From e25978b45f05fe4b6b3fb5d92c161ce15f393cc5 Mon Sep 17 00:00:00 2001 From: Opnxng Date: Mon, 13 Nov 2023 20:27:07 +0800 Subject: [PATCH] Use .yaml --- .gitignore | 6 +++--- README.md | 10 +++++----- back-up.yml => back-up.yaml | 2 +- config-tasks/{4get.yml => 4get.yaml} | 0 ...ymousoverflow.yml => anonymousoverflow.yaml} | 0 config-tasks/{authelia.yml => authelia.yaml} | 12 ++++++------ .../{breezewiki.yml => breezewiki.yaml} | 0 config-tasks/{caddy.yml => caddy.yaml} | 0 config-tasks/{firefox.yml => firefox.yaml} | 0 .../{gitea-netrc.yml => gitea-netrc.yaml} | 14 ++++++++++---- config-tasks/{gitea.yml => gitea.yaml} | 0 config-tasks/{nitter.yml => nitter.yaml} | 0 config-tasks/{paulgo.yml => paulgo.yaml} | 4 ++-- config-tasks/{runner.yml => runner.yaml} | 0 config-tasks/{scribe.yml => scribe.yaml} | 0 deploy.yml => deploy.yaml | 6 +++--- templates/compose/paulgo.yaml.j2 | 2 +- .../conf/{settings.yml.j2 => settings.yaml.j2} | 4 ++-- vars/.services.yml.swp | Bin 0 -> 12288 bytes ...secrets.example.yml => secrets.example.yaml} | 0 vars/{services.yml => services.yaml} | 14 +++++++++----- 21 files changed, 42 insertions(+), 32 deletions(-) rename back-up.yml => back-up.yaml (99%) rename config-tasks/{4get.yml => 4get.yaml} (100%) rename config-tasks/{anonymousoverflow.yml => anonymousoverflow.yaml} (100%) rename config-tasks/{authelia.yml => authelia.yaml} (66%) rename config-tasks/{breezewiki.yml => breezewiki.yaml} (100%) rename config-tasks/{caddy.yml => caddy.yaml} (100%) rename config-tasks/{firefox.yml => firefox.yaml} (100%) rename config-tasks/{gitea-netrc.yml => gitea-netrc.yaml} (85%) rename config-tasks/{gitea.yml => gitea.yaml} (100%) rename config-tasks/{nitter.yml => nitter.yaml} (100%) rename config-tasks/{paulgo.yml => paulgo.yaml} (84%) rename config-tasks/{runner.yml => runner.yaml} (100%) rename config-tasks/{scribe.yml => scribe.yaml} (100%) rename deploy.yml => deploy.yaml (95%) rename templates/conf/{settings.yml.j2 => settings.yaml.j2} (99%) create mode 100644 vars/.services.yml.swp rename vars/{secrets.example.yml => secrets.example.yaml} (100%) rename vars/{services.yml => services.yaml} (95%) diff --git a/.gitignore b/.gitignore index cbbaa72..e3e7d11 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ -vars/secrets.yml -templates/conf/users_database.yml.j2 -templates/conf/configuration.yml.j2 +vars/secrets.yaml +templates/conf/users_database.yaml.j2 +templates/conf/configuration.yaml.j2 files/firefox production .hidden \ No newline at end of file diff --git a/README.md b/README.md index 50c5196..5106b7b 100644 --- a/README.md +++ b/README.md @@ -2,23 +2,23 @@ An Ansible playbook to deploy Docker services to our servers and another to back up important data. -`ansible-playbook -i "production" "deploy.yml"` +`ansible-playbook -i "production" "deploy.yaml"` -`ansible-playbook -i "production" "back-up.yml"` +`ansible-playbook -i "production" "back-up.yaml"` ## Services -The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yml) defines the services to be deployed or already deployed. +The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed. They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2). ## Configurations -Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org). +Our SearXNG instance uses a custom [settings.yaml](templates/conf/settings.yaml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org). Data of our Privatebin, Etherpad, and Gitea instance are backed up periodically. -Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally. +Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally. ## Contact Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it. \ No newline at end of file diff --git a/back-up.yml b/back-up.yaml similarity index 99% rename from back-up.yml rename to back-up.yaml index 505fa2e..529d6d8 100755 --- a/back-up.yml +++ b/back-up.yaml @@ -4,7 +4,7 @@ gather_facts: false become: true vars_files: - - vars/secrets.yml + - vars/secrets.yaml tasks: # ---------------------------------------------------------------------------------------------------- diff --git a/config-tasks/4get.yml b/config-tasks/4get.yaml similarity index 100% rename from config-tasks/4get.yml rename to config-tasks/4get.yaml diff --git a/config-tasks/anonymousoverflow.yml b/config-tasks/anonymousoverflow.yaml similarity index 100% rename from config-tasks/anonymousoverflow.yml rename to config-tasks/anonymousoverflow.yaml diff --git a/config-tasks/authelia.yml b/config-tasks/authelia.yaml similarity index 66% rename from config-tasks/authelia.yml rename to config-tasks/authelia.yaml index aa03f1a..c426820 100644 --- a/config-tasks/authelia.yml +++ b/config-tasks/authelia.yaml @@ -12,18 +12,18 @@ - set_fact: authelia_session_secret: "{{ authelia_session_secret_result.stdout }}" - - name: Set up configuration.yml + - name: Set up configuration.yaml template: - src: "conf/configuration.yml.j2" - dest: "{{ docker_dir }}/authelia/configuration.yml" + src: "conf/configuration.yaml.j2" + dest: "{{ docker_dir }}/authelia/configuration.yaml" owner: 1000 group: 1000 mode: 0755 - - name: Set up users_database.yml + - name: Set up users_database.yaml template: - src: "conf/users_database.yml.j2" - dest: "{{ docker_dir }}/authelia/users_database.yml" + src: "conf/users_database.yaml.j2" + dest: "{{ docker_dir }}/authelia/users_database.yaml" owner: 1000 group: 1000 mode: 0755 \ No newline at end of file diff --git a/config-tasks/breezewiki.yml b/config-tasks/breezewiki.yaml similarity index 100% rename from config-tasks/breezewiki.yml rename to config-tasks/breezewiki.yaml diff --git a/config-tasks/caddy.yml b/config-tasks/caddy.yaml similarity index 100% rename from config-tasks/caddy.yml rename to config-tasks/caddy.yaml diff --git a/config-tasks/firefox.yml b/config-tasks/firefox.yaml similarity index 100% rename from config-tasks/firefox.yml rename to config-tasks/firefox.yaml diff --git a/config-tasks/gitea-netrc.yml b/config-tasks/gitea-netrc.yaml similarity index 85% rename from config-tasks/gitea-netrc.yml rename to config-tasks/gitea-netrc.yaml index 9908d62..891257c 100644 --- a/config-tasks/gitea-netrc.yml +++ b/config-tasks/gitea-netrc.yaml @@ -26,7 +26,7 @@ dest: "/home/{{ control_user }}/.netrc" owner: 1000 group: 1000 - mode: 0755 + mode: 0600 delegate_to: "{{ control_host }}" - name: Encrypt .netrc @@ -34,8 +34,8 @@ delegate_to: "{{ control_host }}" - name: Clear .netrc - copy: - content: '# Clear' + copy: + content: '# Clear' dest: "/home/{{ control_user }}/.netrc" delegate_to: "{{ control_host }}" @@ -58,4 +58,10 @@ - name: Use git-credential-netrc command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v" - delegate_to: "{{ control_host }}" \ No newline at end of file + delegate_to: "{{ control_host }}" + + - name: Add pinentry-program to gpg-agent.conf on control host + lineinfile: + path: /home/{{ user }}/.gnupg/gpg-agent.conf + line: 'pinentry-program /usr/bin/pinentry-gnome3' + delegate_to: "{{ control_host }}" diff --git a/config-tasks/gitea.yml b/config-tasks/gitea.yaml similarity index 100% rename from config-tasks/gitea.yml rename to config-tasks/gitea.yaml diff --git a/config-tasks/nitter.yml b/config-tasks/nitter.yaml similarity index 100% rename from config-tasks/nitter.yml rename to config-tasks/nitter.yaml diff --git a/config-tasks/paulgo.yml b/config-tasks/paulgo.yaml similarity index 84% rename from config-tasks/paulgo.yml rename to config-tasks/paulgo.yaml index 6c9dfe6..95718aa 100644 --- a/config-tasks/paulgo.yml +++ b/config-tasks/paulgo.yaml @@ -7,8 +7,8 @@ - name: Set up paulgo conf template: - src: "conf/settings.yml.j2" - dest: "{{ docker_dir }}/paulgo/settings.yml" + src: "conf/settings.yaml.j2" + dest: "{{ docker_dir }}/paulgo/settings.yaml" owner: 1000 group: 1000 mode: 0755 diff --git a/config-tasks/runner.yml b/config-tasks/runner.yaml similarity index 100% rename from config-tasks/runner.yml rename to config-tasks/runner.yaml diff --git a/config-tasks/scribe.yml b/config-tasks/scribe.yaml similarity