Use Ansible instead of Bash for provisioning

The deployment is not quite working, and I'm unable to test right now:
DigitalOcean is returning 503 for my requests.

As of this commit, I can run =ansible-playbook provider.yml= more than once and
it will actually be idempotent.

Notes:
- SSH fingerprint are now taken from the public key file instead of manually
supplying it in the terraform template using the =digitalocean_ssh_key=
resource;
- use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets
created by Terraform;
- use the =filename.env.extension= to create the concrete files in CI;
- use the =user_data= to add the know SSH key pair to the newly created Droplet;
- add =rotate-ssh-keys.sh= utils;

1 files changed, 11 insertions, 3 deletions

diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh
index ee5ecf2..e6e85c9 100755
--- a/scripts/ci/setup.sh
+++ b/scripts/ci/setup.sh
@@ -18,9 +18,17 @@ popd
 echo "Done."
 
 # git smudge after git-crypt clears file permissions
-chmod 600 ./secrets/vps_box
-chmod 600 ./secrets/borg_remote
+chmod 600 ./secrets/ssh/vps-box-client
+chmod 600 ./secrets/borg/borg_remote
 cat .envrc >> ~/.buildenv
 
 source .envrc
-envsubst < ./ssh.conf >> ~/.ssh/config
+
+export SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)"
+export SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)"
+
+envsubst < ./cloud-config.env.yaml > ./cloud-config.yaml
+envsubst < ./ssh.env.conf >> ~/.ssh/config
+envsubst < ./hosts.env > ./hosts
+envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml
+envsubst < ./user-data.env.sh > ./user-data.sh