removing fluff

.gitea/workflows/ansible-lint.yaml

@@ -1,15 +0,0 @@
-name: Ansible Linting
-on:
-  - push
-
-jobs:
-  ansible-lint:
-    runs-on: ubuntu-latest
-    container:
-      image: shockrah/ansible
-    steps:
-      - name: Checkout repo content
-        uses: actions/checkout@v4
-      - run: ansible-lint -c linter.yaml
-        working-directory: ansible/
-

.gitea/workflows/sec-lint-s3.yaml

@@ -1,19 +0,0 @@
-name: Secops Linting and Safety Checks
-on:
-  push:
-    branches:
-      - master
-
-
-
-jobs:
-  checkov-scan-s3:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo code
-        uses: actions/checkout@v4
-      - name: Scan S3 Terraform with Checkov
-        uses: bridgecrewio/checkov-action@master
-        with:
-          directory: infra/s3/
-          framework: terraform

.gitea/workflows/wiki-python-linting.yaml

@@ -0,0 +1,17 @@
+name: Wiki Resources Sanity Checks
+
+on:
+  push:
+    branches:
+      - master
+
+
+jobs:
+  ruff-checks:
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+      - name: Perform linting with ruff
+        uses: astral-sh/ruff-action@v3
+        with:
+          src: "wiki-resources"

.gitignore

@@ -22,3 +22,11 @@ docker/beta/resume.shockrah.xyz/
 k8s/config.yaml
 infra/**/tfplan
 .ansible/
+
+wiki-resources/public_infrastructure.png
+
+bin/
+lib/
+lib64
+pyvenv.cfg
+share/

.gitlab-ci.yml

@@ -1,13 +0,0 @@
-# You can override the included template(s) by including variable overrides
-# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
-# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/#customization
-# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
-# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
-# Note that environment variables can be set in several places
-# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
-stages:
-- test
-sast:
-  stage: test
-include:
-- template: Security/SAST.gitlab-ci.yml

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+---
+repos:
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v26.4.0
+    hooks:
+      - id: ansible-lint
+        name: ansible-lint
+        description: Run ansible-lint on playbooks
+        entry: ansible-lint
+        args:
+          - ansible
+        language: python
+        exclude: |
+          (?x)(
+            ^deprecated/|
+            ^infra/|
+            ^runbooks/|
+            ^wiki-resources/|
+            ^\.pre-commit-config.yaml|
+            ^\.gitignore
+          )

ansible/linter.yaml

@@ -2,3 +2,6 @@
 skip_list:
   - role-name
   - var-naming[no-role-prefix]
+exclude_paths:
+  - linter.yaml
+  - inventory.yaml

ansible/playbook/nomad.yaml

@@ -6,4 +6,3 @@
     - name: Apply the nomad role
       ansible.builtin.include_role:
         name: nomad
-

ansible/roles/base/tasks/ensure-docker-basic.yaml

@@ -8,8 +8,8 @@
 - name: Running install on the keyrings directory
   ansible.builtin.command:
     cmd: install -m 0755 -d /etc/apt/keyrings
-  register: install
-  changed_when: install.rc == 0
+  register: base_install_keyrings
+  changed_when: base_install_keyrings.rc == 0
 - name: Fetch Docker GPG Key
   vars:
     keylink: https://download.docker.com/linux/ubuntu/gpg
@@ -37,5 +37,5 @@
 - name: Verify that the docker components are installed properly
   ansible.builtin.command:
     cmd: docker run hello-world
-  register: docker
-  changed_when: docker.rc == 0
+  register: base_docker_hello
+  changed_when: base_docker_hello.rc == 0

ansible/roles/base/tasks/k3s.yaml

@@ -6,3 +6,5 @@
 - name: Run installation script
   ansible.builtin.command:
     cmd: bash /tmp/k3s.sh
+  register: base_k3s_install_script
+  changed_when: base_k3_install_script.rc == 0

ansible/roles/base/tasks/main.yaml

@@ -15,11 +15,3 @@
       become: true
       tags:
         - setup
-- name: Run through nomad removal steps
-  tags: nomad
-  ansible.builtin.include_tasks:
-    file: nomad.yaml
-    apply:
-      become: true
-      tags:
-        - nomad

