Use .yaml
This commit is contained in:
parent
f8d3de48ec
commit
e25978b45f
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,6 +1,6 @@
|
|||||||
vars/secrets.yml
|
vars/secrets.yaml
|
||||||
templates/conf/users_database.yml.j2
|
templates/conf/users_database.yaml.j2
|
||||||
templates/conf/configuration.yml.j2
|
templates/conf/configuration.yaml.j2
|
||||||
files/firefox
|
files/firefox
|
||||||
production
|
production
|
||||||
.hidden
|
.hidden
|
10
README.md
10
README.md
@ -2,23 +2,23 @@
|
|||||||
|
|
||||||
An Ansible playbook to deploy Docker services to our servers and another to back up important data.
|
An Ansible playbook to deploy Docker services to our servers and another to back up important data.
|
||||||
|
|
||||||
`ansible-playbook -i "production" "deploy.yml"`
|
`ansible-playbook -i "production" "deploy.yaml"`
|
||||||
|
|
||||||
`ansible-playbook -i "production" "back-up.yml"`
|
`ansible-playbook -i "production" "back-up.yaml"`
|
||||||
|
|
||||||
## Services
|
## Services
|
||||||
|
|
||||||
The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yml) defines the services to be deployed or already deployed.
|
The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed.
|
||||||
|
|
||||||
They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2).
|
They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2).
|
||||||
|
|
||||||
## Configurations
|
## Configurations
|
||||||
|
|
||||||
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
|
Our SearXNG instance uses a custom [settings.yaml](templates/conf/settings.yaml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
|
||||||
|
|
||||||
Data of our Privatebin, Etherpad, and Gitea instance are backed up periodically.
|
Data of our Privatebin, Etherpad, and Gitea instance are backed up periodically.
|
||||||
|
|
||||||
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
|
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
|
||||||
|
|
||||||
## Contact
|
## Contact
|
||||||
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.
|
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.
|
@ -4,7 +4,7 @@
|
|||||||
gather_facts: false
|
gather_facts: false
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/secrets.yml
|
- vars/secrets.yaml
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------------------------------
|
@ -12,18 +12,18 @@
|
|||||||
- set_fact:
|
- set_fact:
|
||||||
authelia_session_secret: "{{ authelia_session_secret_result.stdout }}"
|
authelia_session_secret: "{{ authelia_session_secret_result.stdout }}"
|
||||||
|
|
||||||
- name: Set up configuration.yml
|
- name: Set up configuration.yaml
|
||||||
template:
|
template:
|
||||||
src: "conf/configuration.yml.j2"
|
src: "conf/configuration.yaml.j2"
|
||||||
dest: "{{ docker_dir }}/authelia/configuration.yml"
|
dest: "{{ docker_dir }}/authelia/configuration.yaml"
|
||||||
owner: 1000
|
owner: 1000
|
||||||
group: 1000
|
group: 1000
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: Set up users_database.yml
|
- name: Set up users_database.yaml
|
||||||
template:
|
template:
|
||||||
src: "conf/users_database.yml.j2"
|
src: "conf/users_database.yaml.j2"
|
||||||
dest: "{{ docker_dir }}/authelia/users_database.yml"
|
dest: "{{ docker_dir }}/authelia/users_database.yaml"
|
||||||
owner: 1000
|
owner: 1000
|
||||||
group: 1000
|
group: 1000
|
||||||
mode: 0755
|
mode: 0755
|
@ -26,7 +26,7 @@
|
|||||||
dest: "/home/{{ control_user }}/.netrc"
|
dest: "/home/{{ control_user }}/.netrc"
|
||||||
owner: 1000
|
owner: 1000
|
||||||
group: 1000
|
group: 1000
|
||||||
mode: 0755
|
mode: 0600
|
||||||
delegate_to: "{{ control_host }}"
