diff --git a/gitea-runner.yml b/gitea-runner.yml index c72ccf3..f549cf2 100644 --- a/gitea-runner.yml +++ b/gitea-runner.yml @@ -1,17 +1,62 @@ #! wake up runner ! - hosts: tower gather_facts: false - vars: - token_register_runner: !vault | - $ANSIBLE_VAULT;1.2;AES256;prod - 38313233316133303530346633376266386137363665636264613635356365636435646164643563 - 3765646235333862363161376464613931323262653730660a623933373633346132353335613265 - 31623238393064663137643062323165616564643037373632313932346437383365343661313964 - 3530653265353863320a316331333363376436303562363933663834323333633065303534653039 - 65363661373934383638323530656531353138623732616432333031396561373037616661386335 - 6466613030333533363536393537666232383735373065653030 tasks: + +#! SECRETS + - name: Install Bitwarden CLI + ansible.builtin.command: + cmd: "{{ item }}" + delegate_to: localhost + loop: + - apk add --no-cache nodejs npm + - npm install -g @bitwarden/cli + + - ansible.builtin.command: + cmd: bw logout + delegate_to: localhost + ignore_errors: true + + - name: bitwarden token session + ansible.builtin.shell: "{{ item }}" + environment: + BW_CLIENTID: "{{ bw_client_id }}" + BW_CLIENTSECRET: "{{ bw_client_secret }}" + BW_PASSWORD: "{{ bw_client_password }}" + loop: + - bw config server {{ vaultwarden_url }} + - bw login --apikey + - bw unlock --passwordenv BW_PASSWORD --raw + delegate_to: localhost + register: bw_session_result + + - name: Get secret from Bitwarden + command: + argv: + - bw + - get + - password + - "{{ bw_requested_password_id }}" + - --session + - "{{ bw_session_result.results[-1].stdout | trim }}" + delegate_to: localhost + register: gitea_token_result + no_log: true + changed_when: false + + # - name: Return all secrets from a path + # ansible.builtin.debug: + # msg: "{{ gitea_token_result.stdout }}" + # delegate_to: localhost + + - ansible.builtin.set_fact: + gitea_token : "{{ gitea_token_result.stdout | trim }}" + no_log: true + delegate_to: localhost + + #! runner + - community.docker.docker_compose_v2: project_src: /opt/dockerapps services: @@ -25,7 +70,7 @@ - community.docker.docker_container_exec: container: runner - command: "act_runner register --instance http://gitea:3000 --labels ubuntu-latest:docker://docker:dind --labels ubuntu-latest:docker://ubuntu:latest --labels ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest --no-interactive --ephemeral --name runner --token {{ token_register_runner }}" + command: "act_runner register --instance http://gitea:3000 --labels ubuntu-latest:docker://docker:dind --labels ubuntu-latest:docker://ubuntu:latest --labels ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest --no-interactive --ephemeral --name runner --token {{ gitea_token }}" chdir: /data env: DOCKER_HOST: unix:///var/run/user/1000/docker.sock @@ -56,3 +101,9 @@ services: - runner state: absent + + + - name: logout bw + ansible.builtin.command: + cmd: bw logout + delegate_to: localhost \ No newline at end of file