yohan/duplicity_playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove useless repository docker-duplicity-stack.

Browse Source
This commit is contained in:
yohan 2023-10-22 17:44:05 +02:00
parent e59988a4a1
commit 606f0f5315
3 changed files with 36 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
bootstrap.yml
View File

@ -24,14 +24,37 @@
state: directory state: directory
mode: '0700' mode: '0700'
- name: Extract required secrets from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
with_items:
- name: secrets/docker-duplicity-stack/mail_credentials.json
dir: /root/
- name: secrets/bootstrap/id_rsa
dir: /root/.ssh
- name: Change secret file permissions
ansible.builtin.file:
path: "{{ item }}"
mode: '0400'
owner: root
group: root
with_items:
- /root/mail_credentials.json
- /root/.ssh/id_rsa
- name: Copy ssh config
ansible.builtin.copy:
src: /root/duplicity_playbooks/files/config
dest: /root/.ssh/config
mode: '0640'
owner: root
group: root
when: copy_output is changed
- name: Send mail with new secrets
- name: Extract from secrets.tar.gz.enc - name: Extract from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ WORKDIR }}/secrets.tar.gz.enc | tar -zxv -C {{ WORKDIR }}" shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ WORKDIR }}/secrets.tar.gz.enc | tar -zxv -C {{ WORKDIR }}"
- name: Change SSH private key permissions
ansible.builtin.file:
path: /root/.ssh/id_rsa
mode: '0400'
- name: Retrieve documentation - name: Retrieve documentation
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','DOC_KEY') }}/download" url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','DOC_KEY') }}/download"
@ -57,6 +80,14 @@
ansible.builtin.package: ansible.builtin.package:
name: python2 name: python2
state: present state: present
when: copy_output is changed
- name: Copy sendmail.py
ansible.builtin.copy:
src: /root/duplicity_playbooks/files/sendmail.py
dest: /root/sendmail.py
mode: '0770'
when: copy_output is changed
- name: Send mail with new secrets - name: Send mail with new secrets
ansible.builtin.command: "/root/sendmail.py -a {{ WORKDIR }}/secrets.tar.gz.enc {{ WORKDIR }}/mail /root/mail_credentials.json" ansible.builtin.command: "/root/sendmail.py -a {{ WORKDIR }}/secrets.tar.gz.enc {{ WORKDIR }}/mail /root/mail_credentials.json"

8
tasks/down.yml
View File

@ -13,14 +13,6 @@
delegate_to: 172.17.0.1 delegate_to: 172.17.0.1
become: true become: true
- name: Remove docker-duplicity-stack directory
ansible.builtin.file:
path: "/home/{{ user }}/repository/docker-duplicity-stack"
state: absent
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: unmount /mnt/cloud - name: unmount /mnt/cloud
ansible.posix.mount: ansible.posix.mount:
path: /mnt/cloud path: /mnt/cloud

38
tasks/start.yml
View File

@ -22,8 +22,6 @@
- name: Extract from secrets.tar.gz.enc - name: Extract from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}" shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
with_items: with_items:
- name: secrets/docker-duplicity-stack/mail_credentials.json
dir: /root/
- name: secrets/bootstrap/id_rsa - name: secrets/bootstrap/id_rsa
dir: /root/.ssh dir: /root/.ssh
- name: secrets/docker-duplicity-stack/nextcloud_password.sh - name: secrets/docker-duplicity-stack/nextcloud_password.sh
@ -36,36 +34,6 @@
path: /root/.ssh/id_rsa path: /root/.ssh/id_rsa
mode: '0400' mode: '0400'
- name: Remove docker-duplicity-stack directory
ansible.builtin.file:
path: "/home/{{ user }}/repository/docker-duplicity-stack"
state: absent
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Clone docker-duplicity-stack repo
ansible.builtin.git:
repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity-stack.git'
dest: "/home/{{ user }}/repository/docker-duplicity-stack"
clone: yes
force: true
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Copy files
ansible.builtin.copy:
src: "{{ item }}"
dest: "/home/{{ user }}/repository/docker-duplicity-stack"
mode: '0400'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
with_items:
- /root/mail_credentials.json
- /root/.ssh/id_rsa
- name: Set Nextcloud credentials - name: Set Nextcloud credentials
ansible.builtin.include_tasks: "tasks/source_vars.yml" ansible.builtin.include_tasks: "tasks/source_vars.yml"
with_items: with_items:
@ -235,15 +203,9 @@
output_logs: true output_logs: true
detach: false detach: false
network_mode: host network_mode: host
working_dir: "/home/{{ user }}/repository/docker-duplicity-stack"
volumes: volumes:
- /mnt/volumes:/mnt/volumes:z - /mnt/volumes:/mnt/volumes:z
- /mnt/cloud:/mnt/cloud:z - /mnt/cloud:/mnt/cloud:z
- /home/{{ user }}/repository/docker-duplicity-stack/backup_scripts:/mnt/scripts:z
- /home/{{ user }}/repository/docker-duplicity-stack/sendmail.py:/root/sendmail.py:z
- /home/{{ user }}/repository/docker-duplicity-stack/mail_credentials.json:/root/mail_credentials.json:z
- /home/{{ user }}/repository/docker-duplicity-stack/id_rsa:/root/.ssh/id_rsa:Z
- /home/{{ user }}/repository/docker-duplicity-stack/config:/root/.ssh/config:Z
- /home/{{ user }}/repository/duplicity_playbooks_temp:/root/duplicity_playbooks:Z - /home/{{ user }}/repository/duplicity_playbooks_temp:/root/duplicity_playbooks:Z
env: env:
OS_AUTH_URL: "{{ OS_AUTH_URL }}" OS_AUTH_URL: "{{ OS_AUTH_URL }}"