diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-05-01 01:33:35 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-05-01 01:33:35 -0700 |
| commit | bbad09e2b15eeca86f83a9d2a97449baf71e326f (patch) | |
| tree | 9d10c3ec94ae11a7cd28131bbcf5d553245006ec /README.md | |
| download | mmt-infra-bbad09e2b15eeca86f83a9d2a97449baf71e326f.tar.gz mmt-infra-bbad09e2b15eeca86f83a9d2a97449baf71e326f.zip | |
init
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..d210c13 --- /dev/null +++ b/README.md @@ -0,0 +1,85 @@ +# hatecomputers.club infra + +A collection of playbooks to deploy the hatecomputers.club infra + +## Prerequisites + +- `ansible` +- `yamllint` +- `ansible-lint` +- an ssh key accepted on the root of each host in the `inventory` + +## Setup + +### Vault + +Secrets are managed via `ansible-vault`. Initialize or update your vault +with new secrets via our custom `./ansible-vault-init.sh` script. + +Additionally if you want to only update a single secret, use +`./ansible-vault-init.sh <secret_name>`. + +If you don't want to be prompted to enter your password every time you +deploy something, put your password as plain text into `secrets.pwd` as +a single line in the root src directory: + +```bash +echo "<your_password>" > secrets.pwd +``` + +Then you can add `--vault-password-file secrets.pwd` each time you run a +deployment (or you know, use `pass` or something if you're paranoid). + +### Pre-commit hooks + +1. clone the repo + + ```bash + git clone git@git.hatecomputers.club:hatecomputers.club/infra + cd infra + ``` + +2. add a pre-commit hook + + ```bash + cd .git/hooks + touch pre-commit + ``` + +3. insert into `pre-commit` the following contents: + + ```bash + #!/bin/sh + + set -e + + # lint yaml files + echo "running yamllint..." + yamllint --strict . + + # follow ansible best-practices + echo "running ansible-lint" + ansible-lint + ``` + +4. make it executable + ```bash + chmod +x pre-commit + ``` + +## Running + +`ansible-playbook -e @secrets.enc deploy.yml` will run each respectively added playbook in `deploy.yml` +using the vault intialized in the previous steps. + +Though in development, one should be testing individual playbooks, and `deploy.yml` +should be left for an idea of general order of things, or for a +full deployment after testing. + +NOTE: It is highly advised to run `ansible-playbook` in an `ssh-agent` session to avoid retyping your password over and over. Something along the lines of: + +```bash +ssh-agent $(echo $SHELL) +ssh-add ~/.ssh/<private-key> +``` + |