Ansible project to manage my services.
https://viyurz.fr
Viyurz
6a4dd7cd2b
Some environment variables set in docker compose file (TIME_ZONE, ALLOWED_HOSTS) are used only if the etebase-server.ini file doesn't exist, which can be misleading. If we change these variables after the etebase-server.ini file has been generated, the settings won't be updated in the config file. Templating this file allows changing these settings after the first run. |
||
|---|---|---|
| playbooks | ||
| roles | ||
| .gitignore | ||
| ansible-playbook-selector.sh | ||
| ansible.cfg | ||
| backup.sh | ||
| env.yml | ||
| README.md | ||
| secrets.yml.example | ||
vps
This repository contains all the files I use to manage services hosted on viyurz.fr.
Requirements
Ansible:
sudo apt install -y ansible
Setup SSL certificates with Certbot beforehand:
sudo apt install -y certbot python3-certbot-dns-ovh
Secrets
Copy the existing secrets.yml.example to secrets.yml, run ansible-vault encrypt secrets.yml to encrypt the file with a password, and finally edit the newly encrypted file with ansible-vault edit secrets.yml.
If you want to change the vault password run ansible-vault rekey secrets.yml.
Backups
Run the backup-services.yml playbook once to setup the passphrase file.
After that, you can create a root cronjob to run this playbook without requiring interactivity:
0 4 * * * export ANSIBLE_ROLES_PATH=/home/viyurz/vps/roles/; /usr/bin/ansible-playbook /home/viyurz/vps/playbooks/backup-services.yml -e include_secrets=false -e selected_projects=''
Here we leave selected_projects empty to backup all projects.