symkat
/
MyJekyllBlog
1
0
Fork 0
Code Issues Pull Requests Packages Projects 2 Releases Wiki Activity

Add inventory files.

Browse Source
master
Kaitlyn Parkhurst 3 years ago
parent 37768360d3
commit e183c95b9d
2 changed files with 157 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 145
      devops/ansible/env/example/inventory.yml
  2. 12
      devops/ansible/env/example/vault.yml

145
devops/ansible/env/example/inventory.yml vendored
Unescape View File

@ -0,0 +1,145 @@
#==
# This is an example inventory file to setup an instance of MyJekyllBlog.
#
# SENSITIVE variables should be stored in the vault.yml file and then encrypted
# with ansible-vault.
#
# ansible-vault encrypt --vault-password-file .vault_password env/example/vault.yml
#
# To edit these values in the future, you can edit the file with the following command:
#
# ansible-vault edit --vault-password-file .vault_password env/example/vault.yml
#
# To run the playbooks, use the following:
# ansible-playbook -i env/example/inventory.yml --vault-password-file .vault_password -e @env/example/vault.yml site.yml
#
#==
all:
vars:
# This is the git repository that contains MyJekyllBlog itself. It will be checked out
# during the installation process on the various machines that need it.
repo: https://git.modfoss.com/symkat/MyJekyllBlog.git
# These are hostnames of specific services.
#
# root should be set to the top level domain for everything, it will be used to configure
# ssh and git for the manager user account.
#
# panel, store, and certbot should all be set to the hostnames for their services. There should
# never be more than one of each server type.
domain_name:
root: example.com
panel: panel.example.com
store: store.example.com
certbot: certbot.example.com
# These are database configurations.
#
# For the store server, the database name, user, and pass will be used to create
# the psql database and user account.
#
# For any server that includes mjb-role-webapp, they will be used for credentials in /etc/mjb.yml
databases:
mjb:
name: mjb
user: mjb
pass: "{{ vault_databases_mjb_pass }}"
host: 192.168.216.75
minion:
name: minion
user: minion
pass: "{{ vault_databases_minion_pass }}"
host: 192.168.216.75
gitea:
name: gitea
user: gitea
pass: "{{ vault_databases_gitea_pass }}"
host: 127.0.0.1
# SMTP Credentials
#
# These credentials will be used by Gitea for its SMTP configuration,
# and by the panel for transactional email with MJB::Web::Plugin::Email.
smtp:
host: smtp.mail-provider.com
from: mailbot@example.com
user: apikey
pass: "{{ vault_smtp_pass }}"
panel_config:
# This repo is the initial repository cloned when somebody creates a new blog.
jekyll_init_repo: git@store.example.com:manager/jekyll-default.git
# This should be the link to an org on gitea on the store server, the repository will
# be completed with the domain name, like :mjb/domain.com.git
store_repo_base: git@store.example.com:mjb/
# These secrets are used for the session encryption
secrets: "{{ vault_panel_config_secrets }}"
# Configuration specific to the panel server.
panel:
hosts:
panel.example.com:
redirect_www: false
# Configuration specific to the build servers.
buildservers:
hosts:
build.example.com:
# Configuration specific to the webservers.
webservers:
hosts:
web-west.example.com:
web-east.example.com:
# Configuration specific to the webservers.
certbot:
hosts:
certbot.example.com:
# To use certbot for wildcard ssl certs, you must use a DNS challenge. These are
# the credentials for the linode dns challenge.
linode_dns_credentials: "{{ vault_linode_dns_credentials }}"
# Configuration specific to the store server.
store:
hosts:
store.example.com:
# This section configures the postgresql database that will run on the store server.
#
# The bind_address accepts an IP address for psql to bind to. The PSQL configuration will
# bind to this IP address, and 127.0.0.1.
#
# Each IP address in allow_addresses will be added to the PSQL HBA file. This should contain
# all of the IP addresses of the panel, build, store and certbot servers so each may use the
# databases.
database:
bind_address: 192.168.216.75
allow_addresses:
- 192.168.213.90 # panel.example.com
- 192.168.188.226 # build.example.com
- 192.168.216.75 # store.example.com
- 192.168.163.105 # certbot.example.com
# This section configures Gitea on the store server.
gitea:
# The user, email and pass will be used to create an initial user on the Gitea
# instance installed on the store server.
user: manager
email: manager@example.com
pass: "{{ vault_gitea_pass }}"
# This is a token that Gitea needs to secure the installation.
# You can generate this secret by running, from the ansible directory:
#
# ./roles/mjb-profile-store/files/gitea-1.17.1-linux-amd64 generate secret INTERNAL_TOKEN
internal_token: "{{ vault_internal_token }}"
# This is a token that Gitea needs to secure the installation.
# You can generate this secret by running, from the ansible directory:
#
# ./roles/mjb-profile-store/files/gitea-1.17.1-linux-amd64 generate secret JWT_SECRET
jwt_token: "{{ vault_jwt_token }}"

12
devops/ansible/env/example/vault.yml vendored
Unescape View File

@ -0,0 +1,12 @@
vault_databases_mjb_pass: 'some password'
vault_databases_minion_pass: 'some password'
vault_databases_gitea_pass: 'some password'
vault_linode_dns_credentials: 'some password'
- 'dns_linode_key = api-key-from-linode, for wildcard ssl'
- 'dns_linode_version = 4'
vault_internal_token: 'see docs in inventory.yml for how to generate this'
vault_jwt_token: 'see docs in inventory.yml for how to generate this'
vault_panel_config_secrets:
- 'some really long string'
vault_smtp_pass: 'your smtp provider password'
vault_gitea_pass: 'the password to set for the managers gitea account'
Write Preview
Loading…
Cancel
Save