diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index e3ef2ca95..2745fc41b 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -1,15 +1,20 @@ name: Publish docs -# Run this workflow on demand and every time a new commit pushed to your repository +# Run this workflow on demand or every time a PR is accepted to a main branch on: pull_request: + types: [closed] + branches: + - 1.x + - 2.x workflow_dispatch: jobs: # Set the job key. The key is displayed as the job name # when a job name is not provided public-docs: - if: ${{ github.event.pull_request.head.ref != 'documentation' }} + # Only run the job if it is not coming from a documentation branch + if: ${{ github.event.pull_request.head.ref != 'docs-${{ github.event.pull_request.base.ref }}' }} # Name the Job name: Publish the ce-provision docs to GitHub # Set the type of machine to run on @@ -22,36 +27,65 @@ jobs: - ${{ github.workspace }}:/home/controller steps: + - uses: actions/checkout@v4 + with: + ref: docs-${{ github.event.pull_request.base.ref }} + + # Configure environment + - name: Prepare Git, GitHub CLI and installed CE tools + run: | + /usr/bin/git config --global user.email "sysadm@codeenigma.com" + /usr/bin/git config --global user.name "Code Enigma CI" + /usr/bin/git config --global pull.rebase false + /usr/bin/git config --global --add safe.directory /__w/ce-provision/ce-provision + (type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) && sudo mkdir -p -m 755 /etc/apt/keyrings && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg && cat $out | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null && sudo apt update && sudo apt install gh -y + /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-provision && /usr/bin/git pull origin 2.x" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-deploy && /usr/bin/git pull origin 1.x" + + # First build and publish the markdown docs + - name: Build and commit table of contents and README files back to the repo + run: | + /bin/sh contribute/toc.sh + /usr/bin/find . -name "*.md" | xargs git add + /usr/bin/git diff --quiet && git diff --staged --quiet || git commit -am "GitHub Actions - updating markdown docs - ${{ steps.date.outputs.date }}" + /usr/bin/git push + + # Create docs pull request + - name: Create a documentation pull request + run: gh pr create --base ${{ github.event.pull_request.base.ref }} --head docs-${{ github.event.pull_request.base.ref }} --title "Documentation update" --body "**Automated pull request** created by GitHub Actions because of a documentation update." + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Now build and publish the version of the docs - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" - - name: Set up Ansible hosts file + - name: Set up Ansible and SSH run: | mkdir -p /home/ce-dev/ansible/bin/hosts echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts - - - name: Set up SSH config - run: | echo "StrictHostKeyChecking=no" > /home/ce-dev/.ssh/config cat /home/ce-dev/.ssh/id_rsa.pub > /home/ce-dev/.ssh/authorized_keys chown ce-dev:ce-dev /home/ce-dev/.ssh/config chmod 700 /home/ce-dev/.ssh/config chown ce-dev:ce-dev /home/ce-dev/.ssh/authorized_keys chmod 700 /home/ce-dev/.ssh/authorized_keys + /usr/sbin/sshd& - - name: Start SSHD - run: /usr/sbin/sshd& - - - name: Initialise wiki2pages for ce-provision 