Commits (38)
......@@ -26,8 +26,8 @@ It will also deploy any new SSH host keys to all our machines.
#### Note about GPG keys
The root_access.yml file contains the root_gpgkeys variable that determine the users that have access to the vault, as well as the borg backup keys.
All the keys should be on the local user gpg keyring and at **minimum** be locally signed with --lsign-key. This is necessary for running either the reencrypt-vault-key
The `root_access.yml` file contains the `root_gpgkeys` variable that determine the users that have access to the vault, as well as the borg backup keys.
All the keys should be on the local user gpg keyring and at **minimum** be locally signed with `--lsign-key`. This is necessary for running either the reencrypt-vault-key
or the fetch-borg-keys tasks.
#### Note about Ansible dynamic inventories
......@@ -192,7 +192,6 @@ The following steps should be used to update our managed servers:
#### Services
- build server
- sogrep
- arch-boxes (packer)
### state.archlinux.org
......@@ -258,6 +257,15 @@ Medium-fast-ish packet.net box with Debian on it. Is currently maintained manual
#### Services
- GitLab runner
### monitoring.archlinux.org
Prometheus server which collects performance/metrics from our services and runs alertmanager
### Services
- Prometheus
- Alertmanager
## Ansible repo workflows
### Replace vault password and change vaulted passwords
......
......@@ -9,6 +9,9 @@ arch_groups:
- docker-image-sudo
arch_users:
alertmanager:
name: ""
groups: []
aaron:
name: "Aaron Griffin"
ssh_key: aaron.pub
......@@ -110,12 +113,6 @@ arch_users:
ssh_key: bgyorgy.pub
groups:
- tu
bisson:
name: "Gaëtan Bisson"
ssh_key: bisson.pub
groups:
- dev
- tu
bluewind:
name: "Florian Pritz"
ssh_key: bluewind.pub
......
......@@ -3,8 +3,6 @@
# deploy tag 'sudo' when this changes
sudo_users:
- root
- bluewind
- bpiotrowski
- foutrelis
- grazzolini
- heftig
......@@ -14,8 +12,6 @@ sudo_users:
# deploy tag 'root_ssh' when this changes
root_ssh_keys:
- bluewind.pub
- bpiotrowski.pub
- foutrelis.pub
- grazzolini.pub
- heftig.pub
......@@ -26,8 +22,6 @@ root_ssh_keys:
# run playbook 'playbooks/tasks/reencrypt-vault-key.yml' when this changes
# before running it, make sure to gpg --lsign-key all of the below keys
root_gpgkeys:
- CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E # bluewind
- F3691687D867B81B51CE07D9BBE43771487328A9 # bpiotrowski
- 86CFFCA918CF3AF47147588051E8B148A9999C34 # foutrelis
- ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB # grazzolini
- A2FF3A36AAA56654109064AB19802F8B0D70FC30 # heftig
......
......@@ -36,5 +36,3 @@ fail2ban_jails:
sshd: true
postfix: true
dovecot: false
fastcgi_cache: wiki
---
filesystem: btrfs
ipv4_address: 95.217.220.31
$ANSIBLE_VAULT;1.1;AES256
66633663616636326339373764306333386330353631643734333633663361633437613432323836
6164623837303336343161653838396434623139353939340a386234616563396433393564613665
36613238396137633132313737303166393265393363386538373833316636373964366561303335
3935653864343131350a376236363834383865306566346462646566646439363162393730643831
36346631313335666262643136613734333239366530303365353432306663333265316162636534
33393134643363383433336635366439643465333639346164336362643662666632336336346466
663635323638393661393764666364646530
......@@ -97,3 +97,6 @@ repro3.pkgbuild.com
apollo.archlinux.org
aur.archlinux.org
aur-dev.archlinux.org
[prometheus]
monitoring.archlinux.org
-----BEGIN PGP MESSAGE-----
hQIMA4m3XgcJZac7ARAAq2z3aB5PJu66QMQnnCjqSIH92YyJrqXuDH7dm7NFV6Q0
PcENrJ4TqPMnpTu6nMC4L6zQvXeYgn5aj/hkMOIDCUMepa4fre1pDKjtMdQadxWH
KI8L8tjo/VVwQaGW7wQ1Kf2ONWxiAfEol5TkqQUJP9s7ZzIU30LgM6L+SJilOpHH
zz53ULUcR7+/di/8XiiSMYIGr2wJYZWpIFsCK/ZdkUexwLstJIN5HJA9+66ecuVZ
mo4jc+ZPVECFgYA43Rtg/+7uEaUMe2J55ZaFdGdCHGcFTFrNrDFPe7cb/EZNRmp0
IL+IEYSW24s/XcosA8eG3aeJkEYLP52Zh+kdCTptWuvXg/VAUdHcKOHJN9HwcIpi
JdRawmvXOpZgvaSY30v1F9xzFaQmHncXVNwTC2DcilnnW/QDywbB4kldbD833eih
VNA2jfKRmjYfuRRKeiY9DoeYeZaZJPqbNqnviZlKjXmcDq610NmaVcgPQ9EJnzF3
H03rdENFsGx4SHLamvI4xdcW27VXEAy6EhSFjBA1WaSSnBMgcCUIsGp/nYyw4R7K
PdYegIgmgAhQKQ/EwDdGNsl+8tlgCugg8d+pRuuRIQpKr1PO8B5yGujhG4wGP+xU
ECmerLTI1z75ayQFapC4/FGS0sQdXuCSZHsvcJ1VLYLkH4J03wq1eAub9gKaPNiF
AQwDOnY8u+7vTCABB/4he5xPtUaka6MTbr385d17Kez1JdcMyDB0HIeIM/lv7Hxo
UBGpUKKnaMiv8oxWr6mvo6usbpj2TS4grGrheSSB7w2o4s7lAEpWjACY7DLDJ4Gq
EQFz+yIEn4M9QzaWbNvzw8M5a55LvJbU2ML4vYDe4sWkG9jXPchyKK5W7YFp9+Iu
nMIWAtWdLfPKU/o4VpkfUQntov4icAws2h/tCYL3CXtaa4n1x4rzsh7poZhDr2cq
8CrkfhnHJfeUL0fR8ThkCZMn2ivEcMHCx+Uuz7994D+l93fO7tJ46tDypI9uwfo5
tFEwA2x/2eHUfzZqNr4oliLsUWpS8KI42uNRJskvhQEMA3FIVp8H7sPdAQf/XIBK
pA6AVsEl8tF7nPkLu5riQfCJwJrIehtYcGSK2As+ECqfuvb6hjLD/fTXlvwFddvb
HO3tgnvyJmd/sxwGo4FT2y6YAncOu2qrie+w6Afw01iP4+Nc2K9qG+bVZwINfNkU
