Compare commits

...

No commits in common. 'master' and 'gh-pages' have entirely different histories.

  1. 5
      .gitignore
  2. 3
      .gitmodules
  3. 19
      LICENSE
  4. 85
      Readme.md
  5. 56
      TODO
  6. 25
      Vagrantfile
  7. 515
      ansible_cowsay/index.html
  8. 495
      ansible_do/index.html
  9. 495
      ansible_linode/index.html
  10. 608
      ansible_playbooks/index.html
  11. 559
      ansible_vagrant/index.html
  12. 551
      ansible_vault/index.html
  13. 4
      assets/fonts/font-awesome.css
  14. 13
      assets/fonts/material-icons.css
  15. BIN
      assets/fonts/specimen/FontAwesome.ttf
  16. BIN
      assets/fonts/specimen/FontAwesome.woff
  17. BIN
      assets/fonts/specimen/FontAwesome.woff2
  18. BIN
      assets/fonts/specimen/MaterialIcons-Regular.ttf
  19. BIN
      assets/fonts/specimen/MaterialIcons-Regular.woff
  20. BIN
      assets/fonts/specimen/MaterialIcons-Regular.woff2
  21. BIN
      assets/images/favicon.png
  22. 20
      assets/images/icons/bitbucket.1b09e088.svg
  23. 18
      assets/images/icons/github.f0b8504a.svg
  24. 38
      assets/images/icons/gitlab.6dd19c00.svg
  25. 1
      assets/javascripts/application.e72fd936.js
  26. 1
      assets/javascripts/lunr/lunr.da.js
  27. 1
      assets/javascripts/lunr/lunr.de.js
  28. 1
      assets/javascripts/lunr/lunr.du.js
  29. 1
      assets/javascripts/lunr/lunr.es.js
  30. 1
      assets/javascripts/lunr/lunr.fi.js
  31. 1
      assets/javascripts/lunr/lunr.fr.js
  32. 1
      assets/javascripts/lunr/lunr.hu.js
  33. 1
      assets/javascripts/lunr/lunr.it.js
  34. 1
      assets/javascripts/lunr/lunr.jp.js
  35. 1
      assets/javascripts/lunr/lunr.multi.js
  36. 1
      assets/javascripts/lunr/lunr.no.js
  37. 1
      assets/javascripts/lunr/lunr.pt.js
  38. 1
      assets/javascripts/lunr/lunr.ro.js
  39. 1
      assets/javascripts/lunr/lunr.ru.js
  40. 1
      assets/javascripts/lunr/lunr.stemmer.support.js
  41. 1
      assets/javascripts/lunr/lunr.sv.js
  42. 1
      assets/javascripts/lunr/lunr.tr.js
  43. 1
      assets/javascripts/lunr/tinyseg.js
  44. 1
      assets/javascripts/modernizr.1aa3b519.js
  45. 1176
      assets/stylesheets/application-palette.22915126.css
  46. 2552
      assets/stylesheets/application.451f80e5.css
  47. 82
      base.yml
  48. 0
      css/custom.css
  49. 8
      do.cfg
  50. 121
      docs/ansible_cowsay.md
  51. 81
      docs/ansible_do.md
  52. 81
      docs/ansible_linode.md
  53. 199
      docs/ansible_playbooks.md
  54. 76
      docs/ansible_vagrant.md
  55. 168
      docs/ansible_vault.md
  56. 209
      docs/index.md
  57. 174
      docs/quickstart.md
  58. 5
      dohosts
  59. 69
      group_vars/all/main.yml
  60. 46
      group_vars/all/vault
  61. 701
      index.html
  62. 8
      linode.cfg
  63. 5
      linodehosts
  64. 1
      mkdocs-material
  65. 44
      mkdocs.yml
  66. 27
      podcharlesreid1.yml
  67. 21
      provision.yml
  68. 576
      quickstart/index.html
  69. 58
      roles/aws/README.md
  70. 13
      roles/aws/defaults/main.yml
  71. 21
      roles/aws/tasks/credentials.yml
  72. 15
      roles/aws/tasks/main.yml
  73. 23
      roles/aws/tasks/tools.yml
  74. 3
      roles/aws/templates/credentials.j2
  75. 38
      roles/docker/README.md
  76. 4
      roles/docker/defaults/main.yml
  77. 30
      roles/docker/files/install.sh
  78. 48
      roles/docker/tasks/main.yml
  79. 38
      roles/dotfiles/README.md
  80. 5
      roles/dotfiles/defaults/main.yml
  81. 40
      roles/dotfiles/tasks/main.yml
  82. 38
      roles/goenv/README.md
  83. 10
      roles/goenv/defaults/main.yml
  84. 4
      roles/goenv/files/goenv.sh
  85. 10
      roles/goenv/tasks/envvars.yml
  86. 10
      roles/goenv/tasks/goenv.yml
  87. 27
      roles/goenv/tasks/golang.yml
  88. 15
      roles/goenv/tasks/main.yml
  89. 24
      roles/goenv/tasks/packages.yml
  90. 38
      roles/init-nonroot/README.md
  91. 4
      roles/init-nonroot/defaults/main.yml
  92. 14
      roles/init-nonroot/tasks/main.yml
  93. 38
      roles/init-root/README.md
  94. 2
      roles/init-root/defaults/main.yml
  95. 74
      roles/init-root/tasks/main.yml
  96. 38
      roles/install-stuff/README.md
  97. 37
      roles/install-stuff/tasks/main.yml
  98. 38
      roles/letsencrypt/README.md
  99. 8
      roles/letsencrypt/defaults/main.yml
  100. 172
      roles/letsencrypt/tasks/main.yml
  101. Some files were not shown because too many files have changed in this diff Show More

5
.gitignore vendored

@ -1,5 +0,0 @@
.vault_secret
.vagrant/
*.log
*.retry
site/

3
.gitmodules vendored

@ -1,3 +0,0 @@
[submodule "mkdocs-material"]
path = mkdocs-material
url = https://git.charlesreid1.com/charlesreid1/mkdocs-material.git

19
LICENSE

@ -1,19 +0,0 @@
Copyright (c) 2019 Charles Reid
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

85
Readme.md

@ -1,85 +0,0 @@
# charlesreid1-ansible
Ansible playbooks for charlesreid1.com infrastructure.
Table of Contents
=================
* [Docker Pods](#docker-pods)
* [Playbooks](#playbooks)
* [Roles](#roles)
* [Getting Started with Playbooks](#getting-started-with-playbooks)
## Docker Pods
These docker pods are collections of related charlesreid1.com
services. The Ansible playbooks prepare remote nodes so they
are ready to run these docker pods.
| Pod | Link |
|------------------|------------------------------------------------------|
| pod-charlesreid1 | <https://git.charlesreid1.com/docker/pod-charlesreid1> |
| pod-webhooks | <https://git.charlesreid1.com/docker/pod-webhooks> |
| pod-bots | <https://git.charlesreid1.com/docker/pod-bots> |
## Playbooks
There is one playbook per docker pod, plus a base playbook
and a provision playbook.
| Playbook | Description |
|------------------------|----------------------------------------------------------------------------------------------------------------------|
| `podcharlesreid1.yml` | Playbook to install and run the charlesreid1.com docker pod (<https://git.charlesreid1.com/docker/pod-charlesreid1>) |
| `podwebhooks.yml` | (TBA) Playbook to install and run the webhooks pod (<https://git.charlesreid1.com/docker/pod-webhooks>) |
| `podbots.yml` | (TBA) Playbook to install and run the bot pod (<https://git.charlesreid1.com/docker/pod-bots>) |
| `base.yml` | Base playbook run by all of the pod playbooks above. |
| `provision.yml` | Playbook to provision new Ubuntu machines with `/usr/bin/python`. |
## Roles
### Base Playbook Roles
The following roles carry out groups of tasks for setting up the base machine
to run charlesreid1.com infrastructure.
| Role Name | Description |
|-----------------------|-----------------------------------------------------------|
| init-root | Prepare root user account |
| init-nonroot | Prepare nonroot user account(s) |
| install-stuff | Install stuff with aptitude |
| pyenv | Install pyenv for nonroot user |
| goenv | Install goenv for nonroot user |
| sshkeys | Set up ssh keys for all users |
| vim | Set up vim for nonroot user |
| dotfiles | Install and configure dotfiles for nonroot user |
### Pod-Specific Roles
The following roles are run by playbooks specific to the
respective docker pod.
| Role Name | Description |
|-----------------------|--------------------------------------------------------------|
| pod-charlesreid1 | Role specific to the charlesreid1.com docker pod |
| pod-webhooks | Role specific to \{hooks,pages\}.charlesreid1.com docker pod |
| pod-bots | Role specific to bots docker pod |
## Getting Started with Playbooks
| Documentation Page | Description |
|----------------------------------------------------|-----------------------------------------------------------------|
| [docs/index.md](docs/index.md) | Documentation index |
| [docs/quickstart.md](docs/quickstart.md) | Quick start for the impatient (uses Vagrant) |
| [docs/ansible_do.md](docs/ansible_do.md) | Guide for running charlesreid1.com playbooks on Digital Ocean |
| [docs/ansible_vagrant.md](docs/ansible_vagrant.md) | Guide for running charlesreid1.com playbooks on Vagrant |
See [docs/ansible_playbooks.md](docs/ansible_playbooks.md) for a list of all
playbooks in this directory and how to run them, as well as a list
of all tags.

56
TODO

@ -1,56 +0,0 @@
captain hook config:
- need to have a template
- requires us to set a secret
- have been using "charles@charlesreid1.com"
- md5
captain hook canary setup:
- install service script that checks for the canary file every 10 seconds
- it should run a script in the captain hook install dir
- if it finds the canary file, it should use a docker pod scripts dir script to update captain hook
pod-webhooks:
- need to install captain hook canary and captain hook pull host
- debian/dotfiles/bluebear_scripts/captain_hook_canary.sh
- debian/dotfiles/bluebear_scripts/captain_hook_pull_host.py
- debian/dotfiles/service/captain-hook-canary.service
making domain swappable:
- submodules of pod-charlesreid1 would need to be reviewed in detail...
- need to template more files than we are currently templating
- the jinja copy from, copy to approach works well
- gitea
- mediawiki
- nginx
- letsencrypt
- the pod-charlesreid1 role defaults has a top_domain set to charlesreid1.com
- it says, "check for letsencrypt certs to this domain (top level domain of entire pod)"
- this does not match up with the nginx config files... which is how things are REALLY set
- top domain is used by gitea...
subdomains/domains approach needs to be:
- specify a list of top level domains
- subdomains are fixed, but needs to be eg pages.${TOP_DOMAIN}
pod-charlesreid1 /www setup
https://git.charlesreid1.com/charlesreid1/charlesreid1.com
/www/charlesreid1.com/
charlesreid1.com-src/ <-- clone of charlesreid1.com repo, src branch
git/ <-- .git dir for charlesreid1.com repo gh-pages branch
git.data/ <-- .git dir for charlesreid1-data
htdocs/ <-- clone of charlesreid1.com repo gh-pages branch
data/ <-- clone of charlesreid1-data

25
Vagrantfile vendored

@ -1,25 +0,0 @@
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# Use same SSH key for all machines
config.ssh.insert_key = false
config.ssh.port = 2222
config.vm.define "vagrant1" do |vagrant1|
# Set operating system
vagrant1.vm.box = "ubuntu/xenial64"
# Port forwarding
vagrant1.vm.network "forwarded_port", guest:80, host: 8880
vagrant1.vm.network "forwarded_port", guest:443, host: 8883
# Before doing anything else, make sure that
# the servers have Python 2 (so Ansible will work)
vagrant1.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.inventory_path = "vagranthosts"
end
end
end

515
ansible_cowsay/index.html

@ -0,0 +1,515 @@
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<link rel="canonical" href="https://charlesreid1-docker.github.io/charlesreid1-ansible/ansible_cowsay/">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="..">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-3.0.3">
<title>Ansible Cowsay - charlesreid1-ansible</title>
<link rel="stylesheet" href="../assets/stylesheets/application.451f80e5.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.22915126.css">
<meta name="theme-color" content="#2196f3">
<script src="../assets/javascripts/modernizr.1aa3b519.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
<link rel="stylesheet" href="../css/custom.css">
</head>
<body dir="ltr" data-md-color-primary="blue" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="../#ansible-cowsay" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-header-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
charlesreid1-ansible
</span>
<span class="md-header-nav__topic">
Ansible Cowsay
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
charlesreid1-ansible
</label>
<div class="md-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Index" class="md-nav__link">
Index
</a>
</li>
<li class="md-nav__item">
<a href="../quickstart/" title="Quickstart" class="md-nav__link">
Quickstart
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vagrant/" title="Ansible on Vagrant" class="md-nav__link">
Ansible on Vagrant
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_linode/" title="Ansible on Linode" class="md-nav__link">
Ansible on Linode
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_do/" title="Ansible on DigitalOcean" class="md-nav__link">
Ansible on DigitalOcean
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_playbooks/" title="Ansible Playbooks" class="md-nav__link">
Ansible Playbooks
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vault/" title="Ansible Vault" class="md-nav__link">
Ansible Vault
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<a href="./" title="Ansible Cowsay" class="md-nav__link md-nav__link--active">
Ansible Cowsay
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="ansible-cowsay">Ansible Cowsay<a class="headerlink" href="#ansible-cowsay" title="Permanent link">&para;</a></h1>
<p>This page covers the <code>cowsay</code> command and all the cows
that show up when you run ansible.</p>
<h1 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h1>
<ul>
<li><a href="#wat">Wat</a></li>
<li><a href="#turn-off-cows">Turn off cows</a></li>
<li><a href="#weird-cows">Weird cows</a></li>
</ul>
<h2 id="wat">Wat<a class="headerlink" href="#wat" title="Permanent link">&para;</a></h2>
<p>One of the first things you notice about ansible is that
it tells you what's going on via a series of cows:</p>
<div class="codehilite"><pre><span></span>____________
&lt; PLAY [all] &gt;
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
</pre></div>
<p>That's because Ansible is wrapping log messages with the
program cowsay, which prints out text in a text bubble
accompanied by a cow.</p>
<h2 id="turn-off-cows">Turn off cows<a class="headerlink" href="#turn-off-cows" title="Permanent link">&para;</a></h2>
<p>To turn off the cows, set <code>ANSIBLE_NOCOWS=1</code>:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_NOCOWS=1 \
ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; \
ansible-playbook \
base.yml
</pre></div>
<p>which is boring:</p>
<div class="codehilite"><pre><span></span>GATHERING FACTS ***************************************************************
ok: [127.0.0.1]
</pre></div>
<h2 id="weird-cows">Weird cows<a class="headerlink" href="#weird-cows" title="Permanent link">&para;</a></h2>
<p>Fortunately, cowsay comes with many kinds of cows:</p>
<div class="codehilite"><pre><span></span>$ cowsay -l
Cow files in /usr/local/Cellar/cowsay/3.04/share/cows:
beavis.zen blowfish bong bud-frogs bunny cheese cower daemon default dragon
dragon-and-cow elephant elephant-in-snake eyes flaming-sheep ghostbusters
head-in hellokitty kiss kitty koala kosh luke-koala meow milk moofasa moose
mutilated ren satanic sheep skeleton small sodomized stegosaurus stimpy
supermilker surgery telebears three-eyes turkey turtle tux udder vader
vader-koala www
</pre></div>
<p>...so many questions.</p>
<p>To specify a particular cow, set the <code>ANSIBLE_COW_SELECTION</code> variable:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_COW_SELECTION=vader
</pre></div>
<p>gives you</p>
<div class="codehilite"><pre><span></span> ___________________________
&lt; PLAY [Initial setup root] &gt;
---------------------------
\ ,-^-.
\ !oYo!
\ /./=\.\______
## )\/\
||-----w||
|| ||
Cowth Vader
________________________
&lt; TASK [Gathering Facts] &gt;
------------------------
\ ,-^-.
\ !oYo!
\ /./=\.\______
## )\/\
||-----w||
|| ||
Cowth Vader
</pre></div>
<p>Here is <code>ANSIBLE_COW_SELECTION=tux</code>:</p>
<div class="codehilite"><pre><span></span>&lt; GATHERING FACTS &gt;
-----------------
\
\
.--.
|o_o |
|:_/ |
// \ \
(| | )
/&#39;\_ _/`\
\___)=(___/
</pre></div>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../ansible_vault/" title="Ansible Vault" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Ansible Vault
</span>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.e72fd936.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
<script src="../search/main.js"></script>
</body>
</html>

495
ansible_do/index.html

@ -0,0 +1,495 @@
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<link rel="canonical" href="https://charlesreid1-docker.github.io/charlesreid1-ansible/ansible_do/">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="..">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-3.0.3">
<title>Ansible on DigitalOcean - charlesreid1-ansible</title>
<link rel="stylesheet" href="../assets/stylesheets/application.451f80e5.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.22915126.css">
<meta name="theme-color" content="#2196f3">
<script src="../assets/javascripts/modernizr.1aa3b519.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
<link rel="stylesheet" href="../css/custom.css">
</head>
<body dir="ltr" data-md-color-primary="blue" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="../#digital-ocean-quickstart" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-header-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
charlesreid1-ansible
</span>
<span class="md-header-nav__topic">
Ansible on DigitalOcean
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
charlesreid1-ansible
</label>
<div class="md-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Index" class="md-nav__link">
Index
</a>
</li>
<li class="md-nav__item">
<a href="../quickstart/" title="Quickstart" class="md-nav__link">
Quickstart
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vagrant/" title="Ansible on Vagrant" class="md-nav__link">
Ansible on Vagrant
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_linode/" title="Ansible on Linode" class="md-nav__link">
Ansible on Linode
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<a href="./" title="Ansible on DigitalOcean" class="md-nav__link md-nav__link--active">
Ansible on DigitalOcean
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_playbooks/" title="Ansible Playbooks" class="md-nav__link">
Ansible Playbooks
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vault/" title="Ansible Vault" class="md-nav__link">
Ansible Vault
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_cowsay/" title="Ansible Cowsay" class="md-nav__link">
Ansible Cowsay
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="digital-ocean-quickstart">Digital Ocean Quickstart<a class="headerlink" href="#digital-ocean-quickstart" title="Permanent link">&para;</a></h1>
<p>This quickstart walks through the process
of setting up a Digital Ocean droplet
using these Ansible playbooks.</p>
<h1 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h1>
<ul>
<li><a href="#droplet-setup">Droplet setup</a></li>
<li><a href="#run-provision-and-base-playbooks">Run provision and base playbooks</a></li>
<li><a href="#run-pod-playbooks">Run pod playbooks</a></li>
</ul>
<h2 id="droplet-setup">Droplet setup<a class="headerlink" href="#droplet-setup" title="Permanent link">&para;</a></h2>
<p>Start by logging in to your Digital Ocean account
and creating a droplet. You should be able to
create or specify an SSH key. </p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>You must modify the path to the SSH private
key, specified in <code>do.cfg</code> (the Digital Ocean
Ansible config file), to match the SSH key that
you added to the droplet at its creation.</p>
</div>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>Once you create your droplet and it is connected
to the internet via a public IP, you must update
the file <code>dohosts</code> (the Digital Ocean Ansible
inventory file) to point to the correct IP address
for the droplet.</p>
</div>
<h2 id="run-provision-and-base-playbooks">Run provision and base playbooks<a class="headerlink" href="#run-provision-and-base-playbooks" title="Permanent link">&para;</a></h2>
<p>Once you have the correct SSH key in <code>do.cfg</code>
and the correct droplet IP address in <code>dohosts</code>,
you are ready to run the Ansible playbooks.</p>
<p>Run the provision playbook to prepare the droplet for Ansible:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;do.cfg&quot; \
ansible-playbook \
provision.yml
</pre></div>
<p>Now you can run the base playbook.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>You must provide a <code>machine_name</code> parameter to
the base playbook. This variable is <strong><em>not</em></strong>
defined by default. Define it using the
<code>--extra-vars</code> flag.</p>
</div>
<p>Specifying a machine name using the <code>--extra-vars</code> flag:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;do.cfg&quot; \
ansible-playbook \
--extra-vars &quot;machine_name=redbeard&quot; \
base.yml
</pre></div>
<h2 id="run-pod-playbooks">Run pod playbooks<a class="headerlink" href="#run-pod-playbooks" title="Permanent link">&para;</a></h2>
<p>Once you've run the base playbook, you can install the
docker pod with the corresponding playbook by specifying
<code>ANSIBLE_CONFIG</code> and pointing to the Digital Ocean config file.</p>
<p>pod-charlesreid1:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;do.cfg&quot; \
ansible-playbook \
--extra-vars &quot;machine_name=redbeard&quot; \
podcharlesreid1.yml
</pre></div>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../ansible_linode/" title="Ansible on Linode" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Ansible on Linode
</span>
</div>
</a>
<a href="../ansible_playbooks/" title="Ansible Playbooks" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Ansible Playbooks
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.e72fd936.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
<script src="../search/main.js"></script>
</body>
</html>