ansible/roles/k3s/tasks/main.yaml

@@ -2,10 +2,13 @@
   ansible.builtin.get_url:
     url: https://get.k3s.io
     dest: /tmp
-  register: install_script
+    mode: "0644"
+  register: k3s_dl_install_script
 - name: Run installation script
   become: true
   environment:
     INSTALL_K3S_EXEC: server
   ansible.builtin.command:
-    cmd: sh {{ install_script.dest }}
+    cmd: sh {{ k3s_dl_install_script.dest }}
+  register: k3s_install_script
+  changed_when: k3s_install_script.rc == 0

ansible/roles/nomad/tasks/main.yaml

@@ -3,16 +3,16 @@
   block:
     - name: Ensure the root data directory is present
       ansible.builtin.file:
-        path: "{{ nomad.volumes.root }}"
+        path: "{{ nomad_data.volumes.root }}"
         state: absent
         mode: "0755"
     - name: Ensure registry volume is present
       ansible.builtin.file:
-        path: "{{ nomad.volumes.registry }}"
+        path: "{{ nomad_data.volumes.registry }}"
         state: absent
         mode: "0755"
     - name: Ensure the MinIO diretory is present
       ansible.builtin.file:
-        path: "{{ nomad.volumes.nfs }}"
+        path: "{{ nomad_data.volumes.nfs }}"
         state: absent
         mode: "0755"

ansible/roles/nomad/vars/main.yaml

@@ -1,4 +1,4 @@
-nomad:
+nomad_data:
   volumes:
     root: /opt/volumes
     registry: /opt/volumes/ncr

ansible/roles/webserver/tasks/docker.yaml

@@ -2,12 +2,16 @@
   become: true
   ansible.builtin.command:
     cmd: docker compose pull
-    chdir: "{{ webadmin.home }}/{{ item }}"
+    chdir: "{{ webserver_admin.home }}/{{ item }}"
   loop:
     - services
+  register: webserver_docker_pull
+  changed_when: webserver_docker_pull.rc == 0
 - name: Restart containers with newest container images
   ansible.builtin.command:
     cmd: docker compose up -d
-    chdir: "{{ webadmin.home }}/{{ item }}"
+    chdir: "{{ webserver_admin.home }}/{{ item }}"
   loop:
     - services
+  register: webserver_docker_restart
+  changed_when: webserver_docker_restart.rc == 0

ansible/roles/webserver/vars/main.yaml

@@ -1,2 +1,2 @@
-webadmin:
+webserver_admin:
   home: /home/webadmin

infra/nigel-k3s/.gitignore

@@ -1 +0,0 @@
-config.yaml

infra/nigel-k3s/health.yaml

@@ -1,35 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx-deployment
-  labels:
-    app: nginx
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - name: nginx
-        image: nginx:1.14.2
-        ports:
-        - containerPort: 80
-          name: nginx-port
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-spec:
-  type: NodePort
-  selector:
-    app: nginx
-  ports:
-    - port: 80
-      nodePort: 30808
-      targetPort: nginx-port

infra/nigel-k3s/sample-cron.yaml

@@ -1,19 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: hello
-spec:
-  schedule: "* * * * *"
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          containers:
-            - name: hello
-              image: busybox:1.28
-              imagePullPolicy: IfNotPresent
-              command:
-                - /bin/sh
-                - -c
-                - date; echo Hello from the sample cron-container
-          restartPolicy: OnFailure

infra/s3/Makefile

@@ -1,24 +0,0 @@
-plan=out.plan
-
-SHELL := /bin/bash
-
-$(plan):
-	source ../secrets/set-env.sh && terraform plan -input=false -out $(plan)
-
-push: build
-	source ../secrets/set-env.sh && terraform apply $(plan)
-
-refresh:
-	source ../secrets/set-env.sh && terraform apply -refresh-only
-
-test:
-	terraform validate
-
-
-rip:
-	source ../secrets/set-env.sh && terraform destroy
-
-clean:
-	rm -f $(plan)
-
-.PHONY: test build clean push rip

infra/s3/backend.tf

@@ -1,24 +0,0 @@
-terraform {
-  required_version = ">= 0.13"
-  backend "s3" {
-      bucket  = "project-athens"
-      key     = "infra/s3/state/build.tfstate"
-      region  = "us-west-1"
-      encrypt = true
-  }
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "4.13.0"
-    }
-  }
-}
-
-# Base config for using AWS features w/ Terraform
-provider "aws" {
-  access_key = var.aws_key
-  secret_key = var.aws_secret
-  region = var.aws_region
-  max_retries = 1
-}
-

