From 65893c30f3309674f10eb65887af0c7c347c9044 Mon Sep 17 00:00:00 2001 From: "M. V. Hutz" Date: Mon, 8 Sep 2025 23:17:43 -0400 Subject: [PATCH] feat: install docker; auto change port --- Taskfile.yml | 11 ++- ansible.cfg | 3 +- playbooks/deploy.yml | 91 +++++++++++++++++++ .../{infrastructure.yml => provision.yml} | 4 +- terraform/main.tf | 2 +- vault.yml | 55 +++++------ 6 files changed, 134 insertions(+), 32 deletions(-) create mode 100644 playbooks/deploy.yml rename playbooks/{infrastructure.yml => provision.yml} (93%) diff --git a/Taskfile.yml b/Taskfile.yml index f553a65..6471a5a 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -1,5 +1,12 @@ version: 3 tasks: - vault: ansible-vault edit vault.yml - infra: ansible-playbook playbooks/infrastructure.yml \ No newline at end of file + vault: ansible-vault edit vault.yml {{.CLI_ARGS}} + infra: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}} + setup: ansible-playbook playbooks/deploy.yml {{.CLI_ARGS}} + + enter: + cmd: ssh -i {{.KEY}} -p 2222 root@{{.IP}} + vars: + KEY: { sh: ansible-vault view vault.yml | yq -r ".deploy.private_ssh_key_path" } + IP: { sh: cat dist/terraform_outputs.yml | jq -r ".server_ip.value" } \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg index 20eb1f9..63c126b 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,6 +2,7 @@ callbacks_enabled = profile_tasks localhost_warning = False vault_password_file = vault.key +interpreter_python = /usr/bin/python3.11 [inventory] inventory_unparsed_warning = False @@ -9,4 +10,4 @@ inventory_unparsed_warning = False [ssh_connection] ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none pipelining = True -retries = 256 \ No newline at end of file +retries = 2 \ No newline at end of file diff --git a/playbooks/deploy.yml b/playbooks/deploy.yml new file mode 100644 index 0000000..f509061 --- /dev/null +++ b/playbooks/deploy.yml @@ -0,0 +1,91 @@ +- name: Set up for fresh host. + gather_facts: false + hosts: localhost + vars_files: + - ../vault.yml + - ../dist/terraform_outputs.yml + tasks: + - name: Add remote host. + ansible.builtin.add_host: + name: server_fresh + ansible_ssh_host: "{{ server_ip.value }}" + ansible_user: root + ansible_port: 22 + ansible_private_key_file: "{{ deploy.private_ssh_key_path }}" + +- name: Switch port to 2222. + hosts: server_fresh + ignore_unreachable: true + gather_facts: false + tasks: + - name: Update SSH port. + ansible.builtin.lineinfile: + dest: "/etc/ssh/sshd_config" + regexp: "^Port" + line: "Port 2222" + + - name: Restart service. + ansible.builtin.service: + name: ssh + state: restarted + +- name: Set up real host. + gather_facts: false + hosts: localhost + vars_files: + - ../vault.yml + - ../dist/terraform_outputs.yml + tasks: + - name: Add remote host. + ansible.builtin.add_host: + name: server + ansible_ssh_host: "{{ server_ip.value }}" + ansible_user: root + ansible_port: 2222 + ansible_private_key_file: "{{ deploy.private_ssh_key_path }}" + +- name: Install Docker. + gather_facts: true + hosts: server + vars_files: + - ../vault.yml + - ../dist/terraform_outputs.yml + tasks: + - name: Download Docker repository key. + ansible.builtin.apt_key: + url: https://download.docker.com/linux/debian/gpg + state: present + + - name: Download Docker repository. + ansible.builtin.apt_repository: + repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" + state: present + + - name: Remove bad packages. + ansible.builtin.apt: + state: absent + package: + - docker.io + - docker-doc + - docker-compose + - podman-docker + - containerd + - runc + + - name: Download Docker dependencies. + ansible.builtin.apt: + state: present + package: + - ca-certificates + - curl + + - name: Download Docker packages. + ansible.builtin.apt: + state: present + update_cache: true + package: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin diff --git a/playbooks/infrastructure.yml b/playbooks/provision.yml similarity index 93% rename from playbooks/infrastructure.yml rename to playbooks/provision.yml index 4f4ba12..42525b0 100644 --- a/playbooks/infrastructure.yml +++ b/playbooks/provision.yml @@ -26,7 +26,7 @@ - name: Create secret directory. ansible.builtin.file: - path: ../secret + path: ../dist recurse: true mode: "0755" state: directory @@ -34,5 +34,5 @@ - name: Send outputs to file. ansible.builtin.copy: content: "{{ terraform_apply.outputs }}" - dest: ../secret/terraform_outputs.yml + dest: ../dist/terraform_outputs.yml mode: '0755' diff --git a/terraform/main.tf b/terraform/main.tf index ec73012..4f4543f 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -45,7 +45,7 @@ resource "hcloud_firewall" "server_firewall" { # Poke holes for applications, and SSH. dynamic "rule" { - for_each = ["80", "443", "22"] + for_each = ["80", "443", "22", "2222"] content { direction = "in" diff --git a/vault.yml b/vault.yml index 46b567e..598fc07 100644 --- a/vault.yml +++ b/vault.yml @@ -1,27 +1,30 @@ $ANSIBLE_VAULT;1.1;AES256 -38323339316264326632393865326536613866323232396239306431386339326431316637343431 -6537323139653664383461393937656332666136373333370a373964396538643439376633316437 -32613563306661323830376135623466626636316433323866396230313566653933386162366131 -3562343139653337660a366136623834613564633964306662326336306334646264643365623864 -33303965326234373235386230353464393061356639303438636535626330333064353863623030 -33383539323136333939303939313734636137376637636638643334663962653061633930386262 -39333766613031343861376639303636363763663431363538633566616366653632633262336362 -32666463336665653135316266393231323264303163646336343962633537643534353632363637 -30643831303866376634383939623439633530653330353839663037313731306163633938303961 -66313735353831376366323635653063343262343337666537633766633037313765386237383134 -62343234356635653733633461613232333935396363666631653638363961376362643932643135 -65626463323265623863663766613865326664653863643032303464333939363739656238383732 -37343936666238333130323263666131363833616261633936623833353565353332666638316232 -66343064386265313830306163366533313035343261383037646666366532313565643762363432 -33646161376236363932326532393935363736643732373838633035653565376466663538393132 -33646436666463356330386337633636373961323031343065303638323439623034333031323135 -30663362393539396366656634353166636533303562376232643733303434376565323936316638 -36353338373664386331303532633063383166646332326562303830353264386335663363326262 -32666161633134626162636463663364316139623234383531343363316566633336633238323434 -62613634663465356238666238356164636231343938643064333466343135333032623435396230 -64323265633537333538343363656438333764623532366431643263396263303966326264373139 -38346138643866666233313162346431656131653137373562333234626263313332363366626130 -65316338363465323435373638353266366331663535643733353565303565353730346462633265 -33396637353939303335383634623732633565643964316233373962316530623232313663666266 -33353463633661633831323830303864363863306330313261356464383231373163383231393631 -3037376236613365393332666331613263333936616362616639 +34643530383765643831323664663862643337623238343461366330376462326636383935333036 +6537343334303666336163363965303035613437333235650a346434356437323964376262663834 +61373330643932363061393039373064306262373738303934393437333934653434626434373362 +6265383464376133650a333162373362323261353163646566653733626533613863323237633833 +36616463396535366436356662306333383134653233323334303639336439653732326534313161 +38353463643563363631346537653133353165376438336131323662376263356662366233343337 +61333961653339316332653630666633323635353135303633316635326430373630653464343765 +66613938663762326462353563323138356466653966383336633962613639633638363561353836 +32376161343131323262643831653965333338346263643463613238626231383364626431386636 +34636330663261303664656534353934656135306164353864623236396530323366363666623832 +36386666383434336265623262626566626464363163663332623562393330653137333062353665 +39623233626130613263653434613066393831383931666138373066323336663066646230623738 +30613139663838623632376137343935353739626239303034633766363239383333633035653365 +39316665633536323238393930646461623363613964393132353636633663376163323164363362 +62653861326434646537323365663534653462303239396333653132373337333262633934633439 +31316330373565313462613239626331383462613762303737386436646633363361373835643839 +38373863306534383831646162323839323433633139336636333037376633313939306438303635 +61356366613265333832326363626135663731316366633639343162383132373364396462623438 +39373630363439643762363464303233623631613030616135366332393163393835353064666362 +32663331323030356265366434356466613161323065366331343432656638646334316139656263 +62343331376335336434663636636436616338343837646566353131353661366165393565313062 +32326436396539623236316563306264396134613030623533343761623464323135396235303535 +38343662306636653039373962363030353666343837343865333965646538396432346264346236 +32616562336561633366656366396133346463613037366139656233313961393565373833643130 +63613434663330336431363732323132333166373762373831653362326466663862356534323331 +65653663323336613535383735303130336262343936356331363839643537623037633766626635 +62383837656532623734396438383334363466373439396435326163373531343963376131306461 +35323535356432633432393065346662336233393334396534346630393436303331666363653131 +65353932383566346366656161366136366564633036386262643333316533663962