495
ansible_linode/index.html

@ -0,0 +1,495 @@
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<link rel="canonical" href="https://charlesreid1-docker.github.io/charlesreid1-ansible/ansible_linode/">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="..">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-3.0.3">
<title>Ansible on Linode - charlesreid1-ansible</title>
<link rel="stylesheet" href="../assets/stylesheets/application.451f80e5.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.22915126.css">
<meta name="theme-color" content="#2196f3">
<script src="../assets/javascripts/modernizr.1aa3b519.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
<link rel="stylesheet" href="../css/custom.css">
</head>
<body dir="ltr" data-md-color-primary="blue" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="../#linode-quickstart" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-header-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
charlesreid1-ansible
</span>
<span class="md-header-nav__topic">
Ansible on Linode
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
charlesreid1-ansible
</label>
<div class="md-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Index" class="md-nav__link">
Index
</a>
</li>
<li class="md-nav__item">
<a href="../quickstart/" title="Quickstart" class="md-nav__link">
Quickstart
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vagrant/" title="Ansible on Vagrant" class="md-nav__link">
Ansible on Vagrant
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<a href="./" title="Ansible on Linode" class="md-nav__link md-nav__link--active">
Ansible on Linode
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_do/" title="Ansible on DigitalOcean" class="md-nav__link">
Ansible on DigitalOcean
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_playbooks/" title="Ansible Playbooks" class="md-nav__link">
Ansible Playbooks
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vault/" title="Ansible Vault" class="md-nav__link">
Ansible Vault
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_cowsay/" title="Ansible Cowsay" class="md-nav__link">
Ansible Cowsay
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="linode-quickstart">Linode Quickstart<a class="headerlink" href="#linode-quickstart" title="Permanent link">&para;</a></h1>
<p>This quickstart walks through the process
of setting up a Linode node
using these Ansible playbooks.</p>
<h1 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h1>
<ul>
<li><a href="#node-setup">Node setup</a></li>
<li><a href="#run-provision-and-base-playbooks">Run provision and base playbooks</a></li>
<li><a href="#run-pod-playbooks">Run pod playbooks</a></li>
</ul>
<h2 id="node-setup">Node setup<a class="headerlink" href="#node-setup" title="Permanent link">&para;</a></h2>
<p>Start by logging in to your Linode account
and creating a new node. You should be able to
create or specify an SSH key. </p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>You must modify the path to the SSH private
key, specified in <code>linode.cfg</code> (the Linode
Ansible config file), to match the SSH key that
you added to the droplet at its creation.</p>
</div>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>Once you create your droplet and it is connected
to the internet via a public IP, you must update
the file <code>linodehosts</code> (the Linode Ansible
inventory file) to point to the correct IP address
for the node.</p>
</div>
<h2 id="run-provision-and-base-playbooks">Run provision and base playbooks<a class="headerlink" href="#run-provision-and-base-playbooks" title="Permanent link">&para;</a></h2>
<p>Once you have the correct SSH key in <code>linode.cfg</code>
and the correct droplet IP address in <code>linodehosts</code>,
you are ready to run the Ansible playbooks.</p>
<p>Run the provision playbook to prepare the droplet for Ansible:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;linode.cfg&quot; \
ansible-playbook \
provision.yml
</pre></div>
<p>Now you can run the base playbook.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>You must provide a <code>machine_name</code> parameter to
the base playbook. This variable is <strong><em>not</em></strong>
defined by default. Define it using the
<code>--extra-vars</code> flag.</p>
</div>
<p>Specifying a machine name using the <code>--extra-vars</code> flag:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;linode.cfg&quot; \
ansible-playbook \
--extra-vars &quot;machine_name=redbeard&quot; \
base.yml
</pre></div>
<h2 id="run-pod-playbooks">Run pod playbooks<a class="headerlink" href="#run-pod-playbooks" title="Permanent link">&para;</a></h2>
<p>Once you've run the base playbook, you can install the
docker pod with the corresponding playbook by specifying
<code>ANSIBLE_CONFIG</code> and pointing to the Linode config file.</p>
<p>pod-charlesreid1:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;linode.cfg&quot; \
ansible-playbook \
--extra-vars &quot;machine_name=redbeard&quot; \
podcharlesreid1.yml
</pre></div>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../ansible_vagrant/" title="Ansible on Vagrant" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Ansible on Vagrant
</span>
</div>
</a>
<a href="../ansible_do/" title="Ansible on DigitalOcean" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Ansible on DigitalOcean
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.e72fd936.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
<script src="../search/main.js"></script>
</body>
</html>

608
ansible_playbooks/index.html

@ -0,0 +1,608 @@
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<link rel="canonical" href="https://charlesreid1-docker.github.io/charlesreid1-ansible/ansible_playbooks/">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="..">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-3.0.3">
<title>Ansible Playbooks - charlesreid1-ansible</title>
<link rel="stylesheet" href="../assets/stylesheets/application.451f80e5.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.22915126.css">
<meta name="theme-color" content="#2196f3">
<script src="../assets/javascripts/modernizr.1aa3b519.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
<link rel="stylesheet" href="../css/custom.css">
</head>
<body dir="ltr" data-md-color-primary="blue" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="../#ansible-playbooks" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-header-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
charlesreid1-ansible
</span>
<span class="md-header-nav__topic">
Ansible Playbooks
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
charlesreid1-ansible
</label>
<div class="md-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Index" class="md-nav__link">
Index
</a>
</li>
<li class="md-nav__item">
<a href="../quickstart/" title="Quickstart" class="md-nav__link">
Quickstart
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vagrant/" title="Ansible on Vagrant" class="md-nav__link">
Ansible on Vagrant
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_linode/" title="Ansible on Linode" class="md-nav__link">
Ansible on Linode
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_do/" title="Ansible on DigitalOcean" class="md-nav__link">
Ansible on DigitalOcean
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<a href="./" title="Ansible Playbooks" class="md-nav__link md-nav__link--active">
Ansible Playbooks
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vault/" title="Ansible Vault" class="md-nav__link">
Ansible Vault
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_cowsay/" title="Ansible Cowsay" class="md-nav__link">
Ansible Cowsay
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="ansible-playbooks">Ansible Playbooks<a class="headerlink" href="#ansible-playbooks" title="Permanent link">&para;</a></h1>
<p>This page covers what playbooks are in this directory
and how to run them.</p>
<h1 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h1>
<ul>
<li><a href="#provisionyml-provision-your-remote-node">provision.yml: Provision Your Remote Node</a></li>
<li><a href="#baseyml-the-base-plays">base.yml: the base plays</a></li>
<li><a href="#podcharlesreid1yml-charlesreid1-docker-pod-play">podcharlesreid1.yml: charlesreid1 docker pod play</a></li>
<li><a href="#charlesreid1hooksyml-webhooks-server-docker-pod-play">charlesreid1hooks.yml: webhooks server docker pod play</a></li>
<li><a href="#charlesreid1botsyml-bots-docker-pod-play">charlesreid1bots.yml: bots docker pod play</a></li>
<li><a href="#list-of-tags">List of Tags</a></li>
</ul>
<h2 id="provisionyml-provision-your-remote-node">provision.yml: Provision Your Remote Node<a class="headerlink" href="#provisionyml-provision-your-remote-node" title="Permanent link">&para;</a></h2>
<p>The provision playbook is a preparation step to ensure
Ansible has the software it needs to run. Specifically,
Ubuntu distributions do not come with <code>/usr/bin/python</code>
by default (only <code>/usr/bin/python3</code>), so the provision
step installs <code>/usr/bin/python</code>.</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; vagrant provision
</pre></div>
<p>Running plays against a Digital Ocean node requires
the provision playbook to be run explicitly with the
command:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;do.cfg&quot; ansible-playbook provision.yml
</pre></div>
<p>Also see the Provision sections of the
<a href="../ansible_vagrant/">ansible_vagrant.md</a>
and <a href="../ansible_do/">ansible_do.md</a> pages.</p>
<h2 id="baseyml-the-base-plays">base.yml: the base plays<a class="headerlink" href="#baseyml-the-base-plays" title="Permanent link">&para;</a></h2>
<p>The base.yml playbook contains a base set of plays for all
charlesreid1.com nodes. This includes setup, tooling, dotfiles,
user accounts, SSH keys, and so on.</p>
<p><strong>This playbook does not define a machine name.</strong> It is not
usually run explicitly, except in tests, so machine name must
be defined manually. To do that, use the <code>--extra-vars</code> flag:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars &quot;machine_name=yoyo&quot; \
base.yml
</pre></div>
<p>To run on Linode, specify the config file:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;linode.cfg&quot; \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars &quot;machine_name=yoyo&quot; \
base.yml
</pre></div>
<p>To run on Digital Ocean, specify the config file:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;do.cfg&quot; \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars &quot;machine_name=yoyo&quot; \
base.yml
</pre></div>
<h2 id="podcharlesreid1yml-charlesreid1-docker-pod-play">podcharlesreid1.yml: charlesreid1 docker pod play<a class="headerlink" href="#podcharlesreid1yml-charlesreid1-docker-pod-play" title="Permanent link">&para;</a></h2>
<p>The charlesreid1 docker pod runs the following:</p>
<ul>
<li>nginx</li>
<li>letsencrypt/certs</li>
<li>mediawiki</li>
<li>gitea</li>
<li>files/etc</li>
</ul>
<p><strong>Example:</strong> Deploy the charlesreid1 docker pod play
on a Vagrant machine.</p>
<p>To do this, specify the Ansible-Vagrant configuration file
and the vagrant hosts file:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; \
ansible-playbook \
--vault-password-file=.vault_secret \
podcharlesreid1.yml
</pre></div>
<p>To set a custom hostname, use the <code>--extra-vars</code> flag as above:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars &quot;machine_name=yoyo&quot; \
podcharlesreid1.yml
</pre></div>
<p><strong>Linode Example:</strong></p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;linode.cfg&quot; \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars &quot;machine_name=yoyo&quot; \
podcharlesreid1.yml
</pre></div>
<p><strong>Digital Ocean Example:</strong></p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;do.cfg&quot; \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars &quot;machine_name=yoyo&quot; \
podcharlesreid1.yml
</pre></div>
<h2 id="charlesreid1botsyml-bots-docker-pod-play">charlesreid1bots.yml: bots docker pod play<a class="headerlink" href="#charlesreid1botsyml-bots-docker-pod-play" title="Permanent link">&para;</a></h2>
<p>(Incomplete)</p>
<p>The bots docker pod runs several Python
scripts to keep some Twitter bots going:</p>
<ul>
<li>Ginsberg bot flock</li>
<li>Milton bot flock</li>
<li>Apollo Space Junk bot flock</li>
</ul>
<h2 id="list-of-tags">List of Tags<a class="headerlink" href="#list-of-tags" title="Permanent link">&para;</a></h2>
<p>(Incomplete)</p>
<p>Each role has a tag associated with it, so you can
run each role in isolation:</p>
<ul>
<li><code>aws</code></li>
<li><code>init-root</code></li>
<li><code>install-stuff</code></li>
<li><code>goenv</code></li>
<li><code>pyenv</code></li>
<li><code>docker</code></li>
<li><code>init-nonroot</code></li>
<li><code>sshkeys</code></li>
<li><code>dotfiles</code></li>
<li><code>vim</code></li>
<li><code>pod-charlesreid1</code></li>
</ul>
<h3 id="base-playbook-tags">Base Playbook Tags<a class="headerlink" href="#base-playbook-tags" title="Permanent link">&para;</a></h3>
<p>The base playbook <code>base.yml</code> includes the majority of
the roles, whose tags are listed here:</p>
<ul>
<li><code>aws</code></li>
<li><code>init-root</code></li>
<li><code>install-stuff</code></li>
<li><code>goenv</code></li>
<li><code>pyenv</code></li>
<li><code>docker</code></li>
<li><code>init-nonroot</code></li>
<li><code>sshkeys</code></li>
<li><code>dotfiles</code></li>
<li><code>vim</code></li>
</ul>
<p>The base playbook also uses the following tags
for sub-groups of tasks, or for groups of tasks
that cross roles:</p>
<ul>
<li><code>aws_tools</code> (aws command line tools and libraries only)</li>
<li><code>aws_creds</code> (aws credentials only)</li>
<li><code>pip</code> (all tasks installing packages using pip)</li>
<li><code>apt</code> (all tasks installing packages using apt)</li>
<li><code>docker-no-compose</code> (docker-only tasks)</li>
<li><code>docker-compose</code> (docker-compose-only tasks)</li>
<li><code>root-ssh</code> (setup of ssh keys for root user)</li>
<li><code>nonroot-ssh</code> (setup of ssh keys for nonroot user)</li>
</ul>
<h3 id="pod-charlesreid1-playbook-tags">pod-charlesreid1 Playbook Tags<a class="headerlink" href="#pod-charlesreid1-playbook-tags" title="Permanent link">&para;</a></h3>
<p>The pod-charlesreid1 playbook contains the docker pod
playbook for charlesreid1.com. This is a single role.
The entire role is run with the tag:</p>
<ul>
<li><code>pod-charlesreid1</code></li>
</ul>
<p>Subtasks are grouped as follows:</p>
<ul>
<li><code>pod-charlesreid1-services</code> (runs tasks that start the docker service and the pod service)</li>
<li><code>pod-charlesreid1-gitea</code> (set up gitea for pod-charlesreid1)</li>
<li><code>pod-charlesreid1-mw</code> (set up mediawiki for pod-charlesreid1)</li>
</ul>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../ansible_do/" title="Ansible on DigitalOcean" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Ansible on DigitalOcean
</span>
</div>
</a>
<a href="../ansible_vault/" title="Ansible Vault" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Ansible Vault
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.e72fd936.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
<script src="../search/main.js"></script>
</body>
</html>

559
ansible_vagrant/index.html

@ -0,0 +1,559 @@
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<link rel="canonical" href="https://charlesreid1-docker.github.io/charlesreid1-ansible/ansible_vagrant/">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="..">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-3.0.3">
<title>Ansible on Vagrant - charlesreid1-ansible</title>
<link rel="stylesheet" href="../assets/stylesheets/application.451f80e5.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.22915126.css">
<meta name="theme-color" content="#2196f3">
<script src="../assets/javascripts/modernizr.1aa3b519.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
<link rel="stylesheet" href="../css/custom.css">
</head>
<body dir="ltr" data-md-color-primary="blue" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="../#local-ansible-testing-with-vagrant" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-header-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
charlesreid1-ansible
</span>
<span class="md-header-nav__topic">
Ansible on Vagrant
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
charlesreid1-ansible
</label>
<div class="md-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Index" class="md-nav__link">
Index
</a>
</li>
<li class="md-nav__item">
<a href="../quickstart/" title="Quickstart" class="md-nav__link">
Quickstart
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Ansible on Vagrant
</label>
<a href="./" title="Ansible on Vagrant" class="md-nav__link md-nav__link--active">
Ansible on Vagrant
</a>
<nav class="md-nav md-nav--secondary">
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#start-vagrant-machine" title="Start Vagrant Machine" class="md-nav__link">
Start Vagrant Machine
</a>
</li>
<li class="md-nav__item">
<a href="#provision-vagrant-machine-setup-step" title="Provision Vagrant Machine (Setup Step)" class="md-nav__link">
Provision Vagrant Machine (Setup Step)
</a>
</li>
<li class="md-nav__item">
<a href="#set-vagrant-configuration-file" title="Set Vagrant Configuration File" class="md-nav__link">
Set Vagrant Configuration File
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../ansible_linode/" title="Ansible on Linode" class="md-nav__link">
Ansible on Linode
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_do/" title="Ansible on DigitalOcean" class="md-nav__link">
Ansible on DigitalOcean
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_playbooks/" title="Ansible Playbooks" class="md-nav__link">
Ansible Playbooks
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vault/" title="Ansible Vault" class="md-nav__link">
Ansible Vault
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_cowsay/" title="Ansible Cowsay" class="md-nav__link">
Ansible Cowsay
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#start-vagrant-machine" title="Start Vagrant Machine" class="md-nav__link">
Start Vagrant Machine
</a>
</li>
<li class="md-nav__item">
<a href="#provision-vagrant-machine-setup-step" title="Provision Vagrant Machine (Setup Step)" class="md-nav__link">
Provision Vagrant Machine (Setup Step)
</a>
</li>
<li class="md-nav__item">
<a href="#set-vagrant-configuration-file" title="Set Vagrant Configuration File" class="md-nav__link">
Set Vagrant Configuration File
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="local-ansible-testing-with-vagrant">Local Ansible Testing with Vagrant<a class="headerlink" href="#local-ansible-testing-with-vagrant" title="Permanent link">&para;</a></h1>
<p>Vagrant is a command-line wrapper around
VirtualBox and allows setting up one or more
virtual machines to test out Ansible playbooks
locally.</p>
<p>The repo contains a Vagrantfile (created with
the command <code>vagrant init ubuntu/xenial64</code>) that
has been modified to work with Ansible.</p>
<h2 id="start-vagrant-machine">Start Vagrant Machine<a class="headerlink" href="#start-vagrant-machine" title="Permanent link">&para;</a></h2>
<p>Start a Vagrant virtual machine using the <code>Vagrantfile</code>
by running the following command in this directory:</p>
<div class="codehilite"><pre><span></span>vagrant up
</pre></div>
<p>This will start a Ubuntu Xenial (16.04) machine.</p>
<h2 id="provision-vagrant-machine-setup-step">Provision Vagrant Machine (Setup Step)<a class="headerlink" href="#provision-vagrant-machine-setup-step" title="Permanent link">&para;</a></h2>
<p>Ansible can be used to provision the vagrant machine,
which is basically a step that gets it ready for
the "real" Ansible playbook.</p>
<p>(Specifically, the provision step installs <code>/usr/bin/python</code>,
which is not included by default in newer versions of
Ubuntu.)</p>
<p>Use the Ansible configuration file that is intended
for use with Vagrant, <code>vagrant.cfg</code>, when running
the vagrant provision command:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; vagrant provision
</pre></div>
<h2 id="set-vagrant-configuration-file">Set Vagrant Configuration File<a class="headerlink" href="#set-vagrant-configuration-file" title="Permanent link">&para;</a></h2>
<p>Now get info about how to SSH into the vagrant machines
and provide this information in the <code>vagranthosts</code>
Ansible inventory file:</p>
<div class="codehilite"><pre><span></span>vagrant ssh-config
</pre></div>
<p>Add information about the location of the
private key file, and any other details,
into <code>vagrant.cfg</code>:</p>
<p><strong><code>vagrant.cfg</code>:</strong></p>
<div class="codehilite"><pre><span></span>[defaults]
inventory = vagranthosts
remote_user = vagrant
private_key_file = ~/.vagrant.d/insecure_private_key
host_key_checking = False
log_path = ansible_vagrant.log
command_warnings=False
vault_password_file = .vault_secret
</pre></div>
<p>This example points to a vault secret contained
in the file <code>.vault_secret</code> as seen in the last line.</p>
<p>See <a href="../ansible_vault/">Ansible Vault</a> for more info
about vault secrets.</p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../quickstart/" title="Quickstart" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Quickstart
</span>
</div>
</a>
<a href="../ansible_linode/" title="Ansible on Linode" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Ansible on Linode
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.e72fd936.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
<script src="../search/main.js"></script>
</body>
</html>

