diff --git a/#README.md# b/#README.md# new file mode 100644 index 0000000..7aaec1d --- /dev/null +++ b/#README.md# @@ -0,0 +1,87 @@ +# TuDatTr IaC +## Backups +Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone. +but first of all we need to create the buckets and provide ansible with the needed information. +## Vault +- Create vault with: `ansible-vault create secrets.yml` +- Create entry in vault with: `ansible-vault edit secrets.yml` +- Add following entries: + - `vault_pi_tudattr_password: ` (password you've setup on the device) + - `vault_aya01_tudattr_password: ` (password you've setup on the device) + - `vault_pihole_password: ` (arbitrary password you want to log in with) + - `vault_mysql_root_password: ` (arbitrary password, used internally) + - `vault_mysql_user_password: ` (arbitrary password, used internally) + - `vault_ddns_tudattrdev_password: ` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/)) + - `vault_ddns_borgland_password: ` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/)) + +## Server +- Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system +- Create user (tudattr) +- Get IP of remote system (192.168.20.11) +- Create ssh-config entry + ```config + Host aya01 + HostName 192.168.20.11 + Port 22 + User tudattr + IdentityFile /mnt/veracrypt1/genesis + ``` + - copy public key to remote system + `ssh-copy-id -i /mnt/veracrypt1/genesis.pub aya01` +- Add this host to ansible inventory +- Install sudo on remote +- add user to sudo group (with `su --login` without login the path will not be loaded correctly see [here](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918754)) and `usermod -a -G sudo tudattr` +- set time correctly when getting the following error +```sh +Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied. +``` +By doing on remote system (example): +```sh +sudo systemctl stop ntp.service +sudo ntpd -gq +sudo systemctl start ntp.service +``` +### zoneminder +- Enable authentification in (Option->System) +- Create new Camera: + - General>Name: BirdCam + - General>Function: Ffmpeg + - General>Function: Modect + - Source>Source Path: `rtsp://user:pw@ip:554/cam/mpeg4` +- Change default admin password +- Create users + + + +## RaspberryPi +- Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi +- Get IP of remote system (192.168.20.11) +- Create ssh-config entry +```config +Host pi + HostName 192.168.20.11 + Port 22 + User tudattr + IdentityFile /mnt/veracrypt1/genesis +``` +- enable ssh on pi +- copy public key to pi +- change user password of user on pi +- execute `ansible-playbook -i production --ask-vault-pass --extra-vars '@secrets.yml' pi.yml` + +## Mikrotik +- Create rsa-key on your device and name it mikrotik_rsa +- On mikrotik run: `/user/ssh-keys/import public-key-file=mikrotik_rsa.pub user=tudattr` +- Create ssh-config entry: +```config +Host mikrotik + HostName 192.168.70.1 + Port 2200 + User tudattr + IdentityFile /mnt/veracrypt1/mikrotik_rsa +``` + +## Todo +- Role to setup backup +- Role to load customization/configurations from backup to servers +- aya01 fstab diff --git a/.#README.md b/.#README.md new file mode 120000 index 0000000..bd5e03f --- /dev/null +++ b/.#README.md @@ -0,0 +1 @@ +tuan@genesis.977:1670174348 \ No newline at end of file diff --git a/roles/backblaze/tasks/backup.yml b/roles/backblaze/tasks/backup.yml index f878afd..36b98aa 100644 --- a/roles/backblaze/tasks/backup.yml +++ b/roles/backblaze/tasks/backup.yml @@ -1,6 +1,7 @@ --- -- name: Loop over subelements of the dictionary +- name: Backing up for "{{ inventory_hostname }}" shell: - cmd: "rclone -vv sync {{ item.1 }} secret:{{ item.1 }}" + cmd: "rclone sync {{ item.1 }} secret:{{ item.1 }}" when: item.0.key == inventory_hostname loop: "{{ backblaze_paths | dict2items | subelements('value') }}" + become: true diff --git a/roles/backblaze/tasks/config.yml b/roles/backblaze/tasks/config.yml index bd0d15a..0eee4cf 100644 --- a/roles/backblaze/tasks/config.yml +++ b/roles/backblaze/tasks/config.yml @@ -8,7 +8,7 @@ state: directory become: true -- name: Copy rclone config to "{{ inventory_hostname }}" +- name: Copy "templates/{{ inventory_hostname }}/rclone.conf" config to "{{ inventory_hostname }}":"{{ rclone_config }}/rclone.conf" template: src: "templates/{{ inventory_hostname }}/rclone.conf" dest: "{{ rclone_config }}/rclone.conf" diff --git a/roles/backblaze/tasks/install.yml b/roles/backblaze/tasks/install.yml index 9cb9f14..e47bb27 100644 --- a/roles/backblaze/tasks/install.yml +++ b/roles/backblaze/tasks/install.yml @@ -1,13 +1,13 @@ --- - name: Update and upgrade packages apt: - update_cache: yes - upgrade: yes - autoremove: yes - become: yes + update_cache: true + upgrade: true + autoremove: true + become: true - name: Install rclone apt: name: "rclone" state: present - become: yes + become: true