Catalogue of Ansible playbooks and helper scripts for server management
Go to file
2024-01-14 01:34:34 +01:00
gitlab Update gitlab role + add misc role 2022-02-14 01:02:14 +01:00
headscale feat(tailscale): Complete configuration 2024-01-14 01:31:57 +01:00
inventory feat(k3s): Update group_vars to work with tailscale configuration 2024-01-14 01:33:41 +01:00
k3s-ansible@8e7081243b Add k3s-ansible playbook from Jeff Geerling 2022-06-11 02:22:02 +02:00
misc Update gitlab role + add misc role 2022-02-14 01:02:14 +01:00
node-configuration feat(omv): Restart NAS only after plugin installation 2024-01-14 01:34:08 +01:00
wireguard@11883d85c9 Add wireguard playbook repository 2022-06-11 02:28:30 +02:00
.ansible-lint chore(lint): Add ansible lint configuration file 2024-01-14 01:34:34 +01:00
.gitmodules Holyday tmp 2022-06-24 20:38:52 +02:00
backup.yml Update gitlab role + add misc role 2022-02-14 01:02:14 +01:00
init.yml chore(init): Fix linting errors 2024-01-14 01:33:14 +01:00
Makefile feat(Configuration): Remove SSH fingerprint check and useless comment 2023-10-23 14:25:09 +02:00
README.md fix(OMV): Enable SSH after installation and update version 2023-12-05 10:02:01 +01:00

Ansible

Catalogue of Ansible playbooks and helper scripts for server management

TODO

  • Split user provisioning to get rid of creator and use atmen as fast as possible | This should be done using two differnt playbooks, and switch user between the two
  • Add configuration for creator to lock the account after initial provisioning, only allowing short connection with returned message

Disable creator

Change ~/.profile to only contain a print message and exit 0 Add .hushlogin to remove ssh login message

Node configuration process

Setup user configuration

  • Create provisioning user without password and sudo
  • Create tanguy user with password
  • Disable root login (passwd --lock root)

SSH Setup

  • Install fail2ban
  • Disable SSH password login
  • Change SSH port

Miscellaneous

  • Test if unattended-upgrade is installed
  • Disable if true
  • Disable IPv6
  • Setup hostname

Softwares

  • Install k3s with token
  • Install OMV for NAS node*(s)

Update system

  • General package manager update

Additional configuration

  • Add label to output node on k3s to enable load balancer

OMV configuration

NFS configuration

  • Create FS
  • Enable NFS
  • subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100 in NFS share extra options