{"id":23739666,"url":"https://github.com/garuda-linux/infrastructure","last_synced_at":"2025-09-04T15:31:34.707Z","repository":{"id":38846931,"uuid":"482833895","full_name":"garuda-linux/infrastructure","owner":"garuda-linux","description":"Holds Ansible \u0026 docker-compose configurations of the infrastructure 🖥 (DEPRECATED)","archived":false,"fork":false,"pushed_at":"2022-10-08T22:29:38.000Z","size":4494,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-03-07T15:37:15.334Z","etag":null,"topics":["ansible","docker-compose","garuda-linux"],"latest_commit_sha":null,"homepage":"","language":"XSLT","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/garuda-linux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-18T12:12:39.000Z","updated_at":"2022-12-05T16:23:02.000Z","dependencies_parsed_at":"2023-01-19T18:32:37.381Z","dependency_job_id":null,"html_url":"https://github.com/garuda-linux/infrastructure","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garuda-linux%2Finfrastructure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garuda-linux%2Finfrastructure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garuda-linux%2Finfrastructure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garuda-linux%2Finfrastructure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/garuda-linux","download_url":"https://codeload.github.com/garuda-linux/infrastructure/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231970931,"owners_count":18453925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","docker-compose","garuda-linux"],"created_at":"2024-12-31T09:37:06.841Z","updated_at":"2024-12-31T09:39:04.442Z","avatar_url":"https://github.com/garuda-linux.png","language":"XSLT","funding_links":[],"categories":["XSLT"],"sub_categories":[],"readme":"# Garuda Linux server configurations\n\nHello and welcome to the repo managing our infrastructure. Lets have a look at how it all works:\n\n- Ansible is used to have reproducable environments and sets up the base system for Docker\n- Docker \u0026 docker-compose is used to setup the applications and webservices\n\n## This repo\n\n- GitLab CI is setup and ready to be used, it currently responds to two keywords:\n  - Changes can be automatically tested by supplying `dry-run` together with the name of the playbook to run, eg `Somechange, dry-run full_run.yml`\n  - Deploying is also possible by supplying `deploy` together with the name of the playbook to run, eg `Somechange [deploy full_run.yml]`\n\n## Ansible\n\n- We have different roles for all parts of the infrastructure\n- Environment variables are contained in the `host_vars` folders, split regular and encrypted files in case of sensible data\n- Supplying the `ansible-vault` password is done in `ansible/.vault_pass` - this file needs to exist in order to run playbooks\n- For a complete server setup, the `full-run.yml` playbook should be used\n- Updating all systems \u0026 rebooting them can be done by running the `system-update.yml` and `reboot.yml` playbooks\n\n### Common\n\n- Sets up everything needed for on all servers, eg. Pacman configurations, `motd` or `systemd-oomd`\n\n### Hardening\n\n- Server hardening is done using the [Devsec Hardening framework](https://github.com/dev-sec/ansible-collection-hardening)\n- We use the `os_hardening` and `ssh_hardening` playbooks, other services don't benefit from this as we run all the stuff inside of containers\n- Individual settings can be put into `host_vars` in case of specific needs\n\n### Borg Clients\n\n- To add automatic backups to a server, add it `[borg-clients]` in the `hosts` file and specify the `borg_dir` variable, eg. `borg_dir=\"/var/cache/garuda-web\"`\n- The SSH key of the root user then needs to be added to the borg servers `authorized_keys`\n- Do a test run in order to add the borg server to `known_hosts`\n\n### Chaotic-AUR\n\n- The Chaotic-AUR role is supposed to bootstrap a basic Chaotic-AUR build environment. It is maintained at the Chaotic-AUR GitHub org and added as submodule, therefore don't forget to initialize it!\n- It also creates a GPG key if it doesn't exist and fetches it to `ansible/buffer`\n- The content of `chaotic.conf` can be defined in `host_vars`, these also control whether a cluster node or primary node is being deployed\n- If the primary node is managed by Ansible (`caur_primary = true`), SSH keys are automatically added to its `authorized_keys`\n- Make sure to add the required `host_vars`, examples can be found in `ansible/roles/chaotic_aur/defaults/main.yml`\n- If `caur_mirror` is set to `true`, a local Syncthing mirror and web server will be deployed as well\n\n### Users_sudo\n\n- In this role we specify our users and their permissions\n- To add a user simply add it to the array of users - groups can also be passed here\n- There are three types of users: regular, admins and Chaotic-AUR maintainers - the latter gets added when the host is added to the `[chaotic_aur]` group\n\n### Letsencrypt\n\n- Used to detect Letsencrypt instances based on the `letsencrypt` variable\n- Can also update certificates if needed\n- Needs `letsencrypt_domain` and `letsencrypt_data` specified as `host_vars`\n\n### Systemd\n\n- Contains various Systemd units needed on certain systems\n- Can be controlled by specifying environment variables in `host_vars`\n\n### How it is connected\n\n\u003cimg src=\"https://gitlab.com/garuda-linux/infrastructure/-/raw/main/Infra.png\" alt=\"Infra structure\"\u003e\n\n## Docker\n\n- The uppercase directories in the main directory represent our individual servers\n- The `docker-compose.yml.j2` files (`ansible/roles/docker_compose/templates`) in conjunction with static configuration files can be altered and pushed to the servers using the `garuda.yml` playbook\n- Environment variables are passed via `host_vars`, replace them with {{ ansible_env_vars }} inside of the `docker-compose.yml.j2` files\n- Put sensible environment variables inside of the `host_vars` folder, here we have `*_vault.yml` files which are encrypted\n\n## Linting\n\n- We use `prettify` In order to achieve a consistent code style and formatting\n- Install yarn und run `yarn install` inside the project directory to set up the its dependencies\n- `yarn run lint` will run the linter and show the results, `yarn run prettify` will fix the found issues\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgaruda-linux%2Finfrastructure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgaruda-linux%2Finfrastructure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgaruda-linux%2Finfrastructure/lists"}