More documentation is available under the infrastructure site. To view the rendered site, run
docker-compose -f misc/bitraf-infrastructure/docker-compose.yml up -d hugo
and visit http://localhost:1313
To get our tools put in your $PATH and secrets loaded (see
settings.vault), always source .settings.sh when opening a new
terminal:
$ . .settings.sh
Sourcing ./settings.vault
Adding bin/ to PATH
Install dependencies in a Python 3 environment:
virtualenv env
env/bin/pip install -r requirements.txt
First, run git submodule update --init. Then run
bash misc/ansible-vault-tools/gpg-vault-password-file.sh vault-password
(but make sure you have a valid gpg key locally first). When asked for
a password, give the password for the vault. This will store the vault
password in a GPG encrypted file locally. As GPG uses your system's
keychain, you won't be asked for passwords all the time.
use ansible-vault to handle secrets:
apt install ansible
create a secret file
ansible-vault create secrets.txt
edit a secret file
ansible-vault edit secrets.txt
For sane git integration put this in $HOME/.gitconfig:
# gitconfig
[diff "ansible-vault"]
textconv = ansible-vault view
# Do not cache the vault contents
cachetextconv = false
See also: https://github.com/building5/ansible-vault-tools
Git config: Run this to show the plain text diff on vault files:
git config diff.ansible-vault.textconv ansible-vault view
When using Terraform, you need to have a ansible-vault file called settings.vault. It can be created with
ansible-vault create settings.vault
It's content should be:
export LINODE_TOKEN=
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
The values you will get from your Bitraf Linode account if you have
access. The LINODE_TOKEN is a "personal access token v4" and the AWS
keys are created under
Object Storage.
Make sure that the token has access to the bitraf-terraform bucket.
Name the tokens $username-$machine.
Infrastructure on the Bitraf wiki: