Add inventory files.

devops/ansible/env/example/inventory.yml

@@ -0,0 +1,145 @@
+#==
+# This is an example inventory file to setup an instance of MyJekyllBlog.
+#
+# SENSITIVE variables should be stored in the vault.yml file and then encrypted
+# with ansible-vault.
+# 
+# ansible-vault encrypt --vault-password-file .vault_password env/example/vault.yml
+#
+# To edit these values in the future, you can edit the file with the following command:
+#
+# ansible-vault edit --vault-password-file .vault_password env/example/vault.yml
+#
+# To run the playbooks, use the following:
+# ansible-playbook -i env/example/inventory.yml --vault-password-file .vault_password -e @env/example/vault.yml site.yml
+# 
+#==
+
+all:
+  vars:
+    # This is the git repository that contains MyJekyllBlog itself.  It will be checked out
+    # during the installation process on the various machines that need it.
+    repo: https://git.modfoss.com/symkat/MyJekyllBlog.git
+
+
+    # These are hostnames of specific services.
+    #
+    # root should be set to the top level domain for everything, it will be used to configure
+    # ssh and git for the manager user account.
+    #
+    # panel, store, and certbot should all be set to the hostnames for their services.  There should
+    # never be more than one of each server type.
+    domain_name:
+      root:    example.com
+      panel:   panel.example.com
+      store:   store.example.com
+      certbot: certbot.example.com
+    
+    # These are database configurations.
+    #
+    # For the store server, the database name, user, and pass will be used to create
+    # the psql database and user account.
+    #
+    # For any server that includes mjb-role-webapp, they will be used for credentials in /etc/mjb.yml
+    databases:
+      mjb:
+        name: mjb
+        user: mjb
+        pass: "{{ vault_databases_mjb_pass }}"
+        host: 192.168.216.75
+      minion:
+        name: minion
+        user: minion
+        pass: "{{ vault_databases_minion_pass }}"
+        host: 192.168.216.75
+      gitea:
+        name: gitea
+        user: gitea
+        pass: "{{ vault_databases_gitea_pass }}"
+        host: 127.0.0.1
+
+    # SMTP Credentials
+    #
+    # These credentials will be used by Gitea for its SMTP configuration,
+    # and by the panel for transactional email with MJB::Web::Plugin::Email.
+    smtp:
+      host: smtp.mail-provider.com
+      from: mailbot@example.com
+      user: apikey
+      pass: "{{ vault_smtp_pass }}"
+
+    panel_config:
+      # This repo is the initial repository cloned when somebody creates a new blog.
+      jekyll_init_repo: git@store.example.com:manager/jekyll-default.git
+
+      # This should be the link to an org on gitea on the store server, the repository will
+      # be completed with the domain name, like :mjb/domain.com.git
+      store_repo_base: git@store.example.com:mjb/
+    
+      # These secrets are used for the session encryption
+      secrets: "{{ vault_panel_config_secrets }}"
+
+# Configuration specific to the panel server.
+panel:
+  hosts:
+    panel.example.com:
+      redirect_www: false
+
+# Configuration specific to the build servers.
+buildservers:
+  hosts:
+    build.example.com:
+
+# Configuration specific to the webservers.
+webservers:
+  hosts:
+    web-west.example.com:
+    web-east.example.com:
+
+# Configuration specific to the webservers.
+certbot:
+  hosts:
+    certbot.example.com:
+      # To use certbot for wildcard ssl certs, you must use a DNS challenge.  These are
+      # the credentials for the linode dns challenge.
+      linode_dns_credentials: "{{ vault_linode_dns_credentials }}"
+
+# Configuration specific to the store server.
+store:
+  hosts:
+    store.example.com:
+      # This section configures the postgresql database that will run on the store server.
+      # 
+      # The bind_address accepts an IP address for psql to bind to.  The PSQL configuration will
+      # bind to this IP address, and 127.0.0.1.
+      #
+      # Each IP address in allow_addresses will be added to the PSQL HBA file.  This should contain
+      # all of the IP addresses of the panel, build, store and certbot servers so each may use the
+      # databases.
+      database:
+        bind_address: 192.168.216.75
+        allow_addresses:
+          - 192.168.213.90  # panel.example.com
+          - 192.168.188.226 # build.example.com
+          - 192.168.216.75  # store.example.com
+          - 192.168.163.105 # certbot.example.com
+
+      # This section configures Gitea on the store server.
+      gitea:
+        # The user, email and pass will be used to create an initial user on the Gitea
+        # instance installed on the store server.
+        user: manager
+        email: manager@example.com
+        pass: "{{ vault_gitea_pass }}"
+
+        # This is a token that Gitea needs to secure the installation.
+        # You can generate this secret by running, from the ansible directory:
+        #
+        # ./roles/mjb-profile-store/files/gitea-1.17.1-linux-amd64 generate secret INTERNAL_TOKEN
+        internal_token: "{{ vault_internal_token }}"
+
+        # This is a token that Gitea needs to secure the installation.
+        # You can generate this secret by running, from the ansible directory:
+        #
+        # ./roles/mjb-profile-store/files/gitea-1.17.1-linux-amd64 generate secret JWT_SECRET
+        jwt_token: "{{ vault_jwt_token }}"

devops/ansible/env/example/vault.yml

@@ -0,0 +1,12 @@
+vault_databases_mjb_pass:     'some password' 
+vault_databases_minion_pass:  'some password'
+vault_databases_gitea_pass:   'some password'
+vault_linode_dns_credentials: 'some password'
+  - 'dns_linode_key = api-key-from-linode, for wildcard ssl'
+  - 'dns_linode_version = 4'
+vault_internal_token: 'see docs in inventory.yml for how to generate this' 
+vault_jwt_token: 'see docs in inventory.yml for how to generate this'
+vault_panel_config_secrets:
+  - 'some really long string'
+vault_smtp_pass: 'your smtp provider password'
+vault_gitea_pass: 'the password to set for the managers gitea account'