2.x + - name: Initialise wiki2pages for ce-provision ${{ github.event.pull_request.base.ref }} run: | - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch ${{ github.event.pull_request.base.ref }} --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-${{ github.event.pull_request.base.ref }} --no-ce-dev" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages launch_hugo_server=false' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-${{ github.event.pull_request.base.ref }} && /bin/sh contribute/toc_hugo.sh" + + - name: Run Hugo + run: | + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && hugo" - name: Publish documentation run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh /home/ce-dev/build/wiki2pages/.github-actions-push.sh" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-2.x && /usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-2.x && /usr/bin/git push ci master" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-${{ github.event.pull_request.base.ref }} && /usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-${{ github.event.pull_request.base.ref }} && /usr/bin/git push ci master" diff --git a/.github/workflows/ce-provision-test-gitlab.yml b/.github/workflows/ce-provision-test-gitlab.yml index bd50e7233..9e5b46a30 100644 --- a/.github/workflows/ce-provision-test-gitlab.yml +++ b/.github/workflows/ce-provision-test-gitlab.yml @@ -1,9 +1,7 @@ name: Run GitLab server test build -# Run this workflow nightly and every time a new commit pushed to your repository +# Run this workflow every time a new commit is pushed to your repository on: - schedule: - - cron: '30 4 * * *' pull_request: jobs: diff --git a/.github/workflows/ce-provision-test-web.yml b/.github/workflows/ce-provision-test-web.yml index 54421cd40..595905064 100644 --- a/.github/workflows/ce-provision-test-web.yml +++ b/.github/workflows/ce-provision-test-web.yml @@ -1,9 +1,7 @@ name: Run web server test build -# Run this workflow nightly and every time a new commit pushed to your repository +# Run this every time a new commit is pushed to your repository on: - schedule: - - cron: '30 4 * * *' pull_request: jobs: diff --git a/contribute/toc.sh b/contribute/toc.sh index face006c9..8c108c60f 100755 --- a/contribute/toc.sh +++ b/contribute/toc.sh @@ -137,4 +137,4 @@ generate_roles_toc cp_single_page install cp_single_page contribute -cp_single_page scripts \ No newline at end of file +cp_single_page scripts diff --git a/contribute/toc_hugo.sh b/contribute/toc_hugo.sh new file mode 100755 index 000000000..8dc9a1c8f --- /dev/null +++ b/contribute/toc_hugo.sh @@ -0,0 +1,140 @@ +#!/bin/sh +# shellcheck disable=SC2094 +# shellcheck disable=SC2129 +IFS=$(printf '\n\t') +set -e +OWN_DIR=$(dirname "$0") +cd "$OWN_DIR" || exit 1 +OWN_DIR=$(git rev-parse --show-toplevel) +cd "$OWN_DIR" || exit 1 +OWN_DIR=$(pwd -P) + +# @param +# $1 string filepath +cp_role_page(){ + RELATIVE=$(realpath --relative-to="$OWN_DIR" "$(dirname "$1")") + if [ ! -d "$OWN_DIR/docs/$RELATIVE" ]; then + mkdir -p "$OWN_DIR/docs/$RELATIVE" + fi + cp "$1" "$OWN_DIR/docs/$RELATIVE.md" +} + +# @param +# $1 string folder +cp_single_page(){ + if [ ! -d "$OWN_DIR/docs/$1" ]; then + mkdir "$OWN_DIR/docs/$1" + fi + cp "$OWN_DIR/$1/README.md" "$OWN_DIR/docs/$1.md" +} + +# @param +# $1 (string) filename +parse_role_variables(){ + TMP_MD=$(mktemp) + WRITE=1 + # Ensure we have a trailing line. + echo "" >> "$1" + while read -r LINE; do + case $LINE in + '') + echo "$LINE" >> "$TMP_MD" + generate_role_variables "$1" + WRITE=0 + ;; + '') + echo "$LINE" >> "$TMP_MD" + WRITE=1 + ;; + '') + echo "$LINE" >> "$TMP_MD" + WRITE=0 + ;; + '') + echo "$LINE" >> "$TMP_MD" + WRITE=1 + ;; + *) + if [ $WRITE = 1 ]; then + echo "$LINE" >> "$TMP_MD" + fi + ;; + esac + done < "$1" + printf '%s\n' "$(cat "$TMP_MD")" > "$1" + rm "$TMP_MD" +} + +# @param +# $1 (string) filename +generate_role_variables(){ + VAR_FILE="$(dirname "$1")/defaults/main.yml" + if [ -f "$VAR_FILE" ]; then + echo "## Default variables" >> "$TMP_MD" + echo '```yaml' >> "$TMP_MD" + cat "$VAR_FILE" >> "$TMP_MD" + echo "" >> "$TMP_MD" + echo '```' >> "$TMP_MD" + echo "" >> "$TMP_MD" + fi +} + +generate_roles_toc(){ + TMP_SIDEBAR=$(mktemp) + WRITE="true" + while read -r LINE; do + case $LINE in + " - [Roles](roles)") + echo "$LINE" >> "$TMP_SIDEBAR" + parse_roles_toc roles 2 + WRITE="false" + ;; + " -"*) + WRITE="true" + echo "$LINE" >> "$TMP_SIDEBAR" + ;; + *) + if [ "$WRITE" = "true" ]; then + echo "$LINE" >> "$TMP_SIDEBAR" + fi + ;; + esac + done < "$OWN_DIR/docs/_Sidebar.md" + mv "$TMP_SIDEBAR" "$OWN_DIR/docs/_Sidebar.md" +} + +parse_roles_toc(){ + ROLES=$(find "$OWN_DIR/$1" -mindepth 2 -maxdepth 2 -name "README.md" | sort) + for ROLE in $ROLES; do + WRITE="true" + INDENT=$(printf %$(($2 * 2))s) + RELATIVE=$(realpath --relative-to="$OWN_DIR" "$(dirname "$ROLE")") + while read -r LINE; do + case $LINE in + "# "*) + if [ "$WRITE" = "true" ]; then + TITLE=$(echo "$LINE" | cut -c 3-) + echo "$INDENT"" - [$TITLE]($RELATIVE)" >> "$TMP_SIDEBAR" + WRITE="false" + fi + ;; + esac + done < "$ROLE" + parse_roles_toc "$RELATIVE" $(($2 + 1)) + done +} + +rm -rf "$OWN_DIR/docs/roles" +ROLE_PAGES=$(find "$OWN_DIR/roles" -name "README.md") +for ROLE_PAGE in $ROLE_PAGES; do + parse_role_variables "$ROLE_PAGE" +done +for ROLE_PAGE in $ROLE_PAGES; do + cp_role_page "$ROLE_PAGE" +done +generate_roles_toc + + +cp_single_page install +cp_single_page contribute +cp_single_page scripts diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 3522de3bc..db7194657 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -1,103 +1,103 @@   -- [Home](/) - - [Install](/install) - - [Usage](/scripts) +- [Home]() + - [Install](install) + - [Usage](scripts) - [Roles](roles) - - [AWS Infrastructure](/roles/aws) - - [AWS ACL](/roles/aws/aws_acl) - - [AWS Certificate Manager](/roles/aws/aws_acm) - - [AWS AMI ASG Cleanup](/roles/aws/aws_ami_asg_cleanup) - - [AWS AMI](/roles/aws/aws_ami) - - [AWS Backup](/roles/aws/aws_backup) - - [AWS Backup Validation](/roles/aws/aws_backup_validation) - - [AWS CloudFront distribution](/roles/aws/aws_cloudfront_distribution) - - [Cloudwatch log group](/roles/aws/aws_cloudwatch_log_group) - - [Amazon credentials](/roles/aws/aws_credentials) - - [Autoscale cluster](/roles/aws/aws_ec2_autoscale_cluster) - - [EC2 CloudWatch Metric Alarm](/roles/aws/aws_ec2_metric_alarm) - - [EC2 instance with EIP](/roles/aws/aws_ec2_with_eip) - - [AWS EFS](/roles/aws/aws_efs) - - [AWS ElastiCache](/roles/aws/aws_elasticache) - - [AWS IAM EC2](/roles/aws/aws_iam_role) - - [AWS IAM SAML](/roles/aws/aws_iam_saml) - - [AWS Network Info](/roles/aws/_aws_network_info) - - [AWS