feat: ansible proxy jump

2025-10-07 22:39:58 -04:00
parent 767fd3b503
commit 7f36507dce
7 changed files with 140 additions and 86 deletions
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -11,7 +11,7 @@
        ansible_ssh_host: "{{ server_ip.value }}"
        ansible_user: root
        ansible_port: 22
-        ansible_private_key_file: "{{ secret.private_ssh_key_path }}"
+        ansible_private_key_file: "{{ secret.private_gitea_ssh_key_path }}"

 - name: Switch port to 2222.
  hosts: server_fresh
@@ -41,10 +41,7 @@
    - name: Add remote host.
      ansible.builtin.add_host:
        name: server
-        ansible_ssh_host: "{{ server_ip.value }}"
-        ansible_user: root
-        ansible_port: 2222
-        ansible_private_key_file: "{{ secret.private_ssh_key_path }}"
+        ansible_ssh_host: repository_gitea

 - name: Install Docker.
  gather_facts: true
@@ -55,7 +52,6 @@
  tasks:
    - name: Install PIP.
      ansible.builtin.apt:
-        update_cache: true
        name:
          - python3-pip
        state: present
--- a/playbooks/provision.yml
+++ b/playbooks/provision.yml
@@ -36,3 +36,31 @@
        content: "{{ terraform_apply.outputs }}"
        dest: ../dist/terraform_outputs.yml
        mode: '0755'
+
+- name: Update SSH config.
+  hosts: localhost
+  gather_facts: false
+  tags: hosts
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+    - ../variables.yml
+  tasks:
+    - name: Add Gitea host.
+      community.general.ssh_config:
+        host: "{{ variables.gitea_host }}"
+        hostname: "{{ server_ip.value }}"
+        remote_user: root
+        forward_agent: true
+        user: user
+        port: 2222
+        identity_file: "{{ secret.private_gitea_ssh_key_path }}"
+
+    - name: Add Runner host.
+      community.general.ssh_config:
+        host: "{{ variables.runner_host }}"
+        remote_user: root
+        user: user
+        identity_file: "{{ secret.private_runner_ssh_key_path }}"
+        proxyjump: "{{ variables.gitea_host }}"
+        hostname: 10.0.10.17
--- a/playbooks/restore.yml
+++ b/playbooks/restore.yml
@@ -8,10 +8,7 @@
    - name: Add remote host.
      ansible.builtin.add_host:
        name: server
-        ansible_ssh_host: "{{ server_ip.value }}"
-        ansible_user: root
-        ansible_port: 2222
-        ansible_private_key_file: "{{ secret.private_ssh_key_path }}"
+        ansible_ssh_host: repository_gitea

 - name: Deploy artifact to instance.
  hosts: server
--- a/playbooks/runner.yml
+++ b/playbooks/runner.yml
@@ -0,0 +1,25 @@
+- name: Set up for fresh host.
+  gather_facts: false
+  hosts: localhost
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Add remote host.
+      ansible.builtin.add_host:
+        name: server
+        ansible_ssh_host: repository_runner
+        ansible_ssh_extra_args: -J repository_gitea
+
+- name: Deploy runner.
+  hosts: server
+  gather_facts: false
+  tasks:
+    - name: Test
+      ansible.builtin.raw: hostname
+      register: test
+      changed_when: false
+
+    - name: Debug
+      ansible.builtin.debug:
+        var: test