0Ry5/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity
Ansible configuration for the Netz39 infrastructure
1324 commits 1 branch 0 tags 3.2 MiB
Find a file
0ry5 a31faf02ef fix(pottwal): librarian db port must not be public
2025-02-21 17:54:41 +01:00
files Add sudo configuration for Asterisk I2C access 2024-11-04 10:13:40 +01:00
group_vars
host_vars Merge branch 'master' into master 2025-02-21 17:45:58 +01:00
roles 🚨 Fix trivial jinja spacing warnings 2025-02-20 06:43:59 +01:00
templates Add SSH entry for host Rhodium 2025-01-13 10:28:59 +01:00
.editorconfig
.gitignore
.mailmap
.yamllint 🔧 yamllint: Disable comment-indentation warnings 2025-02-20 08:23:17 +01:00
ansible.cfg
configure-grafana.yml
group-all.yml 🚚 roles: timezone: Override with galaxy name 2024-12-28 12:00:40 +01:00
group-docker_host.yml
group-k3s.yml 🚨 Add newline at eof 2025-02-19 21:49:57 +01:00
group-proxmox.yml
host-beaker.yml 🚨 Fix trivial jinja spacing warnings 2025-02-20 06:43:59 +01:00
host-hobbes.yml
host-holmium.yml feat(librarian): integrate into pottwal 2025-01-25 19:12:39 +01:00
host-krypton.yml 🚨 Fix trivial jinja spacing warnings 2025-02-20 06:43:59 +01:00
host-oganesson.yml
host-platon.yml 🚨 Modernize ansible-lint silence markup 2025-02-19 21:40:23 +01:00
host-plumbum.yml
host-pottwal.yml fix(pottwal): librarian db port must not be public 2025-02-21 17:54:41 +01:00
host-radon.yml chore(deps): update bitnami/rabbitmq docker tag to v4.0.6 2025-02-21 14:41:36 +01:00
host-tau.yml 🚚 roles: dehydrated_cron: Use namespaced name 2024-12-28 12:16:21 +01:00
host-unicorn.yml 🚨 Add more spaces before comment 2025-02-19 22:01:13 +01:00
host-wittgenstein.yml 🚨 Add more spaces before comment 2025-02-19 22:01:13 +01:00
inventory.yml Add note on host Rhodium to inventory 2025-01-13 10:28:59 +01:00
main.yml
README.md Make a note about adding SSH keys to host Rhodium 2025-01-13 10:31:59 +01:00
renovate.json
requirements.yml 🚚 roles: ble_keykeeper: Use namespaced name 2024-12-28 12:24:16 +01:00
setup-ssh.yml

README.md

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Setup SSH Access to hosts

LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"

This playbook also adds rhodium.n39.eu (OpenWRT router), but our Ansible cannot set up SSH keys (yet). Please add your key to OpenWRT manually.

Edit vault encrypted vars files

ansible-vault edit group_vars/all/vault

Call with

ansible-playbook --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

Verify Changes

ansible-lint main.yml
ansible-playbook --ask-vault-pass main.yml --check --diff

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup_http_site_proxy.

Do not forget to execute all playbooks with relevant changes.