added github actions workflow for testing

.github/workflows/gitops.yaml

@@ -0,0 +1,72 @@
+---
+name: GitOps
+
+on:
+  push:
+    branches: [main, development]
+  pull_request:
+  schedule:
+    - cron: '53 1 */15 * *'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/secshellnet/ansible-vyos-lint
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Run ansible-lint
+        run: |
+          ansible-lint -x yaml[comments],yaml[empty-lines],\
+            yaml[new-line-at-end-of-file],yaml[trailing-spaces],\
+            var-spacing,command-instead-of-shell,no-changed-when,\
+            name[template],args[module]
+
+  run:
+    runs-on: ubuntu-latest
+    needs: [lint]
+
+    steps:
+      - name: Check if GitOps is enabled
+        run: |
+          if [ "${{ env.ENABLE_GITOPS }}" != "1" ]; then
+            echo "ENABLE_GITOPS is not set to true, workflow will terminate."
+            exit 0  # Terminate the workflow successfully
+          fi
+
+      - uses: actions/checkout@v3
+
+      - name: Prepare environment
+        run: |
+          mkdir .ssh
+          echo "${{ secrets.SSH_KEY }}" > .keys/id_eddsa
+          chmod 600 .ssh/id_ecdsa
+
+          echo "${{ secrets.ANSIBLE_KEYS_ALL }}" > .keys/all
+
+          git submodule update
+          ansible-galaxy collection install hetzner.hcloud
+          /opt/pipx/venvs/ansible-core/bin/python -m pip install -r requirements.txt
+
+      - name: Check target reachability
+        continue-on-error: true
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: false
+        run: |
+          ansible -m ping all
+
+      - name: Run ansible inventory in check mode
+        if: ${{ github.event_name == 'pull_request' }}
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: false
+        run: |
+          ansible-playbook servers.yaml --check
+
+      - name: Deploy ansible inventory
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: false
+        run: |
+          ansible-playbook servers.yaml

README.md

@@ -1,5 +1,11 @@
 # Secure Shell Networks: [Hetzner Cloud](https://www.hetzner.com/cloud) Ansible Inventory
 
+This repository template provides a ansible inventory to manage cloud server in 
+hetzner cloud (hcloud). It performes some basic linux hardening (unattended upgrades, 
+ssh, fail2ban) and can be extended by roles or tasks to perform whatever you need.
+It also supports git ops (github executes your playbook when you change things, so 
+you don't have to do it yourself).
+
 ## Getting started
 1. Clone this git repository:
    ```shell
@@ -8,7 +14,7 @@
 2. Install the required ansible and python modules:
    ```shell
    ansible-galaxy collection install hetzner.hcloud
-   pip3 install ipaddress passlib
+   pip3 install -r requirements.txt
    ```
 3. Create account on [hetzner.cloud](https://console.hetzner.cloud/)
 4. Create new cloud project
@@ -52,8 +58,11 @@
    ```
 10. Create a backup of the [`.keys`](./keys/) directory. It contains the key to your vault and the ssh key ansible uses to connect to the cloud servers. For security reasons this directory is excluded from git operations (see [`.gitignore`](./.gitignore)), so by default it will not be pushed to your git repository!
 
-## TODO
+### How to setup gitops
+set secrets: ENABLE_GITOPS=1 and SSH_KEY to the key
 
+
+## TODO
 |                                                  Feature                                                 |    State    |                         |
 |:--------------------------------------------------------------------------------------------------------:|:-----------:|:-----------------------:|
 | unattended-upgrades                                                                                      | test        |                         |

requirements.txt

@@ -0,0 +1,2 @@
+ipaddress
+passlib