diff --git a/#README.md# b/#README.md# deleted file mode 100644 index 7aaec1d..0000000 --- a/#README.md# +++ /dev/null @@ -1,87 +0,0 @@ -# TuDatTr IaC -## Backups -Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone. -but first of all we need to create the buckets and provide ansible with the needed information. -## Vault -- Create vault with: `ansible-vault create secrets.yml` -- Create entry in vault with: `ansible-vault edit secrets.yml` -- Add following entries: - - `vault_pi_tudattr_password: ` (password you've setup on the device) - - `vault_aya01_tudattr_password: ` (password you've setup on the device) - - `vault_pihole_password: ` (arbitrary password you want to log in with) - - `vault_mysql_root_password: ` (arbitrary password, used internally) - - `vault_mysql_user_password: ` (arbitrary password, used internally) - - `vault_ddns_tudattrdev_password: ` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/)) - - `vault_ddns_borgland_password: ` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/)) - -## Server -- Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system -- Create user (tudattr) -- Get IP of remote system (192.168.20.11) -- Create ssh-config entry - ```config - Host aya01 - HostName 192.168.20.11 - Port 22 - User tudattr - IdentityFile /mnt/veracrypt1/genesis - ``` - - copy public key to remote system - `ssh-copy-id -i /mnt/veracrypt1/genesis.pub aya01` -- Add this host to ansible inventory -- Install sudo on remote -- add user to sudo group (with `su --login` without login the path will not be loaded correctly see [here](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918754)) and `usermod -a -G sudo tudattr` -- set time correctly when getting the following error -```sh -Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied. -``` -By doing on remote system (example): -```sh -sudo systemctl stop ntp.service -sudo ntpd -gq -sudo systemctl start ntp.service -``` -### zoneminder -- Enable authentification in (Option->System) -- Create new Camera: - - General>Name: BirdCam - - General>Function: Ffmpeg - - General>Function: Modect - - Source>Source Path: `rtsp://user:pw@ip:554/cam/mpeg4` -- Change default admin password -- Create users - - - -## RaspberryPi -- Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi -- Get IP of remote system (192.168.20.11) -- Create ssh-config entry -```config -Host pi - HostName 192.168.20.11 - Port 22 - User tudattr - IdentityFile /mnt/veracrypt1/genesis -``` -- enable ssh on pi -- copy public key to pi -- change user password of user on pi -- execute `ansible-playbook -i production --ask-vault-pass --extra-vars '@secrets.yml' pi.yml` - -## Mikrotik -- Create rsa-key on your device and name it mikrotik_rsa -- On mikrotik run: `/user/ssh-keys/import public-key-file=mikrotik_rsa.pub user=tudattr` -- Create ssh-config entry: -```config -Host mikrotik - HostName 192.168.70.1 - Port 2200 - User tudattr - IdentityFile /mnt/veracrypt1/mikrotik_rsa -``` - -## Todo -- Role to setup backup -- Role to load customization/configurations from backup to servers -- aya01 fstab diff --git a/.#README.md b/.#README.md deleted file mode 120000 index bd5e03f..0000000 --- a/.#README.md +++ /dev/null @@ -1 +0,0 @@ -tuan@genesis.977:1670174348 \ No newline at end of file diff --git a/README.md b/README.md index 599417d..7aaec1d 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,7 @@ # TuDatTr IaC +## Backups +Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone. +but first of all we need to create the buckets and provide ansible with the needed information. ## Vault - Create vault with: `ansible-vault create secrets.yml` - Create entry in vault with: `ansible-vault edit secrets.yml`