From 9325d9edd056b7e38c29d36d817c4a2fc4e450ef Mon Sep 17 00:00:00 2001
From: nils <48135649+Nilstrieb@users.noreply.github.com>
Date: Mon, 28 Aug 2023 14:36:57 +0200
Subject: [PATCH] copy all secrets

---
 playbooks/vps2.yml                   |  62 ++++++++++++++++++++-------
 secrets/killua/trivia_questions.json | Bin 3421 -> 0 bytes
 secrets/mincraft/.env                | Bin 0 -> 140 bytes
 secrets/{.env => vps2.env}           | Bin
 4 files changed, 47 insertions(+), 15 deletions(-)
 delete mode 100644 secrets/killua/trivia_questions.json
 create mode 100644 secrets/mincraft/.env
 rename secrets/{.env => vps2.env} (100%)

diff --git a/playbooks/vps2.yml b/playbooks/vps2.yml
index 6ddca89..e1e0b31 100644
--- a/playbooks/vps2.yml
+++ b/playbooks/vps2.yml
@@ -3,35 +3,47 @@
   hosts: vps2
   gather_facts: false
   tasks:
-    - name: Install htpasswd
-      ansible.builtin.apt:
-        name: apache2-utils
     #####
     # APP: docker registry, /apps/registry
     #####
     - name: Create /apps/registry
       ansible.builtin.file:
-        path: /apps/registry
+        path: "/apps/registry"
         state: directory
-        mode: u=rwx,g=rx,o=rx
+        mode: "u=rwx,g=rx,o=rx"
     - name: Create /apps/registry/data
       ansible.builtin.file:
-        path: /apps/registry/data
+        path: "/apps/registry/data"
         state: directory
-        mode: u=rwx,g=rx,o=rx
+        mode: "u=rwx,g=rx,o=rx"
     - name: Copy over registry config.yml
       ansible.builtin.copy:
         dest: /apps/registry/config.yml
         src: ../apps/registry/config.yml
-        mode: u=r,g=r,o=r # readonly
+        mode: "u=r,g=r,o=r"
+    - name: Copy secrets user file
+      ansible.builtin.copy:
+        dest: "/apps/registry/htpasswd"
+        src: "../secrets/registry/htpasswd"
+        mode: "u=r,g=r,o=r"
     #####
     # APP: widetom, /apps/widetom
     #####
     - name: Create /apps/widetom
       ansible.builtin.file:
-        path: /apps/widetom
+        path: "/apps/widetom"
         state: directory
         mode: u=rwx,g=rx,o=rx
+    - name: Copy widetom config.toml
+      ansible.builtin.copy:
+        dest: "/apps/widetom/config.toml"
+        src: "../secrets/widetom/config.toml"
+        mode: "u=r,g=r,o=r"
+    - name: Copy widetom bot_token
+      ansible.builtin.copy:
+        dest: "/apps/widetom/bot_token"
+        src: "../secrets/widetom/bot_token"
+        mode: "u=r,g=r,o=r"
     #####
     # APP: killua bot, /apps/killua
     #####
@@ -39,7 +51,7 @@
       ansible.builtin.file:
         path: /apps/killua
         state: directory
-        mode: u=rwx,g=rx,o=rx
+        mode: "u=rwx,g=rx,o=rx"
     #####
     # APP: karin bot, /apps/karin-bot
     #####
@@ -47,7 +59,8 @@
       ansible.builtin.file:
         path: /apps/karin-bot
         state: directory
-        mode: u=rwx,g=rx,o=rx
+        mode: "u=rwx,g=rx,o=rx"
+      # TODO: Mount a volume in the karin-db to this directory
     #####
     # APP: cors-school, /apps/cors-school
     #####
@@ -55,7 +68,16 @@
       ansible.builtin.file:
         path: /apps/cors-school
         state: directory
-        mode: u=rwx,g=rx,o=rx
+        mode: "u=rwx,g=rx,o=rx"
+    - name: Copy secret envs
+      ansible.builtin.copy:
+        path: "/apps/cors-school/{{ item }}"
+        src: "../secrets/cors-school/{{ item }}"
+        mode: "u=r,g=r,o=r"
+      with_items:
+        - bot.env
+        - db.env
+        - server.env
     #####
     # APP: bisect-rustc-servce, /apps/bisect-rustc-service
     #####
@@ -63,12 +85,12 @@
       ansible.builtin.file:
         path: /apps/bisect-rustc-service
         state: directory
-        mode: u=rwx,g=rx,o=rx
+        mode: "u=rwx,g=rx,o=rx"
     - name: SQLite DB permissions for bisect-rustc-servce
       ansible.builtin.file:
         path: /apps/bisect-rustc-service/db.sqlite
         state: touch
-        mode: u=rw,g=rw,o=rw
+        mode: "u=rw,g=rw,o=rw"
     #####
     # APP: minecraft server, /apps/minecraft
     #####
@@ -76,11 +98,21 @@
       ansible.builtin.file:
         path: /apps/minecraft
         state: directory
-        mode: u=rwx,g=rx,o=rx
+        mode: "u=rwx,g=rx,o=rx"
+    - name: Copy minecraft secrets
+      ansible.builtin.copy:
+        path: "/apps/minecraft/.env"
+        src: "../secrets/minecraft/.env"
+        mode: "u=r,g=r,o=r"