OpenSearch](/roles/aws/aws_opensearch) - - [AWS key pair.](/roles/aws/aws_provision_ec2_keypair) - - [AWS RDS](/roles/aws/aws_rds) - - [AWS Resource Group.](/roles/aws/aws_resource_group) - - [AWS S3 Bucket](/roles/aws/aws_s3_bucket) - - [AWS Security Groups](/roles/aws/aws_security_groups) - - [AWS SG/firewall role](/roles/aws/aws_sg_iptables) - - [AWS SNS](/roles/aws/aws_sns) - - [VPC](/roles/aws/aws_vpc) - - [Update main route for a given VPC](/roles/aws/aws_vpc_route) - - [VPC](/roles/aws/aws_vpc_subnet) - - [Contributed roles](/roles/contrib) - - [Debian Packages](/roles/debian) - - [Ansible Galaxy](/roles/debian/ansible_galaxy) - - [Ansible](/roles/debian/ansible) - - [APACHE](/roles/debian/apache) - - [Apparmor](/roles/debian/apparmor) - - [Extra packages](/roles/debian/apt_extra_packages) - - [APT Repository](/roles/debian/apt_repository) - - [APT Unattended Upgrades](/roles/debian/apt_unattended_upgrades) - - [AWS CLI](/roles/debian/aws_cli) - - [AWS Cloudwatch agent](/roles/debian/aws_cloudwatch_agent) - - [EFS client](/roles/debian/aws_efs_client) - - [AWS SSM agent](/roles/debian/aws_ssm_agent) - - [ce-deploy](/roles/debian/ce_deploy) - - [Extra packages](/roles/debian/ce_dev) - - [Automated patching](/roles/debian/ce_patcher) - - [ce-provision](/roles/debian/ce_provision) - - [ClamAV](/roles/debian/clamav) - - [Docker CE](/roles/debian/docker_ce) - - [Docker Registry](/roles/debian/docker_registry) - - [Duplicity](/roles/debian/duplicity) - - [Firewall Config](/roles/debian/firewall_config) - - [Frontail](/roles/debian/frontail) - - [Gitlab](/roles/debian/gitlab) - - [Gitlab Runner](/roles/debian/gitlab_runner) - - [GPG Key](/roles/debian/gpg_key) - - [HA Proxy](/roles/debian/haproxy) - - [Managed /etc/hosts](/roles/debian/hosts) - - [Jenkins](/roles/debian/jenkins) - - [Jitsi](/roles/debian/jitsi) - - [LDAP Server](/roles/debian/ldap_server) - - [LHCI](/roles/debian/lhci) - - [Mailpit](/roles/debian/mailpit) - - [Mount sync](/roles/debian/mount_sync) - - [MariaDB Client](/roles/debian/mysql_client) - - [MySQL Server - Oracle Community Edition](/roles/debian/mysql_server_oracle_ce) - - [NGINX](/roles/debian/nginx) - - [NodeJS](/roles/debian/nodejs) - - [OpenVPN](/roles/debian/openvpn) - - [Packer](/roles/debian/packer) - - [PAM LinOTP](/roles/debian/pam_linotp) - - [PHP terminal client](/roles/debian/php-cli) - - [PHP common components](/roles/debian/php-common) - - [PHP Composer](/roles/debian/php_composer) - - [PHP-FPM](/roles/debian/php-fpm) - - [phpMyAdmin](/roles/debian/phpmyadmin) - - [PHP XDebug](/roles/debian/php_xdebug) - - [Postfix](/roles/debian/postfix) - - [Process Manager](/roles/debian/process_manager) - - [Python Boto](/roles/debian/python_boto) - - [Python Common](/roles/debian/python_common) - - [Python Pip Packages](/roles/debian/python_pip_packages) - - [rkhunter](/roles/debian/rkhunter) - - [Rsyslog](/roles/debian/rsyslog) - - [solr](/roles/debian/solr) - - [SSHD](/roles/debian/ssh_server) - - [SSL](/roles/debian/ssl) - - [sudo config](/roles/debian/sudo_config) - - [Swap](/roles/debian/swap) - - [System](/roles/debian/system) - - [User Ansible](/roles/debian/user_ansible) - - [varnish_config](/roles/debian/varnish_config) - - [wazuh](/roles/debian/wazuh) - - [Init role](/roles/_init) - - ["Meta" roles that group individual roles together.](/roles/_meta) - - [AWS account](/roles/_meta/aws_account) - - [AWS client](/roles/_meta/aws_client_instance) - - [AWS region](/roles/_meta/aws_region) - - [\_overrides.](/roles/_overrides) + - [AWS Infrastructure](roles/aws) + - [AWS ACL](roles/aws/aws_acl) + - [AWS Certificate Manager](roles/aws/aws_acm) + - [AWS AMI ASG Cleanup](roles/aws/aws_ami_asg_cleanup) + - [AWS AMI](roles/aws/aws_ami) + - [AWS Backup](roles/aws/aws_backup) + - [AWS Backup Validation](roles/aws/aws_backup_validation) + - [AWS CloudFront distribution](roles/aws/aws_cloudfront_distribution) + - [Cloudwatch log group](roles/aws/aws_cloudwatch_log_group) + - [Amazon credentials](roles/aws/aws_credentials) + - [Autoscale cluster](roles/aws/aws_ec2_autoscale_cluster) + - [EC2 CloudWatch Metric Alarm](roles/aws/aws_ec2_metric_alarm) + - [EC2 instance with EIP](roles/aws/aws_ec2_with_eip) + - [AWS EFS](roles/aws/aws_efs) + - [AWS ElastiCache](roles/aws/aws_elasticache) + - [AWS IAM EC2](roles/aws/aws_iam_role) + - [AWS IAM SAML](roles/aws/aws_iam_saml) + - [AWS Network Info](roles/aws/_aws_network_info) + - [AWS OpenSearch](roles/aws/aws_opensearch) + - [AWS key pair.](roles/aws/aws_provision_ec2_keypair) + - [AWS RDS](roles/aws/aws_rds) + - [AWS Resource Group.](roles/aws/aws_resource_group) + - [AWS S3 Bucket](roles/aws/aws_s3_bucket) + - [AWS Security Groups](roles/aws/aws_security_groups) + - [AWS SG/firewall role](roles/aws/aws_sg_iptables) + - [AWS SNS](roles/aws/aws_sns) + - [VPC](roles/aws/aws_vpc) + - [Update main route for a given VPC](roles/aws/aws_vpc_route) + - [VPC](roles/aws/aws_vpc_subnet) + - [Contributed roles](roles/contrib) + - [Debian Packages](roles/debian) + - [Ansible Galaxy](roles/debian/ansible_galaxy) + - [Ansible](roles/debian/ansible) + - [APACHE](roles/debian/apache) + - [Apparmor](roles/debian/apparmor) + - [Extra packages](roles/debian/apt_extra_packages) + - [APT Repository](roles/debian/apt_repository) + - [APT Unattended Upgrades](roles/debian/apt_unattended_upgrades) + - [AWS CLI](roles/debian/aws_cli) + - [AWS Cloudwatch agent](roles/debian/aws_cloudwatch_agent) + - [EFS client](roles/debian/aws_efs_client) + - [AWS SSM agent](roles/debian/aws_ssm_agent) + - [ce-deploy](roles/debian/ce_deploy) + - [Extra packages](roles/debian/ce_dev) + - [Automated patching](roles/debian/ce_patcher) + - [ce-provision](roles/debian/ce_provision) + - [ClamAV](roles/debian/clamav) + - [Docker CE](roles/debian/docker_ce) + - [Docker Registry](roles/debian/docker_registry) + - [Duplicity](roles/debian/duplicity) + - [Firewall Config](roles/debian/firewall_config) + - [Frontail](roles/debian/frontail) + - [Gitlab](roles/debian/gitlab) + - [Gitlab Runner](roles/debian/gitlab_runner) + - [GPG Key](roles/debian/gpg_key) + - [HA Proxy](roles/debian/haproxy) + - [Managed /etc/hosts](roles/debian/hosts) + - [Jenkins](roles/debian/jenkins) + - [Jitsi](roles/debian/jitsi) + - [LDAP Server](roles/debian/ldap_server) + - [LHCI](roles/debian/lhci) + - [Mailpit](roles/debian/mailpit) + - [Mount sync](roles/debian/mount_sync) + - [MariaDB Client](roles/debian/mysql_client) + - [MySQL Server - Oracle Community Edition](roles/debian/mysql_server_oracle_ce) + - [NGINX](roles/debian/nginx) + - [NodeJS](roles/debian/nodejs) + - [OpenVPN](roles/debian/openvpn) + - [Packer](roles/debian/packer) + - [PAM LinOTP](roles/debian/pam_linotp) + - [PHP terminal client](roles/debian/php-cli) + - [PHP common components](roles/debian/php-common) + - [PHP Composer](roles/debian/php_composer) + - [PHP-FPM](roles/debian/php-fpm) + - [phpMyAdmin](roles/debian/phpmyadmin) + - [PHP XDebug](roles/debian/php_xdebug) + - [Postfix](roles/debian/postfix) + - [Process Manager](roles/debian/process_manager) + - [Python Boto](roles/debian/python_boto) + - [Python Common](roles/debian/python_common) + - [Python Pip Packages](roles/debian/python_pip_packages) + - [rkhunter](roles/debian/rkhunter) + - [Rsyslog](roles/debian/rsyslog) + - [solr](roles/debian/solr) + - [SSHD](roles/debian/ssh_server) + - [SSL](roles/debian/ssl) + - [sudo config](roles/debian/sudo_config) + - [Swap](roles/debian/swap) + - [System](roles/debian/system) + - [User Ansible](roles/debian/user_ansible) + - [varnish_config](roles/debian/varnish_config) + - [wazuh](roles/debian/wazuh) + - [Init role](roles/_init) + - ["Meta" roles that group individual roles together.](roles/_meta) + - [AWS account](roles/_meta/aws_account) + - [AWS client](roles/_meta/aws_client_instance) + - [AWS region](roles/_meta/aws_region) + - [\_overrides.](roles/_overrides) diff --git a/docs/roles/aws/aws_ec2_autoscale_cluster.md b/docs/roles/aws/aws_ec2_autoscale_cluster.md index a9b957ac3..1a030e1e5 100644 --- a/docs/roles/aws/aws_ec2_autoscale_cluster.md +++ b/docs/roles/aws/aws_ec2_autoscale_cluster.md @@ -4,7 +4,7 @@ Supports either AWS EC2 Autoscaling Groups (ASGs) or AWS ECS clusters. Note, thi * https://github.com/codeenigma/ce-deploy/tree/1.x/roles/deploy_code (EC2) Note also that the `deploy_code` role needs to be used in tandem with this `ce-provision` role, which ensures there is a `cloud-init` script in place to install the code in the event of an instance replacement: -* https://github.com/codeenigma/ce-provision/tree/1.x/roles/mount_sync +* https://github.com/codeenigma/ce-provision/tree/2.x/roles/debian/mount_sync ## Networking Regardless of the scenario, ECS or EC2, if you decide to use a private subnet instead of giving your instances or containers public IP addresses, you will need at least one NAT gateway (more than one for resilience). When you are creating NAT gateways they must be in a *public* subnet and your routing tables in the private subnets should use the NAT gateway as the default route. Do not put the NAT gateways on the private subnets, it cannot possibly work and your containers or instances will not have internet access. diff --git a/docs/roles/debian/nodejs.md b/docs/roles/debian/nodejs.md index c121efb58..0e4624ee1 100644 --- a/docs/roles/debian/nodejs.md +++ b/docs/roles/debian/nodejs.md @@ -8,7 +8,7 @@ Installs NodeJS from official repos. --- nodejs: # Used by apt_unattended_upgrades - apt_origin_nodejs: "origin=. nodistro,codename=nodistro,label=. nodistro" # nodejs repo + apt_origin_nodejs: "origin=Node Source,codename=nodistro,label=Node Source" # nodejs repo apt_signed_by_nodejs: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key apt_origin_yarn: "origin=yarn,codename=stable,label=yarn-stable" # yarn repo apt_signed_by_yarn: https://dl.yarnpkg.com/debian/pubkey.gpg diff --git a/install.sh b/install.sh index 53db4ce5d..0776988a7 100755 --- a/install.sh +++ b/install.sh @@ -79,7 +79,6 @@ FIREWALL="true" AWS_SUPPORT="false" IS_LOCAL="false" SERVER_HOSTNAME=$(hostname) -ANSIBLE_COMMAND="" # Parse options. parse_options "$@" @@ -254,14 +253,8 @@ firewall_config: - "443" EOL -# Tell Ansible this is a Docker container -if [ "$IS_LOCAL" = "true" ]; then - ANSIBLE_COMMAND="ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml" -else - ANSIBLE_COMMAND="ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml" -fi # Configure ce-provision -/usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/$ANSIBLE_COMMAND" +/usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml" /usr/bin/rm "/home/$CONTROLLER_USER/ce-provision/provision.yml" # Install firewall @@ -281,7 +274,7 @@ if [ "$FIREWALL" = "true" ]; then ansible.builtin.import_role: name: debian/firewall_config EOL - /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml" + /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml" /usr/bin/echo "-------------------------------------------------" else /usr/bin/echo "-------------------------------------------------" @@ -399,7 +392,7 @@ EOT EOT /usr/bin/echo "-------------------------------------------------" fi - /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml" + /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml" /usr/bin/echo "-------------------------------------------------" else /usr/bin/echo "GitLab not requested. Skipping." diff --git a/roles/aws/aws_ec2_autoscale_cluster/README.md b/roles/aws/aws_ec2_autoscale_cluster/README.md index a9b957ac3..1a030e1e5 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/README.md +++ b/roles/aws/aws_ec2_autoscale_cluster/README.md @@ -4,7 +4,7 @@ Supports either AWS EC2 Autoscaling Groups (ASGs) or AWS ECS clusters. Note, thi * https://github.com/codeenigma/ce-deploy/tree/1.x/roles/deploy_code (EC2) Note also that the `deploy_code` role needs to be used in tandem with this `ce-provision` role, which ensures there is a `cloud-init` script in place to install the code in the event of an instance replacement: -* https://github.com/codeenigma/ce-provision/tree/1.x/roles/mount_sync +* https://github.com/codeenigma/ce-provision/tree/2.x/roles/debian/mount_sync ## Networking Regardless of the scenario, ECS or EC2, if you decide to use a private subnet instead of giving your instances or containers public IP addresses, you will need at least one NAT gateway (more than one for resilience). When you are creating NAT gateways they must be in a *public* subnet and your routing tables in the private subnets should use the NAT gateway as the default route. Do not put the NAT gateways on the private subnets, it cannot possibly work and your containers or instances will not have internet access. diff --git a/roles/debian/nodejs/README.md b/roles/debian/nodejs/README.md index c121efb58..0e4624ee1 100644 --- a/roles/debian/nodejs/README.md +++ b/roles/debian/nodejs/README.md @@ -8,7 +8,7 @@ Installs NodeJS from official repos. --- nodejs: # Used by apt_unattended_upgrades - apt_origin_nodejs: "origin=. nodistro,codename=nodistro,label=. nodistro" # nodejs repo + apt_origin_nodejs: "origin=Node Source,codename=nodistro,label=Node Source" # nodejs repo apt_signed_by_nodejs: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key apt_origin_yarn: "origin=yarn,codename=stable,label=yarn-stable" # yarn repo apt_signed_by_yarn: https://dl.yarnpkg.com/debian/pubkey.gpg