551
ansible_vault/index.html

@ -0,0 +1,551 @@
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<link rel="canonical" href="https://charlesreid1-docker.github.io/charlesreid1-ansible/ansible_vault/">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="..">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-3.0.3">
<title>Ansible Vault - charlesreid1-ansible</title>
<link rel="stylesheet" href="../assets/stylesheets/application.451f80e5.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.22915126.css">
<meta name="theme-color" content="#2196f3">
<script src="../assets/javascripts/modernizr.1aa3b519.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
<link rel="stylesheet" href="../css/custom.css">
</head>
<body dir="ltr" data-md-color-primary="blue" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="../#ansible-vault" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-header-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
charlesreid1-ansible
</span>
<span class="md-header-nav__topic">
Ansible Vault
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
charlesreid1-ansible
</label>
<div class="md-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Index" class="md-nav__link">
Index
</a>
</li>
<li class="md-nav__item">
<a href="../quickstart/" title="Quickstart" class="md-nav__link">
Quickstart
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vagrant/" title="Ansible on Vagrant" class="md-nav__link">
Ansible on Vagrant
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_linode/" title="Ansible on Linode" class="md-nav__link">
Ansible on Linode
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_do/" title="Ansible on DigitalOcean" class="md-nav__link">
Ansible on DigitalOcean
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_playbooks/" title="Ansible Playbooks" class="md-nav__link">
Ansible Playbooks
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<a href="./" title="Ansible Vault" class="md-nav__link md-nav__link--active">
Ansible Vault
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_cowsay/" title="Ansible Cowsay" class="md-nav__link">
Ansible Cowsay
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="ansible-vault">Ansible Vault<a class="headerlink" href="#ansible-vault" title="Permanent link">&para;</a></h1>
<p>This page contains instructions for using the Ansible vault.</p>
<p>Link: <a href="https://docs.ansible.com/ansible/2.4/vault.html#creating-encrypted-files">Ansible vault documentation</a></p>
<h1 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h1>
<ul>
<li><a href="#what-is-ansible-vault">What is Ansible Vault?</a></li>
<li><a href="#where-is-the-vault-file">Where is the vault file?</a></li>
<li><a href="#how-to-view-the-vault-file">How to view the vault file?</a></li>
<li><a href="#how-to-create-a-vault-file">How to create a vault file?</a></li>
<li><a href="#how-to-edit-the-vault-file">How to edit the vault file?</a></li>
<li><a href="#how-to-use-the-vault-file">How to use the vault file?</a></li>
<li><a href="#adding-new-secret-variables">Adding new secret variables</a></li>
</ul>
<h2 id="what-is-ansible-vault">What is Ansible Vault?<a class="headerlink" href="#what-is-ansible-vault" title="Permanent link">&para;</a></h2>
<p>Ansible provides a "vault" function that allows sensitive data
(passwords, sensitive info, or certificate files) to be encrypted,
so it can be stored in a repository with the rest of the playbook.</p>
<p>The vault is an ordinary YAML file that defines variables, except
that the variables it defines are sensitive. These variables can
be used elsewhere in the playbook.</p>
<p>Ansible provides an <code>ansible-vault</code> command to interact with
vault files.</p>
<h2 id="where-is-the-vault-file">Where is the vault file?<a class="headerlink" href="#where-is-the-vault-file" title="Permanent link">&para;</a></h2>
<p>There is currently one vault file that applies to all servers.
It is located in the repository at <code>group_vars/all/vault</code>.</p>
<h2 id="how-to-view-the-vault-file">How to view the vault file?<a class="headerlink" href="#how-to-view-the-vault-file" title="Permanent link">&para;</a></h2>
<p>To view the contents of the vault file, use the view action:</p>
<div class="codehilite"><pre><span></span>ansible-vault edit my_vault_file
</pre></div>
<h2 id="how-to-create-a-vault-file">How to create a vault file?<a class="headerlink" href="#how-to-create-a-vault-file" title="Permanent link">&para;</a></h2>
<p>No new vault files should be needed for this repository, but to create
a new vault file called <code>my_vault_file</code>, use the create action:</p>
<div class="codehilite"><pre><span></span>ansible-vault create my_vault_file
</pre></div>
<h2 id="how-to-edit-the-vault-file">How to edit the vault file?<a class="headerlink" href="#how-to-edit-the-vault-file" title="Permanent link">&para;</a></h2>
<p>To edit the contents of the vualt file, use the edit action</p>
<div class="codehilite"><pre><span></span>EDITOR=&quot;vim&quot; ansible-vault edit my_vault_file
</pre></div>
<h2 id="how-to-use-the-vault-file">How to use the vault file?<a class="headerlink" href="#how-to-use-the-vault-file" title="Permanent link">&para;</a></h2>
<p>Vault files are used by ansible in the process of running playbooks.
The user can provide Ansible with the vault password either on the
command line (via an interactive prompt), or the user can put the
vault password into a file, and point Ansible to the vault password
file when it is run.</p>
<p>We do that latter, putting the vault password in the file <code>.vault_secret</code>.</p>
<p>To tell ansible wehre to find the vault password, we set <code>vault_password_file</code>
in the configuration file. In both configuration files, we have:</p>
<div class="codehilite"><pre><span></span>vault_password_file = .vault_secret
</pre></div>
<p>Put your password into the file <code>.vault_secret</code> and use this
configuration file (by pointing to it with the <code>ANSIBLE_CONFIG</code>
environment variable when running ansible).</p>
<h2 id="adding-new-secret-variables">Adding new secret variables<a class="headerlink" href="#adding-new-secret-variables" title="Permanent link">&para;</a></h2>
<p>Suppose we have a role that utilizes a variable that is sensitive
and should remain secret. To do this, we set up a series of
variable definitions that allow the secret defined in the vault
to be used for different roles.</p>
<p>Suppose we have a role that uses an API key in a command. The role
utilizes a variable <code>{{ api_key }}</code> like so:</p>
<p><code>roles/my-role/tasks/main.yml</code>:</p>
<div class="codehilite"><pre><span></span><span class="nn">---</span>
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">A simple example task using a secret variable</span>
<span class="nt">command</span><span class="p">:</span> <span class="s">&quot;python</span><span class="nv"> </span><span class="s">script.py</span><span class="nv"> </span><span class="s">--api-key={{</span><span class="nv"> </span><span class="s">api_key</span><span class="nv"> </span><span class="s">}}&quot;</span>
</pre></div>
<p>If the variable <code>api_key</code> is defined in the task default variable
values, this command will be run but with an invalid API key.
If the above command should <em>only</em> be run with a valid API key,
you can leave <code>api_key</code> out of the default variable values.</p>
<p>Here is what that would look like, if you defined the API key
to be an empty string by default:</p>
<p><code>roles/my-role/defaults/main.yml</code>:</p>
<div class="codehilite"><pre><span></span><span class="nn">---</span>
<span class="nt">api_key</span><span class="p">:</span> <span class="s">&quot;&quot;</span>
</pre></div>
<p>To set the real <code>api_key</code> value, override the default variable
value in the playbook(s) that run that role. For example, if
the role <code>my-role</code> is called from a playbook <code>main.yml</code>,</p>
<p><code>main.yml</code>:</p>
<div class="codehilite"><pre><span></span><span class="nn">---</span>
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Run my-role</span>
<span class="nt">roles</span><span class="p">:</span>
<span class="p p-Indicator">-</span> <span class="nt">role</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">my-role</span>
<span class="nt">api_key</span><span class="p">:</span> <span class="s">&quot;{{</span><span class="nv"> </span><span class="s">charlesreid1_api_key</span><span class="nv"> </span><span class="s">}}&quot;</span>
</pre></div>
<p>This specifies that the <code>api_key</code> variable should be set to the
value of the variable <code>charlesreid1_api_key</code>.</p>
<p>The prefix <code>charlesreid1</code> indicates a site-specific variable setting.
Those variables are contained in <code>group_vars/all/main.yml</code>.
The variable is defined there, but it is also defining the variable
to be set to another variable value:</p>
<p><code>group_vars/all/main.yml</code>:</p>
<div class="codehilite"><pre><span></span><span class="nn">---</span>
<span class="nt">charlesreid1_api_key</span><span class="p">:</span> <span class="s">&quot;{{</span><span class="nv"> </span><span class="s">vault_api_key</span><span class="nv"> </span><span class="s">}}&quot;</span>
</pre></div>
<p>The last step is to define the variable in the vault.
This is where we use the <code>ansible-vault</code> command to edit
the vault file:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;my_config.cfg&quot; ansible-vault edit group_vars/all/vault
</pre></div>
<p>This is where you put the real API key:</p>
<p><code>group_vars/all/vault</code>:</p>
<div class="codehilite"><pre><span></span><span class="nn">---</span>
<span class="nt">vault_api_key</span><span class="p">:</span> <span class="s">&quot;ABCXYZ123456&quot;</span>
</pre></div>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../ansible_playbooks/" title="Ansible Playbooks" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Ansible Playbooks
</span>
</div>
</a>
<a href="../ansible_cowsay/" title="Ansible Cowsay" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Ansible Cowsay
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.e72fd936.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
<script src="../search/main.js"></script>
</body>
</html>

4
assets/fonts/font-awesome.css vendored

File diff suppressed because one or more lines are too long

13
assets/fonts/material-icons.css

@ -0,0 +1,13 @@
/*!
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING, SOFTWARE
* DISTRIBUTED UNDER THE LICENSE IS DISTRIBUTED ON AN "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
* SEE THE LICENSE FOR THE SPECIFIC LANGUAGE GOVERNING PERMISSIONS AND
* LIMITATIONS UNDER THE LICENSE.
*/@font-face{font-family:"Material Icons";font-style:normal;font-weight:400;src:local("Material Icons"),local("MaterialIcons-Regular"),url("specimen/MaterialIcons-Regular.woff2") format("woff2"),url("specimen/MaterialIcons-Regular.woff") format("woff"),url("specimen/MaterialIcons-Regular.ttf") format("truetype")}

BIN
assets/fonts/specimen/FontAwesome.ttf

Binary file not shown.

BIN
assets/fonts/specimen/FontAwesome.woff

Binary file not shown.

BIN
assets/fonts/specimen/FontAwesome.woff2

Binary file not shown.

BIN
assets/fonts/specimen/MaterialIcons-Regular.ttf

Binary file not shown.

BIN
assets/fonts/specimen/MaterialIcons-Regular.woff

Binary file not shown.

BIN
assets/fonts/specimen/MaterialIcons-Regular.woff2

Binary file not shown.

BIN
assets/images/favicon.png

Binary file not shown.

After

Width:  |  Height:  |  Size: 521 B

20
assets/images/icons/bitbucket.1b09e088.svg

@ -0,0 +1,20 @@
<svg xmlns="http://www.w3.org/2000/svg" width="352" height="448"
viewBox="0 0 352 448" id="__bitbucket">
<path fill="currentColor" d="M203.75 214.75q2 15.75-12.625 25.25t-27.875
1.5q-9.75-4.25-13.375-14.5t-0.125-20.5 13-14.5q9-4.5 18.125-3t16 8.875
6.875 16.875zM231.5 209.5q-3.5-26.75-28.25-41t-49.25-3.25q-15.75
7-25.125 22.125t-8.625 32.375q1 22.75 19.375 38.75t41.375 14q22.75-2
38-21t12.5-42zM291.25
74q-5-6.75-14-11.125t-14.5-5.5-17.75-3.125q-72.75-11.75-141.5 0.5-10.75
1.75-16.5 3t-13.75 5.5-12.5 10.75q7.5 7 19 11.375t18.375 5.5 21.875
2.875q57 7.25 112 0.25 15.75-2 22.375-3t18.125-5.375 18.75-11.625zM305.5
332.75q-2 6.5-3.875 19.125t-3.5 21-7.125 17.5-14.5 14.125q-21.5
12-47.375 17.875t-50.5 5.5-50.375-4.625q-11.5-2-20.375-4.5t-19.125-6.75-18.25-10.875-13-15.375q-6.25-24-14.25-73l1.5-4
4.5-2.25q55.75 37 126.625 37t126.875-37q5.25 1.5 6 5.75t-1.25 11.25-2
9.25zM350.75 92.5q-6.5 41.75-27.75 163.75-1.25 7.5-6.75 14t-10.875
10-13.625 7.75q-63 31.5-152.5
22-62-6.75-98.5-34.75-3.75-3-6.375-6.625t-4.25-8.75-2.25-8.5-1.5-9.875-1.375-8.75q-2.25-12.5-6.625-37.5t-7-40.375-5.875-36.875-5.5-39.5q0.75-6.5
4.375-12.125t7.875-9.375 11.25-7.5 11.5-5.625 12-4.625q31.25-11.5
78.25-16 94.75-9.25 169 12.5 38.75 11.5 53.75 30.5 4 5 4.125
12.75t-1.375 13.5z" />
</svg>

After

Width:  |  Height:  |  Size: 1.4 KiB

18
assets/images/icons/github.f0b8504a.svg

@ -0,0 +1,18 @@
<svg xmlns="http://www.w3.org/2000/svg" width="416" height="448"
viewBox="0 0 416 448" id="__github">
<path fill="currentColor" d="M160 304q0 10-3.125 20.5t-10.75 19-18.125
8.5-18.125-8.5-10.75-19-3.125-20.5 3.125-20.5 10.75-19 18.125-8.5
18.125 8.5 10.75 19 3.125 20.5zM320 304q0 10-3.125 20.5t-10.75
19-18.125 8.5-18.125-8.5-10.75-19-3.125-20.5 3.125-20.5 10.75-19
18.125-8.5 18.125 8.5 10.75 19 3.125 20.5zM360
304q0-30-17.25-51t-46.75-21q-10.25 0-48.75 5.25-17.75 2.75-39.25
2.75t-39.25-2.75q-38-5.25-48.75-5.25-29.5 0-46.75 21t-17.25 51q0 22 8
38.375t20.25 25.75 30.5 15 35 7.375 37.25 1.75h42q20.5 0
37.25-1.75t35-7.375 30.5-15 20.25-25.75 8-38.375zM416 260q0 51.75-15.25
82.75-9.5 19.25-26.375 33.25t-35.25 21.5-42.5 11.875-42.875 5.5-41.75
1.125q-19.5 0-35.5-0.75t-36.875-3.125-38.125-7.5-34.25-12.875-30.25-20.25-21.5-28.75q-15.5-30.75-15.5-82.75
0-59.25 34-99-6.75-20.5-6.75-42.5 0-29 12.75-54.5 27 0 47.5 9.875t47.25
30.875q36.75-8.75 77.25-8.75 37 0 70 8 26.25-20.5
46.75-30.25t47.25-9.75q12.75 25.5 12.75 54.5 0 21.75-6.75 42 34 40 34
99.5z" />
</svg>

After

Width:  |  Height:  |  Size: 1.2 KiB

38
assets/images/icons/gitlab.6dd19c00.svg

@ -0,0 +1,38 @@
<svg xmlns="http://www.w3.org/2000/svg" width="500" height="500"
viewBox="0 0 500 500" id="__gitlab">
<g transform="translate(156.197863, 1.160267)">
<path fill="currentColor"
d="M93.667,473.347L93.667,473.347l90.684-279.097H2.983L93.667,
473.347L93.667,473.347z" />
</g>
<g transform="translate(28.531199, 1.160800)" opacity="0.7">
<path fill="currentColor"
d="M221.333,473.345L130.649,194.25H3.557L221.333,473.345L221.333,
473.345z" />
</g>
<g transform="translate(0.088533, 0.255867)" opacity="0.5">
<path fill="currentColor"
d="M32,195.155L32,195.155L4.441,279.97c-2.513,7.735,0.24,16.21,6.821,
20.99l238.514,173.29 L32,195.155L32,195.155z" />
</g>
<g transform="translate(29.421866, 280.255593)">
<path fill="currentColor"
d="M2.667-84.844h127.092L75.14-252.942c-2.811-8.649-15.047-8.649-17.856,
0L2.667-84.844 L2.667-84.844z" />
</g>
<g transform="translate(247.197860, 1.160800)" opacity="0.7">
<path fill="currentColor"
d="M2.667,473.345L93.351,194.25h127.092L2.667,473.345L2.667,
473.345z" />
</g>
<g transform="translate(246.307061, 0.255867)" opacity="0.5">
<path fill="currentColor"
d="M221.334,195.155L221.334,195.155l27.559,84.815c2.514,7.735-0.24,
16.21-6.821,20.99 L3.557,474.25L221.334,195.155L221.334,195.155z" />
</g>
<g transform="translate(336.973725, 280.255593)">
<path fill="currentColor"
d="M130.667-84.844H3.575l54.618-168.098c2.811-8.649,15.047-8.649,
17.856,0L130.667-84.844 L130.667-84.844z" />
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.6 KiB

1
assets/javascripts/application.e72fd936.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.da.js