YhAM1Wi4yzz+NEDnGtyulI65uaLC1HFAY842624Ci8tcLAnCuxrKaStXjPklb7Nq
vhEazmEN/+/eSzHRW50ugI2nU837b0po4J4m4wyes2tjrzEucSXig/Bjnl3v5vTi
ufjH5jdDIfVz4xvMMo1Ht6Q5YxdsLOWhhdOiOM4zE6QI06k7U1RKxGWY5M9izp3I
iGC7+TzG7/RtYeJ5X4UCDANFyv97HroM4gEQALgDXDHazrz4GtnFOEk/3J1Q5IQz
v3qt4EUkJVv4SG4O3smkxg1mdI1/2C8mLxw5k0Ihl48/EMP9iXlDI7zn0VXPwwma
RFRJ505kwLi1B+J7zIO5LhxSm1xor3tVyeFopSOv/7lTmzPMaUHhrcnAqFkdfm/m
ITRZQvfu7VltyuUiD2Vj/Fq9d54HGstGmoWps1pwiLNU/mGR5augCMBbo/gQvg9o
pEhtk/U6zZBcKRgTVaMcoMjgg3VWNyEe9XeTy6ioTDVVUpNk0O9MlN/gjJBSycAO
t39y/pPVcfa0q5VMnkEmSBFg3venTjuNmiCpNL6q/9g73sm614MNccQPuTyyt32E
Qb3iNv9Xr6IufbzSXygyJbYCHHKxBoLmfMCGQ8j3Oo5duxwmx3nipragFNiZVzUh
+wee8L5hFeyrGAGCaefcDSYplAc9Hz3f7GKBsydEb+GBV4BCP0xwXJ8GVPvtG2FG
2JOin6ViumRqqENb1+IvG7MqLa3oy+o/36xcOliXmOobQfQQXqzWHsZ6++WIcrie
3irJgV2tOzCAhdM1cKu7qqWZ7s5xbeRtpQ7Jr1ZwG9gX62bRBOohRcC9zFKx7gLY
sdE2AxBMYrHLp6KfpUen0z7TybKrS9nmZ2sgmSc+gl0vmHwODNxZsJQh/9vpfdEs
5WCJ6/6RhexN5UXnhF4DuTZgWQVTimoSAQdAlbl727ppmhr6US36HT5l9Wif3cXW
/xarY8mrddh2JBgwOfux8rWP0psgwDgSHkcTcdfIJa8xRafcnbrj6mDAZ9O/Zejm
pZJwhZ1yzfm7cDFthQEMA3JSum2oPpmjAQgAg/3CLwI0k3dxvZdu8eRB3D568ub5
oSE4erS+U844M0+in82qBH+jYJYoY0puEY/tU0Y7Q8iBN6tibiO1hc7t2bZ4PtNr
diI5GdMhvAlM8NXMaRT0PI3V5TmTpfcBsX+wgBsdj36xEpfdxvd48mciPLymc0rB
gTAyBuB+eiuBiDACDTNINTMIf3ZadgsLrSEIj5mctzqiDbC4rzYAdwovPVbs/z5I
51X0+PJhuCutiFXKAtfblNCI71G4MYflR6zfug6+zFPewV8ltd963GCZsmW7Cs1/
Os089f8lbnHwEN/Cy63VIDhnoODqW4e1EkcBxJcdf+5hHXmpuMLwZlM3eYUCDAMg
h3Sl6qoo5wEQALhQHT5AfzqSaCpwGlsKLlnHU6c0SNvbY85gZ/jfxFF+KvoTYDyv
FiLtOkY6k7wpIwUhmgWHo7P3ta6oVnrhcFkdUn1HkD+1pryRBiJnvz7+bSBfMiTW
ljfKSo3uISRILDLeGOtiPoDg6spZzr3cUtCcTKvDH+zcN6fabvIVcKh7E89BPIV4
428jlm0RumXfkNRniRTGtQLGoPnmEP1ULeUWEaSF0xaq7eGOjMF3KOkCqxDZX4E1
F37+Es9k5vnFdtofsEcciPuWrH9MhMGyVl2OFQPjdvI2mvnhupxjGhaKRJzybfrx
ymp0uicAnuQ5OoMdBMesze2d69FrFNOaQ8/PQiMEI9IFEUTcK3Lf8gRAFxtR4d9T
1uc6q2d/tm7btaF/PSfigNET+MBJCxFTRdEvtUCcCsUqJOvyp1/CB4JhmuRCVFh4
pL34Ak6EpT+Yj3RsiyDV7XpmsPJ/bsY14Hulop4+Wmp/74nUdk6uYKtamz3KqKgp
CJVISrXClo57O2J3qx1tD+tTrWxiZQsVtNwC6Con9icX/6ncBN1yT5bX4mgcJnSe
7XaZdvt4KXMFGwOJc1EinoCh7WGPEooiPZIOH2277vCtGX2FVmDVH3PJhHWegaaQ
k/amHifWIe0W4aaX7jGV6Osw1gvDagx/e0pEqqFiZhBNzhPhrRRyMFQOhQIMA60F
VIBB12TIAQ/9HphNH4FU/8loA2XAliewrnyGuh9IA34GH5e0HU3qc16MwsNKCrw6
DQuqfhhYNxibqFWznzdtdFHmmJvShLKxvTExGSz2jqPRPQ3g6z9H50SSuPQsH99N
LTCRvDZ6EXMP/nmzRgUdD8TRnZzrgiawzPFG81Ix1P99w+o3nSb+ELdzp7EiR1ya
