josiah
c1c7f552b6
the FUCKING bytemark image fucking recursively chowns everything you mount to its fucking directory, which if collossally fucking stupid. now i've gotta go build my own fucking image and test it and make sure it works and fuck :(
32 lines
1.0 KiB
Org Mode
32 lines
1.0 KiB
Org Mode
* setup from scratch:
|
|
** install dependencies
|
|
ansible-galaxy collection install -r requirements.yml
|
|
|
|
** run a play
|
|
~ansible-playbook -i hosts.yml all.yml --ask-vault-pass --ask-become-pass~
|
|
|
|
** preparing open_the_vault
|
|
|
|
* wg
|
|
|
|
** clients
|
|
you probably want to deploy clients individually most of the time. to do that, provide a tag, like:
|
|
~ansible-playbook -i hosts.yml client_matrix.yml --ask-vault-pass --ask-become-pass --tags matrix_client~
|
|
|
|
** adding a client
|
|
- generate a new public/private keypair
|
|
- ~umask 077~
|
|
- ~wg genkey | tee privatekey | wg pubkey > publickey~
|
|
- add the pubkey to the groupvars/main.yml
|
|
- add the privkey to the groupvars/vault.yml
|
|
- add a task referencing the new client
|
|
- add a template with the groupvars embedded.
|
|
|
|
* instructions on specific roles
|
|
** awfulAll
|
|
awfulAll is a single server that's a catch all for services that don't need a dedicated vm.
|
|
~ansible-playbook -i hosts.yml awfulAll.yml --tags awfulAll~
|
|
** mediaserver
|
|
~ansible-playbook awfulAll.yml --tags mediaserver~
|
|
|