No description
|
|
||
|---|---|---|
| .woodpecker | ||
| inventory | ||
| playbooks | ||
| roles | ||
| .dockerignore | ||
| .gitignore | ||
| .justfile | ||
| ansible.cfg | ||
| Dockerfile | ||
| entrypoint.sh | ||
| playbook.yml | ||
| README.md | ||
| requirements.yml | ||
prodcast
broadcasting to a production near you
a container native runner that uses ansible to control how CI/CD deployment's work for my homelab. This allows me in a safe and secure way to centralize my deployment configurations and cut down the amount of work needed to maintain it.
TODO: vaultkey rotation
https://github.com/newren/git-filter-repo
the idea is that we have a scheduled ansible playbook that runs in our CI/CD to reencrypt all the vault.yml files, purges the old files, and pushes out the new vaultpass to our CI/CD runners mitigating any risk we have for either the vaultpass being leaked and having all of our secrets leaked
command wise, we'd be doing pre
mv .vaultpass .old.vaultpass
openssl rand -base64 32 > .vaultpass
chmod 600 .vaultpass
find . -name "vault.yml" -exec ansible-vault rekey \
--vault-password-file .old.vaultpass \
--new-vault-password-file .vaultpass {} \;