diff --git a/.gitignore b/.gitignore index fbfd6d7e..c9297a1e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ .git/ -vault-pass.yml +vault-pass id_ed25519 id_ed25519.pub roles/ansible-role-pip diff --git a/.woodpecker/ansible-lint.yml b/.woodpecker/ansible-lint.yml index 819415ce..96c69719 100644 --- a/.woodpecker/ansible-lint.yml +++ b/.woodpecker/ansible-lint.yml @@ -4,17 +4,13 @@ depends_on: steps: ansible-lint: - image: quay.io/ansible/creator-ee:v24.2.0 + image: registry.mgrote.net/ansible-devspace:latest commands: # Secrets - - echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert" - - echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung + - echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreaks, daher mit base64 -w0 "kodiert" + - echo $${VAULTPASS} | base64 -d > ./vault-pass # Name des Secrets in Großschreibung - chmod 0400 ./id_ed25519 - # Abhängigkeiten - - pip install pykeepass Jinja2 markupsafe jmespath --user - - ansible-galaxy install -r requirements.yaml # Doing - - ansible-lint --version - ansible-lint --force-color --format pep8 # https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands secrets: [vaultpass] diff --git a/.woodpecker/ansible-playbook.yml b/.woodpecker/ansible-playbook.yml deleted file mode 100644 index 567400be..00000000 --- a/.woodpecker/ansible-playbook.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -depends_on: - - ansible-lint - -steps: - ansible-playbook: - image: quay.io/ansible/creator-ee:v24.2.0 - commands: - # Secrets - - echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert" - - echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung - - chmod 0400 ./id_ed25519 - # Abhängigkeiten - - pip install 'pykeepass==4.0.3' --user - - ansible-galaxy install -r requirements.yaml - # Debug - - ansible localhost -m debug -a "var={{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}" - # Doing - #- ansible-playbook playbooks/2_all.yml playbooks/3_service/* --limit production - # https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands - secrets: [vaultpass, sshkey] - when: - - event: [push, pull_request_closed] - branch: master -... diff --git a/README.md b/README.md index af50bf25..345b549a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,11 @@ # ansible_heimserver [![status-badge](https://ci.mgrote.net/api/badges/2/status.svg)](https://ci.mgrote.net/repos/2) + +## ansible-devspace + +- Repository: https://git.mgrote.net/container-images/ansible-devspace + - dort mit Woodpecker-CI gebaut und in eigene Registry gepushed +- ``devspace.sh`` pulled Image, prüft ob SSH-Key und ``vault-pass`` vorhanden sind + - mountet git-Secrets +- startet Container diff --git a/ansible.cfg b/ansible.cfg index 4698c848..dbe15cac 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,11 +2,9 @@ inventory = ./inventory nocows = 1 retry_files_enabled = False -roles_path = ./roles -lookup_plugins = ./plugins/lookup -collections_path = ./collections +roles_path = ./roles:~/.ansible/roles/ private_key_file = ./id_ed25519 -vault_password_file = vault-pass.yml +vault_password_file = vault-pass gathering = smart [diff] always = true diff --git a/devspace.sh b/devspace.sh new file mode 100755 index 00000000..0e165663 --- /dev/null +++ b/devspace.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +IMAGE="registry.mgrote.net/ansible-devspace:latest" + +# Farben +# https://stackoverflow.com/questions/5947742/how-to-change-the-output-color-of-echo-in-linux +RESET='\033[0m' +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[0;33m' + +echo -e "${GREEN}Run checks...${RESET}" + +if ! [ -f "./vault-pass" ]; then + echo -e "${RED}Vault-Pass File is missing!${RESET}" + exit 1 +fi +if ! [ -f "./id_ed25519" ]; then + echo -e "${RED}SSH-Private-Key is missing!${RESET}" + exit 1 +fi +if ! [ -f "$HOME/.git-credentials" ]; then + echo -e "${YELLOW}~/.git-credentials not found!${RESET}" +fi +if ! [[ $(id -u) -eq "1000" ]]; then + echo -e "${RED}Wrong UID! (!=1000)${RESET}" + exit 1 +fi + +echo -e "${GREEN}Pull Image...${RESET}" +docker pull ${IMAGE} + +echo -e "${GREEN}Start container...${RESET}" +docker run -it \ + -v "$PWD:/home/ansible-dev/ansible-homeserver" \ + -v "$HOME/.git-credentials:/home/ansible-dev/.git-credentials" \ + -w /home/ansible-dev/ansible-homeserver ${IMAGE} diff --git a/requirements.yaml b/requirements.yaml deleted file mode 100644 index 2f68186d..00000000 --- a/requirements.yaml +++ /dev/null @@ -1,42 +0,0 @@ -collections: - - name: community.general - version: "9.2.0" - - name: community.crypto - version: "2.21.1" - - name: ansible.posix - version: "1.5.4" - - name: community.docker - version: "3.11.0" - - name: viczem.keepass - version: "0.7.5" -roles: - - name: ansible-role-bootstrap - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-bootstrap - version: "7.0.2" - - name: ansible-ufw - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-ufw - version: "v4.1.13" - - name: ansible-manage-lvm - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-manage-lvm - version: "v0.2.12" - - name: ansible-role-unattended-upgrades - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-unattended-upgrades - version: "v4.6.0" - - name: ansible-role-pip - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-pip - version: "3.0.3" - - name: ansible-role-nfs - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-nfs - version: "2.0.0" - - name: ansible-role-docker - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-docker - version: "7.1.0" - - name: ansible_role_ctop - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible_role_ctop - version: "1.1.6" - - name: ansible_role_gitea - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible_role_gitea - version: "v3.5.0" - - name: ansible-role-postgresql - src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-postgresql - version: "3.5.2" diff --git a/roles/mgrote_zfs_sanoid/tasks/destination.yml b/roles/mgrote_zfs_sanoid/tasks/destination.yml index a69188a7..4c950f4e 100644 --- a/roles/mgrote_zfs_sanoid/tasks/destination.yml +++ b/roles/mgrote_zfs_sanoid/tasks/destination.yml @@ -11,8 +11,6 @@ when: - sanoid_syncoid_destination_host - - - name: add user to sudoers become: true ansible.builtin.blockinfile: