Skip to content

dylanbegin/ansible

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
roles
roles
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
deploy-all.yml
deploy-all.yml
 
 
update-all.yml
update-all.yml
 
 

Repository files navigation

Warning

This README is still under development!

logo Ansible Role for Core Services

Important

This repo is built for my own environment so please review all configurations to verify compatibility!

This repo provides all the configurations for setting up the core services after the terraform-core role is ocompleted.

Tip

This repo is part of my IaC automation series. If you are building this in mind please follow my repo's in the order below.

  1. terraform-iso-get
  2. packer
  3. terraform-core
  4. you are here ansible
  5. terraform-talos
  6. k8s-apps

Build Your Secrets File

Keeping in best practice, this repo does not contain any sensitive information. You will need to create a directory outside of this git repo on a properly encrypted disk/usb to save the secrets file. Below is the template needed for the file which needs to be named ansible.cfg.

[defaults]
debug = false
no_log = true
log_path = ~/.ansible/log.txt
inventory = /path-to/secrets/hosts.ini
private_key_file = /path-to/ssh-priv-key
host_key_checking = false
interpreter_python = auto_silent

[privilege_escalation]
become_method = doas #or sudo

[ssh_connection]
scp_if_ssh = smart
scp_extra_args = -T

[colors]
debug = bright gray

... and your host.ini should look something like this:

[dns_servers]
10.10.10.21
10.10.10.22

[vault_servers]
vault.cryogence.org

... and last but not least the vault-secrets.yml which loads all the secrets into our HC Vault server. Everything in ALL CAPS needs to be replaced with your own data.

# roles/dns_servers/vars/secrets.yml
# Secrets file. Encrypt with Ansible Vault!

local_user: MYUSERNAME

# List all credentials to load into Vault KV
vault_kv:
  adguard:
    username: MY-USERNAME
    password: MY-PASSWORD
TODO - need to finish this template...

Adjust Variables File

Adjust any vars to match your environemnt. Make sure you choose an INTERNAL ONLY domain that you own

Ansible Deployment

With all infrastructure deployed we are ready to configure the VMs.

  1. Go ino your secrets directory: cd /path/to/secrets/
  2. Copy the config file to you home directory: cp ansible.cfg ~/
  3. Unlock all vault files: ansible-vault decrypt --vault-password-file /path/to/secrets/ansible-key ~/homelab/ansible/{path/to/secrets.yml}
  4. Run the deployment playbook: ansible-playbook /path-to/ansible/deploy.yml

About

All Ansible roles for core services.

Resources

Readme

License

GPL-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages