Skip to content

Commit

Permalink
#14 correct ansible-playbook --extra_vars -> --extra-vars
Browse files Browse the repository at this point in the history
#14 place keys to bootstrap add-vpn user runner
  • Loading branch information
chrisjsimpson committed Oct 21, 2024
1 parent 4974f00 commit e47c76b
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 31 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/add-vpn-user.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,8 @@ jobs:
# the api token is used on other host groups.
# The dynamic vpn hosts inventory is using the dynamic inventory file inventory-vpn-servers-hcloud.yml
ansible-playbook --extra_vars "PSONO_SECRET_ID=${{ inputs.PSONO_SECRET_ID }} _vault_hetzner_cloud_token=$(ANSIBLE_LOAD_CALLBACK_PLUGINS=1 ANSIBLE_STDOUT_CALLBACK=ansible.posix.json ansible localhost -i inventory.ini -m debug -a "msg={{ hostvars[inventory_hostname].hetzner_hcloud_token }}" | jq '.plays[0]["tasks"][0]["hosts"]["localhost"]["msg"]')" -i inventory-vpn-servers-hcloud.yml playbooks/add-vpn-user.yml
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook --extra-vars "PSONO_SECRET_ID=${{ inputs.PSONO_SECRET_ID }} _vault_hetzner_cloud_token=$(ANSIBLE_LOAD_CALLBACK_PLUGINS=1 ANSIBLE_STDOUT_CALLBACK=ansible.posix.json ansible localhost -i inventory.ini -m debug -a "msg={{ hostvars[inventory_hostname].hetzner_hcloud_token }}" | jq '.plays[0]["tasks"][0]["hosts"]["localhost"]["msg"]')" -i inventory-vpn-servers-hcloud.yml playbooks/add-vpn-user.yml
rm $TMPFILE
# Enable tmate debugging of manually-triggered workflows if the input option was provided
Expand Down
27 changes: 27 additions & 0 deletions src/vpn/group_vars/all.yml
Original file line number Diff line number Diff line change
@@ -1 +1,28 @@
ansible_ssh_private_key_file: ~/.ssh/id_ed25519_server_bootstrap
ssh_private_key_server_bootstrap: !vault |
$ANSIBLE_VAULT;1.1;AES256
65653566363161306561663830356630363032336338346438346135653638633563366334313636
3563306530376631373936643137353565376465326235640a383136323663663938346439653432
30353330353462653365343933663933366234336234303365626263363236393862613338313439
3162393165663433660a306633333731663766643561663364386136333165303236393836326434
65613537346236363233633439343832636537316335626163396138356436666230303639623833
34643332653665383231373462316463613036646466363434366466656437373866313739336538
37356463633861353938636561313138383939323736636361363630323631373466353666663765
34653461316535363434356363306564376163336463333936396566326238613765663965363066
63383765666539363666633838643266373932386433383233386138666233363239623337323238
36363961333533386362666235366438316237336361336336396564313036303233303462366632
62363339636365633236386537613735383063383434653362303865373435623636386338663139
65623263393064323537643634353938653461643637646462376539343461366465643161666233
34346161313662383665616437343330666563313263323333333264663830646163326364643265
65333736333139333133313865353235623862313233666639633365326538663762396433363439
64376434336266336536386264373464656237613264633630373362393133373138343932386632
62636433333331626236306337636566343538383761326266666634333630363630303638656338
34313638356536363239623530643836373733653130333263336639623763663134356664623764
30653265623564653165613061353337306261366433326130306466363837396463623638323534
64643632663237643165333030343332383364656333386331343337633561616366626633656431
65643230663132373462626266626361353762353539656261313066313135626339313861653165
33366439383234623237633533353135363033613263383838316561313161663036376435316663
33373866636232373662383432646562616130633363393461386164346634353630376131303331
61336235303331353338626131363162363163353661346531646539306337356166396433636565
30666266356365316430343331663663353461316232386239316434383539656661326261373063
6531
28 changes: 0 additions & 28 deletions src/vpn/group_vars/localhost.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,31 +10,3 @@ hetzner_hcloud_token: !vault |
38323439613635323738
server_bootstrap_public_ssh_key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJ1bghgIXT9CQu+stzt+XA+0U8kF7xruvL9Hhiij55A
ssh_private_key_server_bootstrap: !vault |
$ANSIBLE_VAULT;1.1;AES256
65653566363161306561663830356630363032336338346438346135653638633563366334313636
3563306530376631373936643137353565376465326235640a383136323663663938346439653432
30353330353462653365343933663933366234336234303365626263363236393862613338313439
3162393165663433660a306633333731663766643561663364386136333165303236393836326434
65613537346236363233633439343832636537316335626163396138356436666230303639623833
34643332653665383231373462316463613036646466363434366466656437373866313739336538
37356463633861353938636561313138383939323736636361363630323631373466353666663765
34653461316535363434356363306564376163336463333936396566326238613765663965363066
63383765666539363666633838643266373932386433383233386138666233363239623337323238
36363961333533386362666235366438316237336361336336396564313036303233303462366632
62363339636365633236386537613735383063383434653362303865373435623636386338663139
65623263393064323537643634353938653461643637646462376539343461366465643161666233
34346161313662383665616437343330666563313263323333333264663830646163326364643265
65333736333139333133313865353235623862313233666639633365326538663762396433363439
64376434336266336536386264373464656237613264633630373362393133373138343932386632
62636433333331626236306337636566343538383761326266666634333630363630303638656338
34313638356536363239623530643836373733653130333263336639623763663134356664623764
30653265623564653165613061353337306261366433326130306466363837396463623638323534
64643632663237643165333030343332383364656333386331343337633561616366626633656431
65643230663132373462626266626361353762353539656261313066313135626339313861653165
33366439383234623237633533353135363033613263383838316561313161663036376435316663
33373866636232373662383432646562616130633363393461386164346634353630376131303331
61336235303331353338626131363162363163353661346531646539306337356166396433636565
30666266356365316430343331663663353461316232386239316434383539656661326261373063
6531
20 changes: 18 additions & 2 deletions src/vpn/playbooks/add-vpn-user.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,31 @@
- name: Add VPN user
hosts: "{{ vpn_servers | default('vpn_servers') }}"
gather_facts: false
become: yes
vars:
wireguard_dir: "/etc/wireguard/"

tasks:

- name: Ensure ~/.ssh directory exists on localhost/runner
delegate_to: localhost
ansible.builtin.file:
path: ~/.ssh
state: directory
mode: '0755'

- name: Template ssh_private_key_server_bootstrap
ansible.builtin.template:
src: templates/ssh/ssh_private_key_server_bootstrap.j2
dest: "{{ ansible_ssh_private_key_file }}"
mode: '0600'
delegate_to: localhost
tags:
- 'ssh'

- name: Generate new vpn peer config & Add save client config to password manager
ansible.builtin.shell: |
PSONO_CI_API_KEY_ID={{ PSONO_CI_API_KEY_ID }} PSONO_CI_API_SECRET_KEY_HEX={{ PSONO_CI_API_SECRET_KEY_HEX }} PSONO_CI_SERVER_URL={{ PSONO_CI_SERVER_URL }} PSONO_SECRET_ID={{ PSONO_SECRET_ID }} ./add-vpn-user.sh
exit 0
args:
chdir: "{{ wireguard_dir }}"
chdir: "{{ wireguard_dir }}"
become: yes

0 comments on commit e47c76b

Please sign in to comment.