@ -0,0 +1 @@
!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r,i,n;e.da=function(){this.pipeline.reset(),this.pipeline.add(e.da.trimmer,e.da.stopWordFilter,e.da.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.da.stemmer))},e.da.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.da.trimmer=e.trimmerSupport.generateTrimmer(e.da.wordCharacters),e.Pipeline.registerFunction(e.da.trimmer,"trimmer-da"),e.da.stemmer=(r=e.stemmerSupport.Among,i=e.stemmerSupport.SnowballProgram,n=new function(){var e,n,t,s=[new r("hed",-1,1),new r("ethed",0,1),new r("ered",-1,1),new r("e",-1,1),new r("erede",3,1),new r("ende",3,1),new r("erende",5,1),new r("ene",3,1),new r("erne",3,1),new r("ere",3,1),new r("en",-1,1),new r("heden",10,1),new r("eren",10,1),new r("er",-1,1),new r("heder",13,1),new r("erer",13,1),new r("s",-1,2),new r("heds",16,1),new r("es",16,1),new r("endes",18,1),new r("erendes",19,1),new r("enes",18,1),new r("ernes",18,1),new r("eres",18,1),new r("ens",16,1),new r("hedens",24,1),new r("erens",24,1),new r("ers",16,1),new r("ets",16,1),new r("erets",28,1),new r("et",-1,1),new r("eret",30,1)],o=[new r("gd",-1,-1),new r("dt",-1,-1),new r("gt",-1,-1),new r("kt",-1,-1)],a=[new r("ig",-1,1),new r("lig",0,1),new r("elig",1,1),new r("els",-1,1),new r("løst",-1,2)],d=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],u=[239,254,42,3,0,0,0,0,0,0,0,0,0,0,0,0,16],c=new i;function l(){var e,r=c.limit-c.cursor;c.cursor>=n&&(e=c.limit_backward,c.limit_backward=n,c.ket=c.cursor,c.find_among_b(o,4)?(c.bra=c.cursor,c.limit_backward=e,c.cursor=c.limit-r,c.cursor>c.limit_backward&&(c.cursor--,c.bra=c.cursor,c.slice_del())):c.limit_backward=e)}this.setCurrent=function(e){c.setCurrent(e)},this.getCurrent=function(){return c.getCurrent()},this.stem=function(){var r,i=c.cursor;return function(){var r,i=c.cursor+3;if(n=c.limit,0<=i&&i<=c.limit){for(e=i;;){if(r=c.cursor,c.in_grouping(d,97,248)){c.cursor=r;break}if(c.cursor=r,r>=c.limit)return;c.cursor++}for(;!c.out_grouping(d,97,248);){if(c.cursor>=c.limit)return;c.cursor++}(n=c.cursor)<e&&(n=e)}}(),c.limit_backward=i,c.cursor=c.limit,function(){var e,r;if(c.cursor>=n&&(r=c.limit_backward,c.limit_backward=n,c.ket=c.cursor,e=c.find_among_b(s,32),c.limit_backward=r,e))switch(c.bra=c.cursor,e){case 1:c.slice_del();break;case 2:c.in_grouping_b(u,97,229)&&c.slice_del()}}(),c.cursor=c.limit,l(),c.cursor=c.limit,function(){var e,r,i,t=c.limit-c.cursor;if(c.ket=c.cursor,c.eq_s_b(2,"st")&&(c.bra=c.cursor,c.eq_s_b(2,"ig")&&c.slice_del()),c.cursor=c.limit-t,c.cursor>=n&&(r=c.limit_backward,c.limit_backward=n,c.ket=c.cursor,e=c.find_among_b(a,5),c.limit_backward=r,e))switch(c.bra=c.cursor,e){case 1:c.slice_del(),i=c.limit-c.cursor,l(),c.cursor=c.limit-i;break;case 2:c.slice_from("løs")}}(),c.cursor=c.limit,c.cursor>=n&&(r=c.limit_backward,c.limit_backward=n,c.ket=c.cursor,c.out_grouping_b(d,97,248)?(c.bra=c.cursor,t=c.slice_to(t),c.limit_backward=r,c.eq_v_b(t)&&c.slice_del()):c.limit_backward=r),!0}},function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}),e.Pipeline.registerFunction(e.da.stemmer,"stemmer-da"),e.da.stopWordFilter=e.generateStopWordFilter("ad af alle alt anden at blev blive bliver da de dem den denne der deres det dette dig din disse dog du efter eller en end er et for fra ham han hans har havde have hende hendes her hos hun hvad hvis hvor i ikke ind jeg jer jo kunne man mange med meget men mig min mine mit mod ned noget nogle nu når og også om op os over på selv sig sin sine sit skal skulle som sådan thi til ud under var vi vil ville vor være været".split(" ")),e.Pipeline.registerFunction(e.da.stopWordFilter,"stopWordFilter-da")}});

1
assets/javascripts/lunr/lunr.de.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.du.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.es.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.fi.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.fr.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.hu.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.it.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.jp.js

@ -0,0 +1 @@
!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r="2"==e.version[0];e.jp=function(){this.pipeline.reset(),this.pipeline.add(e.jp.stopWordFilter,e.jp.stemmer),r?this.tokenizer=e.jp.tokenizer:(e.tokenizer&&(e.tokenizer=e.jp.tokenizer),this.tokenizerFn&&(this.tokenizerFn=e.jp.tokenizer))};var t=new e.TinySegmenter;e.jp.tokenizer=function(n){if(!arguments.length||null==n||null==n)return[];if(Array.isArray(n))return n.map(function(t){return r?new e.Token(t.toLowerCase()):t.toLowerCase()});for(var i=n.toString().toLowerCase().replace(/^\s+/,""),o=i.length-1;o>=0;o--)if(/\S/.test(i.charAt(o))){i=i.substring(0,o+1);break}return t.segment(i).filter(function(e){return!!e}).map(function(t){return r?new e.Token(t):t})},e.jp.stemmer=function(e){return e},e.Pipeline.registerFunction(e.jp.stemmer,"stemmer-jp"),e.jp.wordCharacters="一二三四五六七八九十百千万億兆一-龠々〆ヵヶぁ-んァ-ヴーア-ン゙a-zA-Za-zA-Z0-90-9",e.jp.stopWordFilter=function(t){if(-1===e.jp.stopWordFilter.stopWords.indexOf(r?t.toString():t))return t},e.jp.stopWordFilter=e.generateStopWordFilter("これ それ あれ この その あの ここ そこ あそこ こちら どこ だれ なに なん 何 私 貴方 貴方方 我々 私達 あの人 あのかた 彼女 彼 です あります おります います は が の に を で え から まで より も どの と し それで しかし".split(" ")),e.Pipeline.registerFunction(e.jp.stopWordFilter,"stopWordFilter-jp")}});

1
assets/javascripts/lunr/lunr.multi.js

@ -0,0 +1 @@
!function(e,i){"function"==typeof define&&define.amd?define(i):"object"==typeof exports?module.exports=i():i()(e.lunr)}(this,function(){return function(e){e.multiLanguage=function(){for(var i=Array.prototype.slice.call(arguments),t=i.join("-"),r="",n=[],s=[],p=0;p<i.length;++p)"en"==i[p]?(r+="\\w",n.unshift(e.stopWordFilter),n.push(e.stemmer),s.push(e.stemmer)):(r+=e[i[p]].wordCharacters,n.unshift(e[i[p]].stopWordFilter),n.push(e[i[p]].stemmer),s.push(e[i[p]].stemmer));var o=e.trimmerSupport.generateTrimmer(r);return e.Pipeline.registerFunction(o,"lunr-multi-trimmer-"+t),n.unshift(o),function(){this.pipeline.reset(),this.pipeline.add.apply(this.pipeline,n),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add.apply(this.searchPipeline,s))}}}});

1
assets/javascripts/lunr/lunr.no.js

@ -0,0 +1 @@
!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r,n,i;e.no=function(){this.pipeline.reset(),this.pipeline.add(e.no.trimmer,e.no.stopWordFilter,e.no.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.no.stemmer))},e.no.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.no.trimmer=e.trimmerSupport.generateTrimmer(e.no.wordCharacters),e.Pipeline.registerFunction(e.no.trimmer,"trimmer-no"),e.no.stemmer=(r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,i=new function(){var e,i,t=[new r("a",-1,1),new r("e",-1,1),new r("ede",1,1),new r("ande",1,1),new r("ende",1,1),new r("ane",1,1),new r("ene",1,1),new r("hetene",6,1),new r("erte",1,3),new r("en",-1,1),new r("heten",9,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",12,1),new r("s",-1,2),new r("as",14,1),new r("es",14,1),new r("edes",16,1),new r("endes",16,1),new r("enes",16,1),new r("hetenes",19,1),new r("ens",14,1),new r("hetens",21,1),new r("ers",14,1),new r("ets",14,1),new r("et",-1,1),new r("het",25,1),new r("ert",-1,3),new r("ast",-1,1)],o=[new r("dt",-1,-1),new r("vt",-1,-1)],s=[new r("leg",-1,1),new r("eleg",0,1),new r("ig",-1,1),new r("eig",2,1),new r("lig",2,1),new r("elig",4,1),new r("els",-1,1),new r("lov",-1,1),new r("elov",7,1),new r("slov",7,1),new r("hetslov",9,1)],a=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],m=[119,125,149,1],l=new n;this.setCurrent=function(e){l.setCurrent(e)},this.getCurrent=function(){return l.getCurrent()},this.stem=function(){var r,n,u,d,c=l.cursor;return function(){var r,n=l.cursor+3;if(i=l.limit,0<=n||n<=l.limit){for(e=n;;){if(r=l.cursor,l.in_grouping(a,97,248)){l.cursor=r;break}if(r>=l.limit)return;l.cursor=r+1}for(;!l.out_grouping(a,97,248);){if(l.cursor>=l.limit)return;l.cursor++}(i=l.cursor)<e&&(i=e)}}(),l.limit_backward=c,l.cursor=l.limit,function(){var e,r,n;if(l.cursor>=i&&(r=l.limit_backward,l.limit_backward=i,l.ket=l.cursor,e=l.find_among_b(t,29),l.limit_backward=r,e))switch(l.bra=l.cursor,e){case 1:l.slice_del();break;case 2:n=l.limit-l.cursor,l.in_grouping_b(m,98,122)?l.slice_del():(l.cursor=l.limit-n,l.eq_s_b(1,"k")&&l.out_grouping_b(a,97,248)&&l.slice_del());break;case 3:l.slice_from("er")}}(),l.cursor=l.limit,n=l.limit-l.cursor,l.cursor>=i&&(r=l.limit_backward,l.limit_backward=i,l.ket=l.cursor,l.find_among_b(o,2)?(l.bra=l.cursor,l.limit_backward=r,l.cursor=l.limit-n,l.cursor>l.limit_backward&&(l.cursor--,l.bra=l.cursor,l.slice_del())):l.limit_backward=r),l.cursor=l.limit,l.cursor>=i&&(d=l.limit_backward,l.limit_backward=i,l.ket=l.cursor,(u=l.find_among_b(s,11))?(l.bra=l.cursor,l.limit_backward=d,1==u&&l.slice_del()):l.limit_backward=d),!0}},function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}),e.Pipeline.registerFunction(e.no.stemmer,"stemmer-no"),e.no.stopWordFilter=e.generateStopWordFilter("alle at av bare begge ble blei bli blir blitt både båe da de deg dei deim deira deires dem den denne der dere deres det dette di din disse ditt du dykk dykkar då eg ein eit eitt eller elles en enn er et ett etter for fordi fra før ha hadde han hans har hennar henne hennes her hjå ho hoe honom hoss hossen hun hva hvem hver hvilke hvilken hvis hvor hvordan hvorfor i ikke ikkje ikkje ingen ingi inkje inn inni ja jeg kan kom korleis korso kun kunne kva kvar kvarhelst kven kvi kvifor man mange me med medan meg meget mellom men mi min mine mitt mot mykje ned no noe noen noka noko nokon nokor nokre nå når og også om opp oss over på samme seg selv si si sia sidan siden sin sine sitt sjøl skal skulle slik so som som somme somt så sånn til um upp ut uten var vart varte ved vere verte vi vil ville vore vors vort vår være være vært å".split(" ")),e.Pipeline.registerFunction(e.no.stopWordFilter,"stopWordFilter-no")}});

1
assets/javascripts/lunr/lunr.pt.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.ro.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.ru.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/lunr.stemmer.support.js

@ -0,0 +1 @@
!function(r,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(r.lunr)}(this,function(){return function(r){r.stemmerSupport={Among:function(r,t,i,s){if(this.toCharArray=function(r){for(var t=r.length,i=new Array(t),s=0;s<t;s++)i[s]=r.charCodeAt(s);return i},!r&&""!=r||!t&&0!=t||!i)throw"Bad Among initialisation: s:"+r+", substring_i: "+t+", result: "+i;this.s_size=r.length,this.s=this.toCharArray(r),this.substring_i=t,this.result=i,this.method=s},SnowballProgram:function(){var r;return{bra:0,ket:0,limit:0,cursor:0,limit_backward:0,setCurrent:function(t){r=t,this.cursor=0,this.limit=t.length,this.limit_backward=0,this.bra=this.cursor,this.ket=this.limit},getCurrent:function(){var t=r;return r=null,t},in_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e<=s&&e>=i&&t[(e-=i)>>3]&1<<(7&e))return this.cursor++,!0}return!1},in_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e<=s&&e>=i&&t[(e-=i)>>3]&1<<(7&e))return this.cursor--,!0}return!1},out_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e>s||e<i)return this.cursor++,!0;if(!(t[(e-=i)>>3]&1<<(7&e)))return this.cursor++,!0}return!1},out_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e>s||e<i)return this.cursor--,!0;if(!(t[(e-=i)>>3]&1<<(7&e)))return this.cursor--,!0}return!1},eq_s:function(t,i){if(this.limit-this.cursor<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor+s)!=i.charCodeAt(s))return!1;return this.cursor+=t,!0},eq_s_b:function(t,i){if(this.cursor-this.limit_backward<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor-t+s)!=i.charCodeAt(s))return!1;return this.cursor-=t,!0},find_among:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=l;m<_.s_size;m++){if(n+l==u){f=-1;break}if(f=r.charCodeAt(n+l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0||e==s||c)break;c=!0}}for(;;){if(o>=(_=t[s]).s_size){if(this.cursor=n+_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n+_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},find_among_b:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit_backward,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=(m=t[a]).s_size-1-l;_>=0;_--){if(n-l==u){f=-1;break}if(f=r.charCodeAt(n-1-l)-m.s[_])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0||e==s||c)break;c=!0}}for(;;){var m;if(o>=(m=t[s]).s_size){if(this.cursor=n-m.s_size,!m.method)return m.result;var b=m.method();if(this.cursor=n-m.s_size,b)return m.result}if((s=m.substring_i)<0)return 0}},replace_s:function(t,i,s){var e=s.length-(i-t),n=r.substring(0,t),u=r.substring(i);return r=n+s+u,this.limit+=e,this.cursor>=i?this.cursor+=e:this.cursor>t&&(this.cursor=t),e},slice_check:function(){if(this.bra<0||this.bra>this.ket||this.ket>this.limit||this.limit>r.length)throw"faulty slice operation"},slice_from:function(r){this.slice_check(),this.replace_s(this.bra,this.ket,r)},slice_del:function(){this.slice_from("")},insert:function(r,t,i){var s=this.replace_s(r,t,i);r<=this.bra&&(this.bra+=s),r<=this.ket&&(this.ket+=s)},slice_to:function(){return this.slice_check(),r.substring(this.bra,this.ket)},eq_v_b:function(r){return this.eq_s_b(r.length,r)}}}},r.trimmerSupport={generateTrimmer:function(r){var t=new RegExp("^[^"+r+"]+"),i=new RegExp("[^"+r+"]+$");return function(r){return"function"==typeof r.update?r.update(function(r){return r.replace(t,"").replace(i,"")}):r.replace(t,"").replace(i,"")}}}}});

1
assets/javascripts/lunr/lunr.sv.js

@ -0,0 +1 @@
!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r,n,t;e.sv=function(){this.pipeline.reset(),this.pipeline.add(e.sv.trimmer,e.sv.stopWordFilter,e.sv.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.sv.stemmer))},e.sv.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.sv.trimmer=e.trimmerSupport.generateTrimmer(e.sv.wordCharacters),e.Pipeline.registerFunction(e.sv.trimmer,"trimmer-sv"),e.sv.stemmer=(r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,t=new function(){var e,t,i=[new r("a",-1,1),new r("arna",0,1),new r("erna",0,1),new r("heterna",2,1),new r("orna",0,1),new r("ad",-1,1),new r("e",-1,1),new r("ade",6,1),new r("ande",6,1),new r("arne",6,1),new r("are",6,1),new r("aste",6,1),new r("en",-1,1),new r("anden",12,1),new r("aren",12,1),new r("heten",12,1),new r("ern",-1,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",18,1),new r("or",-1,1),new r("s",-1,2),new r("as",21,1),new r("arnas",22,1),new r("ernas",22,1),new r("ornas",22,1),new r("es",21,1),new r("ades",26,1),new r("andes",26,1),new r("ens",21,1),new r("arens",29,1),new r("hetens",29,1),new r("erns",21,1),new r("at",-1,1),new r("andet",-1,1),new r("het",-1,1),new r("ast",-1,1)],s=[new r("dd",-1,-1),new r("gd",-1,-1),new r("nn",-1,-1),new r("dt",-1,-1),new r("gt",-1,-1),new r("kt",-1,-1),new r("tt",-1,-1)],a=[new r("ig",-1,1),new r("lig",0,1),new r("els",-1,1),new r("fullt",-1,3),new r("löst",-1,2)],o=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,24,0,32],u=[119,127,149],m=new n;this.setCurrent=function(e){m.setCurrent(e)},this.getCurrent=function(){return m.getCurrent()},this.stem=function(){var r,n=m.cursor;return function(){var r,n=m.cursor+3;if(t=m.limit,0<=n||n<=m.limit){for(e=n;;){if(r=m.cursor,m.in_grouping(o,97,246)){m.cursor=r;break}if(m.cursor=r,m.cursor>=m.limit)return;m.cursor++}for(;!m.out_grouping(o,97,246);){if(m.cursor>=m.limit)return;m.cursor++}(t=m.cursor)<e&&(t=e)}}(),m.limit_backward=n,m.cursor=m.limit,function(){var e,r=m.limit_backward;if(m.cursor>=t&&(m.limit_backward=t,m.cursor=m.limit,m.ket=m.cursor,e=m.find_among_b(i,37),m.limit_backward=r,e))switch(m.bra=m.cursor,e){case 1:m.slice_del();break;case 2:m.in_grouping_b(u,98,121)&&m.slice_del()}}(),m.cursor=m.limit,r=m.limit_backward,m.cursor>=t&&(m.limit_backward=t,m.cursor=m.limit,m.find_among_b(s,7)&&(m.cursor=m.limit,m.ket=m.cursor,m.cursor>m.limit_backward&&(m.bra=--m.cursor,m.slice_del())),m.limit_backward=r),m.cursor=m.limit,function(){var e,r;if(m.cursor>=t){if(r=m.limit_backward,m.limit_backward=t,m.cursor=m.limit,m.ket=m.cursor,e=m.find_among_b(a,5))switch(m.bra=m.cursor,e){case 1:m.slice_del();break;case 2:m.slice_from("lös");break;case 3:m.slice_from("full")}m.limit_backward=r}}(),!0}},function(e){return"function"==typeof e.update?e.update(function(e){return t.setCurrent(e),t.stem(),t.getCurrent()}):(t.setCurrent(e),t.stem(),t.getCurrent())}),e.Pipeline.registerFunction(e.sv.stemmer,"stemmer-sv"),e.sv.stopWordFilter=e.generateStopWordFilter("alla allt att av blev bli blir blivit de dem den denna deras dess dessa det detta dig din dina ditt du där då efter ej eller en er era ert ett från för ha hade han hans har henne hennes hon honom hur här i icke ingen inom inte jag ju kan kunde man med mellan men mig min mina mitt mot mycket ni nu när någon något några och om oss på samma sedan sig sin sina sitta själv skulle som så sådan sådana sådant till under upp ut utan vad var vara varför varit varje vars vart vem vi vid vilka vilkas vilken vilket vår våra vårt än är åt över".split(" ")),e.Pipeline.registerFunction(e.sv.stopWordFilter,"stopWordFilter-sv")}});

