Ansible configuration for the Netz39 infrastructure
Find a file
2024-02-03 19:52:47 +01:00
files Add a systemd unit to start the kiosk 2024-01-04 22:18:23 +01:00
group_vars 👥 Add another ssh key for alex 2024-01-15 21:36:32 +01:00
host_vars chore(deps): update renovate/renovate docker tag to v37.168.4 2024-02-03 13:18:22 +00:00
roles Update cleanURI to the new Site interface 2023-11-28 21:37:07 +01:00
templates Bring back FBI on hobbes. 2024-01-09 21:36:22 +01:00
.editorconfig Add EditorConfig configuration file 2022-01-08 13:25:36 +01:00
.gitignore git: add ansible vault pass to gitignore 2023-07-25 23:26:23 +02:00
.mailmap 📝 mailmap: Expand alias to real name 2022-12-31 10:43:16 +01:00
.yamllint 🚨 yamllint: Ignore line-length warnings 2022-11-18 08:58:19 +01:00
ansible.cfg feat: add nicer rendering to ansible config 2022-10-24 16:33:16 +00:00
configure-grafana.yml update requirements.yml to correctly install collection 2022-11-12 15:31:51 +01:00
group-all.yml 🐛 Fix origin for unattended-upgrades 2022-11-24 16:03:02 +01:00
group-docker_host.yml 🐳 Add telegraf container for Docker metrics in influxdb 2023-01-10 06:26:14 +01:00
group-k3s.yml install nfs-common on all k3s nodes 2023-11-04 17:16:02 +01:00
group-proxmox.yml 🚚 Rename group playbooks to group-* 2022-11-04 22:35:41 +01:00
host-beaker.yml feat: add admins to proxmox user permissions file 2022-11-11 14:56:02 +01:00
host-hobbes.yml Setup a Kiosk on hobbes to show Grafana screenshots 2024-01-06 17:48:53 +01:00
host-holmium.yml 🧱: change git url to git.n39.eu 2023-09-01 19:06:28 +02:00
host-krypton.yml Change dehydrated_cron name for git dependency specification 2023-11-17 19:53:47 +01:00
host-oganesson.yml 🚚 Rename host playbooks to host-* 2022-11-04 22:34:37 +01:00
host-platon.yml Remove obsolete warn directive from shell call 2024-01-09 22:17:42 +01:00
host-plumbum.yml fix: add no_root_squash option to nfs exports 2024-01-13 12:22:25 +01:00
host-pottwal.yml feat: add shlink database container 2023-11-30 22:19:51 +00:00
host-radon.yml chore(deps): update mrtux/grafana-screenshot docker tag to v0.1.1 2024-01-31 19:48:53 +00:00
host-tau.yml chore(deps): update bitnami/dokuwiki:20230404 docker digest to 95c012d 2024-01-28 00:16:05 +01:00
host-unicorn.yml chore(deps): update jacobalberty/unifi docker tag to v8.0.28 2024-02-03 19:52:47 +01:00
inventory.yml fix: correct order of operations in nfs-host role 2023-11-04 17:16:02 +01:00
main.yml add nfs-host role for plumbum.n39.eu 2023-11-04 17:16:02 +01:00
README.md 🧱: change git url to git.n39.eu 2023-09-01 19:06:28 +02:00
renovate.json fix: add missing entry to renovate configuration 2024-01-15 10:25:14 +01:00
requirements.yml chore(deps): update dependency community.grafana to v1.7.0 2024-01-28 00:16:30 +01:00
setup-ssh.yml 🚨 Fix new-line-at-end-of-file warnings 2022-11-18 08:50:33 +01:00

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Setup SSH Access to hosts

LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"

Edit vault encrypted vars files

ansible-vault edit group_vars/all/vault

Call with

ansible-playbook --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

Verify Changes

ansible-lint main.yml
ansible-playbook --ask-vault-pass main.yml --check --diff

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup_http_site_proxy.

Do not forget to execute all playbooks with relevant changes.