Catalogue of Ansible playbooks and helper scripts for server management
Go to file
2024-08-04 19:40:22 +02:00
gitlab Update gitlab role + add misc role 2022-02-14 01:02:14 +01:00
headscale feat(tailscale): Complete configuration 2024-01-14 01:31:57 +01:00
inventory feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00
k3s-ansible@9c8ba5c155 feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00
node-configuration feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00
user-provision feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00
wireguard@11883d85c9 Add wireguard playbook repository 2022-06-11 02:28:30 +02:00
.ansible-lint chore(lint): Add ansible lint configuration file 2024-01-14 01:34:34 +01:00
.gitignore feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00
.gitmodules Holyday tmp 2022-06-24 20:38:52 +02:00
backup.yml Update gitlab role + add misc role 2022-02-14 01:02:14 +01:00
bootstrap.yml feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00
init.yml feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00
Makefile feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00
README.md feat(users): Add user creation and refine provision 2024-08-04 19:40:22 +02:00

Ansible

Catalogue of Ansible playbooks and helper scripts for server management atmen: slave, servant

Configuration options

SSH Ports

The ssh port can be configured in 2 steps:

  1. Change the ansible_ssh_port variable in inventory/group_vars/all.yml
  2. Change the sshd_port variable in inventory/vars/unprovisioned.yaml

Node configuration process

Provisioning

  • Add atmen user for provisioning
  • Configure SSH key for atmen user
  • Add maintainer user
  • Configure SSH key for maintainer user
  • Disable root login (passwd --lock root)
  • Disable SSH login for creator user
  • Disable SSH password login
  • Change SSH port

SSH Setup

  • Install fail2ban

Miscellaneous

  • Disable unattended-upgrade is installed
  • Disable IPv6
  • Setup hostname
  • Install open-iscsi, nfs-common, nfs-utils

OMV configuration

  • Install OMV through OMV-extras
  • (lab) Add Vagrant user to SSH group
  • Add atmen user to sudoers
  • Install openmediavault-zfs, openmediavault-s3, openmediavault-filebrowser

OMV manual configuration

NFS configuration

  • Create FS
  • Enable NFS
  • subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100 in NFS share extra options

Vault

Sensitive data is stored under two files in the vault directory:

  • user_provisioning.yml contains the vault password
  • vault.yml contains the sensitive data

user_provisioning.yml

Configure users for provisioning and manual maintenance

vault_atmen_password: <atmen_password>
vault_maintainer_user: <your_user>
vault_maintainer_password: <maintainer_password>

vault.yml

Configure k3s secrets

ansible_become_password: <atmen_password>
token: <k3s_token>

To avoid pasting your vault password everytime, you can create a .vault_pass file in the root directory with the vault password.