Merge pull request 'Add an Gitea Action for Deploying Ansible Playbooks' (#1) from ansible-deploy-action into main

Reviewed-on: #1

.gitea/workflows/ansible-deploy.yml

@@ -3,6 +3,9 @@ on: [push]
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    env:
+      RUNNER_TOOL_CACHE: /toolcache
+      ANSIBLE_VERSION: "8.7.0"
     strategy:
       matrix:
         playbook:
@@ -11,7 +14,29 @@ jobs:
           - Ansible/heartbeat.yml
           - Ansible/debian.yml
     steps:
-      - uses: actions/checkout@v3  
+      - name: Copy SSH Key
+        run: | 
+          mkdir ~/.ssh/
+          echo "Host *" > ~/.ssh/config
+          echo "    StrictHostKeyChecking no" >> ~/.ssh/config
+          echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: "Cache python packages"
+        uses: actions/cache@v3
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-${{ env.ANSIBLE_VERSION }}
+
+      - name: Install Ansible
+        run: |
+          apt update -y
+          apt install python3-pip -y
+          python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }}
 
       #- name: Install Ansible Galaxy requirements
       #  run: |
@@ -20,17 +45,13 @@ jobs:
       - name: Run playbook
         uses: dawidd6/action-ansible-playbook@v2
         with:
-          # Required, playbook filepath
           playbook: ${{ matrix.playbook }}
-
-          # Optional, directory where playbooks live
           directory: ./
-
-          # Optional, SSH private key
           key: ${{secrets.SSH_PRIVATE_KEY}}
           vault_password: ${{secrets.VAULT_PASSWORD}}
 
-          # Optional, galaxy requirements filepath
           # requirements: requirements.yaml
+
           options: |
-            --inventory Ansible/inventory.ini
+            --inventory Ansible/inventory.ini
+            --extra-vars "@Ansible/homelab-vault/secrets.yml"

Ansible/ansible.cfg

@@ -4,4 +4,4 @@ host_key_checking = False
 inventory = ./inventory.ini
 
 [privilege_escalation]
-become_ask_pass = True
+#become_ask_pass = True

Ansible/homelab-vault

@@ -1 +1 @@
-Subproject commit 6b8679decc51b10d3a028993d11892be763e0eb7
+Subproject commit e95c8ff2aef2e919e5bf0fc8133aaec69ea8dc08

Ansible/openssh.yml

@@ -31,7 +31,7 @@
       ansible.builtin.copy:
         owner: bhays
         mode: "0600"
-        src: ~/.ssh/authorized_keys
+        src: ../Configs/authorized_keys
         dest: /home/bhays/.ssh/authorized_keys
     - name: Copy secure login banner
       ansible.builtin.copy:

Configs/authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClhOkA+6Wj+HmJb32wqDXAksOr7mhRovSQAt/6PNem/q0R+JA4qyYpStPAkLTHmUJhUPYlyeVPJyaGxRyE96SSrLxy2tGvfch1D2XkrYTZoyEYc0QNg2PfgCkAZofDSPrErzcAzT9XBJ+/9rga8IBZ3F8Nm1gl401y0Ckchdne/i+npVurimpSMJbIwjIsg7ij1gWLL4idIftW7IDloWedI1O2XdBW9VDpA/zq46tBwt3Jeelv5oDCup6g9wLQwBpmegWXYS+p47vGzIYp2qBI2D/opOZCUaBNT81G80E9H0fsNDi8xCBfVj7zgBQHzviqGFqeKjU39FbLZlkeISMX rsa-key-20231020

ansible.cfg

@@ -4,4 +4,4 @@ host_key_checking = False
 inventory = ./Ansible/inventory.ini
 
 [privilege_escalation]
-become_ask_pass = True
+#become_ask_pass = True