Catalogue of Ansible playbooks and helper scripts for server management
gitlab | ||
inventory | ||
k3s-ansible@8e7081243b | ||
misc | ||
node-configuration | ||
wireguard@11883d85c9 | ||
backup.yml | ||
init.yml | ||
k3s_install_tmp | ||
README.md |
Ansible
Catalogue of Ansible playbooks and helper scripts for server management
Node configuration process
Setup user configuration
- Create provisioning user without password and sudo
- Create tanguy user with password
- Disable root login (passwd --lock root)
SSH Setup
- Install fail2ban
- Disable SSH password login
- Change SSH port
Miscellaneous
- Test if unattended-upgrade is installed
- Disable if true
- Disable IPv6
- Setup hostname
Softwares
- Install k3s with token
- Install OMV for NAS node*(s)
Update system
- General package manager update
Additional configuration
- Add label to output node on k3s to enable load balancer
Notes
Running the configuration for a node without inventory
ansible-playbook init.yml -i <ips-separated-by-commas> -u creator --private-key <path-to-ssh-key> --ask-become --extra-vars '{"hostname": "foo"}'
Running the configuration for a node with inventory
- Add node to inventory
- Add node to
virgin
group - Run following command
ansible-playbook init.yml -i inventory --limit virgin