klausdieter/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity
Ansible configuration for the Netz39 infrastructure
1337 commits 5 branches 0 tags 4 MiB
Find a file
Alexander Dahl 53fe6b4427 📝 mailmap: Merge some new identies 
Prefer private mail address over company mail address.
Prefer netz39 mail address over private mail address.

Output of `git shortlog -es` diffed:

```diff
--- before      2025-02-26 12:29:28.323774025 +0100
+++ after       2025-02-26 12:30:29.355141593 +0100
@@ -1,11 +1,8 @@
     99 Alexander Dahl <alex@netz39.de>
    284 David Kilias <dkdent@netz39.de>
-     2 Jens Winter-Hübenthal <jens.winter-huebenthal@bridgefield.de>
-     1 JensWH <jens.winter@gmail.com>
-     1 MG-95 <mg-95@gitea.n39.eu>
+     3 Jens Winter-Hübenthal <jens.winter@gmail.com>
      4 Maximilian Deubel <maximilian.deubel@gmail.com>
-     5 Maximilian Grau <mg-95@t-online.de>
+     6 Maximilian Grau <mg-95@t-online.de>
    259 Renovate Bot <accounts+renovatebot@netz39.de>
    670 Stefan Haun <tux@netz39.de>
-     1 timo <n39@therr.de>
-     1 timo <timo@netz39.de>
+     2 timo <timo@netz39.de>
```
2025-02-27 21:59:00 +01:00
files Add sudo configuration for Asterisk I2C access 2024-11-04 10:13:40 +01:00
group_vars 🔧 Enable automatic docker image prune again 2025-02-23 19:18:21 +01:00
host_vars Update renovate/renovate Docker tag to v39.180.2 2025-02-25 09:22:15 +00:00
roles 🔊 Redirect curl output to debug log 2025-02-27 14:06:19 +01:00
templates Add SSH entry for host Rhodium 2025-01-13 10:28:59 +01:00
.editorconfig Add EditorConfig configuration file 2022-01-08 13:25:36 +01:00
.gitignore git: add ansible vault pass to gitignore 2023-07-25 23:26:23 +02:00
.mailmap 📝 mailmap: Merge some new identies 2025-02-27 21:59:00 +01:00
.yamllint 🔧 yamllint: Disable comment-indentation warnings 2025-02-20 08:23:17 +01:00
ansible.cfg feat: add nicer rendering to ansible config 2022-10-24 16:33:16 +00:00
configure-grafana.yml update requirements.yml to correctly install collection 2022-11-12 15:31:51 +01:00
group-all.yml 🚚 roles: timezone: Override with galaxy name 2024-12-28 12:00:40 +01:00
group-docker_host.yml 🚚 Migrate docker_host role to external project 2025-02-23 19:18:21 +01:00
group-k3s.yml 🚨 Add newline at eof 2025-02-19 21:49:57 +01:00
group-proxmox.yml 🚚 Rename group playbooks to group-* 2022-11-04 22:35:41 +01:00
host-beaker.yml 🚨 Fix trivial jinja spacing warnings 2025-02-20 06:43:59 +01:00
host-hobbes.yml Setup a Kiosk on hobbes to show Grafana screenshots 2024-01-06 17:48:53 +01:00
host-holmium.yml 🧱: change git url to git.n39.eu 2023-09-01 19:06:28 +02:00
host-krypton.yml 🚚 Migrate docker_host role to external project 2025-02-23 19:18:21 +01:00
host-oganesson.yml 🚚 Rename host playbooks to host-* 2022-11-04 22:34:37 +01:00
host-platon.yml 🚨 Modernize ansible-lint silence markup 2025-02-19 21:40:23 +01:00
host-plumbum.yml fix: add no_root_squash option to nfs exports 2024-01-13 12:22:25 +01:00
host-pottwal.yml 🚚 Migrate docker_host role to external project 2025-02-23 19:18:21 +01:00
host-radon.yml Update mrtux/grafana-screenshot Docker tag to v0.1.2 2025-02-27 12:27:29 +01:00
host-tau.yml 🚚 Migrate docker_host role to external project 2025-02-23 19:18:21 +01:00
host-unicorn.yml 🚚 Migrate docker_host role to external project 2025-02-23 19:18:21 +01:00
host-wittgenstein.yml 🔧 Enable automatic docker image prune again 2025-02-23 19:18:21 +01:00
inventory.yml Add note on host Rhodium to inventory 2025-01-13 10:28:59 +01:00
main.yml Add wittgenstein to main playbook 2024-11-02 23:01:13 +01:00
README.md Make a note about adding SSH keys to host Rhodium 2025-01-13 10:31:59 +01:00
renovate.json 🔧 renovate: Remove docker_compose match 2025-02-23 19:18:21 +01:00
requirements.yml Update dependency netz39.host_docker to v0.4.0 2025-02-27 09:18:09 +00:00
setup-ssh.yml 🚨 Fix new-line-at-end-of-file warnings 2022-11-18 08:50:33 +01:00

README.md

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Setup SSH Access to hosts

LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"

This playbook also adds rhodium.n39.eu (OpenWRT router), but our Ansible cannot set up SSH keys (yet). Please add your key to OpenWRT manually.

Edit vault encrypted vars files

ansible-vault edit group_vars/all/vault

Call with

ansible-playbook --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

Verify Changes

ansible-lint main.yml
ansible-playbook --ask-vault-pass main.yml --check --diff

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup_http_site_proxy.

Do not forget to execute all playbooks with relevant changes.