0NbJwD8d+BY8KCux4xG6QCK8z6PnxXRcGLqrGIeNk5i2NzyINr+36Q9wKHHSCF8S
aPKj6AcdHFFdZc19sCQLP9t+iVy7VlxOf+dRDQAxNwcsfVD0+w63lffoknROBr1S
ZcP8I/bcx0WA7RDvn/6EX7EJur6pOkWI71mLgy8yt0xWgDhDTO6NHv93LA3KhU7c
wfnVTLm87YmdDSgd2IC2eRhBTIlt6NxRDlZJdKWvkmfdvudt0niNgYemeDVj6yTa
ayodpq8Y5WRAIRNJ/wxg7AH3JVT94zGrYCdcKQCilxizwXcqAy1jACC57WyyTqF5
nidDfB6Hj1yAwIqe6WqfKjaErNaQ+z80ZOoxgmBf7FJGCxXO02zvePtX1iShMnaP
EiN+ZbvGihWEihRV5AW/mIE58igEeu/VLVRAHPlfVLbJKDXHKyI15DjZpb6irjqj
bUYhN8uhcXH26vl4c5csSJiiok3QikrI7cWFnmIprcb1HhNXH1hHL1fSfAGp1HZk
y6S0MYrCyV3SkYqiXpJr3iXf/hY0pfOGvK4n3GSIeRf2uN/YANXUrGbwjIQbX6PT
9OAfQyUalVKNRhQ5/c6Ha/nBTFQD+DH/z/DK6/hkkd9fPI8S4pP9ZiZSIj/Q3bEk
cdmjDf1r8FQL49bKZ/k7KyjN1LS88Fk=
=m8Jt
hQEMA3FIVp8H7sPdAQf/X7ig+FFM9cISk/7/yqNn3kHhkWdX27xlkq+4ZawlBINg
3moZ9gsDc+lFl0JDNSlioIPTbm2BnuUdbJZh/CaUoF0E5PGtZ+xMqNMFQyNUe/Jx
itw3OTBj6W5hXcJ6o94dmt7eDB9v30CmPxwF3+uPVW9eSbrmuPXRCWp+kocBWTWP
mgS8p9mNZnsyOtVxmsmiLZVjzC5exiqvJxK1NaDODuNfLhHRRBZBlP347fXxXt12
NFeawLb4o8X23bky0TdCSBkNd5dOjGVzwEDRgZq+0GBzpLQ9kdFrnxzSPilqeA6I
BQgZGyTWB6KKpMH6cn+LT5NYKTWXeNuRZp2PDu/suYUCDANFyv97HroM4gEP/jQK
HL6DT7xexmIPFiwOyXOHyneYcB9OkuvbyrjevhZdbk+OpaToFAlOfetcNhMw8udU
fMYrFUC/1Qr8GEL4TjJCs/IIkPrbmMJBrg0Gaalja93d9BnfQZuAlkRyWZ6VV40w
t5RIq/xwvY3JUSdF86yZcKBzEQ0+zrkA1vAEtz8/Ngk/qVCHDszfpH5DN5q/yxHr
QmHu+ufyTyeTyglVelR2bNfMjmbzlHE4ik+ltBh8xYLhhNUqxvZ5FsCapPnaZ9/z
xqsh+NgvDpkof0PO5xCj0fiCfPF9FRracQNTQ7xqvk5KwgZ8QMfzxCog8wLvi4Ls
q8uaQ9n+jkg4lsORp79MBWMQZMJTOzpoYVcwrruoTqB+x0tH1CWec9Noc6VaopSb
QDv+4xhIpGHyM2W64gVMspq9kRVYDEwiT/ZRwNw14RfWYXdO5SuJ4+99FeXavCx4
UwVyVCTuNt+XcRKQr+loryodaPV98uPpqOUMlN3fHY+SQk0xsxks43MOpXGLQD/s
Gu5pOoUO+UkZm1NhEQeJyuzdHjiy/gzm5t03nymNHVLMkkykL0ZRUpPyoJ6LfmtM
/KXxYVVkr9Hp2zijTqRsaZgxEcQ4EHV/m+i9efWKSzguEQAPkjkLnnWoB4xv0wCO
kexmadITAqH6b+NzbLtQ7m/5cto6bKcRb7Jc1oVShF4DuTZgWQVTimoSAQdACp/v
KovVvzmXBRLy8+xl4TV4rN96mQ5AZAkMMi7GUHUwJKAmzsDfZBYwh8p0JMs2LSKv
B/j9/YtgBihqMsSVyAGehywuHNLr0nWpAiuaeqzNhQEMA3JSum2oPpmjAQf+NAC1
5DIAbgyydT+ygHpEt5McCqiD9Kpz2ypI4i7JJ1kvFTAtsxP3gk60LKz7rk28D/+l
FFDl3iYKENg3h6yrRQduVzSiXA42hONoPw/4O1NEv3fTBT7b89pfwFpy+wRb85NZ
BMgmRQ3aVgQwDWdcYBhCOpsCjKivNTKKFpktU7eFpcYQtgbfPYB1BL2LACVKoF6W
pDoe4NdZHGMQB+D6sXKCoUdGR0brNpkYPZhLBVBlsc5uCtg4MBeyKESxzKiy3Qia
DOPA84m3GH82ppb+NOCOid/WFoj8NZvgWR/ZfNZDvgRP4Zk1PPb7ex4xkIVp42P0
HBjZO/0Giqcr0IO8x4UCDAMgh3Sl6qoo5wEP/2fNQQ1e3v41Sf4dMJKVyXivTmrd
lNl4x2JwHn1RG0RmU02RHO7+FYr9HWbLe+s47AbG1csPALIV8Azt6tHLiu2bMeDD
