tec3/ublue-forge
tec3/ublue-forge
1
0
Fork 0
mirror of https://github.com/ublue-os/forge.git synced 2025-04-20 13:33:44 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: configure host system (#12)

Browse source
This commit is contained in:
Stephan Lüscher 2023-05-05 21:23:16 +00:00
parent 0822715a25
commit abffb756d6
No known key found for this signature in database
GPG key ID: 445779060FF3D3CF
4 changed files with 44 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
forge-pod.yml
View file

@ -71,9 +71,20 @@ spec:
image: setup image: setup
volumeMounts: volumeMounts:
- mountPath: /certs - mountPath: /certs
subPath: ssh
name: ublue-os_forge-certs-pvc name: ublue-os_forge-certs-pvc
readOnly: true readOnly: true
env:
- name: ANSIBLE_FORGE_HOST_USER
valueFrom:
secretKeyRef:
name: ublue-os_forge-secure
key: ANSIBLE_FORGE_HOST_USER
- name: ANSIBLE_FORGE_HOST_BECOME_PASSWORD
valueFrom:
secretKeyRef:
name: ublue-os_forge-secure
key: ANSIBLE_FORGE_HOST_BECOME_PASSWORD
workingDir: /ansible workingDir: /ansible
command: command:
- ansible-playbook - ansible-playbook

3
setup/Containerfile
View file

@ -1,6 +1,9 @@
# Source Image # Source Image
FROM docker.io/library/python:alpine3.17 FROM docker.io/library/python:alpine3.17
# Install SSH
RUN apk add openssh
# Install ansible and dependencies # Install ansible and dependencies
WORKDIR /ansible WORKDIR /ansible
COPY ./ansible . COPY ./ansible .

2
setup/ansible/ansible.cfg
View file

@ -7,6 +7,8 @@ roles_path = ./roles
collections_paths = ./collections collections_paths = ./collections
# Localtion for plugins & modules # Localtion for plugins & modules
library = ./library library = ./library
# SSH
private_key_file = /certs/ssh/ublue-os_forge-id_ed25519
# Console log settings # Console log settings
display_skipped_hosts = false display_skipped_hosts = false
# Use the stdout_callback when running ad-hoc commands. # Use the stdout_callback when running ad-hoc commands.

28
setup/ansible/main.yml
View file

@ -20,6 +20,8 @@
groups: groups:
- forge - forge
ansible_host: "{{ container_host_ip }}" ansible_host: "{{ container_host_ip }}"
ansible_user: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_USER') }}"
ansible_become_password: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_BECOME_PASSWORD') }}"
- name: Add Ansible Semaphore to inventory - name: Add Ansible Semaphore to inventory
ansible.builtin.add_host: ansible.builtin.add_host:
@ -30,7 +32,31 @@
ansible_connection: local ansible_connection: local
ansible_python_interpreter: "{{ ansible_playbook_python }}" ansible_python_interpreter: "{{ ansible_playbook_python }}"
## TODO: Add play to configure host system - name: Configure host system
hosts: forge
gather_facts: true
tasks:
- name: Add ublue.local entries to /etc/hosts
ansible.builtin.lineinfile:
path: /etc/hosts
search_string: 127.0.0.1 registry.ublue.local forge.ublue.local
line: 127.0.0.1 registry.ublue.local forge.ublue.local
state: present
become: true
- name: Add ublue.local TSL root certificate to trust anchors
ansible.builtin.copy:
src: /certs/tls/ublue-os_forge-root.pem
dest: /etc/pki/ca-trust/source/anchors/ublue-os_forge-root.pem
force: true
mode: "0644"
become: true
- name: Update ca-trust store
ansible.builtin.command:
cmd: update-ca-trust
changed_when: false
become: true
- name: Configure Ansible Semaphore - name: Configure Ansible Semaphore
hosts: semaphore hosts: semaphore