infra/s3/input-vars.tf

@@ -1,93 +0,0 @@
-# All variables that are used in various places go here
-
-######################### General provider specific values
-
-variable "aws_key" {
-	description = "Access Key for AWS operations"
-	type = string
-	sensitive = true
-}
-
-variable "aws_secret" {
-	description = "Secret Key for AWS operations"
-	type = string
-	sensitive = true
-}
-
-variable "aws_region" {
-	description = "Region where the VPC is located"
-	type = string
-	sensitive = true
-}
-
-variable "vpc_id" {
-  description = "Project Athens VPC ID"
-  type = string
-}
-
-######################### Alpha Cluster variables
-
-variable "athens_prefix" {
-	description = "Prefix for all things in alpha cluster"
-	type = string
-	default = "athens"
-}
-
-######################### Nginx reverse proxy vars
-
-
-# Yes these buckets _could_ be public but where's the fun in that :x
-variable "shockrah_xyz_s3_access_key_id" {
-  description = "Acess key for reading public s3 buckets"
-  type        = string
-  sensitive   = true
-}
-
-variable "shockrah_xyz_s3_secret_key" {
-  description = "Secret key for reading public s3 buckets"
-  type        = string
-  sensitive   = true
-}
-
-variable "nginx_port" {
-  description = "Port for shockrah.xyz"
-  type        = number
-  default     = 80
-}
-
-######################### Nginx reverse proxy vars
-
-variable "shockrah_xyz_bucket" {
-  description = "S3 bucket name"
-  type        = string
-  default     = "shockrah_xyz"
-}
-
-variable "resume_shockrah_xyz_bucket" {
-  description = "S3 bucket name"
-  type        = string
-  default     = "resume_shockrah_xyz"
-}
-
-variable "temper" {
-  type = object({
-    cert_arn = string
-  })
-}
-
-variable "sg" {
-  type = object({
-    base_ecs        = string
-    ecs_web_ingress = string
-    lb_health_check = string
-  })
-}
-
-variable "alpha" {
-  type = object({
-    dns  = string
-    zone = string
-  })
-}
-
-

infra/s3/local.tf

@@ -1,8 +0,0 @@
-locals {
-  buckets = [
-    "shockrah.xyz",
-    "resume.shockrah.xyz",
-    "temper.tv"
-  ]
-}
-

infra/s3/s3.tf

@@ -1,17 +0,0 @@
-resource "aws_s3_bucket" "static-content" {
-  for_each = {
-    for idx, record in local.buckets:
-      idx => record
-  }
-  
-  bucket = each.value
-
-  tags = {
-    Name = each.value
-    Description = "Static content"
-  }
-}
-
-
-
-

infra/s3/website-config.tf

@@ -1,53 +0,0 @@
-##################################################################
-# Below are the acl components for each bucket to make them public
-##################################################################
-
-# TODO: ensure proper dependency chaining to the buckets that these
-# blocks require to be in place _before_ they come up
-
-# Enables website configuration
-resource "aws_s3_bucket_website_configuration" "site" {
-  for_each = aws_s3_bucket.static-content
-  bucket = each.value.bucket
-  index_document {
-    suffix = "index.html"
-  }
-
-  error_document {
-    key = "404.html"
-  }
-}
-
-# Set block public access to false
-resource "aws_s3_bucket_public_access_block" "site" {
-  for_each = aws_s3_bucket.static-content
-  bucket = each.value.bucket
-
-  block_public_acls   = false
-  block_public_policy = false
-  ignore_public_acls  = false
-  restrict_public_buckets = false
-}
-# Set a policy on the bucket to allow reads from anywhere
-resource "aws_s3_bucket_policy" "site" {
-  for_each = aws_s3_bucket.static-content
-  bucket = each.value.bucket
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Sid = "PublicReadGetObject"
-        Effect = "Allow"
-        Principal = "*"
-        Action = "s3:GetObject"
-        Resource = [
-          "arn:aws:s3:::${each.value.bucket}",
-          "arn:aws:s3:::${each.value.bucket}/*",
-        ]
-      }
-    ]
-  })
-}
-
-
-