     #####
     # END: docker compose up!
     #####
       # We want this to be last so that all app-specific config has been done.
+    - name: Copy .env
+      ansible.builtin.copy:
+        dest: "/apps/.env"
+        src: "../secrets/vps2.env"
+        mode: "u=r,g=r,o=r"
     - name: Docker compose up! 🚀
       community.docker.docker_compose:
         project_src: /apps
diff --git a/secrets/killua/trivia_questions.json b/secrets/killua/trivia_questions.json
deleted file mode 100644
index f99593709775332cebb0ce33645e08bf5932bd69..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3421
zcmZQ@_Y83kiVO&0C|0?C#_fbb>-uWPWsgO54>DhWnbz3OvE!WYq|{Fzmf4y6IZV=@
zylLIvl*W+CQ}@#Pl@<gv-(S2|__U^Z^Z#`j$5?+%x0L_ewCt#5cald-%j+A>%txH1
zcdt49`)o9`c6i`(C*$~%<zE;lw`#uG=EvULE-G@;nmKQYjw8cP&O-Lxv%V`eUHUB`
z<lw8GQhla8&*)G(<DC;z;+5QDw;bN~=hC%OPftCw?+tV2?sw&F2%Y*sDAH!$v-`7S
zBU180-el~`e(4l4`R9~5j*8h~-j_07pWC#sL3c)m;@gz4n^mO|)prFZUPwAub$h;`
zqg|K!)U>m&L>A0fc8`%+p1qb`>AjDQWMP}8aMa>8T|2(ZMWjUTblk!}<4*9=Q-1Z)
zH;miaFW+wdcg`^8jBx$6cIJ&f``^o6ifdn0e~3M`At1Bj#C+{pqAxguDs;+&^|II(
zK6?D*vCZFuAsHGwofWok4e8wZrBCFVp;o$NW9Gxlp^DQro?HFyJ<xpr!!!jB1C4D<
z6YgDqWzKU$&S?t&&+qR)uAH*vL>p^yjOc-iV2;lo=T(xl4%>Wdeq<%eSiFL*bt;GU
zm%oV@vT{~i^eyLmaX`jzdS~^)t+f|Em+>|~3tFbrc3pq5SMJd-@2?n@zxn?AfzAFE
zvM(Ag6{^eJ%lv(HohPrCWch5yZ_8`qHtsdx3OKj){;K@~{WD!}1cwKDepl~X`RdN|
zmEV?>E}NmXWxY(jNNA{YQzP%%74cjJUtKfjovMDJ+MPag-};$W5=xO~K>?RsC%np1
zeYsz!jj?|IQ3*yaqlU}Dbt@<38P2&k_01<ap0<vdq~~w;3H-l){l|@-HNEKpkIv4J
zPWGIzukhN=X%=iw4~y2sNTywoE)K1WJk)HZkhj!nOUU6&mDyMS{BeDw`95R|SHR)}
z4?P#Exfti$C7)mR_vUN$Hp}?1jfKp<vx6o|Nt>_Ob>s7zFP9fZ&Iu7Iy5;;|C+;Xm
zm$_f@n=n&PT@j_t1{KU7Z|NM~7yFg5&hDg8@v-Hh)>~o(|1?K`UJ@9$?fW{#Gc)eo
z?7lC-de%|U?V#i`g^c<YpFiGsyzwIYwg<tx7VVpDHLw2TzpWX3*ZCG`-i^Gw#(Ph9
zSXVLkzeq`4*0=oISKXOiZ2f2X_6h$(d5?epBr)}h>^-*~lQxTA7xmLp?XYgsTfUR=
zX$CVR^O^f6Iz>)D+t7JWmqD#DTcLXW+8*A}$wvcronPp=d3vDi^vbhe4^On7w9M*y
zjmSqvRk33~Z(Z-7u_*7hc;sw_zWHA*=F0Fn$y^jZyuk8cvE{xO>KoPT>kl?JZc<w#
