diff --git a/.gitignore b/.gitignore index cbbaa72..e3e7d11 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ -vars/secrets.yml -templates/conf/users_database.yml.j2 -templates/conf/configuration.yml.j2 +vars/secrets.yaml +templates/conf/users_database.yaml.j2 +templates/conf/configuration.yaml.j2 files/firefox production .hidden \ No newline at end of file diff --git a/README.md b/README.md index 50c5196..5106b7b 100644 --- a/README.md +++ b/README.md @@ -2,23 +2,23 @@ An Ansible playbook to deploy Docker services to our servers and another to back up important data. -`ansible-playbook -i "production" "deploy.yml"` +`ansible-playbook -i "production" "deploy.yaml"` -`ansible-playbook -i "production" "back-up.yml"` +`ansible-playbook -i "production" "back-up.yaml"` ## Services -The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yml) defines the services to be deployed or already deployed. +The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed. They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2). ## Configurations -Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org). +Our SearXNG instance uses a custom [settings.yaml](templates/conf/settings.yaml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org). Data of our Privatebin, Etherpad, and Gitea instance are backed up periodically. -Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally. +Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally. ## Contact Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it. \ No newline at end of file diff --git a/back-up.yml b/back-up.yaml similarity index 99% rename from back-up.yml rename to back-up.yaml index 505fa2e..529d6d8 100755 --- a/back-up.yml +++ b/back-up.yaml @@ -4,7 +4,7 @@ gather_facts: false become: true vars_files: - - vars/secrets.yml + - vars/secrets.yaml tasks: # ---------------------------------------------------------------------------------------------------- diff --git a/config-tasks/4get.yml b/config-tasks/4get.yaml similarity index 100% rename from config-tasks/4get.yml rename to config-tasks/4get.yaml diff --git a/config-tasks/anonymousoverflow.yml b/config-tasks/anonymousoverflow.yaml similarity index 100% rename from config-tasks/anonymousoverflow.yml rename to config-tasks/anonymousoverflow.yaml diff --git a/config-tasks/authelia.yml b/config-tasks/authelia.yaml similarity index 66% rename from config-tasks/authelia.yml rename to config-tasks/authelia.yaml index aa03f1a..c426820 100644 --- a/config-tasks/authelia.yml +++ b/config-tasks/authelia.yaml @@ -12,18 +12,18 @@ - set_fact: authelia_session_secret: "{{ authelia_session_secret_result.stdout }}" - - name: Set up configuration.yml + - name: Set up configuration.yaml template: - src: "conf/configuration.yml.j2" - dest: "{{ docker_dir }}/authelia/configuration.yml" + src: "conf/configuration.yaml.j2" + dest: "{{ docker_dir }}/authelia/configuration.yaml" owner: 1000 group: 1000 mode: 0755 - - name: Set up users_database.yml + - name: Set up users_database.yaml template: - src: "conf/users_database.yml.j2" - dest: "{{ docker_dir }}/authelia/users_database.yml" + src: "conf/users_database.yaml.j2" + dest: "{{ docker_dir }}/authelia/users_database.yaml" owner: 1000 group: 1000 mode: 0755 \ No newline at end of file diff --git a/config-tasks/breezewiki.yml b/config-tasks/breezewiki.yaml similarity index 100% rename from config-tasks/breezewiki.yml rename to config-tasks/breezewiki.yaml diff --git a/config-tasks/caddy.yml b/config-tasks/caddy.yaml similarity index 100% rename from config-tasks/caddy.yml rename to config-tasks/caddy.yaml diff --git a/config-tasks/firefox.yml b/config-tasks/firefox.yaml similarity index 100% rename from config-tasks/firefox.yml rename to config-tasks/firefox.yaml diff --git a/config-tasks/gitea-netrc.yml b/config-tasks/gitea-netrc.yaml similarity index 85% rename from config-tasks/gitea-netrc.yml rename to config-tasks/gitea-netrc.yaml index 9908d62..891257c 100644 --- a/config-tasks/gitea-netrc.yml +++ b/config-tasks/gitea-netrc.yaml @@ -26,7 +26,7 @@ dest: "/home/{{ control_user }}/.netrc" owner: 1000 group: 1000 - mode: 0755 + mode: 0600 delegate_to: "{{ control_host }}" - name: Encrypt .netrc @@ -34,8 +34,8 @@ delegate_to: "{{ control_host }}" - name: Clear .netrc - copy: - content: '# Clear' + copy: + content: '# Clear' dest: "/home/{{ control_user }}/.netrc" delegate_to: "{{ control_host }}" @@ -58,4 +58,10 @@ - name: Use git-credential-netrc command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v" - delegate_to: "{{ control_host }}" \ No newline at end of file + delegate_to: "{{ control_host }}" + + - name: Add pinentry-program to gpg-agent.conf on control host + lineinfile: + path: /home/{{ user }}/.gnupg/gpg-agent.conf + line: 'pinentry-program /usr/bin/pinentry-gnome3' + delegate_to: "{{ control_host }}" diff --git a/config-tasks/gitea.yml b/config-tasks/gitea.yaml similarity index 100% rename from config-tasks/gitea.yml rename to config-tasks/gitea.yaml diff --git a/config-tasks/nitter.yml b/config-tasks/nitter.yaml similarity index 100% rename from config-tasks/nitter.yml rename to config-tasks/nitter.yaml diff --git a/config-tasks/paulgo.yml b/config-tasks/paulgo.yaml similarity index 84% rename from config-tasks/paulgo.yml rename to config-tasks/paulgo.yaml index 6c9dfe6..95718aa 100644 --- a/config-tasks/paulgo.yml +++ b/config-tasks/paulgo.yaml @@ -7,8 +7,8 @@ - name: Set up paulgo conf template: - src: "conf/settings.yml.j2" - dest: "{{ docker_dir }}/paulgo/settings.yml" + src: "conf/settings.yaml.j2" + dest: "{{ docker_dir }}/paulgo/settings.yaml" owner: 1000 group: 1000 mode: 0755 diff --git a/config-tasks/runner.yml b/config-tasks/runner.yaml similarity index 100% rename from config-tasks/runner.yml rename to config-tasks/runner.yaml diff --git a/config-tasks/scribe.yml b/config-tasks/scribe.yaml similarity index 100% rename from config-tasks/scribe.yml rename to config-tasks/scribe.yaml diff --git a/deploy.yml b/deploy.yaml similarity index 95% rename from deploy.yml rename to deploy.yaml index 80539eb..7023521 100644 --- a/deploy.yml +++ b/deploy.yaml @@ -3,8 +3,8 @@ hosts: all gather_facts: false vars_files: - - vars/secrets.yml - - vars/services.yml + - vars/secrets.yaml + - vars/services.yaml tasks: # ---------------------------------------------------------------------------------------------------- @@ -37,7 +37,7 @@ when: compose is defined and inventory_hostname in compose - name: Inital configurations - include_tasks: "config-tasks/{{ item }}.yml" + include_tasks: "config-tasks/{{ item }}.yaml" loop: "{{ config[inventory_hostname] }}" when: config is defined and inventory_hostname in config ignore_errors: yes diff --git a/templates/compose/paulgo.yaml.j2 b/templates/compose/paulgo.yaml.j2 index 1055b5c..a0ac040 100644 --- a/templates/compose/paulgo.yaml.j2 +++ b/templates/compose/paulgo.yaml.j2 @@ -35,7 +35,7 @@ services: depends_on: - redis volumes: - - {{ docker_dir }}/paulgo/settings.yml:/usr/local/searxng/searx/settings.yml + - {{ docker_dir }}/paulgo/settings.yaml:/usr/local/searxng/searx/settings.yaml - {{ docker_dir }}/paulgo/donate.md:/usr/local/searxng/searx/infopage/en/donate.md network_mode: host diff --git a/templates/conf/settings.yml.j2 b/templates/conf/settings.yaml.j2 similarity index 99% rename from templates/conf/settings.yml.j2 rename to templates/conf/settings.yaml.j2 index 0e60992..5c102c6 100755 --- a/templates/conf/settings.yml.j2 +++ b/templates/conf/settings.yaml.j2 @@ -76,7 +76,7 @@ server: base_url: "https://opnxng.com" public_instance: true - # If your instance owns a /etc/searxng/settings.yml file, then set the following + # If your instance owns a /etc/searxng/settings.yaml file, then set the following # values there. secret_key: "{{ paulgo_jwt_secret }}" # Is overwritten by ${SEARXNG_SECRET} # Proxying image results through searx @@ -2540,4 +2540,4 @@ doi_resolvers: default_doi_resolver: 'oadoi.org' -{% endraw %} \ No newline at end of file +{% endraw %} diff --git a/vars/.services.yml.swp b/vars/.services.yml.swp new file mode 100644 index 0000000..e4c0421 Binary files /dev/null and b/vars/.services.yml.swp differ diff --git a/vars/secrets.example.yml b/vars/secrets.example.yaml similarity index 100% rename from vars/secrets.example.yml rename to vars/secrets.example.yaml diff --git a/vars/services.yml b/vars/services.yaml similarity index 95% rename from vars/services.yml rename to vars/services.yaml index 53b197d..015e50e 100644 --- a/vars/services.yml +++ b/vars/services.yaml @@ -1,10 +1,14 @@ compose: + vultr: + - 4get + oracle1: + - 4get + oracle2: + - 4get + oracle3: + - 4get oracle4: - - paulgo - -config: - oracle4: - - paulgo + - 4get # ----------------------------------------------------------------------------------------------------