dogeystamp/homeserver-iac
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
52de6b7b70
homeserver-iac/README.md
dogeystamp 52de6b7b70
initial commit: upload essentials from original playbook 
most non-dockerized services should be here
2023-08-21 17:19:29 -04:00

1.2 KiB
Raw Blame History

installation steps

  • Copy hosts.example to hosts, modifying fields as adequate.

  • Look at group_vars/all/vars.yml, and set needed settings in host_vars/<hostname>/vars.yml.

  • Look at the following roles, and for each of them override their defaults/vars.yml in host or group vars:

    • networking/connection
    • networking/ddclient
    • networking/nameserver
    • filesystems
    • firewall

  • Create vault for secrets:

    ansible-vault create host_vars/[hostname]/vault.yml
ansible-vault edit host_vars/[hostname]/vault.yml

    Copy-paste group_vars/all/secret_template.yml into this vault, and modify as needed.

  • Add secret files:

    # Keyfile for LUKS disk encryption
dd if=/dev/random of=roles/filesystems/files/host1.secret bs=1024 count=2
ansible-vault encrypt roles/filesystems/files/host1.secret
# repeat the above for every host with encrypted external storage

# This is a signing key for Matrix Synapse. It should be from a previous install.
# If you don't have one, it should be generated by Synapse.
ansible-vault encrypt roles/services/synapse/files/signing.key.secret