1c450159af
- Add age recipient key for wizard to .sops.yaml (also placed privatekey on wizard at /config/wizard.host.key) - Add step to install sops from specific binary release v3.9.1 - Add step to decrypt config.boot locally - Add step to push decrypted config.boot to vyos host - Trigger workflow
43 lines
1.6 KiB
YAML
43 lines
1.6 KiB
YAML
name: SSH and echo to file
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
paths: [ 'homelab/vyos/config.boot' ]
|
|
|
|
jobs:
|
|
ssh:
|
|
defaults:
|
|
run:
|
|
working-directory: homelab/vyos
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Jafner.net repo
|
|
uses: actions/checkout@v4
|
|
- name: Check network connectivity to host
|
|
run: |
|
|
sudo apt-get update &&\
|
|
sudo apt-get install -y iputils-ping
|
|
ping -c 1 -t 5 -q 192.168.1.1
|
|
- name: Configure SSH
|
|
run: |
|
|
echo -e "${{ secrets.RUNNER_SSH_PRIVATEKEY }}" > /tmp/key
|
|
chmod 600 /tmp/key
|
|
ssh-keygen -y -f /tmp/key > /tmp/key.pub
|
|
mkdir -p ~/.ssh && touch ~/.ssh/known_hosts && chmod 600 ~/.ssh/known_hosts
|
|
ssh-keyscan -t ed25519 192.168.1.1 >> ~/.ssh/known_hosts
|
|
- name: Connect to VyOS
|
|
run: |
|
|
ssh -i /tmp/key vyos@192.168.1.1 'whoami'
|
|
- name: Install SOPS
|
|
run: |
|
|
curl -o sops -L https://github.com/getsops/sops/releases/download/v3.9.1/sops-v3.9.1.linux.amd64
|
|
chmod +x sops; mv sops /usr/local/bin/sops
|
|
sops --version
|
|
- name: Decrypt config.boot
|
|
run: |
|
|
echo -e "$(ssh -i /tmp/key vyos@192.168.1.1 'cat /config/wizard.host.key')\n${{ secrets.AGE_DEPLOY_KEY }}" > /tmp/combined.key
|
|
export SOPS_AGE_KEY_FILE=/tmp/combined.key
|
|
sops decrypt -i --input-type json config.boot 2>/dev/null && echo "Decrypted config.boot"
|
|
- name: Push config to VyOS
|
|
SSH_CMD="ssh -i /tmp/key" SCP_CMD="scp -i /tmp/key -q" ./vyos.sh push |