Arya
42dd491b95
|
||
|---|---|---|
| all | ||
| collections | ||
| privfrontends | ||
| .gitignore | ||
| LICENSE | ||
| README.md | ||
| ansible.cfg | ||
| inventory.yml | ||
| requirements.yml | ||
| secrets.enc | ||
README.md
Testing ansible
ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
# All servers
ansible-playbook all/playbook.yaml # Initialize
# Privacy Frontends
ansible-playbook -i inventory.yml -e @secrets.enc --ask-vault-pass privfrontends/playbook.yaml
To add secrets: ansible-vault edit secrets.enc
Adding new services
Adding new services is a bit janky, for I had to set it up with normal commands instead of the preferred community.docker collection (it doesn't support v2 which we use on most of our compose files)
Firstly, add the thing to docker_services array/var in /privfrontends/playbook.yaml. This list MUST be maintaind in alphabetical order for ease of maintanence.
Then, create the /compose/SERVICE_NAME directory and add the compose file to the same. You can use the {{inventory_hostname}} variables where required.
If the service needs a secret key, add it to the ansible-vault secrets.enc with ansible-vault edit secrets.enc. If you are a Project Segfault sysadmin you already have the password for it :P
Past this, Caddy needs to be configured.
The common GeoDNS configuration can be done following this format
SERVICE_NAME.{{inventory_hostname}}.projectsegfau.lt SERVICE_NAME.projectsegfau.lt {
reverse_proxy :PORT
import def
import torloc SERVICE_NAME # Setup tor first following the wiki
}
Tor/I2P can be setup following the instructions in https://wiki.projectsegfau.lt/Internal:Setting_up_a_GeoDNS_service, with the only change that tor/i2p are now merged and they are in /templates/01-extras.caddy.
Past this, you can run the deployment as outlined in the beginning.
Please inform me (Arya) if any part of this documentation isn't clear, I suck at writing documentation.