ansible/README.md

2.0 KiB

TuDatTr IaC

Vault

  • Create vault with: ansible-vault create secrets.yml
  • Create entry in vault with: ansible-vault edit secrets.yml
  • Add entry: pi_tudattr_password: YOUR_USERS_PASSWORD
  • Add entry: aya01_tudattr_password: YOUR_USERS_PASSWORD

Server

  • Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system
  • Create user (tudattr)
  • Get IP of remote system (192.168.20.11)
  • Create ssh-config entry
    Host aya01
      HostName 192.168.20.11
      Port 22
      User tudattr
      IdentityFile /mnt/veracrypt1/genesis
    
    • copy public key to remote system ssh-copy-id -i /mnt/veracrypt1/genesis.pub aya01
  • Adjust ansible inventory
  • Install sudo on remote
  • add user to sudo group (with su --login without login the path will not be loaded correctly see here) and usermod -a -G sudo tudattr
  • set time correctly when getting the following error
Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied.

By doing on remote system (example):

RaspberryPi

  • Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi
  • Get IP of remote system (192.168.20.11)
  • Create ssh-config entry
Host pi
     HostName 192.168.20.11
     Port 22
     User tudattr
     IdentityFile /mnt/veracrypt1/genesis
  • enable ssh on pi
  • copy public key to pi
  • change user password of user on pi
  • execute ansible-galaxy install geerlingguy.docker
  • execute ansible-playbook -i production --ask-vault-pass --extra-vars '@secrets.yml' pi.yml

Mikrotik

  • Create rsa-key on your device and name it mikrotik_rsa
  • On mikrotik run: /user/ssh-keys/import public-key-file=mikrotik_rsa.pub user=tudattr
  • Create ssh-config entry:
Host mikrotik
     HostName 192.168.70.1
     Port 2200
     User tudattr
     IdentityFile /mnt/veracrypt1/mikrotik_rsa