josiah
7b38b89acb
1. Fuck around with Goof configuration. I think ultimately this never went anywhere, and I'll probably rip it out, but I forgot to commit it at the time so i'm including it just to be safe. 2. Home services and home net refactor. Smaller clean ups 3. Removal of wg stuff. |
||
|---|---|---|
| .. | ||
| group_vars/all | ||
| host_vars/larva.home.jowj.net | ||
| inventory | ||
| roles | ||
| acme-all.yml | ||
| all.yml | ||
| ansible.cfg | ||
| awfulAll.yml | ||
| halo.yml | ||
| home-services.yml | ||
| mediaserver.yml | ||
| open_the_vault.sh | ||
| readme.org | ||
| requirements.yml | ||
| tailscale.yml | ||
| vault_passphrase.gpg | ||
setup from scratch:
install dependencies
ansible-galaxy collection install -r requirements.yml
run a play
ansible-playbook -i hosts.yml all.yml --ask-vault-pass --ask-become-pass
preparing open_the_vault
wg
clients
you probably want to deploy clients individually most of the time. to do that, provide a tag, like:
ansible-playbook -i hosts.yml client_matrix.yml --ask-vault-pass --ask-become-pass --tags matrix_client
adding a client
- generate a new public/private keypair
umask 077wg genkey | tee privatekey | wg pubkey > publickey- add the pubkey to the groupvars/main.yml
- add the privkey to the groupvars/vault.yml
- add a task referencing the new client
- add a template with the groupvars embedded.
instructions on specific roles
awfulAll
awfulAll is a single server that's a catch all for services that don't need a dedicated vm.
ansible-playbook -i hosts.yml awfulAll.yml --tags awfulAll
mediaserver
ansible-playbook awfulAll.yml --tags mediaserver
certs/letsencrypt/acme stuff
ansible-playbook acme-all.yml -v
- right now for bouncer, syno