Skip to content
This repository has been archived by the owner on Oct 20, 2022. It is now read-only.

ackersonde/pi-ops

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

Deploy Infra scripts to PI

pi-ops

This repo is a collection of operation scripts I stub out and use for my various websites, bots and infrastructure.

Be sure to read how I secure deployments to my home using the scripts in this repository.

Building & Running

Every push will redeploy the scripts & reinstall the crontab to my raspberry pi overseeing the secure operations of my DigitalOcean infrastructure. See the github action workflow

Secret Management: Vault -> Github

It all starts from this crontab entry: 32 * * * * /home/ubuntu/my-ca/update_github_secrets.sh

After ingesting the requisite environment variables, it calls vault_update_secrets.py which initially gets the last-modified dates of all my Vault application secrets. Then it goes over to Github and grabs the same data in order to compare which secrets are out-of-sync (meaning updated in Vault where I now manage my secrets).

Updated (or created) secrets are highlighted via Slackbot message with a super helpful pointer to which repos use those secrets (and may need to be redeployed) via https://api.github.com/search/code?q=org%3Aackersonde+{secret_name}&type=Code.

Check out the blog post here: XYZ