ssh-keygen -t ed25519 -C "Main User"
ssh-copy-id -i ~/.ssh/id_ed25519.pub <ip-add>
I recommend using Ubuntu for the Ansible server
sudo apt update
sudo apt install ansible
sudo adduser <ansible-user>
sudo usermod -aG sudo <ansible-user>
Login as the ansible user and create SSH Key.
ssh-keygen -t ed25519 -C "Ansible User"
sudo apt install -y git
git clone https://github.com/marksie1988/home-deploy.git --recursive
cd ~/home-deploy
git submodule init
git submodule update
copy the id_ed25519.pub
file to the templates folder and rename it ansible_user.pub
If updates have been added to submodules run:
git submodule foreach git pull origin master
Add acocunt
op signin add
Login
eval $(op signin)
sudo apt install webhook
Configure Webhook:
cp .stubs/webhook/webhook.json /etc/webhook.json
chmod +x deploy-hook.sh
Update webhook.json with secret from Github
Enable & Start Services:
systemctl enable webhook
systemctl start webhook
Open Firewall Port:
sudo ufw allow 9000/tcp
sudo ufw reload
On the Ansible server from the repo directory run the below command:
ansible-playbook authorized_keys.yml --ask-pass --ask-become-pass
To limit to a specific group of hosts:
ansible-playbook authorized_keys.yml --ask-pass --ask-become-pass --limit <host-group>
eval $(op signin my)
ansible-playbook main.yml --ask-become-pass --limit <host-group> -i <inventory-file> --ask-vault-pass
Vault should be used for any files with sensitive data