diff --git a/.ansible/inventory b/.ansible/inventory new file mode 100644 index 0000000..7dea971 --- /dev/null +++ b/.ansible/inventory @@ -0,0 +1,10 @@ +[all:vars] +ansible_user='debian' +ansible_become=yes +ansible_become_method=sudo +ansible_python_interpreter='/usr/bin/env python3' +project='CyfroweAukcje' +main_packages="vim, vim-common, curl, wget" + +[servers] +# example1 ansible_host=ip ansible_port=65522 diff --git a/.ansible/playbook.yml b/.ansible/playbook.yml new file mode 100644 index 0000000..1417625 --- /dev/null +++ b/.ansible/playbook.yml @@ -0,0 +1,39 @@ +--- +- name: System preconfiguration + hosts: all + tasks: + - name: Prepare motd + template: + src: templates/motd.jinja + dest: /etc/motd + - name: Trusted ca + template: + src: templates/trusted-user-ca-keys.pem + dest: /etc/ssh/trusted-user-ca-keys.pem + - name: Configure sshd + template: + src: templates/sshd_config + dest: /etc/ssh/sshd_config + - name: Restart sshd service + systemd: + name: sshd + state: reloaded + +- name: Upgrade system + hosts: all + tasks: + - name: Update apt-get repo and cache + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + - name: Upgrade all apt packages + apt: upgrade=dist force_apt_get=yes + - name: Remove dependencies that are no longer required + apt: + autoremove: yes + +- name: Install my packages + hosts: all + tasks: + - name: Install main packages + apt: + name: "{{ main_packages }}" + state: present diff --git a/.ansible/templates/motd.jinja b/.ansible/templates/motd.jinja new file mode 100644 index 0000000..0fbf3a9 --- /dev/null +++ b/.ansible/templates/motd.jinja @@ -0,0 +1,14 @@ + _____ + / \ + vvvvvvv /|__/| + I /O,O | + I /_____ | /|/| + J|/^ ^ ^ \ | /00 | _//| + |^ ^ ^ ^ |W| |/^^\ | /oo | + \m___m__|_| \m_m_| \mm_| + +======================================: cynarski.dev + +Development by ansible for {{project}} + +====================================================: \ No newline at end of file diff --git a/.ansible/templates/sshd_config b/.ansible/templates/sshd_config new file mode 100644 index 0000000..bea2592 --- /dev/null +++ b/.ansible/templates/sshd_config @@ -0,0 +1,9 @@ +Port 65522 +PasswordAuthentication no +ChallengeResponseAuthentication yes +UsePAM yes +X11Forwarding yes +PrintMotd no +AcceptEnv LANG LC_* +Subsystem sftp /usr/lib/openssh/sftp-server +TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem diff --git a/.ansible/templates/trusted-user-ca-keys.pem b/.ansible/templates/trusted-user-ca-keys.pem new file mode 100644 index 0000000..dd30f22 --- /dev/null +++ b/.ansible/templates/trusted-user-ca-keys.pem @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCazcKMgWAnC5ignX4kt1gjVmZ/L0Sl+SYVn7UIIIydwFdmnlpEjzC4leZegSHTgb8VmhPGFzsM6wLw7zNr2cW2J32q4RtScaez1lU6+fApX3SNWu5kUPsuraNWoQTbWjEQKRyHae8B/F2L8lsirRflgIe9qtUMVFAZBJppsKIjPMACGCTo++Dp+VJT7pseXyx7BEHee582xZi1SJVvlDFsPaWJja/aEhJZSlryBRGF/1tkRsOG98XID0jaNKcBDPN199ZKsrZDG18Sw33GG7qaVMQubMJrJ7uTD1wzgFRBqcU4/XC4HLpD+2klrel67lAphuCqQVWpmTuZwEVlieexywsMrYliV7X+aMBVE5lC0z7oi/f1slV1XAAc4VpCF1yQS5VuCJmaXNYFMSp9GNPLU1pIW5hmBanfVRDk1m6UIyK7rlA15jtb8A/cRexAvcmmPG7tyzWFh3hTrsNpYxUEvcqbg2MFnbDRmpyfQ+Qd/nybIuyGhoviTzxRUeH+NNm4Zss8eZoR0SS//QL1wQjKhpQ5v75gHALrPoISsA/mWVI3wkMbCCdZekwLuqzmuKp9UmlNYTWuHK/+GJLrK7mOMHf/EzMEQ0rNzp4l/7/quoxFwjvPecUg1tr6L9KaFWLUUPeA2yLQccn9hoiKczLElXlt+gVksye5JPUbUFfkKQ== \ No newline at end of file diff --git a/.drone.yml b/.drone.yml index f850b7c..081d73c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -2,34 +2,28 @@ kind: pipeline name: default steps: -- name: terratest - image: plugins/docker +- name: check ansible syntax + image: paramah/drone-ansible settings: - username: - from_secret: hub_username - password: - from_secret: hub_password - repo: - from_secret: hub_repo - tags: latest + playbook: .ansible/playbook.yml + inventory: .ansible/inventory + syntax_check: true when: - branch: - - master + event: + - pull_request + - push -- name: notify - image: appleboy/drone-telegram +- name: apply ansible playbook + image: paramah/drone-ansible + environment: + ANSIBLE_STRATEGY_PLUGINS: /usr/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy + ANSIBLE_STRATEGY: mitogen_linear settings: - token: - from_secret: telegram_bot_token - to: - from_secret: telegram_group_id - message: > - {{#success build.status}} - build {{build.link}} triggerd by {{commit.link}} from {{commit.author}} succeeded - {{else}} - build {{build.link}} triggerd by {{commit.link}} from {{commit.author}} failed - {{/success}} + playbook: .ansible/playbook.yml + inventory: .ansible/inventory + private_key: + from_secret: ansible_private_key + verbose: 1 when: - status: - - success - - failure + event: + - tag \ No newline at end of file diff --git a/TERRATEST_DEPLOY.md b/TERRATEST_DEPLOY.md deleted file mode 100644 index e911770..0000000 --- a/TERRATEST_DEPLOY.md +++ /dev/null @@ -1,19 +0,0 @@ -# Drone docker deploy - -## Użycie - -``` -cat ${args[0]} |awk -F\= '{system("drone secret add --repository='${args[1]}' --name="$1 " --data="$2)}' -``` - -Wymagane zmienne: - -``` -hub_username= -hub_password= -hub_repo= -telegram_bot_token= -telegram_group_id= -``` - -