ansible/README.md

# TuDatTr IaC
## Vault
- Create vault with: `ansible-vault create secrets.yml`
- Create entry in vault with: `ansible-vault edit secrets.yml`
- Add entry: `pi_tudattr_password: YOUR_USERS_PASSWORD`
- Add entry: `aya01_tudattr_password: YOUR_USERS_PASSWORD`

## Server
- Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system
- Create user (tudattr)
- Get IP of remote system (192.168.20.11)
- Create ssh-config entry
  ```config
  Host aya01
    HostName 192.168.20.11
    Port 22
    User tudattr
    IdentityFile /mnt/veracrypt1/genesis
  ```
  - copy public key to remote system
  `ssh-copy-id -i /mnt/veracrypt1/genesis.pub aya01`
- Adjust ansible inventory
- Install sudo on remote
- add user to sudo group (with `su --login` without login the path will not be loaded correctly see [here](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918754)) and `usermod -a -G sudo tudattr`
- set time correctly when getting the following error
```sh
Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied.
```
By doing on remote system (example):

## RaspberryPi
- Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi
- Get IP of remote system (192.168.20.11)
- Create ssh-config entry
```config
Host pi
     HostName 192.168.20.11
     Port 22
     User tudattr
     IdentityFile /mnt/veracrypt1/genesis
```
- enable ssh on pi
- copy public key to pi
- change user password of user on pi
- execute `ansible-galaxy install geerlingguy.docker`
- execute `ansible-playbook -i production --ask-vault-pass --extra-vars '@secrets.yml' pi.yml`

## Mikrotik
- Create rsa-key on your device and name it mikrotik_rsa
- On mikrotik run: `/user/ssh-keys/import public-key-file=mikrotik_rsa.pub user=tudattr`
- Create ssh-config entry:
```config
Host mikrotik
     HostName 192.168.70.1
     Port 2200
     User tudattr
     IdentityFile /mnt/veracrypt1/mikrotik_rsa
```
Initial commit with not yet working docker networking Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev> 2022-11-30 23:49:07 +01:00			`# TuDatTr IaC`
			`## Vault`
			- Create vault with: `ansible-vault create secrets.yml`
			- Create entry in vault with: `ansible-vault edit secrets.yml`
			- Add entry: `pi_tudattr_password: YOUR_USERS_PASSWORD`
			- Add entry: `aya01_tudattr_password: YOUR_USERS_PASSWORD`

			`## Server`
			`- Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system`
			`- Create user (tudattr)`
			`- Get IP of remote system (192.168.20.11)`
			`- Create ssh-config entry`
			```config
			`Host aya01`
			`HostName 192.168.20.11`
			`Port 22`
			`User tudattr`
			`IdentityFile /mnt/veracrypt1/genesis`
			```
			`- copy public key to remote system`
			`ssh-copy-id -i /mnt/veracrypt1/genesis.pub aya01`
			`- Adjust ansible inventory`
			`- Install sudo on remote`
			- add user to sudo group (with `su --login` without login the path will not be loaded correctly see [here](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918754)) and `usermod -a -G sudo tudattr`
			`- set time correctly when getting the following error`
			```sh
			`Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied.`
			```
			`By doing on remote system (example):`

			`## RaspberryPi`
			`- Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi`
			`- Get IP of remote system (192.168.20.11)`
			`- Create ssh-config entry`
			```config
			`Host pi`
			`HostName 192.168.20.11`
			`Port 22`
			`User tudattr`
			`IdentityFile /mnt/veracrypt1/genesis`
			```
			`- enable ssh on pi`
			`- copy public key to pi`
			`- change user password of user on pi`
			- execute `ansible-galaxy install geerlingguy.docker`
			- execute `ansible-playbook -i production --ask-vault-pass --extra-vars '@secrets.yml' pi.yml`

			`## Mikrotik`
			`- Create rsa-key on your device and name it mikrotik_rsa`
			- On mikrotik run: `/user/ssh-keys/import public-key-file=mikrotik_rsa.pub user=tudattr`
			`- Create ssh-config entry:`
			```config
			`Host mikrotik`
			`HostName 192.168.70.1`
			`Port 2200`
			`User tudattr`
			`IdentityFile /mnt/veracrypt1/mikrotik_rsa`
			```