jowj
/
adc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
agares deployment core
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
188 Commits
1 Branch
0 Tags
553 KiB
 
 
 
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
josiah 06615390aa
Create new debian_base role. 		1 month ago
ansible Create new debian_base role. 1 month ago
docker/media-server Initial capture of traefik config. 3 years ago
nix-configs Create new nix-configs folder for host specific nix configuration. 1 month ago
scripts Minor clean up. 4 years ago
submod Update submod. 3 years ago
terraform Add cluster nodes to ansible inventory, add DNS records. 1 month ago
.drone.yml Rename drone step. 7 months ago
.gitignore More tf stuff to ignore. 2 months ago
.gitmodules Pull in the docker-ansible-matrix forkas a submod. 3 years ago
readme.org Update readme. 3 years ago

readme.org

adc: agares deployment core

this was spun out of agares (which has sense been deprecated) to keep my machine setup bullshit separate from deploys and small docker-compose files not deserving of their own repo.

goals:

  • use docker for as much as possible (still WIP; pleroma is a notable non-docker core service I gotta figure out)
  • use ansible for deployment (still WIP; mostly done, pleroma hasn't been moved over to ansible but I think that's the last thing)

  • use ansible-vault for secrets management.

    • when I was a small baby in running my own infrastructure i used real bad default passwords because I didn't know how to do secrets management and just, like, thought I was clever for opting out? oops.
  • be able to bootstrap my infrastructure from nothing (recovery scenario in case of house fire, robbery, whatever) with a single command.

ansible specific things

for when you inevitably forget how to deploy stuff:

i mostly run commands using the all.yml file, like: ansible-playbook -i hosts.yml all.yml --tags=mytag

how to handle working with ansible-vault and not want to kill yourself

i rely heavily on ansible-vault for secrets management, and to make deployments faster i use a gpg + ansible-vault contraption:

  • open_the_vault.sh is a 1liner that just has this inside gpg --batch --use-agent --decrypt vault_passphrase.gpg

    • this script is called every time ansible tries to decrypt ansible-vault encrypted files
  • vault_passphrase.gpg is a gpg encrypted file that contains the key to my ansible-vault files.
  • vault_passphrase.gpg can be decrypted by my gpg agent locally, automatically.

running ansible-vault edit opens a file in my $EDITOR transparently, without prompting me for a passphrase ever. same for deploying; you don't have to pass --ask-vault-pass ever again!! fuck that's so useful.

riot/matrix deploys

this is included as a submod and I had to reimplement some of my secrets management / group vars and stuff in the submodule's ansible setup. kind of a pain, frankly, but i'm using a tracking mirror to follow ansible-docker-matrix's github repo, so there's a lot of work i don't have to do with my setup.

scripts

houses small scripts that i used to use before i moved to ansible for most things. these should probably all get deleted or converted to ansible roles.

mac-client

  • set up brew
  • install req packages

win-client

  • install packages through chocolatey
  • disable a bunch of default shit.

nix

  • add repos
  • download key to install pscore
  • update apt and install packages
  • automatically create userchrome.css file/dir for ff