diff options
| author | Elizabeth Hunt <me@liz.coffee> | 2025-03-15 00:50:34 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <me@liz.coffee> | 2025-03-15 00:50:34 -0700 |
| commit | fb7e6890d8516618fa3baec0edf84048e2b6601d (patch) | |
| tree | a7bc5cfce71288ab69e8fa590d0f02df90c55385 /README.md | |
| download | infra-fb7e6890d8516618fa3baec0edf84048e2b6601d.tar.gz infra-fb7e6890d8516618fa3baec0edf84048e2b6601d.zip | |
a docker swarm
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..cce9463 --- /dev/null +++ b/README.md @@ -0,0 +1,84 @@ +# liz.coffee infra + +A collection of playbooks to deploy the liz.coffee infra + +## Prerequisites + +- `ansible` +- `yamllint` +- `ansible-lint` +- an ssh key accepted on each line in the `inventory` + +## Setup + +### Vault + +Secrets are managed via `ansible-vault`. Initialize or update your vault +with new secrets via our custom `./ansible-vault-init.sh` script. + +Additionally if you want to only update a single secret, use +`./ansible-vault-init.sh <secret_name>`. + +If you don't want to be prompted to enter your password every time you +deploy something, put your password as plain text into `secrets.pwd` as +a single line in the root src directory: + +```bash +echo "<your_password>" > secrets.pwd +``` + +Then you can add `--vault-password-file secrets.pwd` each time you run a +deployment (or you know, use `pass` or something if you're paranoid). + +### Pre-commit hooks + +1. clone the repo + + ```bash + git clone git@git.liz.coffee:liz.coffee/infra + cd infra + ``` + +2. add a pre-commit hook + + ```bash + cd .git/hooks + touch pre-commit + ``` + +3. insert into `pre-commit` the following contents: + + ```bash + #!/bin/sh + + set -e + + # lint yaml files + echo "running yamllint..." + yamllint --strict . + + # follow ansible best-practices + echo "running ansible-lint" + ansible-lint + ``` + +4. make it executable + ```bash + chmod +x pre-commit + ``` + +## Running + +`ansible-playbook -e @secrets.enc deploy.yml` will run each respectively added playbook in `deploy.yml` +using the vault intialized in the previous steps. + +Though in development, one should be testing individual playbooks, and `deploy.yml` +should be left for an idea of general order of things, or for a +full deployment after testing. + +NOTE: It is highly advised to run `ansible-playbook` in an `ssh-agent` session to avoid retyping your password over and over. Something along the lines of: + +```bash +ssh-agent $(echo $SHELL) +ssh-add ~/.ssh/<private-key> +``` |