ylf9dHO02Jef6tjzQ/iRsxaUOLW8elK3bERkd3VGcrlMar9/Dbf+NJShcoXVhwOx
4hDynGYfd13CeY5MWQwHMD3sutwnR8zLiRbRURUGiYGb2eqtXRXLUrZE4Ub3jMfK
yFJkPdgESNQHbhM/+kHd5HK4+8QcUak3uyUtPCObiX8eFxjkQZIUPTfY+kpKPapk
qsQQXDt8fA8WKLbpClT6EZ4hTWl+3njpuE9YhV0UslAcdnebPDwUGdbLF0vMR50I
iV5FJ743leYHGVoNkLp6WfoE6iIpcQyl5FBMFMW2L4Rkzx3bFe6NJ7Pw8zCVEeN+
PqLYmM+v+yGk7yIUO3sQ0BZJhzdcie6lmDPJd8Jv0L/SPITbagYwZQ9CNtYDg2WG
CDl/24/wKdmdJHLHWkT3So+INB1sWOHMINfDsX7qc45e75GODEuPa7MkmC4c+MT1
v1tLaN6qbcbQ1tA2hCRPBhKOiT9kzi5aWyoWx+2HYu1EyMeZSbBrxJbIUXQCSr9L
heS+lfllsHnxdv02DFVYvYi2L8sQYmcnEu+m+F3QFyaxCSRyfdvS00wTtMxJYsAZ
VTUzAzSH7FOgYZ17hQIMA60FVIBB12TIARAAoRvg6HJYoyc3dySfI8bd7uqdOwR2
4e7Voe58fRZiS4647Tipf7BqS1lVwRYB/NtPgru36CIgAtETfRGWIp3ocYR5cci4
L2nNI/yklwxYS/rUU+FsN5ZJxR7WSdhLkTPlw3hNhkMJbXwFcvPpWM3vNriDhIKM
5uVT+T2OPOsXOAfADFTTT7eIE947Rzx7mND42PnBgpWBw0e+1S5rushdXnAspLby
T05tgzFs0T+ZybcdLIyhpU5sZBsfHrpe76BtwPOI7VUQi7dfIB/C9m7jLzuTTnR2
PR6sS5DLlxamW4351SFjg84M6z78iTJIRV6GVieE7Lt0ejJvyDfak/zwzyHiDik0
BATi5kfaAxh/7g88niQDrrtIElNRlZoo76d1KxAdx1+4WqOt/96NKYS801Hp2Awn
YHrUdf7O3QGunBZ37Nm1mGGNwvqNZr+PwddMnvaWaYu5fJkoTOGA7AK1kXIWONJn
qRSeawhPY9hm4ProL4nU69WJIEto9xT9BuyQ7SEbBsk/KsLwu3mRC9BGJidEmmcF
/ysnc79cl0m3c6aoaT3TDdNCaHXMR/lPP8jqBECVWBj0JJ6Z7QcGdKXyrwuRnQES
FrPfBYtwqQSl2ovLgOIFQT55Q3ao5b95+EAy2Bx/F4f0bnXl8PqaAdGZvqYaV14S
d8VCY/ah9U0WfFbSfAEQ9PHHvg1C7dEEHpZIxuIOXDWaCP7eu9x/ejXWYb5HJ4MG
ku5RUVFunfD6OucbVvwng7UC4hX8DO9SY+yUiwTgDt4AvSOHCaf3FtXtZY4Lf9N0
92qnYGX6QBlHhlIHzQxXI3J01TpGmtoWxsz24b5zftR3e1QlN1kSzm8=
=G0Pc
-----END PGP MESSAGE-----
......@@ -14,5 +14,4 @@
- { role: syncrepo }
- { role: sogrep }
- { role: archbuild }
- { role: arch_boxes }
- { role: docker_image }
- name: setup prometheus server
hosts: monitoring.archlinux.org
remote_user: root
roles:
- { role: firewalld }
- { role: common }
- { role: tools }
- { role: sshd }
- { role: root_ssh }
- { role: hardening }
- { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
- { role: prometheus }
- { role: certbot }
- { role: nginx }
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINudBIPkIfixNGckLLTm7ZXhksMTpE7QB8SLgXmoPd8a bisson@vesath.org
