Use .yaml

.gitignore

@@ -1,6 +1,6 @@
-vars/secrets.yml
+vars/secrets.yaml
-templates/conf/users_database.yml.j2
+templates/conf/users_database.yaml.j2
-templates/conf/configuration.yml.j2
+templates/conf/configuration.yaml.j2
 files/firefox
 production
 .hidden

README.md

@@ -2,23 +2,23 @@
 
 An Ansible playbook to deploy Docker services to our servers and another to back up important data.
 
-`ansible-playbook -i "production" "deploy.yml"`
+`ansible-playbook -i "production" "deploy.yaml"`
 
-`ansible-playbook -i "production" "back-up.yml"`
+`ansible-playbook -i "production" "back-up.yaml"`
 
 ## Services
 
-The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yml) defines the services to be deployed or already deployed.
+The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed.
 
 They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2).
 
 ## Configurations
 
-Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
+Our SearXNG instance uses a custom [settings.yaml](templates/conf/settings.yaml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
 
 Data of our Privatebin, Etherpad, and Gitea instance are backed up periodically.
 
-Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
+Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
 
 ## Contact
 Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.

back-up.yaml

@@ -4,7 +4,7 @@
   gather_facts: false
   become: true
   vars_files:
-    - vars/secrets.yml
+    - vars/secrets.yaml
   tasks:
 
 # ----------------------------------------------------------------------------------------------------

config-tasks/authelia.yaml

@@ -12,18 +12,18 @@
     - set_fact:
         authelia_session_secret: "{{ authelia_session_secret_result.stdout }}"
 
-    - name: Set up configuration.yml
+    - name: Set up configuration.yaml
       template:
-        src: "conf/configuration.yml.j2"
+        src: "conf/configuration.yaml.j2"
-        dest: "{{ docker_dir }}/authelia/configuration.yml"
+        dest: "{{ docker_dir }}/authelia/configuration.yaml"
         owner: 1000
         group: 1000
         mode: 0755
 
-    - name: Set up users_database.yml
+    - name: Set up users_database.yaml
       template:
-        src: "conf/users_database.yml.j2"
+        src: "conf/users_database.yaml.j2"
-        dest: "{{ docker_dir }}/authelia/users_database.yml"
+        dest: "{{ docker_dir }}/authelia/users_database.yaml"
         owner: 1000
         group: 1000
         mode: 0755

config-tasks/gitea-netrc.yaml

@@ -26,7 +26,7 @@
         dest: "/home/{{ control_user }}/.netrc"
         owner: 1000
         group: 1000
-        mode: 0755
+        mode: 0600
       delegate_to: "{{ control_host }}"
 
     - name: Encrypt .netrc
@@ -34,8 +34,8 @@
       delegate_to: "{{ control_host }}"
 
     - name: Clear .netrc
-      copy: 
+      copy:
-        content: '# Clear' 
+        content: '# Clear'
         dest: "/home/{{ control_user }}/.netrc"
       delegate_to: "{{ control_host }}"
 
@@ -58,4 +58,10 @@
 
     - name: Use git-credential-netrc
       command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v"
-      delegate_to: "{{ control_host }}"
+      delegate_to: "{{ control_host }}"
+
+    - name: Add pinentry-program to gpg-agent.conf on control host
+      lineinfile:
+        path: /home/{{ user }}/.gnupg/gpg-agent.conf
+        line: 'pinentry-program /usr/bin/pinentry-gnome3'
+      delegate_to: "{{ control_host }}"

config-tasks/paulgo.yaml

@@ -7,8 +7,8 @@
 
     - name: Set up paulgo conf
       template:
-        src: "conf/settings.yml.j2"
+        src: "conf/settings.yaml.j2"
-        dest: "{{ docker_dir }}/paulgo/settings.yml"
+        dest: "{{ docker_dir }}/paulgo/settings.yaml"
         owner: 1000
         group: 1000
         mode: 0755

deploy.yaml

@@ -3,8 +3,8 @@
   hosts: all
   gather_facts: false
   vars_files:
-    - vars/secrets.yml
+    - vars/secrets.yaml
-    - vars/services.yml
+    - vars/services.yaml
   tasks:
   
 # ----------------------------------------------------------------------------------------------------
@@ -37,7 +37,7 @@
       when: compose is defined and inventory_hostname in compose
 
     - name: Inital configurations
-      include_tasks: "config-tasks/{{ item }}.yml"
+      include_tasks: "config-tasks/{{ item }}.yaml"
       loop: "{{ config[inventory_hostname] }}"
       when: config is defined and inventory_hostname in config
       ignore_errors: yes

templates/compose/paulgo.yaml.j2

@@ -35,7 +35,7 @@ services:
     depends_on:
       - redis
     volumes:
-      - {{ docker_dir }}/paulgo/settings.yml:/usr/local/searxng/searx/settings.yml
+      - {{ docker_dir }}/paulgo/settings.yaml:/usr/local/searxng/searx/settings.yaml
       - {{ docker_dir }}/paulgo/donate.md:/usr/local/searxng/searx/infopage/en/donate.md
     network_mode: host
 

templates/conf/settings.yaml.j2

@@ -76,7 +76,7 @@ server:
   base_url: "https://opnxng.com"
   public_instance: true
 
-  # If your instance owns a /etc/searxng/settings.yml file, then set the following
+  # If your instance owns a /etc/searxng/settings.yaml file, then set the following
   # values there.
   secret_key: "{{ paulgo_jwt_secret }}"  # Is overwritten by ${SEARXNG_SECRET}
   # Proxying image results through searx
@@ -2540,4 +2540,4 @@ doi_resolvers:
 
 default_doi_resolver: 'oadoi.org'
 
-{% endraw %}
+{% endraw %}

vars/services.yaml

@@ -1,10 +1,14 @@
 compose:
+  vultr:
+    - 4get
+  oracle1:
+    - 4get
+  oracle2:
+    - 4get
+  oracle3:
+    - 4get
   oracle4:
-    - paulgo
+    - 4get
-
-config:
-  oracle4:
-    - paulgo
 
 # ----------------------------------------------------------------------------------------------------