "🔎 The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}."
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
-      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - name: List files in the repository
-        run: |
-          ls ${{ gitea.workspace }}
-      - run: echo "🍏 This job's status is ${{ job.status }}."
-

.gitea/workflows/sec-lint-s3.yaml

@@ -16,4 +16,4 @@ jobs:
         uses: bridgecrewio/checkov-action@master
         with:
           directory: infra/s3/
-          framework: terraform
+          framework: terraform

ansible/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+stdout_callback = yaml
+

ansible/playbooks/pull-s3-buckets.yml

@@ -1,14 +0,0 @@
----
-- hosts: webhost
-  remote_user: root
-  tasks:
-    - name: Copy pull script
-      copy:
-        src: ../scripts/pull-down-s3.sh
-        dest: /opt/nginx/pull-down-s3.sh
-    - name: Pull down all sites from S3
-      shell: bash /opt/nginx/pull-down-s3.sh {{ item }}
-      loop:
-        - shockrah.xyz
-        - resume.shockrah.xyz
-        - temper.tv

ansible/playbooks/setup-git-web-deployer.yml

@@ -0,0 +1,25 @@
+---
+- name: Setup all attributes of the html-deployer user for static website CI
+  hosts: webhost
+  vars:
+    username: html-deployer
+  remote_user: webadmin
+  tasks:
+    - name: Create user for git actions to deploy html
+      become: true
+      ansible.builtin.user:
+        name: "{{ username }}"
+        comment: Used for deploying html from Gitea Actions
+        group: nginx
+    - name: Set the authorized keys
+      become: true
+      ansible.posix.authorized_key:
+        user: "{{ username }}"
+        state: present
+        key: "{{ lookup('file', '~/.ssh/vultr/html-deployer.pem.pub') }}"
+    - name: Ensure /opt/nginx website folders are owned by html-deployer
+      ansible.builtin.file:
+        path: "/opt/nginx/{{ item }}"
+        recurse: true
+        owner: "{{ username }}"
+        group: "nginx"

ansible/playbooks/update.yml

@@ -0,0 +1,20 @@
+# Purpose: General update to the system to keep packages up to date
+---
+- hosts: webhost
+  remote_user: webadmin
+  tasks:
+    - name: Informational Dump of what is upgradeable
+      ansible.builtin.command: apt list --upgradable
+      register: pkg
+    - name: Show list of packages to upgrade
+      ansible.builtin.debug:
+        msg: "{{ pkg.stdout_lines }}"
+    - name: Update the packages at the system level to the latest versions
+      become: true
+      ansible.builtin.apt:
+        name: "*"
+        state: latest
+
+
+
+

infra/containers/docker-compose.yaml

@@ -5,7 +5,7 @@ networks:
 
 services:
   gitea:
-    image: gitea/gitea:latest
+    image: gitea/gitea:latest-rootless
     container_name: gitea
     environment:
       - USER_UID=1000