jowj/adc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1b3f2a1e6d
adc/ansible
History
josiah 1b3f2a1e6d Remove mount argument, update bind mount. 
That nfs volume mount is not needed now that I figured out how to do
LVM expansion within Proxmox.

Still more to figure out, but for now this is great.
2024-01-08 16:45:32 -06:00
..
group_vars/all Update vars. 2023-12-23 00:00:57 -06:00
host_vars/larva.home.jowj.net Move to wg portal setup on larva. 2020-11-15 13:39:25 -06:00
inventory Update original media server play to better match what's needed. 2023-12-31 23:19:32 -06:00
roles Remove mount argument, update bind mount. 2024-01-08 16:45:32 -06:00
_deploy_abjure.yml Remove old home-services file, add new abjure deploy play. 2023-12-22 15:39:20 -06:00
_deploy_highsea.yml Rename deploy file to follow new standard. 2023-12-31 23:19:08 -06:00
acme-all.yml Add role for creating new certs for the IRC service. 2021-02-26 16:30:41 -06:00
ansible.cfg Add several roles; restructure group vars; restructure inventory. 2020-11-10 23:22:38 -06:00
awfulAll.yml Add freshrss, update readme. 2020-10-11 18:22:53 -05:00
halo.yml Create halo role, VM. 2022-12-19 15:47:29 -06:00
open_the_vault.sh Easily handle ansible vault stuff! 2020-04-14 16:01:06 -05:00
readme.org Update readme. 2021-02-26 17:27:48 -06:00
requirements.yml Add several roles; restructure group vars; restructure inventory. 2020-11-10 23:22:38 -06:00
tailscale.yml Create tailscale role, add vars, basic skeleton. 2021-10-13 19:03:17 -05:00
vault_passphrase.gpg Fix stupid problems with mediaserver role; redo gpg. 2021-03-13 15:38:49 -06:00

readme.org

setup from scratch:

install dependencies

ansible-galaxy collection install -r requirements.yml

run a play

ansible-playbook -i hosts.yml all.yml --ask-vault-pass --ask-become-pass

preparing open_the_vault

wg

clients

you probably want to deploy clients individually most of the time. to do that, provide a tag, like: ansible-playbook -i hosts.yml client_matrix.yml --ask-vault-pass --ask-become-pass --tags matrix_client

adding a client

  • generate a new public/private keypair
  • umask 077
  • wg genkey | tee privatekey | wg pubkey > publickey
  • add the pubkey to the groupvars/main.yml
  • add the privkey to the groupvars/vault.yml
  • add a task referencing the new client
  • add a template with the groupvars embedded.

instructions on specific roles

awfulAll

awfulAll is a single server that's a catch all for services that don't need a dedicated vm. ansible-playbook -i hosts.yml awfulAll.yml --tags awfulAll

mediaserver

ansible-playbook awfulAll.yml --tags mediaserver

certs/letsencrypt/acme stuff

ansible-playbook acme-all.yml -v

  • right now for bouncer, syno