WIP ansible for Project Segfault nodes
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Arya f4574768d1
sol authorized_key
2 days ago
all sol authorized_key 2 days ago
collections init 3 weeks ago
host_vars update 4 days ago
privfrontends dd.psf.lt 3 days ago
.gitignore init 3 weeks ago
LICENSE License 3 weeks ago
README.md docs update 3 weeks ago
ansible.cfg init 3 weeks ago
inventory.yml add all sol VMs to inventory & install+enable chrony by def 3 days ago
requirements.yml init 3 weeks ago
secrets.enc update 4 days ago


Testing ansible

ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
# All servers
ansible-playbook all/playbook.yaml # Initialize
# Privacy Frontends
ansible-playbook -i inventory.yml -e @secrets.enc --ask-vault-pass privfrontends/playbook.yaml

To add secrets: ansible-vault edit secrets.enc

Adding new services

Adding new services is a bit janky, for I had to set it up with normal commands instead of the preferred community.docker collection (it doesn't support v2 which we use on most of our compose files)

Firstly, add the thing to docker_services array/var in /privfrontends/playbook.yaml. This list MUST be maintaind in alphabetical order for ease of maintanence.

Then, create the /compose/SERVICE_NAME directory and add the compose file to the same. You can use the {{inventory_hostname}} variables where required.

If the service needs a secret key, add it to the ansible-vault secrets.enc with ansible-vault edit secrets.enc. If you are a Project Segfault sysadmin you already have the password for it :P

Past this, Caddy needs to be configured.

The common GeoDNS configuration can be done following this format

SERVICE_NAME.{{inventory_hostname}}.projectsegfau.lt SERVICE_NAME.projectsegfau.lt {
        reverse_proxy :PORT
        import def
		import torloc SERVICE_NAME # Setup tor first following the wiki

Tor/I2P can be setup following the instructions in https://wiki.projectsegfau.lt/Internal:Setting_up_a_GeoDNS_service, with the only change that tor/i2p are now merged and they are in /templates/01-extras.caddy.

Past this, you can run the deployment as outlined in the beginning.

Please inform me (Arya) if any part of this documentation isn't clear, I suck at writing documentation.