From 25dca48b9b161bfeda0f7305f42e8b134899292c Mon Sep 17 00:00:00 2001 From: Anton Vakhrushev Date: Thu, 11 Aug 2022 22:09:57 +0300 Subject: [PATCH] =?UTF-8?q?=D0=9F=D0=B5=D1=80=D0=B5=D0=B5=D0=B7=D0=B4=20?= =?UTF-8?q?=D0=BD=D0=B0=20=D0=BD=D0=BE=D0=B2=D1=8B=D0=B9=20=D1=81=D0=B5?= =?UTF-8?q?=D1=80=D0=B2=D0=B5=D1=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 13 +++++++++++-- ansible/configuration.yml | 22 +++++++++++----------- ansible/hosts_prod | 2 +- ansible/requirements.yml | 2 +- ansible/vars/vars.yml | 32 ++++++++++++++++++-------------- 5 files changed, 42 insertions(+), 29 deletions(-) diff --git a/Makefile b/Makefile index 7f538b6..c57dd0b 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ STAGE := vagrant ifeq ($(STAGE), prod) ANSIBLE_HOST_KEY_CHECKING := True INVENTORY := ansible/hosts_prod - USER_ARGS := --user="mayor" --become + USER_ARGS := --user="major" --become else ANSIBLE_HOST_KEY_CHECKING := False INVENTORY := ansible/hosts_vagrant @@ -25,6 +25,12 @@ else TAGS_ARGS := endif +edit-vars: + EDITOR=micro \ + ansible-vault edit \ + --vault-password-file="ansible-vault-password-file" \ + ansible/vars/vars.yml + configure: ANSIBLE_HOST_KEY_CHECKING=$(ANSIBLE_HOST_KEY_CHECKING) \ ansible-playbook \ @@ -35,6 +41,9 @@ configure: --vault-password-file="ansible-vault-password-file" \ $(PLAYBOOK) +configure-prod: + $(MAKE) configure STAGE="prod" + configure-apps: $(MAKE) configure TAGS="webserver,apps,env" @@ -47,7 +56,7 @@ dry-run: --extra-vars='ansible_python_interpreter=/usr/bin/python3' \ --vault-password-file="ansible-vault-password-file" \ --check \ - --diff \ + --diff -vvv \ $(PLAYBOOK) list-tags: diff --git a/ansible/configuration.yml b/ansible/configuration.yml index 2df6b32..052ece0 100644 --- a/ansible/configuration.yml +++ b/ansible/configuration.yml @@ -25,7 +25,7 @@ - import_role: name: geerlingguy.security vars: - security_ssh_permit_root_login: "yes" + security_ssh_permit_root_login: "no" security_autoupdate_enabled: "no" security_fail2ban_enabled: "no" @@ -36,17 +36,17 @@ - import_role: name: geerlingguy.docker -# Temporary disable -# - import_role: -# name: caddy_ansible.caddy_ansible -# vars: + - import_role: + name: caddy_ansible.caddy_ansible + vars: + caddy_github_token: '{{ caddy_vars.github_token }}' # caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}' -# caddy_update: False -# caddy_setcap: True -# caddy_systemd_capabilities_enabled: True -# caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE" -# tags: -# - webserver + caddy_update: False + caddy_setcap: True + caddy_systemd_capabilities_enabled: True + caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE" + tags: + - webserver - import_role: name: netdata diff --git a/ansible/hosts_prod b/ansible/hosts_prod index 413eeb8..131f823 100644 --- a/ansible/hosts_prod +++ b/ansible/hosts_prod @@ -1 +1 @@ -130.193.37.99 +51.250.85.23 diff --git a/ansible/requirements.yml b/ansible/requirements.yml index a75ade4..f5c0032 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -9,4 +9,4 @@ version: 5.0.0 - src: caddy_ansible.caddy_ansible - version: v2.1.1 + version: v3.1.0 diff --git a/ansible/vars/vars.yml b/ansible/vars/vars.yml index 224e2d6..8cabbc0 100644 --- a/ansible/vars/vars.yml +++ b/ansible/vars/vars.yml @@ -1,15 +1,19 @@ $ANSIBLE_VAULT;1.1;AES256 -35363437643463396366363661386530363562373533313237383533356662303136386265623638 -6365396330653231656162393964343866633865613437340a393261633963353661633864613664 -62616131366434666563353437316332306236643032313535343062343464363762373331663061 -3132396362326365640a306435646134306165383236383266343138626362656537386636643162 -36316630396361383666323262666566616264626166646265346431363730653364653432363561 -63326161323736663336373061353434626563316561633336353664316231666130323832623864 -39636534336634353734613836616134353531633335386636313537323163313166616533366163 -37373130336232376232613036643730326638333130313739643132333231646365313830333762 -63393837653463363332326334636662383738393730353438346534663931653063663062373139 -62346163346566376664333331336433316530386139623266376665333638666633346261393763 -62636464663766346537633161356164373631363834383931336432336162303232663534663136 -62373265373464656163353037313935383664343834336231653561633533373063313231386336 -65343533343436663264636232653832636164663166373739396435336639303437633364373262 -3332643634646535313331306131613166306461313030323862 +36396531373934663831663236653535303262393035373861643832313630336534383661613065 +3232326562356434326662616534646439636161643366650a363331353232356131333932613263 +30636130643165663033393431336664346365313733663163626133343131353361626231353838 +3361626231626664650a363836323435623131323332663365636466393361353532643363643833 +34616439653361623333336132323236613065643435373239313535386663323230656234343930 +64316434666465363833636538666362663664336536643464346130353839306437623837303466 +30393534363839363131663161366435626565363837663363623562396636633261316362323432 +39313561663938633736623936323330343563343739623639643734313231613337396166346165 +30323930653366373665353664333464653730663239613036393239633838303261333436373562 +63313666613035663838323837393931663034663963326331626136373337376635653136356332 +38663062363035386237646332383936353836336461313264303034346435343138346538356636 +61383132316661366466386361323333353033346666326133333633626532376265613966616634 +63313335353565333635313362353034643062623633306339366663623636363732656235656166 +31306430346261353939623933306435666239313733643030346539353133623265373964393235 +33383562316232373166383065383562646536323565393136346666363832363066653231393565 +65633139353661663564656265323439643665616432386131633361643461386631646265633839 +61636334326666396237336137313332626666313936616462666137396638303030646136383166 +6132303361653036386630393766643962643430343164656663