Logan
9fdcad1c46
- Terraform: e2-micro VM (us-east1-b, free tier), static IP, SSH/web
firewall rules, IAM bindings for Firestore + GCS; imports existing
drb-calls bucket and c2-server Firestore database into state
- Gitea CI: build c2-core, discord-bot, frontend images and push to
git.vpn.cusano.net registry; SSH deploy pulls pre-built images (no
build on VM)
- Ansible: first-time setup only — git clone, env files from vault,
Caddyfile, docker login + compose pull + up; no rsync or on-VM builds
- docker-compose: add image: ${REGISTRY}/name:latest alongside build:
so local dev and CI registry both work
- gitignore: add Terraform state, lock, tfvars, ansible secrets
41 lines
2.2 KiB
Plaintext
41 lines
2.2 KiB
Plaintext
# Template for your Ansible Vault secrets file.
|
|
# Copy to vault.yml, fill in values, then encrypt:
|
|
# ansible-vault encrypt vault.yml
|
|
# Edit later with:
|
|
# ansible-vault edit vault.yml
|
|
|
|
# ── MQTT ─────────────────────────────────────────────────────────────────────
|
|
vault_mqtt_c2_user: drb-c2-core
|
|
vault_mqtt_c2_pass: "CHANGE_ME"
|
|
vault_mqtt_node_user: drb-node
|
|
vault_mqtt_node_pass: "CHANGE_ME"
|
|
|
|
# ── C2 Core ───────────────────────────────────────────────────────────────────
|
|
vault_service_key: "" # openssl rand -hex 32
|
|
vault_node_api_key: "" # openssl rand -hex 32
|
|
vault_openai_api_key: ""
|
|
vault_google_maps_api_key: ""
|
|
vault_gemini_api_key: ""
|
|
vault_gcs_bucket: "your-gcs-bucket-name"
|
|
vault_firestore_database: "c2-server"
|
|
|
|
# ── Gitea Container Registry ──────────────────────────────────────────────────
|
|
vault_registry_host: "git.vpn.cusano.net"
|
|
vault_registry_user: "logan"
|
|
vault_registry_token: "" # Gitea access token with package:write scope
|
|
vault_registry: "git.vpn.cusano.net/logan" # full image prefix
|
|
|
|
# ── Discord Bot ───────────────────────────────────────────────────────────────
|
|
vault_discord_token: ""
|
|
|
|
# ── Frontend (Firebase) ───────────────────────────────────────────────────────
|
|
vault_firebase_api_key: ""
|
|
vault_firebase_auth_domain: ""
|
|
vault_firebase_project_id: ""
|
|
vault_firebase_storage_bucket: ""
|
|
vault_firebase_messaging_sender_id: ""
|
|
vault_firebase_app_id: ""
|
|
|
|
# No GCP key needed — the VM uses Application Default Credentials via the
|
|
# GCE metadata server. Terraform grants the required IAM roles at apply time.
|