zlxt=qbb%qaW3pT<>x2CnCGFoNj;ZiHG5)hsUNzBCZDr+u!)TpJ4*QLLxn`C;vRQaC
z=<Dm`Tasd4FUr@e+iYB}*mP86-}=Sjt3{{XDNuj!<^Dm^IBeU!zv5C8udxT~vhmKy
zpCsSfz{Irk<^Q=Ieuw8a&vQ+T*`U8go99+hoeoDqY9rr&;cY2vzx;S|^y1tU)&(iX
zujU?jRWMJ;%<kC}!5a>@*S<Kd92%`uBqG0@Yje#zr<WF2&W23sogAvX(_1DYOE8Ap
z<~IM4S1Z1(*m|tAy=;Qwt<bfR%c|zRE4tqHL9NL8{=XmX@q5(8q{RcHn`?LL%&T80
z-*KL&MmB8z|EXuUY<<Y^`S|7jBEwzwpG5XtxAVXIR72yEs!Pe^#a7pDeE%!)Szl(Q
zR>P(pQx?gsv^2{<v2SX3k&%Ah^o%)QkFGoYkZ*;x*T2uKFX9Y#-*gr`JM;Syv%Z`S
z1<$(XZRWW1)M!=2@iS+|N*|wOn5wRRr{sRh{3)3eC%mzm<h-b}P=4X0murgaemPWM
za2Dw>d?0gUqh`qFUnipfe!XY7I{RLSu(5f{|Khu6b06;U@muX#oYTZN_f<%4*Y(gR
zzXFq&pV;|4r{RZc^FQvrQu)sQEqy1`r(3>tDN^gQ{$R6Jwd&GMNnP&ro=3{I-V-@;
zR6^PE?{8Z8Qrv3UrVWOlC$1G<`;AfKZLC+}Tz+{E7Z&xDqvhJsF|2d={hg2cYMsvA
zb?CS6)!BXJ6Z+nMPc*pr>}=)ohpLgaZ`J%A(u58#6<RO(C|3L4=~Wd8%u@0qIfu-)
zKlNSVR=w#^(DA3o)n$&perGUkX5pGSug)jD{NJ%*!MwenqQ9TquzqK7n8s;Im8lwQ
zBI7i+X>E|QxqLj{dmHzs{SxPvh@=@7O%Rb{nRrWW^Xyw^m#VyYdf>;ZFXwjsdOYI+
zvs;&9b^S@F*=yCk4r<hOdn*~v{8iCq8(Z`x{K%`ie|1ZJc2&#8<>x&AStdA%TgO77
z<YB;-s^x2K{|PUBrgdq?+|_EHzOCn`Zum5vh0|c?$==)pQyWzE_#e7(t=r+FvhGg8
z=8VNtA1ARN?D~=!UL(Y!vOwqRYDbTTRTj~a0@i{~F7IbulKW<Nh2QV~qVG$mKfHNF
z`<m0q>$356+2O8cw~UMfW;b@TnH`uP7bz*BaAcWOX_)DsI+M(0YM}`tLNNvRJ2r0K
zdqJ?Bx7+E2*pn|m?p|43$oG5!6aTTf=edqBx6M5tc+%4%;fLMUOu2b09%Kmqy6K)X
zrC3hvh>KzU7QfqNDb|XG7Xx2Lp8Di)<Clf%HkUu|(`G)}x6zjOmd-Vej}DGcIp@#0
z-#Y!*<$yP)!Jbv?WTpr_@{tKK%G|ed+Igc}_WRNuc+Boj-tcVNi5#v}UJKa;4`yAx
z8=*XPYu97pI@Jd~M`!H2ySn9xl!fEDh9g@Rl^tDkf@klN&w2j+5~kMWO);$dB6oh+
zYqt5=g^mfKGin&Q=N#JI*q9z;C(^s*-6ON;ZTUP;FE6xsdGU6%Ywy<uyz$zJZFlax
zo78g2zL_ID=-Ig+owMQ-4{VHH-}LUE#d*FnA9DPbPjLEHYwPet`c3}C?`!K>a<_7>
z-lVyD@p3m!1OMW8vIScm%WG>7D89OK(s)19RJUy=6Px}%<UiypG+SkF$<rOV?r)wH
zER4I<e{$B%zqfXs-Ez7kr<C)^Ol`eFfz*K5SF3$@oafukF@ayOh&e8H)7C2I&;O?8
zv7g!6G-v4zj@p6(ndAH7X4qM8R`J@+wE6dA?_a+HGq$e!dLSX+_Qd4qSv-oaYTLQP
zKOJ1^z3uwU8OoNeUyHYh7W&?EfBo2Rc3yIzPR#M!N=57ywZUb9pO-p*u>CXXmPLJD
z$Gn>hO?R(i39f!u^6&=FWb4-}TTM1dv34IWD!#RC|L(vfsa=UbD?Dzk%%7&N{N`z6
