fix minor issues

2023-08-26 22:02:29 -04:00 · 2023-08-26 22:02:29 -04:00 · 1e4cae244f
commit 1e4cae244f
parent e32301fa3c
9 changed files with 37 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,7 @@
 ## installation steps

+- Install required packages:
+    - sshpass
 - Copy `inventory.example.yml` to `inventory.yml`, modifying fields as adequate.
 - Look at `group_vars/all/vars.yml`, and set needed settings in `host_vars/<hostname>/vars.yml`.
 - Look at the following roles, and for each of them override their `defaults/vars.yml` in host or group vars:
@ -24,3 +26,12 @@
    ansible-vault encrypt roles/filesystems/files/host1.secret
    # repeat the above for every host with encrypted external storage
    ```
+
+- Start avahi-daemon (install `avahi` if not installed):
+    ```
+    systemctl start avahi-daemon
+    ```
+- Run the playbook:
+    ```
+    ansible-playbook run.yml --ask-vault-pass
+    ```
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -30,3 +30,8 @@ domain: null

 # clone dotfiles and stuff
 enable_dotfiles: yes
+
+escalation_method: doas
+
+# set up static IP
+enable_connection: yes
--- a/inventory.example.yml
+++ b/inventory.example.yml
@ -2,6 +2,7 @@


 # fallback_host is only used during setup before the static IP (local_ip) is configured.
+# Set fallback_host using `nmap 192.168.0.0/24 -p 22` to find the dynamic IP of your Pi
 # local_ip is used after first setup.

 # Make sure to make entries in your .ssh/config for each hostname
@ -17,13 +18,13 @@
 all:
  hosts:
    your_bastion_host:
-      fallback_host: alarm1.local
+      fallback_host: 192.168.0.123
      local_ip: 192.168.0.3
      ansible_port: 2500
      ansible_connection: ssh
      ansible_ssh_private_key_file: ~/.ssh/keys/your_bastion_host
    your_fleet_host:
-      fallback_host: alarm2.local
+      fallback_host: 192.168.0.124
      local_ip: 192.168.0.86
      ansible_port: 2500
      ansible_connection: ssh
--- a/roles/filesystems/tasks/main.yml
+++ b/roles/filesystems/tasks/main.yml
@ -1,6 +1,6 @@
 - name: Deploy keyfile
  copy:
-    src: "{{ inventory_hostname }}".secret
+    src: "{{ inventory_hostname }}.secret"
    dest: /k5e
    mode: 0600

--- a/roles/firewall/defaults/main.yml
+++ b/roles/firewall/defaults/main.yml
@ -7,4 +7,4 @@ local_subnet: 192.168.0.0/24

 sshd_port: 2500

-bastion_ip: "{{ host_vars[groups['bastion'][0]]['local_ip'] }}"
+bastion_ip: "{{ hostvars[groups['bastion'][0]]['local_ip'] }}"
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@ -10,12 +10,12 @@
 - name: Set default sources (bastion server)
  set_fact:
    default_firewall_src: any
-  when: "bastion" in group_names
+  when: '"bastion" in group_names'

 - name: Set default sources (fleet server)
  set_fact:
    default_firewall_src: "{{ bastion_ip }}"
-  when: "fleet" in group_names
+  when: '"fleet" in group_names'

 - name: Allow service ports
  community.general.ufw:
@ -24,7 +24,7 @@
    proto: "{{ item.proto | default('tcp') }}"
    state: "{{ 'enabled' if item.name in group_names else 'disabled' }}"
    src: "{{ item.src | default(default_firewall_src) }}"
-  with_item:
+  with_items:
    # matrix ports
    - name: "synapse"
      port: 8448
--- a/roles/haproxy/templates/haproxy.j2
+++ b/roles/haproxy/templates/haproxy.j2
@ -16,7 +16,7 @@ listen gitea_ssh
 	tcp-check expect rstring SSH-2.0-OpenSSH.*

 {% for host in groups["gitea"] %}
-	server {{ host }} {{ host_vars[host]["local_ip"] }}:2499
+	server {{ host }} {{ hostvars[host]["local_ip"] }}:2499
 {% endfor %}

 {% endif %}
--- a/roles/networking/hosts/templates/hosts.j2
+++ b/roles/networking/hosts/templates/hosts.j2
@ -5,5 +5,5 @@
 # Modifications will be lost!

 {% for host in groups["all"] %}
-{{ host_vars[host]["local_ip"] }} {{ host }}
+{{ hostvars[host]["local_ip"] }} {{ host }}
 {% endfor %}
--- a/run.yml
+++ b/run.yml
@ -22,10 +22,6 @@
      tags:
        - system
    
-    - role: dotfiles
-      tags:
-        - dotfiles
-    
    - role: filesystems
      tags:
        - filesystems
@ -45,7 +41,7 @@
      tags:
        - firewall

-    - role: ddclient
+    - role: networking/ddclient
      tags:
        - ddclient
      when: enable_ddclient
@ -53,7 +49,7 @@
    - role: networking/nameserver
      tags:
        - nameserver
-      when: "nameserver" in group_names
+      when: '"nameserver" in group_names'
        
    - role: networking/hosts
      tags:
@ -62,17 +58,17 @@
    - role: mail
      tags:
        - mail
-      when: "mailserver" in group_names
+      when: '"mailserver" in group_names'

    - role: caddy
      tags:
        - caddy
-      when: "caddy" in group_names
+      when: '"caddy" in group_names'

    - role: haproxy
      tags:
        - haproxy
-      when: "haproxy" in group_names
+      when: '"haproxy" in group_names'

    - role: dotfiles
      tags:
@ -85,9 +81,13 @@
    - role: website
      tags:
        - website
-      when: "website" in group_names
+      when: '"website" in group_names'

    - role: containers
      tags:
        - containers
-      when: "fleet" in group_names
+      when: '"fleet" in group_names'
+
+    - role: dotfiles
+      tags:
+        - dotfiles