From 7a9442d88f69d2d1885e6fe2a3a1959009af64a6 Mon Sep 17 00:00:00 2001 From: SebClem Date: Fri, 4 Feb 2022 16:11:54 +0100 Subject: [PATCH] :tada: Init --- .drone.yml | 49 ++++++++++++++++++++++++++++++++++++++++++ .gitignore | 5 +++++ README.md | 1 + ansible.cfg | 8 +++++++ group_vars/nodes.yml | 1 + host_vars/hostname.yml | 0 hosts | 7 ++++++ renovate.json | 15 +++++++++++++ requirements.txt | 2 ++ secrets/hostname.yml | 19 ++++++++++++++++ sites.yml | 15 +++++++++++++ 11 files changed, 122 insertions(+) create mode 100644 .drone.yml create mode 100644 .gitignore create mode 100644 README.md create mode 100644 ansible.cfg create mode 100644 group_vars/nodes.yml create mode 100644 host_vars/hostname.yml create mode 100644 hosts create mode 100644 renovate.json create mode 100644 requirements.txt create mode 100644 secrets/hostname.yml create mode 100644 sites.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..d2e9cce --- /dev/null +++ b/.drone.yml @@ -0,0 +1,49 @@ +kind: pipeline +name: default + +steps: + - name: Check ansible syntax + image: harbor.sebclem.fr/sebclem/drone-ansible-runner + settings: + playbook: sites.yml + galaxy_file: roles/requirements.yml + check_syntax: true + vault_token: + from_secret: ansible_vault_token + private_key: + from_secret: ansible_private_key + when: + event: + - promote + - rollback + - push + - custom + + - name: Run ansible playbook + image: harbor.sebclem.fr/sebclem/drone-ansible-runner + settings: + verbosity: 1 + playbook: sites.yml + galaxy_file: roles/requirements.yml + vault_token: + from_secret: ansible_vault_token + private_key: + from_secret: ansible_private_key + when: + event: + - promote + - rollback + + - name: Notify + image: drillster/drone-email + settings: + host: + from_secret: mail_host + username: + from_secret: mail_username + password: + from_secret: mail_password + from: + from_secret: mail_from + when: + status: [ changed, failure ] \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..847234c --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +# ---> Ansible +*.retry +*vault_token +roles/ +!roles/requirements.yml \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..0cb68d8 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +${REPO_NAME_TITLE} \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..5856f69 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,8 @@ +[defaults] +inventory = hosts +remote_user = root +host_key_checking = True +vault_password_file = credentials/vault_token +roles_path = ./roles +force_color = true +ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} diff --git a/group_vars/nodes.yml b/group_vars/nodes.yml new file mode 100644 index 0000000..b4a2c4f --- /dev/null +++ b/group_vars/nodes.yml @@ -0,0 +1 @@ +ansible_python_interpreter: /usr/bin/python3 \ No newline at end of file diff --git a/host_vars/hostname.yml b/host_vars/hostname.yml new file mode 100644 index 0000000..e69de29 diff --git a/hosts b/hosts new file mode 100644 index 0000000..6bcc132 --- /dev/null +++ b/hosts @@ -0,0 +1,7 @@ +--- + +all: + children: + nodes: + hosts: + victoria.home: diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..9a9e03a --- /dev/null +++ b/renovate.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ], + "commitMessagePrefix": ":arrow_up:", + "regexManagers": [ + { + "fileMatch": ["host_vars\\/.*\\.yml"], + "matchStrings": ["victoriametrics_version:\\s?\"?(?.*?)\"?\\n"], + "datasourceTemplate": "github-releases", + "depNameTemplate": "VictoriaMetrics/VictoriaMetrics" + } + ] +} diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..8c38ad7 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +ansible +hvac \ No newline at end of file diff --git a/secrets/hostname.yml b/secrets/hostname.yml new file mode 100644 index 0000000..48e11c1 --- /dev/null +++ b/secrets/hostname.yml @@ -0,0 +1,19 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ], + "ignorePresets": [":prHourlyLimit2"], + "commitMessagePrefix": ":arrow_up:", + "regexManagers": [ + { + "fileMatch": [ + "group_vars\\/.*\\.yml", + "host_vars\\/.*\\.yml"], + "matchStrings": [ + "datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s.*?_version: \"(?.*)\"\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + } + ] +} \ No newline at end of file diff --git a/sites.yml b/sites.yml new file mode 100644 index 0000000..981fc9a --- /dev/null +++ b/sites.yml @@ -0,0 +1,15 @@ +--- + +- name: ${REPO_NAME_TITLE} + hosts: nodes + + pre_tasks: + - name: Load secrets + include_vars: + file: "secrets/{{ inventory_hostname }}.yml" + tags: + - always + + + roles: [] +