yohan/duplicity_playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c61bd98d28
duplicity_playbooks/gen_bootstrap.yml
yohan c61bd98d28 Improve gen_bootstrap.yml.
2023-10-21 22:06:38 +02:00

123 lines
4.5 KiB
YAML
Executable File
Raw Blame History

---
- name: gen_bootstrap
hosts: localhost
gather_facts: false
vars_files: main.yml
tasks:
- name: Assert extra-vars are set
ansible.builtin.assert:
that:
- item | length > 0
msg: "{{ item }} environment variable must be set"
with_items:
- KEY
- DOC_KEY
- DUPLICITY_PASSPHRASE
- name: Assert SECRETS_ARCHIVE_PASSPHRASE environment variable is set
ansible.builtin.assert:
that:
- lookup('env','SECRETS_ARCHIVE_PASSPHRASE') | length > 0
msg: "SECRETS_ARCHIVE_PASSPHRASE environment variable must be set"
- name: Download secrets.tar.gz.enc
ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc"
dest: "{{ WORKDIR }}/secrets.tar.gz.enc"
- name: Install openssh-client
ansible.builtin.package:
name: openssh-client
state: present
- name: Create /root/.ssh directory
ansible.builtin.file:
path: /root/.ssh
state: directory
mode: '0700'
- name: Extract from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ WORKDIR }}/secrets.tar.gz.enc | tar -zxv -C {{ WORKDIR }}"
- name: Change SSH private key permissions
ansible.builtin.file:
path: /root/.ssh/id_rsa
mode: '0400'
- name: Retrieve documentation
ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ DOC_KEY }}/download"
dest: "{{ WORKDIR }}/Documentation.md"
- name: Copy new documentation
ansible.builtin.copy:
src: "{{ WORKDIR }}/Documentation.md"
dest: "{{ WORKDIR }}/secrets/bootstrap/Documentation.md"
register: copy_output
- name: Create secrets.tar.gz.enc
shell: "tar -czvpf - -C {{ WORKDIR }} secrets | openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -salt -out {{ WORKDIR }}/secrets.tar.gz.enc"
when: copy_output is changed
- name: Copy mail content
ansible.builtin.copy:
content: "Secrets archive has changed. New file attached."
dest: "{{ WORKDIR }}/mail"
when: copy_output is changed
- name: Install python2
ansible.builtin.package:
name: python2
state: present
- name: Send mail with new secrets
ansible.builtin.command: "/root/sendmail.py -a {{ WORKDIR }}/secrets.tar.gz.enc {{ WORKDIR }}/mail /root/mail_credentials.json"
when: copy_output is changed
- name: Copy new secrets in Nextcloud share
ansible.builtin.copy:
src: "{{ WORKDIR }}/secrets.tar.gz.enc"
dest: /mnt/cloud/Passwords/secrets.tar.gz.enc
when: copy_output is changed
- name: Create /mnt/archives_critiques/secrets directory in serveur-appart
ansible.builtin.file:
path: /mnt/archives_critiques/secrets
state: directory
owner: yohan
group: yohan
remote_user: yohan
remote_port: 2224
delegate_to: chez-yohan.scimetis.net
become: true
- name: Get checksum of secrets.tar.gz.enc
ansible.builtin.stat:
path: "{{ WORKDIR }}/secrets.tar.gz.enc"
register: stats_output
- debug: var=stats_output
#FILENAME=secrets.tar.gz.enc-$(sha1sum ${DIRECTORY}/secrets.tar.gz.enc | awk -F' ' '{print $1}')
#scp -P 2224 ${DIRECTORY}/secrets.tar.gz.enc yohan@chez-yohan.scimetis.net:/mnt/archives_critiques/secrets/$FILENAME
#rm -rf ${DIRECTORY}/secrets* ${DIRECTORY}/Documentation.md
#
#for name in docker-nextcloud-stack docker-reverse-proxy-stack docker-reverse-proxy docker-gogs-stack docker-mysql-stack docker-mysql systemd-mount-cinder-volume
#do
# git clone https://git.scimetis.net/yohan/${name}.git ${DIRECTORY}/${name}
# tar -czf ${DIRECTORY}/${name}.tar.gz -C ${DIRECTORY} ${name}
# rm -rf ${DIRECTORY}/${name}
#done
#
#ARCHIVE_DIR=/mnt/volumes/duplicity_cache/data
#export SWIFT_USERNAME=$OS_USERNAME
#export SWIFT_PASSWORD=$OS_PASSWORD
#export SWIFT_AUTHURL=$OS_AUTH_URL
#export SWIFT_AUTHVERSION=$OS_IDENTITY_API_VERSION
#export SWIFT_TENANTNAME=$OS_TENANT_NAME
#export SWIFT_REGIONNAME=$OS_REGION_NAME
#export PASSPHRASE=$DUPLICITY_PASSPHRASE
#duplicity --num-retries 3 --full-if-older-than 1M --progress --archive-dir ${ARCHIVE_DIR} --name bootstrap --allow-source-mismatch "${DIRECTORY}" swift://bootstrap
#duplicity remove-older-than 2M --archive-dir ${ARCHIVE_DIR} --name bootstrap --allow-source-mismatch --force swift://bootstrap
Reference in New Issue View Git Blame Copy Permalink