| .. | ||
| group_vars/all | ||
| host_vars/larva.home.jowj.net | ||
| inventory | ||
| roles | ||
| acme-all.yml | ||
| all.yml | ||
| ansible.cfg | ||
| awfulAll.yml | ||
| clients.yml | ||
| cloud_wg.yml | ||
| open_the_vault.sh | ||
| readme.org | ||
| requirements.yml | ||
| vault_passphrase.gpg | ||
setup from scratch:
install dependencies
ansible-galaxy collection install -r requirements.yml
run a play
ansible-playbook -i hosts.yml all.yml --ask-vault-pass --ask-become-pass
preparing open_the_vault
wg
clients
you probably want to deploy clients individually most of the time. to do that, provide a tag, like:
ansible-playbook -i hosts.yml client_matrix.yml --ask-vault-pass --ask-become-pass --tags matrix_client
adding a client
- generate a new public/private keypair
umask 077wg genkey | tee privatekey | wg pubkey > publickey- add the pubkey to the groupvars/main.yml
- add the privkey to the groupvars/vault.yml
- add a task referencing the new client
- add a template with the groupvars embedded.
instructions on specific roles
awfulAll
awfulAll is a single server that's a catch all for services that don't need a dedicated vm. ~ansible-playbook -i hosts.yml awfulAll.yml –tags awfulAll ~