2023-08-21 17:19:29 -04:00
|
|
|
## installation steps
|
|
|
|
|
|
2023-08-26 22:02:29 -04:00
|
|
|
- Install required packages:
|
|
|
|
|
- sshpass
|
2023-09-09 11:45:54 -04:00
|
|
|
- python-passlib
|
2023-08-23 17:31:22 -04:00
|
|
|
- Copy `inventory.example.yml` to `inventory.yml`, modifying fields as adequate.
|
2023-09-10 19:25:29 -04:00
|
|
|
- Look at `group_vars/all/50-vars.yml`, and set needed settings in `host_vars/<hostname>/vars.yml`, or `group_vars/all/90-overlay.yml`.
|
|
|
|
|
(Files in group vars with a larger number have more precedence.)
|
2023-08-21 17:19:29 -04:00
|
|
|
- Look at the following roles, and for each of them override their `defaults/vars.yml` in host or group vars:
|
|
|
|
|
- `networking/connection`
|
|
|
|
|
- `networking/nameserver`
|
2023-09-04 20:09:48 -04:00
|
|
|
- `caddy`
|
|
|
|
|
- `containers`
|
2023-08-21 17:19:29 -04:00
|
|
|
- `filesystems`
|
|
|
|
|
- `firewall`
|
2023-09-04 20:09:48 -04:00
|
|
|
- `syncthing`
|
|
|
|
|
- `website`
|
2023-08-21 17:19:29 -04:00
|
|
|
- Create vault for secrets:
|
|
|
|
|
```
|
2023-09-10 19:25:29 -04:00
|
|
|
ansible-vault create group_vars/all/80-vault.yml
|
|
|
|
|
ansible-vault edit group_vars/all/80-vault.yml
|
2023-08-21 17:19:29 -04:00
|
|
|
```
|
2023-09-10 19:25:29 -04:00
|
|
|
Copy-paste `group_vars/all/00-secret_template.yml` into this vault,
|
2023-08-21 17:19:29 -04:00
|
|
|
and modify as needed.
|
|
|
|
|
|
|
|
|
|
- Add secret files:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
# Keyfile for LUKS disk encryption
|
|
|
|
|
dd if=/dev/random of=roles/filesystems/files/host1.secret bs=1024 count=2
|
|
|
|
|
ansible-vault encrypt roles/filesystems/files/host1.secret
|
|
|
|
|
# repeat the above for every host with encrypted external storage
|
|
|
|
|
```
|
2023-08-26 22:02:29 -04:00
|
|
|
|
|
|
|
|
- Run the playbook:
|
|
|
|
|
```
|
|
|
|
|
ansible-playbook run.yml --ask-vault-pass
|
|
|
|
|
```
|