zhwavlPZfmT_Z75zZ<W`}D$;P6AXwXIxb4*rRk`}M!;5x#zuM2rn6Fu?Cfc}pb!dZ3
ziu1STCnvW4x-NOK<<{2P1F2$@ri+_B*IMt?a#O)M{NCLgH?He^o5!|_dBVJ)Lp@$U
zpD{1~o+MeUEGYYB<KgLLerqZvc~j1{{+e^|tjhfF5iV2ht-`-)%e3}xm{K-FwBAqD
z&ue<g?XN8pW740#_{>~+PE);+H&^TYjW&ac{?p7K=)e71+z=iAt-GtKr7mGzi{=Nu
zge4D_xa{MKXiaYS>B{@dksa~S<o|1(7@>!UQ#~S=syhdL=31Q9-|HTm_obrul3aY9
z!p%<$_loH%DL%=XCD`A$p{>f@LeNylp;5O^<CyH#2BzDa7Pqo*dUxoVO`4O#zi%Jy
zSBROeh@Z8+BK*whrGn@6T{oV}*)o^mxAgJt;curbb=&h|S@9mBKlV#D<UefRSN6-&
zbJ5}jcSQtexSDuy3BP`^WY_b3##WX3Vr6bMMxS~1r_VXM;d14gZDs23yBozmpMP97
zp{3?<=pmPlqHHV`t>tRWJ*%c4*?r~t{8@hz9p=weD`b4FmE^siGlFYc^?IEP*_YGY
zxC`|w-%M6?Pl%jx+Wnr@>-UE~ZP?no<kXR`Q-Z&|N$D3=IRBbG{^{$Fe>f+K#xs3(
z$o?nf@7`16^mEFKzfxyqPoB>&tbcnrBT!1!rciG|ciS;{%NCh`OE$Ro2QYG}o<2Q=
zLFi?PqvSd5ecj@`Pc6QBsc!Av)P8^COwMbIHfkR<Jm|cpCB#@}wh7N0yBGT+qhI?e
zsc~<M@|ZfqJADru+r?zdmolR33tEh|k7my0KR@5PSN;3ZV{dcVlYam7%ekR-JG$-S
zYpLr0tHmnz{^<<4w^^9szxlya`d1hi|L{{w;^cj2)Y!L1G+<N4iX-mLe?I>`vq#f<
z#;%lEmS&f%^aH2AYCC5=D{uGNM^3X|>|McoNP1@G?kQOvr#d|O`0C}8E@-CvEmOIv
zC?WHA!Oe-suR1&bzs;QD*~=0m=)vx`Cj4}D$=eSH{u!oMmibsUgq+?zJBIu9ld=H$
zo3lOnI4&FUEM~m4_;+oO088n6zh^gQGdI=ORvgzTdi2+AN8{b9*-;7oJe~2()ssuA
zlP0DeW%O^U|CSoKjdA1uX?+1%!K&r$uOFUR`_n&9-QB(L`X6yuQ3Yd$&G+VCv%eVn
z-}sK!l0|hFjX0R<svKUZ9Zz5SWPNkg_1IpWzvnA5I5X!;UX{}cX6Jh~KUE|+(^&S-
z)$7iOO8YrK`;<$~%%2#(Bj&=%NYi6g|72=po3EYnPpYiyJza9^XF+=YwCTmOPkg$y
d!D08I2Hx~1lRxD*+dcgwB5=3+g{Si_Rsf4vvEcv!

diff --git a/secrets/mincraft/.env b/secrets/mincraft/.env
new file mode 100644
index 0000000000000000000000000000000000000000..86936a70c6b52d74c361d39eacd33b183a295d21
GIT binary patch
literal 140
zcmZQ@_Y83kiVO&0SkZhd-ss&96<z<VlJeaPpIrLo*&(#5wCU3y|IDUyzdGOU`>Xic
ze%tAPG84>yWV|*GeY$*2h2d6H8-vJ`8j>kDzFml`eAjXE&|dRJ@xQau^HWw{oU3wg
zU)9kl|J@5VZ<tbTA-lu!)r0uP<9{SJ^|{S_*YdH$LEvKKZW)H-9EnaReg6Oe2&hUI

literal 0
HcmV?d00001

diff --git a/secrets/.env b/secrets/vps2.env
similarity index 100%
rename from secrets/.env
rename to secrets/vps2.env