command="rsync --server -logDtpre.iLsfxC --delete --partial . /home/maximbaz/public_html/repo/",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX5UOJ2aRK0LBSoWetHMwHNBItE9YrSWq7SWzDdX9R4bkvI38U/fKhWVWLpsQMczu90wT/VU2BN8PmcnPL091NqvqPC3NR9ol4KWJb5BhqRIUivwJ+yw2XTq5h4J7nhuS1OQo9HxD+g0KvnCCwvlHTAbnccu7FoEX9dGwwseUfgwaQl0rPM7LUgZ5uPZV0BbBnELe2xn9c1pcWkoVjOfZRzYwqfoQ8A4+dQYgZZwizbrE+sfOrPcPYvm+lSpqQ4Y91baOYXLbO1GyT1G3oBppqzwcJ4utbfaOSr+gOrA2B6QwqYts22UHdqY/9QLUjTg/MbitsS4bVttMaQPjTU5yUEn5iJIBkPGpfrOtDfo9v0pZ6PoKKsQ7DjmiYG6BYHckNTi5We7XMVVC7zBCJ8HQGoq7RvIrsebBtMrA8Vh3JhBcD7K+I2CVy4cOOwlW7uYchFvxJwkbSlLgFxpMxsHtrJSIx/8C6gMrdnls08/BXYhpHoQOhcdSyNL2jqeqpROSEUdemhbMEj0E6o289mD6bqYmnoz6HJmpVVYhFh8+I4lSbN3PNjHoAZhKiC9+6qf744y5+jR7FBTnBebZlPmnNaF+j6/lJ0N7A5Fggo8NzF8/qHFgSvyJ9N0lxWKIkc6yfH1a9GKJEs0Ng+2yMEBoZdJzrPTuU0iBMJYivct1okw==
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX5UOJ2aRK0LBSoWetHMwHNBItE9YrSWq7SWzDdX9R4bkvI38U/fKhWVWLpsQMczu90wT/VU2BN8PmcnPL091NqvqPC3NR9ol4KWJb5BhqRIUivwJ+yw2XTq5h4J7nhuS1OQo9HxD+g0KvnCCwvlHTAbnccu7FoEX9dGwwseUfgwaQl0rPM7LUgZ5uPZV0BbBnELe2xn9c1pcWkoVjOfZRzYwqfoQ8A4+dQYgZZwizbrE+sfOrPcPYvm+lSpqQ4Y91baOYXLbO1GyT1G3oBppqzwcJ4utbfaOSr+gOrA2B6QwqYts22UHdqY/9QLUjTg/MbitsS4bVttMaQPjTU5yUEn5iJIBkPGpfrOtDfo9v0pZ6PoKKsQ7DjmiYG6BYHckNTi5We7XMVVC7zBCJ8HQGoq7RvIrsebBtMrA8Vh3JhBcD7K+I2CVy4cOOwlW7uYchFvxJwkbSlLgFxpMxsHtrJSIx/8C6gMrdnls08/BXYhpHoQOhcdSyNL2jqeqpROSEUdemhbMEj0E6o289mD6bqYmnoz6HJmpVVYhFh8+I4lSbN3PNjHoAZhKiC9+6qf744y5+jR7FBTnBebZlPmnNaF+j6/lJ0N7A5Fggo8NzF8/qHFgSvyJ9N0lxWKIkc6yfH1a9GKJEs0Ng+2yMEBoZdJzrPTuU0iBMJYivct1okw==
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB+gMoU6Yy/gCZ1PyWKmX4nXMDJzZCVSt1fv33N4IU5AYt3xZ4GmWSevAi82e+LGd1SPphUJPnl2Nc49NXrj3IQNjcZRYG/Ji3cBZiYYvYA10oBCX7mzTZ9FirSo2aF2h3YghP214MT2SBKuKiBhFeUrNI0rrjDE+BFeThyjQTchtqK4bWzKFe8sFxfZc8JHGJUhD2+HaIdsYdPA/AtQOuW7+UB/cby5bwfLmCYMSTXwjhzAs7CHYJYVaGM3nnmmDae2NIzUqXzJYUXh4C4PR96mnwfINcW9cu+toMDF1d39zS5PkhtNnW6WjkvMOWOIzpcbAXOPPCAXfplFShFujbm/ONOKc/ZXi9DMLeuXKTVFRXNRcsMAzauSX8R74Q75TVnuV+CjgR9qSLeyWCWEF3BTSknUGZdglKovlL5d9R6DaUX/rI8Q6RrCOe/N4x1NgcjpwG+yoMOOqYBn+I/gjxGM9IHPYu++KVolyZ49cM230DcBtejPzxDxkeWKaQEbqJUtbwnM73um78rWYADKaEskA0J/gR9actp/UuXHNdSr8w5lo3Lm+ymI1IFi9nArk0H8rsriQwAd3ZL3OjswLEP1PDOgEIEJpFI5SNWIXJAb+tb6PksPmXslSERJM0QuwkwEMeDT0iruxH6+7IG1q64X544PciQqHFy07R seblu 2016
\ No newline at end of file
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLR8jNAXVfUTY1Z7jJn3KfFgvIMn5xeYozo6cyLNjYm seblu2019
---
archboxes_user: 'archboxes'
archboxes_home: '/srv/arch-boxes'
archboxes_git_dir: '/srv/arch-boxes/arch-boxes'
archboxes_time: '*-*-* 04:00:00'
archboxes_version: "1.6.0"
# Loads all necessary virtualbox modules
vboxdrv
vboxnetadp
vboxnetflt
---
- name: install arch-boxes dependencies
pacman: name=git,packer,virtualbox,qemu-headless,virtualbox-host-modules-arch,python,python-urllib3 state=present
- name: create arch-boxes user
user: name={{ archboxes_user }} shell=/bin/bash home="{{ archboxes_home }}" createhome=yes
- name: clone arch-boxes repository
git: repo='https://github.com/archlinux/arch-boxes.git' dest="{{ archboxes_git_dir }}" force=yes version="{{ archboxes_version }}"
- name: load virtualbox kernel modules
modprobe: name="{{ item }}" state=present
with_items: ['vboxdrv', 'vboxnetadp', 'vboxnetflt']
- name: add modules-load config for virtualbox
copy: src=virtualbox.conf dest=/etc/modules-load.d/virtualbox.conf owner=root group=root mode=0644
- name: adjust permissions of git checkout
file: path="{{ archboxes_git_dir }}" state=directory recurse=yes owner="{{ archboxes_user }}" group="{{ archboxes_user }}" mode=preserve
- name: ensure controller.py of arch-boxes is executable
file: path="{{ archboxes_git_dir }}/controller.py" mode=0755 owner=root group=root
- name: replace placeholder to vagrantcloud API Key
no_log: true
replace: path="{{ archboxes_git_dir }}/vagrant.json" regexp='PLACEHOLDER' replace="{{ vault_archboxes_apikey }}" owner=root group=root mode=0600
- name: install sudoers file
template: src=sudoers.d.j2 dest=/etc/sudoers.d/archboxes owner=root group=root mode=0440
- name: install arch-boxes service
template: src='arch-boxes.service.j2' dest='/etc/systemd/system/arch-boxes.service' owner=root group=root mode=0644
notify:
- daemon reload
- name: install arch-boxes timer
template: src='arch-boxes.timer.j2' dest='/etc/systemd/system/arch-boxes.timer' owner=root group=root mode=0644
notify:
- daemon reload
- name: start and enable arch-boxes timer
service: name='arch-boxes.timer' enabled=yes state=started
[Unit]
Description=arch-boxes service for deploying images and vagrant boxes
[Service]
Type=oneshot
ExecStart={{ archboxes_git_dir }}/controller.py
User={{ archboxes_user }}
[Unit]
Description=Timer for arch-boxes.service
[Timer]
OnCalendar={{ archboxes_time }}
Persistent=true
Unit=arch-boxes.service
[Install]
WantedBy=timers.target
%archboxes-sudo ALL=({{archboxes_user}}) NOPASSWD:ALL
---
dependencies:
- role: nginx