1
assets/javascripts/lunr/lunr.tr.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/lunr/tinyseg.js

File diff suppressed because one or more lines are too long

1
assets/javascripts/modernizr.1aa3b519.js

File diff suppressed because one or more lines are too long

1176
assets/stylesheets/application-palette.22915126.css

File diff suppressed because it is too large Load Diff

2552
assets/stylesheets/application.451f80e5.css

File diff suppressed because it is too large Load Diff

82
base.yml

@ -1,82 +0,0 @@
---
# main playbook for
# all charlesreid1 nodes
- name: Initial setup root
hosts: servers
roles:
- role: init-root
tags: init-root
become: yes
- name: Install packages with aptitude
hosts: servers
roles:
- role: install-stuff
tags: install-stuff
become: yes
- name: Install docker and docker-compose
hosts: servers
roles:
- role: docker
become: yes
- name: Initial setup non-root
hosts: servers
roles:
- role: init-nonroot
tags: init-nonroot
- name: Set up SSH keys
hosts: servers
roles:
- role: sshkeys
tags: sshkeys
- name: Set up dotfiles
hosts: servers
roles:
- role: dotfiles
tags: dotfiles
- name: Set up vim
hosts: servers
roles:
- role: vim
tags: vim
- name: Install pyenv
hosts: servers
roles:
- role: pyenv
tags: pyenv
become: yes
- name: Install goenv
hosts: servers
roles:
- role: goenv
tags: goenv
become: yes
#- name: Install AWS credentials and tools
# hosts: servers
# roles:
# - role: aws
# tags: aws
# aws_secret_access_key: "{{ charlesreid1_aws_secret_access_key }}"
# aws_access_key_id: "{{ charlesreid1_aws_access_key_id }}"

0
docs/css/custom.css → css/custom.css

8
do.cfg

@ -1,8 +0,0 @@
[defaults]
inventory = dohosts
remote_user = root
private_key_file = ~/.ssh/id_rsa
host_key_checking = False
vault_password_file = .vault_secret
log_path = ansible_do.log
command_warnings = raise

121
docs/ansible_cowsay.md

@ -1,121 +0,0 @@
# Ansible Cowsay
This page covers the `cowsay` command and all the cows
that show up when you run ansible.
Table of Contents
=================
* [Wat](#wat)
* [Turn off cows](#turn-off-cows)
* [Weird cows](#weird-cows)
## Wat
One of the first things you notice about ansible is that
it tells you what's going on via a series of cows:
```plain
____________
< PLAY [all] >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
```
That's because Ansible is wrapping log messages with the
program cowsay, which prints out text in a text bubble
accompanied by a cow.
## Turn off cows
To turn off the cows, set `ANSIBLE_NOCOWS=1`:
```
ANSIBLE_NOCOWS=1 \
ANSIBLE_CONFIG="vagrant.cfg" \
ansible-playbook \
base.yml
```
which is boring:
```
GATHERING FACTS ***************************************************************
ok: [127.0.0.1]
```
## Weird cows
Fortunately, cowsay comes with many kinds of cows:
```plain
$ cowsay -l
Cow files in /usr/local/Cellar/cowsay/3.04/share/cows:
beavis.zen blowfish bong bud-frogs bunny cheese cower daemon default dragon
dragon-and-cow elephant elephant-in-snake eyes flaming-sheep ghostbusters
head-in hellokitty kiss kitty koala kosh luke-koala meow milk moofasa moose
mutilated ren satanic sheep skeleton small sodomized stegosaurus stimpy
supermilker surgery telebears three-eyes turkey turtle tux udder vader
vader-koala www
```
...so many questions.
To specify a particular cow, set the `ANSIBLE_COW_SELECTION` variable:
```plain
ANSIBLE_COW_SELECTION=vader
```
gives you
```
___________________________
< PLAY [Initial setup root] >
---------------------------
\ ,-^-.
\ !oYo!
\ /./=\.\______
## )\/\
||-----w||
|| ||
Cowth Vader
________________________
< TASK [Gathering Facts] >
------------------------
\ ,-^-.
\ !oYo!
\ /./=\.\______
## )\/\
||-----w||
|| ||
Cowth Vader
```
Here is `ANSIBLE_COW_SELECTION=tux`:
```plain
< GATHERING FACTS >
-----------------
\
\
.--.
|o_o |
|:_/ |
// \ \
(| | )
/'\_ _/`\
\___)=(___/
```

81
docs/ansible_do.md

@ -1,81 +0,0 @@
# Digital Ocean Quickstart
This quickstart walks through the process
of setting up a Digital Ocean droplet
using these Ansible playbooks.
Table of Contents
=================
* [Droplet setup](#droplet-setup)
* [Run provision and base playbooks](#run-provision-and-base-playbooks)
* [Run pod playbooks](#run-pod-playbooks)
## Droplet setup
Start by logging in to your Digital Ocean account
and creating a droplet. You should be able to
create or specify an SSH key.
!!! warning
You must modify the path to the SSH private
key, specified in `do.cfg` (the Digital Ocean
Ansible config file), to match the SSH key that
you added to the droplet at its creation.
!!! warning
Once you create your droplet and it is connected
to the internet via a public IP, you must update
the file `dohosts` (the Digital Ocean Ansible
inventory file) to point to the correct IP address
for the droplet.
## Run provision and base playbooks
Once you have the correct SSH key in `do.cfg`
and the correct droplet IP address in `dohosts`,
you are ready to run the Ansible playbooks.
Run the provision playbook to prepare the droplet for Ansible:
```plain
ANSIBLE_CONFIG="do.cfg" \
ansible-playbook \
provision.yml
```
Now you can run the base playbook.
!!! warning
You must provide a `machine_name` parameter to
the base playbook. This variable is **_not_**
defined by default. Define it using the
`--extra-vars` flag.
Specifying a machine name using the `--extra-vars` flag:
```plain
ANSIBLE_CONFIG="do.cfg" \
ansible-playbook \
--extra-vars "machine_name=redbeard" \
base.yml
```
## Run pod playbooks
Once you've run the base playbook, you can install the
docker pod with the corresponding playbook by specifying
`ANSIBLE_CONFIG` and pointing to the Digital Ocean config file.
pod-charlesreid1:
```plain
ANSIBLE_CONFIG="do.cfg" \
ansible-playbook \
--extra-vars "machine_name=redbeard" \
podcharlesreid1.yml
```

81
docs/ansible_linode.md

@ -1,81 +0,0 @@
# Linode Quickstart
This quickstart walks through the process
of setting up a Linode node
using these Ansible playbooks.
Table of Contents
=================
* [Node setup](#node-setup)
* [Run provision and base playbooks](#run-provision-and-base-playbooks)
* [Run pod playbooks](#run-pod-playbooks)
## Node setup
Start by logging in to your Linode account
and creating a new node. You should be able to
create or specify an SSH key.
!!! warning
You must modify the path to the SSH private
key, specified in `linode.cfg` (the Linode
Ansible config file), to match the SSH key that
you added to the droplet at its creation.
!!! warning
Once you create your droplet and it is connected
to the internet via a public IP, you must update
the file `linodehosts` (the Linode Ansible
inventory file) to point to the correct IP address
for the node.
## Run provision and base playbooks
Once you have the correct SSH key in `linode.cfg`
and the correct droplet IP address in `linodehosts`,
you are ready to run the Ansible playbooks.
Run the provision playbook to prepare the droplet for Ansible:
```plain
ANSIBLE_CONFIG="linode.cfg" \
ansible-playbook \
provision.yml
```
Now you can run the base playbook.
!!! warning
You must provide a `machine_name` parameter to
the base playbook. This variable is **_not_**
defined by default. Define it using the
`--extra-vars` flag.
Specifying a machine name using the `--extra-vars` flag:
```plain
ANSIBLE_CONFIG="linode.cfg" \
ansible-playbook \
--extra-vars "machine_name=redbeard" \
base.yml
```
## Run pod playbooks
Once you've run the base playbook, you can install the
docker pod with the corresponding playbook by specifying
`ANSIBLE_CONFIG` and pointing to the Linode config file.
pod-charlesreid1:
```plain
ANSIBLE_CONFIG="linode.cfg" \
ansible-playbook \
--extra-vars "machine_name=redbeard" \
podcharlesreid1.yml
```

199
docs/ansible_playbooks.md

@ -1,199 +0,0 @@
# Ansible Playbooks
This page covers what playbooks are in this directory
and how to run them.
Table of Contents
=================
* [provision\.yml: Provision Your Remote Node](#provisionyml-provision-your-remote-node)
* [base\.yml: the base plays](#baseyml-the-base-plays)
* [podcharlesreid1\.yml: charlesreid1 docker pod play](#podcharlesreid1yml-charlesreid1-docker-pod-play)
* [List of Tags](#list-of-tags)
## provision.yml: Provision Your Remote Node
The provision playbook is a preparation step to ensure
Ansible has the software it needs to run. Specifically,
Ubuntu distributions do not come with `/usr/bin/python`
by default (only `/usr/bin/python3`), so the provision
step installs `/usr/bin/python`.
```plain
ANSIBLE_CONFIG="vagrant.cfg" vagrant provision
```
Running plays against a Linode/Digital Ocean node requires
the provision playbook to be run explicitly with the
command:
```plain
# Linode
ANSIBLE_CONFIG="linode.cfg" ansible-playbook provision.yml
# Digital Ocean
ANSIBLE_CONFIG="do.cfg" ansible-playbook provision.yml
```
Also see the Provision sections of the
[ansible_vagrant.md](ansible_vagrant.md)
and [ansible_do.md](ansible_do.md) pages.
## base.yml: the base plays
The base.yml playbook contains a base set of plays for all
charlesreid1.com nodes. This includes setup, tooling, dotfiles,
user accounts, SSH keys, and so on.
**This playbook does not define a machine name.** It is not
usually run explicitly, except in tests, so machine name must
be defined manually. To do that, use the `--extra-vars` flag:
```plain
ANSIBLE_CONFIG="vagrant.cfg" \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars "machine_name=yoyo" \
base.yml
```
To run on Linode:
```plain
ANSIBLE_CONFIG="linode.cfg" \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars "machine_name=yoyo" \
base.yml
```
To run on Digital Ocean:
```plain
ANSIBLE_CONFIG="do.cfg" \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars "machine_name=yoyo" \
base.yml
```
## podcharlesreid1.yml: charlesreid1 docker pod play
The charlesreid1 docker pod runs the following:
- nginx
- letsencrypt/certs
- mediawiki
- gitea
**Example:** Deploy the charlesreid1 docker pod play
on a Vagrant machine.
To do this, specify the Ansible-Vagrant configuration file
and the vagrant hosts file:
```plain
ANSIBLE_CONFIG="vagrant.cfg" \
ansible-playbook \
--vault-password-file=.vault_secret \
podcharlesreid1.yml
```
To set a custom hostname, use the `--extra-vars` flag as above:
```plain
ANSIBLE_CONFIG="vagrant.cfg" \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars "machine_name=yoyo" \
podcharlesreid1.yml
```
**Linode Example:**
```plain
ANSIBLE_CONFIG="linode.cfg" \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars "machine_name=yoyo" \
podcharlesreid1.yml
```
**Digital Ocean Example:**
```plain
ANSIBLE_CONFIG="do.cfg" \
ansible-playbook \
--vault-password-file=.vault_secret \
--extra-vars "machine_name=yoyo" \
podcharlesreid1.yml
```
## List of Tags
(Incomplete)
Each role has a tag associated with it, so you can
run each role in isolation:
* `aws`
* `init-root`
* `install-stuff`
* `goenv`
* `pyenv`
* `docker`
* `init-nonroot`
* `sshkeys`
* `dotfiles`
* `vim`
* `pod-charlesreid1`
### Base Playbook Tags
The base playbook `base.yml` includes the majority of
the roles, whose tags are listed here:
* `aws`
* `init-root`
* `install-stuff`
* `goenv`
* `pyenv`
* `docker`
* `init-nonroot`
* `sshkeys`
* `dotfiles`
* `vim`
The base playbook also uses the following tags
for sub-groups of tasks, or for groups of tasks
that cross roles:
* `aws_tools` (aws command line tools and libraries only)
* `aws_creds` (aws credentials only)
* `pip` (all tasks installing packages using pip)
* `apt` (all tasks installing packages using apt)
* `docker-no-compose` (docker-only tasks)
* `docker-compose` (docker-compose-only tasks)
* `root-ssh` (setup of ssh keys for root user)
* `nonroot-ssh` (setup of ssh keys for nonroot user)
### pod-charlesreid1 Playbook Tags
The pod-charlesreid1 playbook contains the docker pod
playbook for charlesreid1.com. This is a single role.
The entire role is run with the tag:
* `pod-charlesreid1`
Subtasks are grouped as follows:
* `pod-charlesreid1-services` (runs tasks that start the docker service and the pod service)
* `pod-charlesreid1-gitea` (set up gitea for pod-charlesreid1)
* `pod-charlesreid1-mw` (set up mediawiki for pod-charlesreid1)

76
docs/ansible_vagrant.md

@ -1,76 +0,0 @@
# Local Ansible Testing with Vagrant
Vagrant is a command-line wrapper around
VirtualBox and allows setting up one or more
virtual machines to test out Ansible playbooks
locally.
The repo contains a Vagrantfile (created with
the command `vagrant init ubuntu/xenial64`) that
has been modified to work with Ansible.
## Start Vagrant Machine
Start a Vagrant virtual machine using the `Vagrantfile`
by running the following command in this directory:
```plain
vagrant up
```
This will start a Ubuntu Xenial (16.04) machine.
## Provision Vagrant Machine (Setup Step)
Ansible can be used to provision the vagrant machine,
which is basically a step that gets it ready for
the "real" Ansible playbook.
(Specifically, the provision step installs `/usr/bin/python`,
which is not included by default in newer versions of
Ubuntu.)
Use the Ansible configuration file that is intended
for use with Vagrant, `vagrant.cfg`, when running
the vagrant provision command:
```plain
ANSIBLE_CONFIG="vagrant.cfg" vagrant provision
```
## Set Vagrant Configuration File
Now get info about how to SSH into the vagrant machines
and provide this information in the `vagranthosts`
Ansible inventory file:
```plain
vagrant ssh-config
```
Add information about the location of the
private key file, and any other details,
into `vagrant.cfg`:
**`vagrant.cfg`:**
```plain
[defaults]
inventory = vagranthosts
remote_user = vagrant
private_key_file = ~/.vagrant.d/insecure_private_key
host_key_checking = False
log_path = ansible_vagrant.log
command_warnings=False
vault_password_file = .vault_secret
```
This example points to a vault secret contained
in the file `.vault_secret` as seen in the last line.
See [Ansible Vault](ansible_vault.md) for more info
about vault secrets.

168
docs/ansible_vault.md

@ -1,168 +0,0 @@
# Ansible Vault
This page contains instructions for using the Ansible vault.
Link: [Ansible vault documentation](https://docs.ansible.com/ansible/2.4/vault.html#creating-encrypted-files)
Table of Contents
=================
* [What is Ansible Vault?](#what-is-ansible-vault)
* [Where is the vault file?](#where-is-the-vault-file)
* [How to view the vault file?](#how-to-view-the-vault-file)
* [How to create a vault file?](#how-to-create-a-vault-file)
* [How to edit the vault file?](#how-to-edit-the-vault-file)
* [How to use the vault file?](#how-to-use-the-vault-file)
* [Adding new secret variables](#adding-new-secret-variables)
## What is Ansible Vault?
Ansible provides a "vault" function that allows sensitive data
(passwords, sensitive info, or certificate files) to be encrypted,
so it can be stored in a repository with the rest of the playbook.
The vault is an ordinary YAML file that defines variables, except
that the variables it defines are sensitive. These variables can
be used elsewhere in the playbook.
Ansible provides an `ansible-vault` command to interact with
vault files.
## Where is the vault file?
There is currently one vault file that applies to all servers.
It is located in the repository at `group_vars/all/vault`.
## How to view the vault file?
To view the contents of the vault file, use the view action:
```plain
ansible-vault edit my_vault_file
```
## How to create a vault file?
No new vault files should be needed for this repository, but to create
a new vault file called `my_vault_file`, use the create action:
```plain
ansible-vault create my_vault_file
```
## How to edit the vault file?
To edit the contents of the vualt file, use the edit action
```plain
EDITOR="vim" ansible-vault edit my_vault_file
```
## How to use the vault file?
Vault files are used by ansible in the process of running playbooks.
The user can provide Ansible with the vault password either on the
command line (via an interactive prompt), or the user can put the
vault password into a file, and point Ansible to the vault password
file when it is run.
We do that latter, putting the vault password in the file `.vault_secret`.
To tell ansible wehre to find the vault password, we set `vault_password_file`
in the configuration file. In both configuration files, we have:
```plain
vault_password_file = .vault_secret
```
Put your password into the file `.vault_secret` and use this
configuration file (by pointing to it with the `ANSIBLE_CONFIG`
environment variable when running ansible).
## Adding new secret variables
Suppose we have a role that utilizes a variable that is sensitive
and should remain secret. To do this, we set up a series of
variable definitions that allow the secret defined in the vault
to be used for different roles.
Suppose we have a role that uses an API key in a command. The role
utilizes a variable `{{ api_key }}` like so:
`roles/my-role/tasks/main.yml`:
```yaml
---
- name: A simple example task using a secret variable
command: "python script.py --api-key={{ api_key }}"
```
If the variable `api_key` is defined in the task default variable
values, this command will be run but with an invalid API key.
If the above command should _only_ be run with a valid API key,
you can leave `api_key` out of the default variable values.
Here is what that would look like, if you defined the API key
to be an empty string by default:
`roles/my-role/defaults/main.yml`:
```yaml
---
api_key: ""
```
To set the real `api_key` value, override the default variable
value in the playbook(s) that run that role. For example, if
the role `my-role` is called from a playbook `main.yml`,
`main.yml`:
```yaml
---
- name: Run my-role
roles:
- role: my-role
api_key: "{{ charlesreid1_api_key }}"
```
This specifies that the `api_key` variable should be set to the
value of the variable `charlesreid1_api_key`.
The prefix `charlesreid1` indicates a site-specific variable setting.
Those variables are contained in `group_vars/all/main.yml`.
The variable is defined there, but it is also defining the variable
to be set to another variable value:
`group_vars/all/main.yml`:
```yaml
---
charlesreid1_api_key: "{{ vault_api_key }}"
```
The last step is to define the variable in the vault.
This is where we use the `ansible-vault` command to edit
the vault file:
```plain
ANSIBLE_CONFIG="my_config.cfg" ansible-vault edit group_vars/all/vault
```
This is where you put the real API key:
`group_vars/all/vault`:
```yaml
---
vault_api_key: "ABCXYZ123456"
```

