https://github.com/dylanbegin/ansible
All Ansible roles for core services.
https://github.com/dylanbegin/ansible
Last synced: 3 months ago
JSON representation
All Ansible roles for core services.
- Host: GitHub
- URL: https://github.com/dylanbegin/ansible
- Owner: dylanbegin
- License: gpl-2.0
- Created: 2025-01-03T09:49:31.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2025-02-07T22:33:00.000Z (4 months ago)
- Last Synced: 2025-02-07T23:25:08.754Z (4 months ago)
- Language: Jinja
- Size: 46.9 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
> [!WARNING]
> This README is still under development!#  Ansible Role for Core Services
> [!IMPORTANT]
> This repo is built for my own environment so please review all configurations to verify compatibility!This repo provides all the configurations for setting up the core services after the `terraform-core` role is ocompleted.
> [!TIP]
> This repo is part of my IaC automation series. If you are building this in mind please follow my repo's in the order below.1. [terraform-iso-get](https://github.com/dylanbegin/terraform-iso-get)
1. [packer](https://github.com/dylanbegin/packer)
1. [terraform-core](https://github.com/dylanbegin/terraform-core)
1. *you are here* [ansible](https://github.com/dylanbegin/ansible)
1. [terraform-talos](https://github.com/dylanbegin/terraform-talos)
1. [k8s-apps](https://github.com/dylanbegin/k8s-apps)# Build Your Secrets File
Keeping in best practice, this repo does not contain any sensitive information. You will need to create a directory outside of this git repo on a properly encrypted disk/usb to save the secrets file. Below is the template needed for the file which needs to be named `ansible.cfg`.
```ini
[defaults]
debug = false
no_log = true
log_path = ~/.ansible/log.txt
inventory = /path-to/secrets/hosts.ini
private_key_file = /path-to/ssh-priv-key
host_key_checking = false
interpreter_python = auto_silent[privilege_escalation]
become_method = doas #or sudo[ssh_connection]
scp_if_ssh = smart
scp_extra_args = -T[colors]
debug = bright gray
```... and your `host.ini` should look something like this:
```ini
[dns_servers]
10.10.10.21
10.10.10.22[vault_servers]
vault.cryogence.org
```... and last but not least the `vault-secrets.yml` which loads all the secrets into our HC Vault server. Everything in ALL CAPS needs to be replaced with your own data.
```yml
# roles/dns_servers/vars/secrets.yml
# Secrets file. Encrypt with Ansible Vault!local_user: MYUSERNAME
# List all credentials to load into Vault KV
vault_kv:
adguard:
username: MY-USERNAME
password: MY-PASSWORD
TODO - need to finish this template...
```# Adjust Variables File
Adjust any vars to match your environemnt. Make sure you choose an INTERNAL ONLY domain that you own### Ansible Deployment
With all infrastructure deployed we are ready to configure the VMs.
1. Go ino your secrets directory: `cd /path/to/secrets/`
1. Copy the config file to you home directory: `cp ansible.cfg ~/`
1. Unlock all vault files: `ansible-vault decrypt --vault-password-file /path/to/secrets/ansible-key ~/homelab/ansible/{path/to/secrets.yml}`
1. Run the deployment playbook: `ansible-playbook /path-to/ansible/deploy.yml`