Catalogue of Ansible playbooks and helper scripts for server management
gitlab | ||
headscale | ||
inventory | ||
k3s-ansible@9c8ba5c155 | ||
node-configuration | ||
user-provision | ||
wireguard@11883d85c9 | ||
.ansible-lint | ||
.gitignore | ||
.gitmodules | ||
backup.yml | ||
bootstrap.yml | ||
init.yml | ||
Makefile | ||
README.md |
Ansible
Catalogue of Ansible playbooks and helper scripts for server management atmen: slave, servant
Configuration options
SSH Ports
The ssh port can be configured in 2 steps:
- Change the
ansible_ssh_port
variable ininventory/group_vars/all.yml
- Change the
sshd_port
variable ininventory/vars/unprovisioned.yaml
Node configuration process
Provisioning
- Add atmen user for provisioning
- Configure SSH key for atmen user
- Add maintainer user
- Configure SSH key for maintainer user
- Disable root login (passwd --lock root)
- Disable SSH login for creator user
- Disable SSH password login
- Change SSH port
SSH Setup
- Install fail2ban
Miscellaneous
- Disable unattended-upgrade is installed
- Disable IPv6
- Setup hostname
- Install open-iscsi, nfs-common, nfs-utils
OMV configuration
- Install OMV through OMV-extras
- (lab) Add Vagrant user to SSH group
- Add atmen user to sudoers
- Install openmediavault-zfs, openmediavault-s3, openmediavault-filebrowser
OMV manual configuration
NFS configuration
- Create FS
- Enable NFS
subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100
in NFS share extra options
Vault
Sensitive data is stored under two files in the vault
directory:
user_provisioning.yml
contains the vault passwordvault.yml
contains the sensitive data
user_provisioning.yml
Configure users for provisioning and manual maintenance
vault_atmen_password: <atmen_password>
vault_maintainer_user: <your_user>
vault_maintainer_password: <maintainer_password>
vault.yml
Configure k3s secrets
ansible_become_password: <atmen_password>
token: <k3s_token>
To avoid pasting your vault password everytime, you can create a .vault_pass
file in the root directory with the vault password.