index 100% rename from config-tasks/scribe.yml rename to config-tasks/scribe.yaml diff --git a/deploy.yml b/deploy.yaml similarity index 95% rename from deploy.yml rename to deploy.yaml index 80539eb..7023521 100644 --- a/deploy.yml +++ b/deploy.yaml @@ -3,8 +3,8 @@ hosts: all gather_facts: false vars_files: - - vars/secrets.yml - - vars/services.yml + - vars/secrets.yaml + - vars/services.yaml tasks: # ---------------------------------------------------------------------------------------------------- @@ -37,7 +37,7 @@ when: compose is defined and inventory_hostname in compose - name: Inital configurations - include_tasks: "config-tasks/{{ item }}.yml" + include_tasks: "config-tasks/{{ item }}.yaml" loop: "{{ config[inventory_hostname] }}" when: config is defined and inventory_hostname in config ignore_errors: yes diff --git a/templates/compose/paulgo.yaml.j2 b/templates/compose/paulgo.yaml.j2 index 1055b5c..a0ac040 100644 --- a/templates/compose/paulgo.yaml.j2 +++ b/templates/compose/paulgo.yaml.j2 @@ -35,7 +35,7 @@ services: depends_on: - redis volumes: - - {{ docker_dir }}/paulgo/settings.yml:/usr/local/searxng/searx/settings.yml + - {{ docker_dir }}/paulgo/settings.yaml:/usr/local/searxng/searx/settings.yaml - {{ docker_dir }}/paulgo/donate.md:/usr/local/searxng/searx/infopage/en/donate.md network_mode: host diff --git a/templates/conf/settings.yml.j2 b/templates/conf/settings.yaml.j2 similarity index 99% rename from templates/conf/settings.yml.j2 rename to templates/conf/settings.yaml.j2 index 0e60992..5c102c6 100755 --- a/templates/conf/settings.yml.j2 +++ b/templates/conf/settings.yaml.j2 @@ -76,7 +76,7 @@ server: base_url: "https://opnxng.com" public_instance: true - # If your instance owns a /etc/searxng/settings.yml file, then set the following + # If your instance owns a /etc/searxng/settings.yaml file, then set the following # values there. secret_key: "{{ paulgo_jwt_secret }}" # Is overwritten by ${SEARXNG_SECRET} # Proxying image results through searx @@ -2540,4 +2540,4 @@ doi_resolvers: default_doi_resolver: 'oadoi.org' -{% endraw %} \ No newline at end of file +{% endraw %} diff --git a/vars/.services.yml.swp b/vars/.services.yml.swp new file mode 100644 index 0000000000000000000000000000000000000000..e4c0421fbdcb728f04b16b2106f0f23f9dd10d6d GIT binary patch literal 12288 zcmeI&PiP!f0LSrH2~DcD8e2gWWlRngahj%$)kY6$rI17DK~pPuncaCi``Foe)0sEB z*%p-w9;_$zAovHQ7fZ3H9tvuE5sH$EU{w%`ilPYqfgHp`gZSO-+jSe;rq)nU-h&T2 zZ)fJs%{O=gqG4`mwbmY>E!tE6>ptPy1SSbIxVmieYuJzln5w}DH*C9q5a zg{k=WubtVtWqk2gA04^VTYuBcGCR4|E&-Q-OTZ=I5^xE)1Y80x0hhr4DFKtN63=o$ z*Vv1C)qbv8@@cE?!zJJna0$2sTmmiumw-#aCEyZp3AhAY0xp67U;;rX#GU~mPOs+V z`Tu|S@BiO#5aMTijj!+p=5P`xup2Yjfl2td9m7~yC&W+q250agPT(E9g6Gjfj3+UT zhj15e!#bQ>%kgm*ALBTV;B~x+eb6Z32~6Puj9>$XaPE2`e#BXPg5x-XH*paAQNvT% ziS4)>w_*+cxK4<9{D9AK3h&}54&eptheipzumjt02Zk|#`D=yv7N6n+9K~CB2?vlu zVh^VAFeb1Ow_r7XSwmmo3{K$~-o|Tq4h5>1!A@+$Mhs&BzYPiTJwC%ncpvZKaXf}c za3Ai$1`J|hP>5gg9p-Qn$8Z>L;2@qxi~v)35aSrZ%^1Q0V{0B?qCL*$;EGGYCEyZR zu>`zM@x8p9sge}!s_zAfPFi(c|!|x!6)+dx(%N$)t3GBWTJX|l3iz4(n?PE4hJ zs+}{~dZlMjQJJjh*v7#&LVaZna7KGj%H@T{(am!>ulE;DReyfacw2pJTN1Ewb z6=gxazixD`zx^;&Cdj&57}>7d^_MkpB5kTg_Y})2NxDNdH!6!2?@y*-rF;CUHafAD zdR%XH58KeKAhJ1(UZB`rBB@ncq~Tu|+&AjmL;d2nNB1ULdT+SCS)snMcYeDU{ytyW zV@Rf`EaexyNAbP$CYq&FhU*xcQu;4%nx>8`%;>hYi%+dC@D&O?%~XRKirL&Yn9HO+ z SE%#>M-lMp4H5b~zp6Z{iW9sSv literal 0 HcmV?d00001 diff --git a/vars/secrets.example.yml b/vars/secrets.example.yaml similarity index 100% rename from vars/secrets.example.yml rename to vars/secrets.example.yaml diff --git a/vars/services.yml b/vars/services.yaml similarity index 95% rename from vars/services.yml rename to vars/services.yaml index 53b197d..015e50e 100644 --- a/vars/services.yml +++ b/vars/services.yaml @@ -1,10 +1,14 @@ compose: + vultr: + - 4get + oracle1: + - 4get + oracle2: + - 4get + oracle3: + - 4get oracle4: - - paulgo - -config: - oracle4: - - paulgo + - 4get # ----------------------------------------------------------------------------------------------------