|
delegate_to: "{{ control_host }}"
|
||||||
|
|
||||||
- name: Encrypt .netrc
|
- name: Encrypt .netrc
|
||||||
@ -59,3 +59,9 @@
|
|||||||
- name: Use git-credential-netrc
|
- name: Use git-credential-netrc
|
||||||
command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v"
|
command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v"
|
||||||
delegate_to: "{{ control_host }}"
|
delegate_to: "{{ control_host }}"
|
||||||
|
|
||||||
|
- name: Add pinentry-program to gpg-agent.conf on control host
|
||||||
|
lineinfile:
|
||||||
|
path: /home/{{ user }}/.gnupg/gpg-agent.conf
|
||||||
|
line: 'pinentry-program /usr/bin/pinentry-gnome3'
|
||||||
|
delegate_to: "{{ control_host }}"
|
@ -7,8 +7,8 @@
|
|||||||
|
|
||||||
- name: Set up paulgo conf
|
- name: Set up paulgo conf
|
||||||
template:
|
template:
|
||||||
src: "conf/settings.yml.j2"
|
src: "conf/settings.yaml.j2"
|
||||||
dest: "{{ docker_dir }}/paulgo/settings.yml"
|
dest: "{{ docker_dir }}/paulgo/settings.yaml"
|
||||||
owner: 1000
|
owner: 1000
|
||||||
group: 1000
|
group: 1000
|
||||||
mode: 0755
|
mode: 0755
|
@ -3,8 +3,8 @@
|
|||||||
hosts: all
|
hosts: all
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/secrets.yml
|
- vars/secrets.yaml
|
||||||
- vars/services.yml
|
- vars/services.yaml
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------------------------------
|
||||||
@ -37,7 +37,7 @@
|
|||||||
when: compose is defined and inventory_hostname in compose
|
when: compose is defined and inventory_hostname in compose
|
||||||
|
|
||||||
- name: Inital configurations
|
- name: Inital configurations
|
||||||
include_tasks: "config-tasks/{{ item }}.yml"
|
include_tasks: "config-tasks/{{ item }}.yaml"
|
||||||
loop: "{{ config[inventory_hostname] }}"
|
loop: "{{ config[inventory_hostname] }}"
|
||||||
when: config is defined and inventory_hostname in config
|
when: config is defined and inventory_hostname in config
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
@ -35,7 +35,7 @@ services:
|
|||||||
depends_on:
|
depends_on:
|
||||||
- redis
|
- redis
|
||||||
volumes:
|
volumes:
|
||||||
- {{ docker_dir }}/paulgo/settings.yml:/usr/local/searxng/searx/settings.yml
|
- {{ docker_dir }}/paulgo/settings.yaml:/usr/local/searxng/searx/settings.yaml
|
||||||
- {{ docker_dir }}/paulgo/donate.md:/usr/local/searxng/searx/infopage/en/donate.md
|
- {{ docker_dir }}/paulgo/donate.md:/usr/local/searxng/searx/infopage/en/donate.md
|
||||||
network_mode: host
|
network_mode: host
|
||||||
|
|
||||||
|
@ -76,7 +76,7 @@ server:
|
|||||||
base_url: "https://opnxng.com"
|
base_url: "https://opnxng.com"
|
||||||
public_instance: true
|
public_instance: true
|
||||||
|
|
||||||
# If your instance owns a /etc/searxng/settings.yml file, then set the following
|
# If your instance owns a /etc/searxng/settings.yaml file, then set the following
|
||||||
# values there.
|
# values there.
|
||||||
secret_key: "{{ paulgo_jwt_secret }}" # Is overwritten by ${SEARXNG_SECRET}
|
secret_key: "{{ paulgo_jwt_secret }}" # Is overwritten by ${SEARXNG_SECRET}
|
||||||
# Proxying image results through searx
|
# Proxying image results through searx
|
BIN
vars/.services.yml.swp
Normal file
BIN
vars/.services.yml.swp
Normal file
Binary file not shown.
@ -1,10 +1,14 @@
|
|||||||
compose:
|
compose:
|
||||||
|
vultr:
|
||||||
|
- 4get
|
||||||
|
oracle1:
|
||||||
|
- 4get
|
||||||
|
oracle2:
|
||||||
|
- 4get
|
||||||
|
oracle3:
|
||||||
|
- 4get
|
||||||
oracle4:
|
oracle4:
|
||||||
- paulgo
|
- 4get
|
||||||
|
|
||||||
config:
|
|
||||||
oracle4:
|
|
||||||
- paulgo
|
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue
Block a user