209
docs/index.md

@ -1,209 +0,0 @@
# charlesreid1-ansible
Ansible playbooks for charlesreid1.com infrastructure.
Table of Contents
=================
* [Docker Pods](#docker-pods)
* [Playbooks](#playbooks)
* [Roles](#roles)
* [Getting Started with Playbooks](#getting-started-with-playbooks)
* [Running Playbooks](#running-playbooks)
* [Running Select Tasks with Tags](#running-select-tasks-with-tags)
* [Secrets and Sensitive Information](#secrets-and-sensitive-information)
* [Vagrant Testing](#vagrant-testing)
* [DigitalOcean Deployment](#digitalocean-deployment)
## Master Checklist
Before you get started:
* Provision a compute node (Vagrant or cloud provider)
* If using Vagrant, see the [Ansible Vagrant](ansible_vagrant.md) page for
instructions on how to provision virtual machines.
* If using a cloud provider, follow the instructions provided by your
cloud provider.
* Configure and enable SSH access
* If using Vagrant, see the [Ansible Vagrant](ansible_vagrant.md) page for
instructions on how to get SSH key information from Vagrant virtual machines.
* If using a cloud provider, you should be provided with an SSH key or
SSH access instructions by your cloud provider.
* Run Ansible with the `base.yml` playbook - see [Ansible Playbooks](ansible_playbooks.md#baseyml-the-base-plays)
and `base.yml` for information and details about this playbook.
* Run Ansible with the pod-charlesreid1 playbook `pod-charlesreid1.yml`
* Configure DNS to point to the IP address of the compute node
## Docker Pods
These docker pods are collections of related charlesreid1.com
services. The Ansible playbooks prepare remote nodes so they
are ready to run these docker pods.
| Pod | Link |
|------------------|--------------------------------------------------------|
| pod-charlesreid1 | <https://git.charlesreid1.com/docker/pod-charlesreid1> |
The following pods **HAVE BEEN DEACTIVATED:**
| Pod | Link |
|------------------|--------------------------------------------------------|
| pod-webhooks | <https://git.charlesreid1.com/docker/pod-webhooks> |
| pod-bots | <https://git.charlesreid1.com/docker/pod-bots> |
## Playbooks
There is one playbook per docker pod, plus a base playbook
and a provision playbook.
| Playbook | Description | Link |
|------------------------|----------------------------------------------------------------------------------------------------------------------|----------------|
| `provision.yml` | (Vagrant-only) Playbook to provision new Ubuntu machines with `/usr/bin/python`. | [link](ansible_playbooks.md#provisionyml-provision-your-remote-node) |
| `base.yml` | Base playbook run by all of the pod playbooks above. | [link](ansible_playbooks.md#baseyml-the-base-plays) |
| `podcharlesreid1.yml` | Playbook to install and run the charlesreid1.com docker pod | [link](https://git.charlesreid1.com/docker/pod-charlesreid1) |
## Roles
### Base Playbook Roles
The following roles carry out groups of tasks for setting up the base machine
to run charlesreid1.com infrastructure.
| Role Name | Description |
|-----------------------|-----------------------------------------------------------|
| init-root | Prepare root user account |
| init-nonroot | Prepare nonroot user account(s) |
| install-stuff | Install stuff with aptitude |
| pyenv | Install pyenv for nonroot user |
| goenv | Install goenv for nonroot user |
| sshkeys | Set up ssh keys for all users |
| vim | Set up vim for nonroot user |
| dotfiles | Install and configure dotfiles for nonroot user |
### Pod-Specific Roles
The following roles are run by playbooks specific to the
respective docker pod.
| Role Name | Description |
|-----------------------|--------------------------------------------------------------|
| pod-charlesreid1 | Role specific to the charlesreid1.com docker pod |
## Getting Started with Playbooks
| Documentation Page | Description |
|-----------------------------------------------|-----------------------------------------------------------------|
| [docs/index.md](index.md) | Documentation index |
| [docs/quickstart.md](quickstart.md) | Quick start for the impatient (uses Vagrant) |
| [docs/ansible_linode.md](ansible_linode.md) | Guide for running charlesreid1.com playbooks on Linode |
| [docs/ansible_do.md](ansible_do.md) | Guide for running charlesreid1.com playbooks on Digital Ocean |
| [docs/ansible_vagrant.md](ansible_vagrant.md) | Guide for running charlesreid1.com playbooks on Vagrant |
See [Ansible Playbooks](ansible_playbooks.md) for a list of all
playbooks in this directory, list of all tags,
and info about how to use the playbooks.
## Running Playbooks
To run Ansible playbooks, use the `ansible-playbook` command.
You will need to specify:
* A configuration file to set Ansible options, using the
`ANSIBLE_CONFIG` environment variable
* An inventory file to tell Ansible how to connect to
remote machines, using the `-i` flag
Here is an example call to `ansible-playbook`
to show how it should look:
```plain
ANSIBLE_CONFIG="my_config.cfg" ansible-playbook -i myhosts main.yml
^^^^^^^^^^^^^^ ^^^^^^^^^^ ^^^^^^^^
specify config file specify the the ansible
with this env var inventory playbook
file
```
Use the **Vagrant configuration file** `vagrant.cfg` to run
playbooks against local Vagrant virtual machines (local testing).
Edit the `vagranthosts` file to match info printed by the
`vagrant ssh-config` command.
```plain
# Run ansible playbook on vagrant machines
ANSIBLE_CONFIG="vagrant.cfg" ansible-playbook -i vagranthosts main.yml
```
Use the **DigitalOcean configuration file** `do.cfg` to run
playbooks against DigitalOcean nodes. Edit the `dohosts` file to point
to the correct SSH key and remote host IP address.
```plain
# Run ansible playbook on DigitalOcean machines
ANSIBLE_CONFIG="do.cfg" ansible-playbook -i dohosts main.yml
```
### Running Select Tasks with Tags
To run a specific task, you can filter tasks using tags.
Use the `--tags` flag with the `ansible-playbook` command:
```plain
ANSIBLE_CONFIG="my_config.cfg" ansible-playbook \
-i hosts \
--vault-password-file=.vault_secret \
main.yml \
--tags tag1
```
```
ANSIBLE_CONFIG="my_config.cfg" ansible-playbook \
-i hosts \
--vault-password-file=.vault_secret \
main.yml \
--tags tag1,tag2,tag3
```
Find a full list of tags at the [Ansible Playbooks page](ansible_playbooks.md).
## Secrets and Sensitive Information
See [Ansible Vault](ansible_vault.md) for details about how to use
the Ansible vault to view/edit secrets and sensitive information.
**NOTE:** The vault and vault secret should be set up before
running playbooks against either Vagrant or AWS machines.
## Vagrant Testing
See [Ansible Vagrant](ansible_vagrant.md) for instructions
on how to set up a Vagrant virtual machine to run the
Ansible playbook against, for testing purposes.
## Linode Deployment
See [Ansible Linode](ansible_linode.md) for instructions on how to set up a Linode node
to run the Ansible playbook against.
## Digital Ocean Deployment
See [Ansible Digital Ocean](ansible_do.md) for instructions on how to set up an Digital Ocean
node to run the Ansible playbook against.

174
docs/quickstart.md

@ -1,174 +0,0 @@
# Quickstart
This quickstart walks through the process of using
Vagrant and running the charlesreid1 playbooks
against a Vagrant machine.
Table of Contents
=================
* [Vagrant Setup](#vagrant-setup)
* [Start Vagrant Machines](#start-vagrant-machines)
* [Provision Vagrant Machines](#provision-vagrant-machines)
* [Configure Ansible-Vagrant SSH Info](#configure-ansible-vagrant-ssh-info)
* [Cloud Node Setup](#cloud-node-setup)
* [Run Ansible](#run-ansible)
* [Set Up Vault Secret](#set-up-vault-secret)
* [Run the Base Playbook](#run-the-base-playbook)
* [Change Variables](#change-variables)
## Vagrant Setup
Vagrant is a command-line wrapper around
VirtualBox and allows setting up one or more
virtual machines to test out Ansible playbooks
locally.
To run Vagrant boxes, you need a Vagrantfile.
One is provided in this repo, but if you don't have one
you can run `vagrant init ubuntu/xenial64` to create
a new one.
### Start Vagrant Machines
The following commands require a `Vagrantfile`.
Use the provided one or modify it for your needs.
Start a vagrant virtual machine with:
```
vagrant up
```
### Provision Vagrant Machines
Run the initial setup play with Ansible using the
`provision.yml` provision playbook:
```
ANSIBLE_CONFIG="vagrant.cfg" vagrant provision
```
### Configure Ansible-Vagrant SSH Info
Vagrant provides info about how to connect to
the Vagrant machine(s) created using the `ssh-config`
verb:
```
vagrant ssh-config
```
Copy this information into the `vagranthosts`
inventory file so that Ansible knows how to
connect to the Vagrant boxes.
## Cloud Node Setup
Different cloud providers set up their compute nodes
differently, but the following is required to do
on a cloud node before you can run Ansible on it.
* Ensure your operating system has a version of
`python3` available from the command line
* Ensure the public SSH key of the machine from
which you are running Ansible matches the
public SSH key in the authorized keys file that
will be installed via Ansible
* The authorized keys file is located in
`roles/ssh/files/authorized_keys`
* Ensure the hosts file for this cloud node contains
a username that actually exists on the remote system
## Run Ansible
### Set Up Vault Secret
!!! warning
The vault secret should match the
original secret used to encrypt
the vault. If you don't have it,
delete `vault` and start over.
Before running Ansible with the Ansible-Vagrant config file,
it will expect the vault secret to be in a file called
`.vault_secret` in the current directory.
Create this file before proceeding.
Example `.vault_secret` file:
```plain
this_is_my_super_strong_password!
```
To use this file to access variables in the vault,
pass the vault password file using the flag:
```
ansible-playbook \
--vault-password-file=.vault_secret \
<other-flags>
```
### Run the Base Playbook
To run a playbook, use the `ANSIBLE_CONFIG` environment
variable to specify the Ansible-Vagrant config file, and
use the `ansible-playbook` command:
```plain
ANSIBLE_CONFIG="vagrant.cfg" ansible-playbook \
--vault-password-file=.vault_secret \
base.yml
```
The config file specifies the inventory file, SSH key,
vault password, and log file to use, among other details.
## Change Variables
You can modify variables in the
`group_vars/main.yml` file by
adding additional variable definitions
in YAML format:
```
$ cat group_vars/main.yml
...
my_var_1: "red"
my_var_2: "blue"
```
Alternatively, you can pass custom
variable values on the command line.
(This is how we specify the machine
name when running playbooks.) Here,
we set a few example variables:
```
$ ANSIBLE_CONFIG="my_config_file.cfg" \
ansible-playbook \
--vault-password-file=.vault_secret \
-i hosts \
--extra-vars "my_var_1=red,my_var_2=blue" \
playbook.yml
```
See [Ansible Playbooks](ansible_playbooks.md)
for next steps.

5
dohosts

@ -1,5 +0,0 @@
[servers:children]
doservers
[doservers]
do ansible_host=142.93.27.95 ansible_port=22 ansible_python_interpreter=/usr/bin/python3

69
group_vars/all/main.yml

@ -1,69 +0,0 @@
---
# Variables for all roles
#
# This file contains variables that
# need to be set using the vault,
# and variables that are used across
# multiple roles.
########################
# multi-role variables
nonroot_user: "charles"
# unix username
username: "{{ nonroot_user }}"
# SSH key owner
ssh_key_email: "charlesreid1@gmail.com"
# admin email
charlesreid1_admin_email: "charles@charlesreid1.com"
# nginx variables
charlesreid1_port_default: "80"
charlesreid1_port_gitea: "80"
charlesreid1_port_ssl_default: "443"
charlesreid1_port_ssl_gitea: "443"
########################
# vault variables
# unix system password
charlesreid1_system_password: "{{ vault_system_password }}"
# AWS credentials:
charlesreid1_aws_secret_access_key: "{{ vault_aws_secret_access_key }}"
charlesreid1_aws_access_key_id: "{{ vault_aws_access_key_id }}"
# set the IP address of our two servers
#
# pod-charlesreid
charlesreid1_nginx_charlesreid1_ip: "{{ vault_nginx_charlesreid1_ip }}"
#
# pod-webhooks
charlesreid1_nginx_subdomains_ip: "{{ vault_nginx_subdomains_ip }}"
# Secrets and stuff
# pod-charlesreid1 requires a mysql password
charlesreid1_mysql_password: "{{ vault_mysql_password }}"
# gitea secret key for web sessions
charlesreid1_gitea_secret_key: "{{ vault_gitea_secret_key }}"
charlesreid1_gitea_internal_token: "{{ vault_gitea_internal_token }}"
# mediawiki secret key for web sessions
charlesreid1_mediawiki_secretkey: "{{ vault_mediawiki_secretkey }}"
# pod-webhooks requires a secret to be sent
# with the webhook.
charlesreid1_captain_hook_secret: "{{ vault_captain_hook_secret }}"

46
group_vars/all/vault

@ -1,46 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
66323230386436663663343339376232383737666330323161643535323434363962366336663061
6264653564626462323934633730326535643935393233370a323031333835616137666634343934
32613038323132376566353837373337393931633239373332653063333838333633373831653938
6139316565646531650a663864383930383038373763363236653634373832613931643139313432
38356133356635356637646132313631623834326331333362623932363363313030633533633361
33666162613931636238646136366466633933336233326236636139613266613735633832383463
64366435343138366136663433363332663633643963626633646361343566623461393437396632
33353366336330383164646438656237363532366563333066323838633539663331613866346161
39346166393064333230623235323432333235396637356432656132343833323336623633616235
38393430613039333232353339356665373132366235333438383562393066313537646338323236
34366431636435366438333236623330613565343033663839316562616330303365383233396334
66333831643162653631643062616535353965393837336264613938383636633664653935383064
66396536663065303438663932616435313061643930326533316530383234393230666332616233
66333366316634313861396330303561616136316562613530303364643639353366363937356537
38376266376237646662656232333532303532373832633630663530326361623131626631363035
36313264626334373136323461623339363730653636393939373562356130656564613964373334
31326131323465663861333063613132363838396630616236386166336164353262326335356138
64636264633232623864383431616364303465316662353337333632346238633136633933643234
37383731333133363139643835376563653462346138646663636537346331363864306536623139
63626239643561383363313764363435376666666533323664386565376435383361306634633239
34653637303338646634643965363235633635633736386435373334326461663464616637646236
62303139623738646432356337626464346136396536356538643736303137626438633362356332
33306564333131636530666534316136386534623962633438663639663235316164346136383262
30363234396564663438373463653164656434656661356530616639663533386231396462656234
32663133366130376135353664653036376161633063353237323033376662643265396235623339
36633434613732346437303837393164626538316336616437303566353936623863313561666238
30663263386663376263313139653737666135306237353737323862636565666566343034643133
36653066316633343837623432393561336663646432363965393463613330313935663934623030
66653066396664393765363536376336353962373466373163366331353835316561313533333536
63346331633337343766393335313836366336656533653233636162636534363261356366336432
66323035386430653230646539623765333134383136306634646136333235636635336337356465
61626265613565346437656233306438333939323132396437643034636531303763373932393935
63633731643436376630373662613461383333623162323534626131336438313961333431656636
63383733633166646230663762373466303732616437636265646266626238636463313732316661
39653734626463313065313064383631356565613463323465393836613962653438336666313066
65316333623061396436366136643365653563376337653463613565336231623534633831656639
65616462363738323935393334653162613562633239326634643533303565643764646236353936
37353930383566373364376132383861393835613738386562393365316439373665393535356435
39396564646138323865333063336563636163356637363065316433393733613262643232663564
64366539653262386334363766346162373037623033626439316464616636376461643034633464
62616130383630613864353432313432326464353866623132383963323438396266656566303331
64613732393662386633656263333861663738313530303361313464316337346261336563363334
65663336333735316134636262643037373134373461633466613233343135336130626430396334
33366330326662313163636362633532333437616537363335393133363065626235373830356131
64303639656534326130333234643338346436356533636465356437653366663764

701
index.html

@ -0,0 +1,701 @@
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<link rel="canonical" href="https://charlesreid1-docker.github.io/charlesreid1-ansible/">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href=".">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-3.0.3">
<title>charlesreid1-ansible</title>
<link rel="stylesheet" href="assets/stylesheets/application.451f80e5.css">
<link rel="stylesheet" href="assets/stylesheets/application-palette.22915126.css">
<meta name="theme-color" content="#2196f3">
<script src="assets/javascripts/modernizr.1aa3b519.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="assets/fonts/material-icons.css">
<link rel="stylesheet" href="css/custom.css">
</head>
<body dir="ltr" data-md-color-primary="blue" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#charlesreid1-ansible" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-header-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
charlesreid1-ansible
</span>
<span class="md-header-nav__topic">
Index
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
charlesreid1-ansible
</label>
<div class="md-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<a href="." title="Index" class="md-nav__link md-nav__link--active">
Index
</a>
</li>
<li class="md-nav__item">
<a href="quickstart/" title="Quickstart" class="md-nav__link">
Quickstart
</a>
</li>
<li class="md-nav__item">
<a href="ansible_vagrant/" title="Ansible on Vagrant" class="md-nav__link">
Ansible on Vagrant
</a>
</li>
<li class="md-nav__item">
<a href="ansible_linode/" title="Ansible on Linode" class="md-nav__link">
Ansible on Linode
</a>
</li>
<li class="md-nav__item">
<a href="ansible_do/" title="Ansible on DigitalOcean" class="md-nav__link">
Ansible on DigitalOcean
</a>
</li>
<li class="md-nav__item">
<a href="ansible_playbooks/" title="Ansible Playbooks" class="md-nav__link">
Ansible Playbooks
</a>
</li>
<li class="md-nav__item">
<a href="ansible_vault/" title="Ansible Vault" class="md-nav__link">
Ansible Vault
</a>
</li>
<li class="md-nav__item">
<a href="ansible_cowsay/" title="Ansible Cowsay" class="md-nav__link">
Ansible Cowsay
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="charlesreid1-ansible">charlesreid1-ansible<a class="headerlink" href="#charlesreid1-ansible" title="Permanent link">&para;</a></h1>
<p>Ansible playbooks for charlesreid1.com infrastructure.</p>
<h1 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h1>
<ul>
<li><a href="#docker-pods">Docker Pods</a></li>
<li><a href="#playbooks">Playbooks</a></li>
<li><a href="#roles">Roles</a></li>
<li><a href="#getting-started-with-playbooks">Getting Started with Playbooks</a></li>
<li><a href="#running-playbooks">Running Playbooks</a><ul>
<li><a href="#running-select-tasks-with-tags">Running Select Tasks with Tags</a></li>
</ul>
</li>
<li><a href="#secrets-and-sensitive-information">Secrets and Sensitive Information</a></li>
<li><a href="#vagrant-testing">Vagrant Testing</a></li>
<li><a href="#digitalocean-deployment">DigitalOcean Deployment</a></li>
</ul>
<h2 id="master-checklist">Master Checklist<a class="headerlink" href="#master-checklist" title="Permanent link">&para;</a></h2>
<p>Before you get started:</p>
<ul>
<li>
<p>Provision a compute node (Vagrant or cloud provider)</p>
<ul>
<li>If using Vagrant, see the <a href="ansible_vagrant/">Ansible Vagrant</a> page for
instructions on how to provision virtual machines.</li>
<li>If using a cloud provider, follow the instructions provided by your
cloud provider.</li>
</ul>
</li>
<li>
<p>Configure and enable SSH access</p>
<ul>
<li>If using Vagrant, see the <a href="ansible_vagrant/">Ansible Vagrant</a> page for
instructions on how to get SSH key information from Vagrant virtual machines.</li>
<li>If using a cloud provider, you should be provided with an SSH key or
SSH access instructions by your cloud provider.</li>
</ul>
</li>
<li>
<p>Run Ansible with the <code>base.yml</code> playbook - see <a href="ansible_playbooks/#baseyml-the-base-plays">base.yml</a>
for information and details about this playbook.</p>
</li>
<li>
<p>Run Ansible with pod-charlesreid1 playbook</p>
</li>
<li>
<p>Configure DNS to point to the IP address of the compute node</p>
</li>
</ul>
<h2 id="docker-pods">Docker Pods<a class="headerlink" href="#docker-pods" title="Permanent link">&para;</a></h2>
<p>These docker pods are collections of related charlesreid1.com
services. The Ansible playbooks prepare remote nodes so they
are ready to run these docker pods.</p>
<table>
<thead>
<tr>
<th>Pod</th>
<th>Link</th>
</tr>
</thead>
<tbody>
<tr>
<td>pod-charlesreid1</td>
<td><a href="https://git.charlesreid1.com/docker/pod-charlesreid1">https://git.charlesreid1.com/docker/pod-charlesreid1</a></td>
</tr>
</tbody>
</table>
<p>The following pods <strong>HAVE BEEN DEACTIVATED:</strong></p>
<table>
<thead>
<tr>
<th>Pod</th>
<th>Link</th>
</tr>
</thead>
<tbody>
<tr>
<td>pod-webhooks</td>
<td><a href="https://git.charlesreid1.com/docker/pod-webhooks">https://git.charlesreid1.com/docker/pod-webhooks</a></td>
</tr>
<tr>
<td>pod-bots</td>
<td><a href="https://git.charlesreid1.com/docker/pod-bots">https://git.charlesreid1.com/docker/pod-bots</a></td>
</tr>
</tbody>
</table>
<h2 id="playbooks">Playbooks<a class="headerlink" href="#playbooks" title="Permanent link">&para;</a></h2>
<p>There is one playbook per docker pod, plus a base playbook
and a provision playbook.</p>
<table>
<thead>
<tr>
<th>Playbook</th>
<th>Description</th>
<th>Link</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>provision.yml</code></td>
<td>(Vagrant-only) Playbook to provision new Ubuntu machines with <code>/usr/bin/python</code>.</td>
<td><a href="ansible_playbooks/#provisionyml-provision-your-remote-node">link</a></td>
</tr>
<tr>
<td><code>base.yml</code></td>
<td>Base playbook run by all of the pod playbooks above.</td>
<td><a href="ansible_playbooks/#baseyml-the-base-plays">link</a></td>
</tr>
<tr>
<td><code>podcharlesreid1.yml</code></td>
<td>Playbook to install and run the charlesreid1.com docker pod</td>
<td><a href="https://git.charlesreid1.com/docker/pod-charlesreid1">link</a></td>
</tr>
</tbody>
</table>
<h2 id="roles">Roles<a class="headerlink" href="#roles" title="Permanent link">&para;</a></h2>
<h3 id="base-playbook-roles">Base Playbook Roles<a class="headerlink" href="#base-playbook-roles" title="Permanent link">&para;</a></h3>
<p>The following roles carry out groups of tasks for setting up the base machine
to run charlesreid1.com infrastructure.</p>
<table>
<thead>
<tr>
<th>Role Name</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>init-root</td>
<td>Prepare root user account</td>
</tr>
<tr>
<td>init-nonroot</td>
<td>Prepare nonroot user account(s)</td>
</tr>
<tr>
<td>install-stuff</td>
<td>Install stuff with aptitude</td>
</tr>
<tr>
<td>pyenv</td>
<td>Install pyenv for nonroot user</td>
</tr>
<tr>
<td>goenv</td>
<td>Install goenv for nonroot user</td>
</tr>
<tr>
<td>sshkeys</td>
<td>Set up ssh keys for all users</td>
</tr>
<tr>
<td>vim</td>
<td>Set up vim for nonroot user</td>
</tr>
<tr>
<td>dotfiles</td>
<td>Install and configure dotfiles for nonroot user</td>
</tr>
</tbody>
</table>
<h3 id="pod-specific-roles">Pod-Specific Roles<a class="headerlink" href="#pod-specific-roles" title="Permanent link">&para;</a></h3>
<p>The following roles are run by playbooks specific to the
respective docker pod.</p>
<table>
<thead>
<tr>
<th>Role Name</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>pod-charlesreid1</td>
<td>Role specific to the charlesreid1.com docker pod</td>
</tr>
</tbody>
</table>
<h2 id="getting-started-with-playbooks">Getting Started with Playbooks<a class="headerlink" href="#getting-started-with-playbooks" title="Permanent link">&para;</a></h2>
<table>
<thead>
<tr>
<th>Documentation Page</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href=".">docs/index.md</a></td>
<td>Documentation index</td>
</tr>
<tr>
<td><a href="quickstart/">docs/quickstart.md</a></td>
<td>Quick start for the impatient (uses Vagrant)</td>
</tr>
<tr>
<td><a href="ansible_linode/">docs/ansible_linode.md</a></td>
<td>Guide for running charlesreid1.com playbooks on Linode</td>
</tr>
<tr>
<td><a href="ansible_do/">docs/ansible_do.md</a></td>
<td>Guide for running charlesreid1.com playbooks on Digital Ocean</td>
</tr>
<tr>
<td><a href="ansible_vagrant/">docs/ansible_vagrant.md</a></td>
<td>Guide for running charlesreid1.com playbooks on Vagrant</td>
</tr>
</tbody>
</table>
<p>See <a href="ansible_playbooks/">Ansible Playbooks</a> for a list of all
playbooks in this directory, list of all tags,
and info about how to use the playbooks.</p>
<h2 id="running-playbooks">Running Playbooks<a class="headerlink" href="#running-playbooks" title="Permanent link">&para;</a></h2>
<p>To run Ansible playbooks, use the <code>ansible-playbook</code> command.</p>
<p>You will need to specify:</p>
<ul>
<li>
<p>A configuration file to set Ansible options, using the
<code>ANSIBLE_CONFIG</code> environment variable</p>
</li>
<li>
<p>An inventory file to tell Ansible how to connect to
remote machines, using the <code>-i</code> flag </p>
</li>
</ul>
<p>Here is an example call to <code>ansible-playbook</code>
to show how it should look:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;my_config.cfg&quot; ansible-playbook -i myhosts main.yml
^^^^^^^^^^^^^^ ^^^^^^^^^^ ^^^^^^^^
specify config file specify the the ansible
with this env var inventory playbook
file
</pre></div>
<p>Use the <strong>Vagrant configuration file</strong> <code>vagrant.cfg</code> to run
playbooks against local Vagrant virtual machines (local testing).
Edit the <code>vagranthosts</code> file to match info printed by the
<code>vagrant ssh-config</code> command.</p>
<div class="codehilite"><pre><span></span># Run ansible playbook on vagrant machines
ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; ansible-playbook -i vagranthosts main.yml
</pre></div>
<p>Use the <strong>DigitalOcean configuration file</strong> <code>do.cfg</code> to run
playbooks against DigitalOcean nodes. Edit the <code>dohosts</code> file to point
to the correct SSH key and remote host IP address.</p>
<div class="codehilite"><pre><span></span># Run ansible playbook on DigitalOcean machines
ANSIBLE_CONFIG=&quot;do.cfg&quot; ansible-playbook -i dohosts main.yml
</pre></div>
<h3 id="running-select-tasks-with-tags">Running Select Tasks with Tags<a class="headerlink" href="#running-select-tasks-with-tags" title="Permanent link">&para;</a></h3>
<p>To run a specific task, you can filter tasks using tags.
Use the <code>--tags</code> flag with the <code>ansible-playbook</code> command:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;my_config.cfg&quot; ansible-playbook \
-i hosts \
--vault-password-file=.vault_secret \
main.yml \
--tags tag1
</pre></div>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;my_config.cfg&quot; ansible-playbook \
-i hosts \
--vault-password-file=.vault_secret \
main.yml \
--tags tag1,tag2,tag3
</pre></div>
<p>Find a full list of tags at the <a href="ansible_playbooks/">Ansible Playbooks page</a>.</p>
<h2 id="secrets-and-sensitive-information">Secrets and Sensitive Information<a class="headerlink" href="#secrets-and-sensitive-information" title="Permanent link">&para;</a></h2>
<p>See <a href="ansible_vault/">Ansible Vault</a> for details about how to use
the Ansible vault to view/edit secrets and sensitive information.</p>
<p><strong>NOTE:</strong> The vault and vault secret should be set up before
running playbooks against either Vagrant or AWS machines.</p>
<h2 id="vagrant-testing">Vagrant Testing<a class="headerlink" href="#vagrant-testing" title="Permanent link">&para;</a></h2>
<p>See <a href="ansible_vagrant/">Ansible Vagrant</a> for instructions
on how to set up a Vagrant virtual machine to run the
Ansible playbook against, for testing purposes.</p>
<h2 id="linode-deployment">Linode Deployment<a class="headerlink" href="#linode-deployment" title="Permanent link">&para;</a></h2>
<p>See <a href="ansible_linode/">Ansible Linode</a> for instructions on how to set up a Linode node
to run the Ansible playbook against.</p>
<h2 id="digital-ocean-deployment">Digital Ocean Deployment<a class="headerlink" href="#digital-ocean-deployment" title="Permanent link">&para;</a></h2>
<p>See <a href="ansible_do/">Ansible Digital Ocean</a> for instructions on how to set up an Digital Ocean
node to run the Ansible playbook against.</p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="quickstart/" title="Quickstart" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Quickstart
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="assets/javascripts/application.e72fd936.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"."}})</script>
<script src="search/main.js"></script>
</body>
</html>

8
linode.cfg

@ -1,8 +0,0 @@
[defaults]
inventory = linodehosts
remote_user = root
private_key_file = ~/.ssh/id_rsa
host_key_checking = False
vault_password_file = .vault_secret
log_path = ansible_linode.log
command_warnings = raise

5
linodehosts

@ -1,5 +0,0 @@
[servers:children]
linodeservers
[linodeservers]
linode ansible_host=50.116.7.163 ansible_port=22 ansible_python_interpreter=/usr/bin/python3

1
mkdocs-material

@ -1 +0,0 @@
Subproject commit b0c6890853aa9138baf5f9749862b927518ab656

44
mkdocs.yml

@ -1,44 +0,0 @@
site_name: charlesreid1-ansible
site_url: https://charlesreid1-docker.github.io/charlesreid1-ansible
repo_name: charlesreid1-ansible
repo_url: https://git.charlesreid1.com/ansible/charlesreid1-ansible
edit_uri: ""
copyright: 'Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>'
docs_dir: docs
site_dir: site
extra_css:
- css/custom.css
theme:
name: null
custom_dir: 'mkdocs-material/material'
palette:
primary: 'blue'
accent: 'blue'
logo:
icon: 'dns'
font:
text: 'Roboto'
code: 'Roboto Mono'
nav:
- 'Index': 'index.md'
- 'Quickstart': 'quickstart.md'
- 'Ansible on Vagrant': 'ansible_vagrant.md'
- 'Ansible on Linode': 'ansible_linode.md'
- 'Ansible on DigitalOcean': 'ansible_do.md'
- 'Ansible Playbooks': 'ansible_playbooks.md'
- 'Ansible Vault': 'ansible_vault.md'
- 'Ansible Cowsay': 'ansible_cowsay.md'
# Extensions
markdown_extensions:
- admonition
- codehilite:
guess_lang: false
- toc:
permalink: true
strict: true

27
podcharlesreid1.yml

@ -1,27 +0,0 @@
---
# main playbook for charlesreid1 docker pod
- name: Install SSL certificates for charlesreid1 docker pod
hosts: servers
become: yes
roles:
- role: letsencrypt
tags: letsencrypt
site_email: "charles@charlesreid1.com"
domains:
- "charlesreid1.red"
- "www.charlesreid1.red"
- "git.charlesreid1.red"
- name: Install charlesreid1 docker pod
hosts: servers
become: yes
roles:
- role: pod-charlesreid1
tags: pod-charlesreid1
charlesreid1_server_name_default: "charlesreid1.red"

21
provision.yml

@ -1,21 +0,0 @@
---
# by default, ubuntu has python3 but not python
# we have to fix this with a provision.yml
# Note: also see https://stackoverflow.com/a/34402816/463213
# gather_facts: no is important because python is required to gather facts
- name: "Provision worker nodes to make sure they have python and prepare them for Ansible"
hosts: servers
become: yes
gather_facts: no
remote_user: root
pre_tasks:
- name: "Install python2"
raw: sudo apt-get -y install python
- name: Add the non-root user
user:
name: "{{ nonroot_user }}"
shell: /bin/bash
state: present
createhome: yes

576
quickstart/index.html

@ -0,0 +1,576 @@
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<link rel="canonical" href="https://charlesreid1-docker.github.io/charlesreid1-ansible/quickstart/">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="..">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-3.0.3">
<title>Quickstart - charlesreid1-ansible</title>
<link rel="stylesheet" href="../assets/stylesheets/application.451f80e5.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.22915126.css">
<meta name="theme-color" content="#2196f3">
<script src="../assets/javascripts/modernizr.1aa3b519.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
<link rel="stylesheet" href="../css/custom.css">
</head>
<body dir="ltr" data-md-color-primary="blue" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="../#quickstart" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-header-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
charlesreid1-ansible
</span>
<span class="md-header-nav__topic">
Quickstart
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://charlesreid1-docker.github.io/charlesreid1-ansible" title="charlesreid1-ansible" class="md-nav__button md-logo">
<i class="md-icon">dns</i>
</a>
charlesreid1-ansible
</label>
<div class="md-nav__source">
<a href="https://git.charlesreid1.com/ansible/charlesreid1-ansible" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
charlesreid1-ansible
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Index" class="md-nav__link">
Index
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<a href="./" title="Quickstart" class="md-nav__link md-nav__link--active">
Quickstart
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vagrant/" title="Ansible on Vagrant" class="md-nav__link">
Ansible on Vagrant
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_linode/" title="Ansible on Linode" class="md-nav__link">
Ansible on Linode
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_do/" title="Ansible on DigitalOcean" class="md-nav__link">
Ansible on DigitalOcean
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_playbooks/" title="Ansible Playbooks" class="md-nav__link">
Ansible Playbooks
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_vault/" title="Ansible Vault" class="md-nav__link">
Ansible Vault
</a>
</li>
<li class="md-nav__item">
<a href="../ansible_cowsay/" title="Ansible Cowsay" class="md-nav__link">
Ansible Cowsay
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="quickstart">Quickstart<a class="headerlink" href="#quickstart" title="Permanent link">&para;</a></h1>
<p>This quickstart walks through the process of using
Vagrant and running the charlesreid1 playbooks
against a Vagrant machine.</p>
<h1 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h1>
<ul>
<li><a href="#vagrant-setup">Vagrant Setup</a><ul>
<li><a href="#start-vagrant-machines">Start Vagrant Machines</a></li>
<li><a href="#provision-vagrant-machines">Provision Vagrant Machines</a></li>
<li><a href="#configure-ansible-vagrant-ssh-info">Configure Ansible-Vagrant SSH Info</a></li>
</ul>
</li>
<li><a href="#cloud-node-setup">Cloud Node Setup</a></li>
<li><a href="#run-ansible">Run Ansible</a><ul>
<li><a href="#set-up-vault-secret">Set Up Vault Secret</a></li>
<li><a href="#run-the-base-playbook">Run the Base Playbook</a></li>
</ul>
</li>
<li><a href="#change-variables">Change Variables</a></li>
</ul>
<h2 id="vagrant-setup">Vagrant Setup<a class="headerlink" href="#vagrant-setup" title="Permanent link">&para;</a></h2>
<p>Vagrant is a command-line wrapper around
VirtualBox and allows setting up one or more
virtual machines to test out Ansible playbooks
locally.</p>
<p>To run Vagrant boxes, you need a Vagrantfile.
One is provided in this repo, but if you don't have one
you can run <code>vagrant init ubuntu/xenial64</code> to create
a new one.</p>
<h3 id="start-vagrant-machines">Start Vagrant Machines<a class="headerlink" href="#start-vagrant-machines" title="Permanent link">&para;</a></h3>
<p>The following commands require a <code>Vagrantfile</code>.
Use the provided one or modify it for your needs.</p>
<p>Start a vagrant virtual machine with:</p>
<div class="codehilite"><pre><span></span>vagrant up
</pre></div>
<h3 id="provision-vagrant-machines">Provision Vagrant Machines<a class="headerlink" href="#provision-vagrant-machines" title="Permanent link">&para;</a></h3>
<p>Run the initial setup play with Ansible using the
<code>provision.yml</code> provision playbook:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; vagrant provision
</pre></div>
<h3 id="configure-ansible-vagrant-ssh-info">Configure Ansible-Vagrant SSH Info<a class="headerlink" href="#configure-ansible-vagrant-ssh-info" title="Permanent link">&para;</a></h3>
<p>Vagrant provides info about how to connect to
the Vagrant machine(s) created using the <code>ssh-config</code>
verb:</p>
<div class="codehilite"><pre><span></span>vagrant ssh-config
</pre></div>
<p>Copy this information into the <code>vagranthosts</code>
inventory file so that Ansible knows how to
connect to the Vagrant boxes.</p>
<h2 id="cloud-node-setup">Cloud Node Setup<a class="headerlink" href="#cloud-node-setup" title="Permanent link">&para;</a></h2>
<p>Different cloud providers set up their compute nodes
differently, but the following is required to do
on a cloud node before you can run Ansible on it.</p>
<ul>
<li>
<p>Ensure your operating system has a version of
<code>python3</code> available from the command line</p>
</li>
<li>
<p>Ensure the public SSH key of the machine from
which you are running Ansible matches the
public SSH key in the authorized keys file that
will be installed via Ansible</p>
<ul>
<li>The authorized keys file is located in
<code>roles/ssh/files/authorized_keys</code></li>
</ul>
</li>
<li>
<p>Ensure the hosts file for this cloud node contains
a username that actually exists on the remote system</p>
</li>
</ul>
<h2 id="run-ansible">Run Ansible<a class="headerlink" href="#run-ansible" title="Permanent link">&para;</a></h2>
<h3 id="set-up-vault-secret">Set Up Vault Secret<a class="headerlink" href="#set-up-vault-secret" title="Permanent link">&para;</a></h3>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>The vault secret should match the
original secret used to encrypt
the vault. If you don't have it,
delete <code>vault</code> and start over.</p>
</div>
<p>Before running Ansible with the Ansible-Vagrant config file,
it will expect the vault secret to be in a file called
<code>.vault_secret</code> in the current directory.</p>
<p>Create this file before proceeding.</p>
<p>Example <code>.vault_secret</code> file:</p>
<div class="codehilite"><pre><span></span>this_is_my_super_strong_password!
</pre></div>
<p>To use this file to access variables in the vault,
pass the vault password file using the flag:</p>
<div class="codehilite"><pre><span></span>ansible-playbook \
--vault-password-file=.vault_secret \
&lt;other-flags&gt;
</pre></div>
<h3 id="run-the-base-playbook">Run the Base Playbook<a class="headerlink" href="#run-the-base-playbook" title="Permanent link">&para;</a></h3>
<p>To run a playbook, use the <code>ANSIBLE_CONFIG</code> environment
variable to specify the Ansible-Vagrant config file, and
use the <code>ansible-playbook</code> command:</p>
<div class="codehilite"><pre><span></span>ANSIBLE_CONFIG=&quot;vagrant.cfg&quot; ansible-playbook \
--vault-password-file=.vault_secret \
base.yml
</pre></div>
<p>The config file specifies the inventory file, SSH key,
vault password, and log file to use, among other details.</p>
<h2 id="change-variables">Change Variables<a class="headerlink" href="#change-variables" title="Permanent link">&para;</a></h2>
<p>You can modify variables in the
<code>group_vars/main.yml</code> file by
adding additional variable definitions
in YAML format:</p>
<div class="codehilite"><pre><span></span>$ cat group_vars/main.yml
...
my_var_1: &quot;red&quot;
my_var_2: &quot;blue&quot;
</pre></div>
<p>Alternatively, you can pass custom
variable values on the command line.
(This is how we specify the machine
name when running playbooks.) Here,
we set a few example variables:</p>
<div class="codehilite"><pre><span></span>$ ANSIBLE_CONFIG=&quot;my_config_file.cfg&quot; \
ansible-playbook \
--vault-password-file=.vault_secret \
-i hosts \
--extra-vars &quot;my_var_1=red,my_var_2=blue&quot; \
playbook.yml
</pre></div>
<p>See <a href="../ansible_playbooks/">Ansible Playbooks</a>
for next steps.</p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href=".." title="Index" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Index
</span>
</div>
</a>
<a href="../ansible_vagrant/" title="Ansible on Vagrant" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Ansible on Vagrant
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 <a href="https://charlesreid1.com">Charles Reid</a>, released under the <a href="https://opensource.org/licenses/MIT">MIT license</a>
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.e72fd936.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
<script src="../search/main.js"></script>
</body>
</html>

