JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity
Ansible configuration for the Netz39 infrastructure
485 commits 10 branches 0 tags 1.5 MiB
Jinja 94.7%
Shell 3.8%
Lua 1.5%
Find a file
tux 9a873d934a Merge pull request 'separate-vault-vars' (!101) from separate-vault-vars into master 
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/101
Reviewed-by: Alexander Dahl <alex@netz39.de>
Reviewed-by: tux <tux@netz39.de>
2022-11-04 18:36:43 +00:00
files Add the Asterisk sound files 2022-08-05 17:23:48 +02:00
group_vars/all feat: separate vault vars for group all 2022-11-01 18:29:23 +01:00
host_vars move krypton.n39.eu vars to host_vars directory 2022-11-04 14:58:46 +01:00
roles fix file permissions for setup_http_site_proxy 2022-10-28 21:19:48 +02:00
templates Add template for SIP configuration 2022-08-05 17:23:48 +02:00
.editorconfig Add EditorConfig configuration file 2022-01-08 13:25:36 +01:00
.mailmap Introduce gitmailmap 2022-10-26 21:45:47 +02:00
.yamllint yamllint config and fixes 2020-12-28 22:53:53 +01:00
all.yml ✏️ adress issues from PR discussion 2022-09-30 22:24:41 +02:00
ansible.cfg feat: add nicer rendering to ansible config 2022-10-24 16:33:16 +00:00
holmium.yml fix: rename role nginx-https-ingres to resolve ansible lint warning 106 2022-10-24 22:22:35 +02:00
inventory.yml move krypton.n39.eu vars to host_vars directory 2022-11-04 14:58:46 +01:00
krypton.yml fix: fix missing file permissions for krypton 2022-10-28 21:18:17 +02:00
main.yml Call holmium playbook from main 2022-08-27 14:12:11 +02:00
oganesson.yml Add playbook for host oganesson 2022-07-20 21:29:05 +02:00
platon.yml Fix trivial yamllint whitespace warnings/errors 2022-10-26 18:56:20 +02:00
pottwal.yml move pottwal.n39.eu vars to host_vars directory 2022-11-04 14:58:45 +01:00
proxmox.yml Move proxmox specific tasks to separate playbook 2022-07-23 20:42:11 +02:00
radon.yml fix: fix missing file permissions for role setup_http_site_proxy 2022-10-28 21:19:44 +02:00
README.md doc: add vault editing to README.md 2022-11-01 18:31:10 +01:00
requirements.yml Fix trivial yamllint whitespace warnings/errors 2022-10-26 18:56:20 +02:00
tau.yml fix: fix missing file permissions for tau 2022-10-28 21:19:48 +02:00
unicorn.yml Fix trivial yamllint whitespace warnings/errors 2022-10-26 18:56:20 +02:00

README.md

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible -i inventory.yml all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Edit vault encrypted vars files

ansible-vault edit group_vars/all/vault

Call with

ansible-playbook -i inventory.yml --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup_http_site_proxy.

Do not forget to execute all playbooks with relevant changes.