Ansible configuration for the Netz39 infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Stefan Haun 07a3f19406 Merge pull request '🐛 Fix origin for unattended-upgrades' (!125) from ua-origin into master 1 week ago
files 🍱 Add wiringpi-latest.deb to files 2 weeks ago
group_vars/all 🔨 Rename ag_timezone → timezone 1 month ago
host_vars 🚨 Fix "missing document start" warnings 3 weeks ago
roles 🐢 Show some appreciation 2 weeks ago
templates Setup grafana kiosk on hobbes.n39.eu 4 weeks ago
.editorconfig Add EditorConfig configuration file 11 months ago
.mailmap Introduce gitmailmap 1 month ago
.yamllint 🚨 yamllint: Ignore line-length warnings 3 weeks ago
README.md Merge pull request 'docs: add command to verify changes' (!112) from add-verification-docs into master 4 weeks ago
ansible.cfg feat: add nicer rendering to ansible config 2 months ago
configure-grafana.yml update requirements.yml to correctly install collection 4 weeks ago
group-all.yml 🐛 Fix origin for unattended-upgrades 2 weeks ago
group-proxmox.yml 🚚 Rename group playbooks to group-* 1 month ago
host-beaker.yml feat: add admins to proxmox user permissions file 4 weeks ago
host-hobbes.yml Setup grafana kiosk on hobbes.n39.eu 4 weeks ago
host-holmium.yml add https ingress for grafana 4 weeks ago
host-krypton.yml 🚨 Fix "wrong indentation" warnings 3 weeks ago
host-oganesson.yml 🚚 Rename host playbooks to host-* 1 month ago
host-platon.yml 🔨 Copy wiringpi-latest.deb from local repository 2 weeks ago
host-pottwal.yml ⬆️ static-web-server: Bump and change update strategy 2 weeks ago
host-radon.yml 🔧 Add timezone information to docker containers 4 weeks ago
host-tau.yml 🚑 Pin Dokuwiki container to specific digest 3 weeks ago
host-unicorn.yml 🔧 Add timezone information to docker containers 4 weeks ago
inventory.yml 🔧 Add hobbes.n39.eu to inventory 4 weeks ago
main.yml 🔧 Link hobbes playbook in main.yml 4 weeks ago
requirements.yml update requirements.yml to correctly install collection 4 weeks ago
setup-ssh.yml 🚨 Fix new-line-at-end-of-file warnings 3 weeks ago

README.md

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Setup SSH Access to hosts

LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"

Edit vault encrypted vars files

ansible-vault edit group_vars/all/vault

Call with

ansible-playbook --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

Verify Changes

ansible-lint main.yml
ansible-playbook --ask-vault-pass main.yml --check --diff

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup_http_site_proxy.

Do not forget to execute all playbooks with relevant changes.