58
roles/aws/README.md

@ -1,58 +0,0 @@
aws role (pad.carpentries.org)
=========
This role installs the AWS command line interface and AWS credentials
to use Carpentries AWS resources.
Specifically, this role is tailored to the `pad.carpentries.org`
Carpentries Etherpad server.
Requirements
------------
This uses the `apt` module to install `awscli`, and copies (encrypted)
AWS API credentials into the target machine. Nothing else is required
except the password to decrypt the AWS credentials.
Role Variables
--------------
| Name | Default | Description |
|:------------------------|:--------|:------------------------|
| `aws_access_key_id` | None | The AWS API access key. |
| `aws_secret_access_key` | None | The AWS API secret key. |
These are defined in an encrypted vault.
Dependencies
------------
None
Example Playbook
----------------
How to use the role:
```plain
- name: Install AWS credentials
hosts: servers
become: yes
roles:
- role: aws
```
Vault Information
------------------
The AWS credentials for The Carpentries are located in
the vault for the pad playbook, which is located in
[`../../group_vars/all/`](../../group_vars/all/).
Author Information
------------------
Charles Reid - [@charlesreid1](https://github.com/charlesreid1) - <charles@charlesreid1.com>

13
roles/aws/defaults/main.yml

@ -1,13 +0,0 @@
---
# These are the AWS API credentials
# used to interact with S3 buckets.
#
# These variables should be overridden
# on a per-host basis using group
# variables with the top level playbook.
# Set these two variable values using
# encrypted variables in a vault.
aws_secret_access_key: XXXXXXXXXX
aws_access_key_id: XXXXXXXXXX

21
roles/aws/tasks/credentials.yml

@ -1,21 +0,0 @@
---
# Install AWS credentials
#
# tag: aws_creds
- name: Create AWS directory for root user
become: yes
file: path=/root/.aws state=directory mode=0755
- name: Install AWS credentials for root user
become: yes
template: src=templates/credentials.j2 dest=/root/.aws/credentials mode=0700
- name: Create AWS directory for regular user
become: yes
file: path=/home/{{ nonroot_user }}/.aws state=directory owner={{ nonroot_user }} mode=0755
- name: Install AWS credentials for regular user
become: yes
template: src=templates/credentials.j2 dest=/home/{{ nonroot_user }}/.aws/credentials owner={{ nonroot_user }} mode=0700

15
roles/aws/tasks/main.yml

@ -1,15 +0,0 @@
---
# tasks file for aws
- name: "Import tools.yml (tasks that install AWS tools)"
import_tasks: tools.yml
tags:
- aws_tools
- name: "Import credentials.yml (tasks that install AWS credentials)"
import_tasks: credentials.yml
tags:
- aws_creds

23
roles/aws/tasks/tools.yml

@ -1,23 +0,0 @@
---
# Install AWS tools - aws cli, boto, and boto3
- name: Install AWS command line interface
become: yes
apt:
name: awscli
state: latest
tags:
- apt
- name: Install boto using pip3 for root user
become: yes
command: pip3 install --upgrade boto
tags:
- pip
- name: Install boto3 using pip3 for root user
become: yes
command: pip3 install --upgrade boto3
tags:
- pip

3
roles/aws/templates/credentials.j2

@ -1,3 +0,0 @@
[default]
aws_secret_access_key = {{ aws_secret_access_key }}
aws_access_key_id = {{ aws_access_key_id }}

38
roles/docker/README.md

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

4
roles/docker/defaults/main.yml

@ -1,4 +0,0 @@
---
# defaults file for docker
username: "{{ nonroot_user }}"

30
roles/docker/files/install.sh

@ -1,30 +0,0 @@
#!/bin/bash
# Ask for the user password
# Script only works if sudo caches the password for a few minutes
sudo true
# Install kernel extra's to enable docker aufs support
# sudo apt-get -y install linux-image-extra-$(uname -r)
# Add Docker PPA and install latest version
# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
# sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
# sudo apt-get update
# sudo apt-get install lxc-docker -y
# Alternatively you can use the official docker install script
wget -qO- https://get.docker.com/ | sh
# Install docker-compose
COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oP "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | sort | tail -n 1`
sudo sh -c "curl -L https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
sudo chmod +x /usr/local/bin/docker-compose
# Install docker-cleanup command
cd /tmp
git clone https://gist.github.com/76b450a0c986e576e98b.git
cd 76b450a0c986e576e98b
sudo mv docker-cleanup /usr/local/bin/docker-cleanup
sudo chmod +x /usr/local/bin/docker-cleanup

48
roles/docker/tasks/main.yml

@ -1,48 +0,0 @@
---
# tasks file for docker
- name: Check for existing docker executable
stat:
path: "/usr/bin/docker"
register: register_docker
tags:
- docker
- name: Check if existing docker-compose executable is present
stat:
path: "/usr/local/bin/docker-compose"
register: register_docker_compose
tags:
- docker-compose
- name: Copy docker+docker-compose install script onto remote host
become: yes
copy:
src: install.sh
dest: /tmp/install.sh
mode: 0700
force: yes
tags:
- docker
- docker-compose
- name: Run docker+docker-compose install script
command: "/tmp/install.sh"
when:
- "not register_docker.stat.exists or not register_docker_compose.stat.exists"
tags:
- docker
- docker-compose
- name: Add principal user to docker group
become: yes
user:
name: "{{ username }}"
groups: docker
append: yes
tags:
- docker

38
roles/dotfiles/README.md

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

5
roles/dotfiles/defaults/main.yml

@ -1,5 +0,0 @@
---
# defaults file for dotfiles
username: "{{ nonroot_user }}"

40
roles/dotfiles/tasks/main.yml

@ -1,40 +0,0 @@
# ---
# tasks file for dotfiles
#
# clean up this mess.
# use the debian dotfiles repo
# and the bootstrap.sh script.
# Start by cloning our debian dotfiles repo.
#
# The debian dotfiles repo contains all the
# master versions of all the dotfiles.
- name: Clone the debian dotfiles repo
become: yes
become_user: "{{ username }}"
git:
repo: https://github.com/charlesreid1/debian-dotfiles.git
dest: "/home/{{ username }}/dotfiles"
recursive: yes
- name: Check for bootstrap script
stat:
path: "/home/{{ username }}/dotfiles/dotfiles/bootstrap.sh"
register: bootstrap_present
# Use the bootstrap.sh script in the
# dotfiles repo to install all the
# dotfiles for our nonroot user.
# ~/scripts/ -> machinename_scripts/ too.
- name: Run bootstrap.sh to install all dotfiles
become: yes
become_user: "{{ username }}"
command: "/home/{{ username }}/dotfiles/dotfiles/bootstrap.sh -f"
args:
chdir: "/home/{{ username}}/dotfiles/dotfiles"
when: "bootstrap_present.stat.executable"

38
roles/goenv/README.md vendored

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

10
roles/goenv/defaults/main.yml vendored

@ -1,10 +0,0 @@
---
# defaults file for goenv
goenv_root: "/home/{{ nonroot_user }}/.goenv"
goenv_versions:
- 1.10.7
goenv_global_version: 1.10.7

4
roles/goenv/files/goenv.sh vendored

@ -1,4 +0,0 @@
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

10
roles/goenv/tasks/envvars.yml vendored

@ -1,10 +0,0 @@
---
# set environment variables
# for goenv
- name: Copy goenv profile to /etc/profile.d
copy:
src: goenv.sh
dest: /etc/profile.d/goenv.sh
mode: 0755

10
roles/goenv/tasks/goenv.yml vendored

@ -1,10 +0,0 @@
---
# install goenv
- name: Install goenv
become: yes
become_user: "{{ nonroot_user }}"
git:
repo: https://github.com/syndbg/goenv.git
dest: "{{ goenv_root }}"

27
roles/goenv/tasks/golang.yml vendored

@ -1,27 +0,0 @@
---
# install versions of golang
- name: Install golang version
become: yes
become_user: "{{ nonroot_user }}"
tags:
- versions
command: "{{ goenv_root }}/bin/goenv install -s {{ item }}"
args:
creates: "{{ goenv_root }}/versions/{{ item }}"
with_items:
- "{{ goenv_versions }}"
- "{{ goenv_global_version }}"
- name: Set global golang version
become: yes
become_user: "{{ nonroot_user }}"
tags:
- global
lineinfile:
path: "{{ goenv_root }}/version"
regexp: "^{{ goenv_global_version }}"
line: "{{ goenv_global_version }}"
create: yes
when: goenv_global_version is defined

15
roles/goenv/tasks/main.yml vendored

@ -1,15 +0,0 @@
---
# tasks file for goenv
# Install any system packages required by goenv
- include: packages.yml
# Install profile environment variables
- include: envvars.yml
# Install goenv itself
- include: goenv.yml
# Install versions of golang
- include: golang.yml

24
roles/goenv/tasks/packages.yml vendored

@ -1,24 +0,0 @@
---
# packages required for goenv
#
# (inferred from the packages required
# for pyenv...)
- name: Install requirements
become: yes
apt:
pkg:
- make
- build-essential
- libssl-dev
- zlib1g-dev
- libbz2-dev
- libreadline-dev
- wget
- curl
- llvm
- git
state: present
update_cache: yes
tags:
- apt

38
roles/init-nonroot/README.md

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

4
roles/init-nonroot/defaults/main.yml

@ -1,4 +0,0 @@
---
# variables for init-nonroot
username: "{{ nonroot_user }}"

14
roles/init-nonroot/tasks/main.yml

@ -1,14 +0,0 @@
---
# tasks file for init-charles
- name: "Add the user {{ username }}"
become: yes
user:
name: "{{ username }}"
password: "{{ charlesreid1_system_password }}"
shell: /bin/bash
groups: wheel
append: yes
state: present
createhome: yes

38
roles/init-root/README.md

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/init-root/defaults/main.yml

@ -1,2 +0,0 @@
---
# defaults for init-root role

74
roles/init-root/tasks/main.yml

@ -1,74 +0,0 @@
---
# tasks file for init-root
##############
# Machine name
- name: Set machine name with hostname command
become: yes
command: "hostname {{ machine_name }}"
- name: Create new /etc/hostname
become: yes
command: "echo {{ machine_name }} > /etc/hostname"
- name: Set hostname entry to 127.0.0.1 in /etc/hosts
become: yes
lineinfile:
path: "/etc/hosts"
regexp: "^127.0.0.1"
line: "127.0.0.1 {{ machine_name }}"
create: yes
############
# Sudoers
- name: Make sure we have a 'wheel' group
group:
name: wheel
state: present
- name: Allow 'wheel' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
####################################
# Add non-root user to wheel group
- name: Add the non-root user to the wheel group
user:
name: "{{ nonroot_user }}"
groups: wheel
append: yes
state: present
############
# System
- name: Set timezone
become: yes
command: timedatectl set-timezone America/Vancouver
###################
# Make temp dir
- name: Make /temp dir
become: yes
file:
path: /temp
state: directory
mode: 0777

38
roles/install-stuff/README.md

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

37
roles/install-stuff/tasks/main.yml

@ -1,37 +0,0 @@
---
# tasks file for install-stuff
- name: Update aptitude
apt: update_cache=yes
tags:
- apt
- name: Install packages
become: yes
apt:
pkg:
- git
- vim
- screen
- aptitude
- build-essential
- curl
- wget
- graphviz
- openssh-server
- ncdu
- fail2ban
- iotop
- ssl-cert
state: present
update_cache: yes
tags:
- apt
- name: Remove dependencies that are no longer required
become: yes
apt:
autoremove: yes
tags:
- apt

38
roles/letsencrypt/README.md

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

8
roles/letsencrypt/defaults/main.yml

@ -1,8 +0,0 @@
---
# defaults file for letsencrypt
domains:
- "charlesreid1.com"
site_email: "charles@charlesreid1.com"

172
roles/letsencrypt/tasks/main.yml

@ -1,172 +0,0 @@
---
# tasks file for letsencrypt
#
# Problem:
# We want to install certificates no matter what,
# but we don't want to ask for genuine certificates
# every time we run this playbook.
#
# Solution:
# Check if there is a LetsEncrypt renewal file
# (which indicates the user has manually requested
# genuine certificates from LetsEncrypt).
# If it is not there, install self-signed, snake oil
# certificates.
# Install required packages:
- name: Install software-properties-common
become: yes
apt: name=software-properties-common update_cache=yes
tags:
- apt
- name: Install ssl-cert package
become: yes
apt: name=ssl-cert update_cache=yes
tags:
- apt
- name: Add LetsEncrypt certbot apt repo
become: yes
apt_repository:
repo: ppa:certbot/certbot
tags:
- apt
- name: Update aptitude after adding apt repo
become: yes
apt:
update_cache: yes
tags:
- apt
- name: Install certbot
become: yes
apt: name=python-certbot-nginx update_cache=yes
tags:
- apt
# LetsEncrypt/certbot does not actually install
# the ssl options file it references in the
# config file. We need to do it ourselves.
- name: "Check if /etc/letsencrypt/options-nginx-ssl.conf is present"
become: yes
stat:
path: "/etc/letsencrypt/options-nginx-ssl.conf"
register: ssl_options_installed
- name: "Install /etc/letsencrypt/options-nginx-ssl.conf"
become: yes
get_url:
url: "https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf"
dest: /etc/letsencrypt/options-ssl-nginx.conf
when:
- not ssl_options_installed.stat.exists
- name: "Check if /etc/letsencrypt/ssl-dhparams.conf is present"
become: yes
stat:
path: "/etc/letsencrypt/ssl-dhparams.conf"
register: dhparams_installed
- name: "Install /etc/letsencrypt/ssl-dhparams.conf"
become: yes
get_url:
url: "https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem"
dest: /etc/letsencrypt/ssl-dhparams.pem
when:
- not dhparams_installed.stat.exists
# Make the LetsEncrypt live certificate directory
# if it does not exist already
- name: Make LetsEncrypt certificate directory
become: yes
file:
path: "/etc/letsencrypt/live/{{ item }}"
state: directory
with_items: "{{ domains }}"
# The following stat checks for the existence of a
# LetsEncrypt renewal file, which indicates that
# LetsEncrypt has been run and set up.
#
# If the node is in production mode, if LetsEncrypt
# has been run, `cert_installed` will be true.
#
# If the node is still in staging mode, and LetsEncrypt
# has not yet been run, `cert_installed` will be false.
#
# This boolean is used to control how we deal with
# the nginx configuration file. (Test config is only
# removed once node is live.)
- name: Check if LetsEncrypt renewal certificate is present
become: yes
stat:
path: "/etc/letsencrypt/renewal/{{ item }}.conf"
with_items: "{{ domains }}"
register: cert_installed
- name: Check if snakeoil certs are installed
become: yes
stat:
path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
register: snakeoil_certs_installed
- name: Install snakeoil certs
become: yes
copy:
src: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
remote_src: yes
dest: "/etc/letsencrypt/live/{{ item.item }}/fullchain.pem"
with_items: "{{ cert_installed.results }}"
when: "not item.stat.exists and snakeoil_certs_installed.stat.exists"
- name: Check if snakeoil private keys are installed
become: yes
stat:
path: "/etc/ssl/private/ssl-cert-snakeoil.key"
register: snakeoil_keys_installed
- name: Install snakeoil cert private keys
become: yes
copy:
src: "/etc/ssl/private/ssl-cert-snakeoil.key"
remote_src: yes
dest: "/etc/letsencrypt/live/{{ item.item }}/privkey.pem"
with_items: "{{ cert_installed.results }}"
when: "not item.stat.exists and snakeoil_keys_installed.stat.exists"
# Unfortunately the letsencrypt nginx certbot
# installs nginx, which automatically installs
# and runs itself.
- name: Stop service nginx, if started
service:
name: nginx
state: stopped

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save