Use .yaml

2023-11-13 20:27:07 +08:00 · 2023-11-13 20:27:07 +08:00 · b387ee2e03
parent 61bdacd879
commit b387ee2e03
21 changed files with 42 additions and 32 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
-vars/secrets.yml
-templates/conf/users_database.yml.j2
-templates/conf/configuration.yml.j2
+vars/secrets.yaml
+templates/conf/users_database.yaml.j2
+templates/conf/configuration.yaml.j2
 files/firefox
 production
 .hidden
--- a/README.md
+++ b/README.md
@ -2,23 +2,23 @@

 An Ansible playbook to deploy Docker services to our servers and another to back up important data.

-`ansible-playbook -i "production" "deploy.yml"`
+`ansible-playbook -i "production" "deploy.yaml"`

-`ansible-playbook -i "production" "back-up.yml"`
+`ansible-playbook -i "production" "back-up.yaml"`

 ## Services

-The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yml) defines the services to be deployed or already deployed.
+The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed.

 They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2).

 ## Configurations

-Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
+Our SearXNG instance uses a custom [settings.yaml](templates/conf/settings.yaml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).

 Data of our Privatebin, Etherpad, and Gitea instance are backed up periodically.

-Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
+Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.

 ## Contact
 Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.
--- a/back-up.yaml
+++ b/back-up.yaml
@ -4,7 +4,7 @@
  gather_facts: false
  become: true
  vars_files:
-    - vars/secrets.yml
+    - vars/secrets.yaml
  tasks:

 # ----------------------------------------------------------------------------------------------------
--- a/config-tasks/4get.yaml
+++ b/config-tasks/4get.yaml
--- a/config-tasks/anonymousoverflow.yaml
+++ b/config-tasks/anonymousoverflow.yaml
--- a/config-tasks/authelia.yaml
+++ b/config-tasks/authelia.yaml
@ -12,18 +12,18 @@
    - set_fact:
        authelia_session_secret: "{{ authelia_session_secret_result.stdout }}"

-    - name: Set up configuration.yml
+    - name: Set up configuration.yaml
      template:
-        src: "conf/configuration.yml.j2"
-        dest: "{{ docker_dir }}/authelia/configuration.yml"
+        src: "conf/configuration.yaml.j2"
+        dest: "{{ docker_dir }}/authelia/configuration.yaml"
        owner: 1000
        group: 1000
        mode: 0755

-    - name: Set up users_database.yml
+    - name: Set up users_database.yaml
      template:
-        src: "conf/users_database.yml.j2"
-        dest: "{{ docker_dir }}/authelia/users_database.yml"
+        src: "conf/users_database.yaml.j2"
+        dest: "{{ docker_dir }}/authelia/users_database.yaml"
        owner: 1000
        group: 1000
        mode: 0755
--- a/config-tasks/breezewiki.yaml
+++ b/config-tasks/breezewiki.yaml
--- a/config-tasks/caddy.yaml
+++ b/config-tasks/caddy.yaml
--- a/config-tasks/firefox.yaml
+++ b/config-tasks/firefox.yaml
--- a/config-tasks/gitea-netrc.yaml
+++ b/config-tasks/gitea-netrc.yaml
@ -26,7 +26,7 @@
        dest: "/home/{{ control_user }}/.netrc"
        owner: 1000
        group: 1000
-        mode: 0755
+        mode: 0600
      delegate_to: "{{ control_host }}"

    - name: Encrypt .netrc
@ -34,8 +34,8 @@
      delegate_to: "{{ control_host }}"

    - name: Clear .netrc
-      copy: 
-        content: '# Clear' 
+      copy:
+        content: '# Clear'
        dest: "/home/{{ control_user }}/.netrc"
      delegate_to: "{{ control_host }}"

@ -58,4 +58,10 @@

    - name: Use git-credential-netrc
      command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v"
-      delegate_to: "{{ control_host }}"
+      delegate_to: "{{ control_host }}"
+
+    - name: Add pinentry-program to gpg-agent.conf on control host
+      lineinfile:
+        path: /home/{{ user }}/.gnupg/gpg-agent.conf
+        line: 'pinentry-program /usr/bin/pinentry-gnome3'
+      delegate_to: "{{ control_host }}"
--- a/config-tasks/gitea.yaml
+++ b/config-tasks/gitea.yaml
--- a/config-tasks/nitter.yaml
+++ b/config-tasks/nitter.yaml
--- a/config-tasks/paulgo.yaml
+++ b/config-tasks/paulgo.yaml
@ -7,8 +7,8 @@

    - name: Set up paulgo conf
      template:
-        src: "conf/settings.yml.j2"
-        dest: "{{ docker_dir }}/paulgo/settings.yml"
+        src: "conf/settings.yaml.j2"
+        dest: "{{ docker_dir }}/paulgo/settings.yaml"
        owner: 1000
        group: 1000
        mode: 0755
--- a/config-tasks/runner.yaml
+++ b/config-tasks/runner.yaml
--- a/config-tasks/scribe.yaml
+++ b/config-tasks/scribe.yaml
--- a/deploy.yaml
+++ b/deploy.yaml
@ -3,8 +3,8 @@
  hosts: all
  gather_facts: false
  vars_files:
-    - vars/secrets.yml
-    - vars/services.yml
+    - vars/secrets.yaml
+    - vars/services.yaml
  tasks:
  
 # ----------------------------------------------------------------------------------------------------
@ -37,7 +37,7 @@
      when: compose is defined and inventory_hostname in compose

    - name: Inital configurations
-      include_tasks: "config-tasks/{{ item }}.yml"
+      include_tasks: "config-tasks/{{ item }}.yaml"
      loop: "{{ config[inventory_hostname] }}"
      when: config is defined and inventory_hostname in config
      ignore_errors: yes
--- a/templates/compose/paulgo.yaml.j2
+++ b/templates/compose/paulgo.yaml.j2
@ -35,7 +35,7 @@ services:
    depends_on:
      - redis
    volumes:
-      - {{ docker_dir }}/paulgo/settings.yml:/usr/local/searxng/searx/settings.yml
+      - {{ docker_dir }}/paulgo/settings.yaml:/usr/local/searxng/searx/settings.yaml
      - {{ docker_dir }}/paulgo/donate.md:/usr/local/searxng/searx/infopage/en/donate.md
    network_mode: host

--- a/templates/conf/settings.yaml.j2
+++ b/templates/conf/settings.yaml.j2
@ -76,7 +76,7 @@ server:
  base_url: "https://opnxng.com"
  public_instance: true

-  # If your instance owns a /etc/searxng/settings.yml file, then set the following
+  # If your instance owns a /etc/searxng/settings.yaml file, then set the following
  # values there.
  secret_key: "{{ paulgo_jwt_secret }}"  # Is overwritten by ${SEARXNG_SECRET}
  # Proxying image results through searx
@ -2540,4 +2540,4 @@ doi_resolvers:

 default_doi_resolver: 'oadoi.org'

-{% endraw %}
+{% endraw %}
--- a/vars/.services.yml.swp
+++ b/vars/.services.yml.swp
--- a/vars/secrets.example.yaml
+++ b/vars/secrets.example.yaml
--- a/vars/services.yaml
+++ b/vars/services.yaml
@ -1,10 +1,14 @@
 compose:
+  vultr:
+    - 4get
+  oracle1:
+    - 4get
+  oracle2:
+    - 4get
+  oracle3:
+    - 4get
  oracle4:
-    - paulgo
-
-config:
-  oracle4:
-    - paulgo
+    - 4get

 # ----------------------------------------------------------------------------------------------------