alex
/
netz39-infra-ansible
forked from Netz39_Admin/netz39-infra-ansible
1
0
Fork 0
Code Pull Requests Projects Releases Activity
Ansible configuration for the Netz39 infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
596 Commits
2 Branches
0 Tags
1.7 MiB
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
dkdent c591199988
Merge pull request 'add config for homebox container' (!137) from feat/homebox into master 		2 days ago
files 🔧 prosody: Remove legacy TLS options 3 months ago
group_vars 🔧 Fix influxdb org 2 months ago
host_vars add config for homebox container 4 days ago
roles ⬆️ Update cleanuri-webui to 0.2.0 4 weeks ago
templates 🔧 Clarify naming of ssh jump host groups 2 months ago
.editorconfig Add EditorConfig configuration file 1 year ago
.mailmap 📝 mailmap: Expand alias to real name 3 months ago
.yamllint 🚨 yamllint: Ignore line-length warnings 4 months ago
README.md Merge pull request 'docs: add command to verify changes' (!112) from add-verification-docs into master 4 months ago
ansible.cfg feat: add nicer rendering to ansible config 5 months ago
configure-grafana.yml update requirements.yml to correctly install collection 4 months ago
group-all.yml 🐛 Fix origin for unattended-upgrades 4 months ago
group-docker_host.yml 🐳 Add telegraf container for Docker metrics in influxdb 2 months ago
group-proxmox.yml 🚚 Rename group playbooks to group-* 5 months ago
host-beaker.yml feat: add admins to proxmox user permissions file 4 months ago
host-hobbes.yml Setup grafana kiosk on hobbes.n39.eu 4 months ago
host-holmium.yml add entry on holmium to enable https ac cess to inventory.n39.eu 4 days ago
host-krypton.yml 🔧 Move docker_setup role application to group playbook 3 months ago
host-oganesson.yml 🚚 Rename host playbooks to host-* 5 months ago
host-platon.yml Install jq on platon 2 months ago
host-pottwal.yml add config for homebox container 4 days ago
host-radon.yml 🔧 Move docker_setup role application to group playbook 3 months ago
host-tau.yml 🔧 Move docker_setup role application to group playbook 3 months ago
host-unicorn.yml 🔧 Move docker_setup role application to group playbook 3 months ago
inventory.yml 🔧 Clarify naming of ssh jump host groups 2 months ago
main.yml 🔧 Move docker_setup role application to group playbook 3 months ago
requirements.yml ⬆️ Bump role version to v0.2.1 2 months ago
setup-ssh.yml 🚨 Fix new-line-at-end-of-file warnings 4 months ago

README.md

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Setup SSH Access to hosts

LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"

Edit vault encrypted vars files

ansible-vault edit group_vars/all/vault

Call with

ansible-playbook --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

Verify Changes

ansible-lint main.yml
ansible-playbook --ask-vault-pass main.yml --check --diff

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup_http_site_proxy.

Do not forget to execute all playbooks with relevant changes.