josiah
1b3f2a1e6d
That nfs volume mount is not needed now that I figured out how to do LVM expansion within Proxmox. Still more to figure out, but for now this is great. |
||
|---|---|---|
| .. | ||
| group_vars/all | ||
| host_vars/larva.home.jowj.net | ||
| inventory | ||
| roles | ||
| _deploy_abjure.yml | ||
| _deploy_highsea.yml | ||
| acme-all.yml | ||
| ansible.cfg | ||
| awfulAll.yml | ||
| halo.yml | ||
| open_the_vault.sh | ||
| readme.org | ||
| requirements.yml | ||
| tailscale.yml | ||
| vault_passphrase.gpg | ||
setup from scratch:
install dependencies
ansible-galaxy collection install -r requirements.yml
run a play
ansible-playbook -i hosts.yml all.yml --ask-vault-pass --ask-become-pass
preparing open_the_vault
wg
clients
you probably want to deploy clients individually most of the time. to do that, provide a tag, like:
ansible-playbook -i hosts.yml client_matrix.yml --ask-vault-pass --ask-become-pass --tags matrix_client
adding a client
- generate a new public/private keypair
umask 077wg genkey | tee privatekey | wg pubkey > publickey- add the pubkey to the groupvars/main.yml
- add the privkey to the groupvars/vault.yml
- add a task referencing the new client
- add a template with the groupvars embedded.
instructions on specific roles
awfulAll
awfulAll is a single server that's a catch all for services that don't need a dedicated vm.
ansible-playbook -i hosts.yml awfulAll.yml --tags awfulAll
mediaserver
ansible-playbook awfulAll.yml --tags mediaserver
certs/letsencrypt/acme stuff
ansible-playbook acme-all.yml -v
- right now for bouncer, syno