localghost
/
Fops-handbook
forked from cyberia/ops-handbook
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
226 Commits
5 Branches
0 Tags
951 KiB
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Fops-handbook/ansible
localghost 0c62cc21af
chris' cyberia ssh pub key 		4 months ago
..
files chris' cyberia ssh pub key 4 months ago
group_vars Add sanine, refactor to support debian 11 months ago
handlers Added certs, create nginx proxy, added ansible root handlers dir 2 years ago
roles fix nginx log tailer example 6 months ago
.gitignore Add initial version of Ansible automation 2 years ago
README.md add ansible command how-to to readme 1 year ago
hosts Merge remote-tracking branch 'cyberia-gitea/master' 7 months ago
patch.yml add daily matrix backup job 2 years ago
site.yml nginx log tailer --> caddy log tailer 6 months ago

README.md

Workflow description

cyberian user will have one key, which lives in leckie.cyberia.club as bastion host that we run ansible from

  • people can update ansible by working locally and pushing to master to run on remote box (CI is not set up yet)
  • or by logging into leckie.cyberia.club and running ansible-playbook -i hosts site.yml

You can perform a "dry run" before making changes with ansible-playbook -i hosts site.yml --check

You can limit ansible to only touch one host with ansible-playbook -i hosts site.yml --limit legion.cyberia.club

You can limit ansible to only apply certain tagged roles with ansible-playbook -i hosts site.yml --tags nginx

Server naming convention

  • scifi media produced by minority peoples
  • one word
  • simple to spell and say phonetically

DNS records

  • Add an A record with the primary servername pointing at the servers IP
  • Any additional records should be CNAME records pointing at the primary servername

ex:

A record: mothership.cyberia.club -> 69.2.118.24
CNAME:    rsyslog.cyberia.club -> mothership.cyberia.club

Making a new server

  • login to baikal

  • create an alpine capsul with:

    pubkey ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICFY6QqqL5DLeYVRQXSFmy7doecYJRGKIJVNFWdWE+hi root-deploy-key

    email ops@cyberia.club

  • login to the host and set the hostname via /etc/hostname

  • update the host via apk update && apk add python3 && apk upgrade

  • reboot the host

  • add an A-record for the host

  • add the host to the inventory

  • run ansible-playbook -i hosts site.yml from j3s.sh /home/cyberian/code/ops-handbook/ansible

Service restarts

If a critical service has its' config file(s) updated, many won't restart automatically. Operators are expected to restart services by hand as-needed.

Services that restart upon config change:

  • sshd

Services that require manual restarts:

  • matrix-synapse
  • postgresql