0
0

Use .yaml

This commit is contained in:
Opnxng 2023-11-13 20:27:07 +08:00
parent f8d3de48ec
commit e25978b45f
21 changed files with 42 additions and 32 deletions

6
.gitignore vendored
View File

@ -1,6 +1,6 @@
vars/secrets.yml
templates/conf/users_database.yml.j2
templates/conf/configuration.yml.j2
vars/secrets.yaml
templates/conf/users_database.yaml.j2
templates/conf/configuration.yaml.j2
files/firefox
production
.hidden

View File

@ -2,23 +2,23 @@
An Ansible playbook to deploy Docker services to our servers and another to back up important data.
`ansible-playbook -i "production" "deploy.yml"`
`ansible-playbook -i "production" "deploy.yaml"`
`ansible-playbook -i "production" "back-up.yml"`
`ansible-playbook -i "production" "back-up.yaml"`
## Services
The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yml) defines the services to be deployed or already deployed.
The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed.
They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2).
## Configurations
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
Our SearXNG instance uses a custom [settings.yaml](templates/conf/settings.yaml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
Data of our Privatebin, Etherpad, and Gitea instance are backed up periodically.
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
## Contact
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.

View File

@ -4,7 +4,7 @@
gather_facts: false
become: true
vars_files:
- vars/secrets.yml
- vars/secrets.yaml
tasks:
# ----------------------------------------------------------------------------------------------------

View File

@ -12,18 +12,18 @@
- set_fact:
authelia_session_secret: "{{ authelia_session_secret_result.stdout }}"
- name: Set up configuration.yml
- name: Set up configuration.yaml
template:
src: "conf/configuration.yml.j2"
dest: "{{ docker_dir }}/authelia/configuration.yml"
src: "conf/configuration.yaml.j2"
dest: "{{ docker_dir }}/authelia/configuration.yaml"
owner: 1000
group: 1000
mode: 0755
- name: Set up users_database.yml
- name: Set up users_database.yaml
template:
src: "conf/users_database.yml.j2"
dest: "{{ docker_dir }}/authelia/users_database.yml"
src: "conf/users_database.yaml.j2"
dest: "{{ docker_dir }}/authelia/users_database.yaml"
owner: 1000
group: 1000
mode: 0755

View File

@ -26,7 +26,7 @@
dest: "/home/{{ control_user }}/.netrc"
owner: 1000
group: 1000
mode: 0755
mode: 0600
delegate_to: "{{ control_host }}"
- name: Encrypt .netrc
@ -59,3 +59,9 @@
- name: Use git-credential-netrc
command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v"
delegate_to: "{{ control_host }}"
- name: Add pinentry-program to gpg-agent.conf on control host
lineinfile:
path: /home/{{ user }}/.gnupg/gpg-agent.conf
line: 'pinentry-program /usr/bin/pinentry-gnome3'
delegate_to: "{{ control_host }}"

View File

@ -7,8 +7,8 @@
- name: Set up paulgo conf
template:
src: "conf/settings.yml.j2"
dest: "{{ docker_dir }}/paulgo/settings.yml"
src: "conf/settings.yaml.j2"
dest: "{{ docker_dir }}/paulgo/settings.yaml"
owner: 1000
group: 1000
mode: 0755

View File

@ -3,8 +3,8 @@
hosts: all
gather_facts: false
vars_files:
- vars/secrets.yml
- vars/services.yml
- vars/secrets.yaml
- vars/services.yaml
tasks:
# ----------------------------------------------------------------------------------------------------
@ -37,7 +37,7 @@
when: compose is defined and inventory_hostname in compose
- name: Inital configurations
include_tasks: "config-tasks/{{ item }}.yml"
include_tasks: "config-tasks/{{ item }}.yaml"
loop: "{{ config[inventory_hostname] }}"
when: config is defined and inventory_hostname in config
ignore_errors: yes

View File

@ -35,7 +35,7 @@ services:
depends_on:
- redis
volumes:
- {{ docker_dir }}/paulgo/settings.yml:/usr/local/searxng/searx/settings.yml
- {{ docker_dir }}/paulgo/settings.yaml:/usr/local/searxng/searx/settings.yaml
- {{ docker_dir }}/paulgo/donate.md:/usr/local/searxng/searx/infopage/en/donate.md
network_mode: host

View File

@ -76,7 +76,7 @@ server:
base_url: "https://opnxng.com"
public_instance: true
# If your instance owns a /etc/searxng/settings.yml file, then set the following
# If your instance owns a /etc/searxng/settings.yaml file, then set the following
# values there.
secret_key: "{{ paulgo_jwt_secret }}" # Is overwritten by ${SEARXNG_SECRET}
# Proxying image results through searx

BIN
vars/.services.yml.swp Normal file

Binary file not shown.

View File

@ -1,10 +1,14 @@
compose:
vultr:
- 4get
oracle1:
- 4get
oracle2:
- 4get
oracle3:
- 4get
oracle4:
- paulgo
config:
oracle4:
- paulgo
- 4get
# ----------------------------------------------------------------------------------------------------