Add storage_box playbook and fix HCLOUD_TOKEN extraction
- Add storage_box role: generates SSH key pair, creates Hetzner Storage Box with known password, installs public key via install-ssh-key, writes storagebox.yml to stack config. Idempotent: skips key install if SSH key auth already works. - Add deploy.yml: one-shot playbook chaining provision → dns → storage_box → bootstrap → site for fresh deployments - Fix .envrc HCLOUD_TOKEN extraction stripping surrounding quotes from vault YAML values - Add restic_storagebox_password to vault template and setup.sh prompt - Add sshpass to README prerequisites Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
203bd5bf6e
commit
db70b4ba06
13 changed files with 218 additions and 18 deletions
13
.envrc
13
.envrc
|
|
@ -1,19 +1,30 @@
|
|||
# Stack selection — set LINDERHOF_STACK before sourcing, or create a .stack file
|
||||
watch_file .stack
|
||||
if [[ -z "${LINDERHOF_STACK:-}" ]]; then
|
||||
if [[ -f "$PWD/.stack" ]]; then
|
||||
LINDERHOF_STACK="$(cat "$PWD/.stack")"
|
||||
echo "linderhof: LINDERHOF_STACK is set to '$LINDERHOF_STACK'"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -z "${LINDERHOF_STACK:-}" ]]; then
|
||||
echo "linderhof: LINDERHOF_STACK is not set" >&2
|
||||
echo " set it in your environment, or run: echo <stack-name> > .stack" >&2
|
||||
echo " new here? run: ./setup.sh" >&2
|
||||
echo " existing stack? run: echo <stack-name> > .stack" >&2
|
||||
else
|
||||
export LINDERHOF_STACK
|
||||
export LINDERHOF_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/linderhof/$LINDERHOF_STACK"
|
||||
export ANSIBLE_INVENTORY="$LINDERHOF_DIR/hosts.yml"
|
||||
export ANSIBLE_VAULT_PASSWORD_FILE="$LINDERHOF_DIR/vault-pass"
|
||||
|
||||
# Extract HCLOUD_TOKEN from vault for hcloud CLI and Ansible modules
|
||||
if [[ -f "$LINDERHOF_DIR/vault-pass" && -f "$LINDERHOF_DIR/group_vars/all/vault.yml" ]]; then
|
||||
HCLOUD_TOKEN="$(ansible-vault view "$LINDERHOF_DIR/group_vars/all/vault.yml" \
|
||||
--vault-password-file "$LINDERHOF_DIR/vault-pass" 2>/dev/null \
|
||||
| grep '^hcloud_token:' | sed 's/^hcloud_token: *"\?\(.*\)$/\1/; s/"$//')"
|
||||
export HCLOUD_TOKEN
|
||||
fi
|
||||
|
||||
# Per-stack overrides: DOCKER_HOST, etc. — written by setup.sh
|
||||
if [[ -f "$LINDERHOF_DIR/stack.env" ]]; then
|
||||
# shellcheck source=/dev/null
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue