You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
josiah
1b3f2a1e6d
|
4 months ago | |
|---|---|---|
| .. | ||
| group_vars/all | 4 months ago | |
| host_vars/larva.home.jowj.net | 3 years ago | |
| inventory | 4 months ago | |
| roles | 4 months ago | |
| _deploy_abjure.yml | 4 months ago | |
| _deploy_highsea.yml | 4 months ago | |
| acme-all.yml | 3 years ago | |
| ansible.cfg | 4 years ago | |
| awfulAll.yml | 4 years ago | |
| halo.yml | 1 year ago | |
| open_the_vault.sh | 4 years ago | |
| readme.org | 3 years ago | |
| requirements.yml | 4 years ago | |
| tailscale.yml | 3 years ago | |
| vault_passphrase.gpg | 3 years ago | |
readme.org
setup from scratch:
install dependencies
ansible-galaxy collection install -r requirements.yml
run a play
ansible-playbook -i hosts.yml all.yml --ask-vault-pass --ask-become-pass
preparing open_the_vault
wg
clients
you probably want to deploy clients individually most of the time. to do that, provide a tag, like:
ansible-playbook -i hosts.yml client_matrix.yml --ask-vault-pass --ask-become-pass --tags matrix_client
adding a client
- generate a new public/private keypair
umask 077wg genkey | tee privatekey | wg pubkey > publickey- add the pubkey to the groupvars/main.yml
- add the privkey to the groupvars/vault.yml
- add a task referencing the new client
- add a template with the groupvars embedded.
instructions on specific roles
awfulAll
awfulAll is a single server that's a catch all for services that don't need a dedicated vm.
ansible-playbook -i hosts.yml awfulAll.yml --tags awfulAll
mediaserver
ansible-playbook awfulAll.yml --tags mediaserver
certs/letsencrypt/acme stuff
ansible-playbook acme-all.yml -v
- right now for bouncer, syno