kris/FRITA-infra
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Ansible code used to deploy and maintain websites and services used by Free I.T. Athens
26 Commits 6 Branches 0 Tags 143 KiB
Shell 58.9%
Jinja 36.2%
Makefile 4.9%
main
Go to file
Kris Lamoureux 236ec455cc
Add cron and fix database maintenance task
2023-10-03 23:30:28 -04:00
dev Automated Nextcloud installation 2022-11-24 02:00:52 -05:00
roles Add cron and fix database maintenance task 2023-10-03 23:30:28 -04:00
scripts Add DNS-01 ACME wildcard certificate 2022-11-19 20:58:07 -05:00
.gitignore Add DNS-01 ACME wildcard certificate 2022-11-19 20:58:07 -05:00
ansible.cfg Deploy a simple webserver docker-compose stack 2022-11-18 02:51:49 -05:00
LICENSE Added webserver and wordpress roles 2019-01-02 00:04:01 -05:00
Makefile Add DNS-01 ACME wildcard certificate 2022-11-19 20:58:07 -05:00
README.md Update .env template and add --diff 2023-10-03 20:45:15 -04:00
Vagrantfile Automated Nextcloud installation 2022-11-24 02:00:52 -05:00
webserver.yml Add port forward script and WordPress 2022-11-19 05:02:28 -05:00

README.md

Free I.T. Athen's Infrastructure

This project is used to develop Ansible for deploying and maintaining websites and services operated by Free I.T. Athens (FRITA).

  • Requires GNU Make, Ansible, and Vagrant on the host

Quick Start

  1. Clone this project
  2. Run make to provision a Debian 11 base box
  3. Go to
  4. Click through the HTTPS security warning

Production

  1. Clone production-env to ./environments

    mkdir -p environments
git clone git@github.com:freeitathens/production-env.git ./environments

  2. Run ./scripts/vault-key.sh from the root of the project to obtain the Ansible Vault password

  3. Enter the Bitwarden Master Password

  4. Run ansible-playbook against the production servers, e.g.,

    ansible-playbook -u root -i environments/production --vault-pass-file ./.ansible_vault webserver.yml --diff --check

  5. Delete the .ansible_vault file when you are done

Using Ansible Vault to add or rotate values

Do not submit ciphertext into Ansible Vault with the indention formatting.
To submit, press CTRL+d twice.

  • Decrypt Ansible Vault values

    ansible-vault decrypt --vault-pass-file .ansible_vault

  • Encrypt new Ansible Vault values

    ansible-vault encrypt --vault-pass-file .ansible_vault
    • e.g., pwgen -s 100 1 | ansible-vault encrypt --vault-pass-file .ansible_vault

Authors

  • Kris Lamoureux - Project Founder - @krislamo

Copyrights and Licenses

Copyright (C) 2019, 2020, 2022 Free I.T. Athens

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.