ansible/remnanode: роль на основе node_setup.sh + Ansible Vault для секретов

2026-04-04 17:58:11 +00:00
parent 930a2a9647
commit b82f6c6b7a
4 changed files with 533 additions and 0 deletions
--- a/ansible/roles/remnanode/tasks/main.yml
+++ b/ansible/roles/remnanode/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+- name: Copy node setup script
+  copy:
+    src: node_setup.sh
+    dest: /root/node_setup.sh
+    mode: '0700'
+
+- name: Fill SECRET_KEY in script
+  lineinfile:
+    path: /root/node_setup.sh
+    regexp: '^SECRET_KEY=""'
+    line: 'SECRET_KEY="{{ node_secret_key }}"'
+
+- name: Fill MY_IP in script
+  lineinfile:
+    path: /root/node_setup.sh
+    regexp: '^MY_IP=".*"'
+    line: 'MY_IP="{{ node_my_ip }}"'
+
+- name: Fill CrowdSec enroll key
+  lineinfile:
+    path: /root/node_setup.sh
+    regexp: '^cscli console enroll.*'
+    line: 'cscli console enroll {{ node_crowdsec_enroll }}'
+
+- name: Run node setup script
+  shell: /root/node_setup.sh
+  args:
+    creates: /opt/remnanode/docker-compose.yml