diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index cbd186b..f7f2038 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -3,6 +3,9 @@ on: [push] jobs: deploy: runs-on: ubuntu-latest + env: + RUNNER_TOOL_CACHE: /toolcache + ANSIBLE_VERSION: "8.7.0" strategy: matrix: playbook: @@ -11,7 +14,29 @@ jobs: - Ansible/heartbeat.yml - Ansible/debian.yml steps: - - uses: actions/checkout@v3 + - name: Copy SSH Key + run: | + mkdir ~/.ssh/ + echo "Host *" > ~/.ssh/config + echo " StrictHostKeyChecking no" >> ~/.ssh/config + echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - uses: actions/checkout@v3 + with: + submodules: recursive + + - name: "Cache python packages" + uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-${{ env.ANSIBLE_VERSION }} + + - name: Install Ansible + run: | + apt update -y + apt install python3-pip -y + python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }} #- name: Install Ansible Galaxy requirements # run: | @@ -20,17 +45,13 @@ jobs: - name: Run playbook uses: dawidd6/action-ansible-playbook@v2 with: - # Required, playbook filepath playbook: ${{ matrix.playbook }} - - # Optional, directory where playbooks live directory: ./ - - # Optional, SSH private key key: ${{secrets.SSH_PRIVATE_KEY}} vault_password: ${{secrets.VAULT_PASSWORD}} - # Optional, galaxy requirements filepath # requirements: requirements.yaml + options: | - --inventory Ansible/inventory.ini \ No newline at end of file + --inventory Ansible/inventory.ini + --extra-vars "@Ansible/homelab-vault/secrets.yml" \ No newline at end of file diff --git a/Ansible/ansible.cfg b/Ansible/ansible.cfg index a7e975a..4c5e49a 100644 --- a/Ansible/ansible.cfg +++ b/Ansible/ansible.cfg @@ -4,4 +4,4 @@ host_key_checking = False inventory = ./inventory.ini [privilege_escalation] -become_ask_pass = True +#become_ask_pass = True diff --git a/Ansible/homelab-vault b/Ansible/homelab-vault index 6b8679d..e95c8ff 160000 --- a/Ansible/homelab-vault +++ b/Ansible/homelab-vault @@ -1 +1 @@ -Subproject commit 6b8679decc51b10d3a028993d11892be763e0eb7 +Subproject commit e95c8ff2aef2e919e5bf0fc8133aaec69ea8dc08 diff --git a/Ansible/openssh.yml b/Ansible/openssh.yml index 047cdb7..f5b0153 100644 --- a/Ansible/openssh.yml +++ b/Ansible/openssh.yml @@ -31,7 +31,7 @@ ansible.builtin.copy: owner: bhays mode: "0600" - src: ~/.ssh/authorized_keys + src: ../Configs/authorized_keys dest: /home/bhays/.ssh/authorized_keys - name: Copy secure login banner ansible.builtin.copy: diff --git a/Configs/authorized_keys b/Configs/authorized_keys new file mode 100644 index 0000000..460469b --- /dev/null +++ b/Configs/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClhOkA+6Wj+HmJb32wqDXAksOr7mhRovSQAt/6PNem/q0R+JA4qyYpStPAkLTHmUJhUPYlyeVPJyaGxRyE96SSrLxy2tGvfch1D2XkrYTZoyEYc0QNg2PfgCkAZofDSPrErzcAzT9XBJ+/9rga8IBZ3F8Nm1gl401y0Ckchdne/i+npVurimpSMJbIwjIsg7ij1gWLL4idIftW7IDloWedI1O2XdBW9VDpA/zq46tBwt3Jeelv5oDCup6g9wLQwBpmegWXYS+p47vGzIYp2qBI2D/opOZCUaBNT81G80E9H0fsNDi8xCBfVj7zgBQHzviqGFqeKjU39FbLZlkeISMX rsa-key-20231020 \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg index 017a171..791b1bf 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -4,4 +4,4 @@ host_key_checking = False inventory = ./Ansible/inventory.ini [privilege_escalation] -become_ask_pass = True +#become_ask_pass = True