n3tuk / ansible

An Ansible repository for the configuration of systems and resources managed by n3tuk
MIT License
0 stars 0 forks source link
ansible

n3t.uk Ansible Playbooks

An Ansible repository for the configuration of systems and resources managed by n3tuk.

Playbooks

Playbook task Command Description
n/a ping A task-specific command which will attempt to ping all hosts configured in the inventory using the standard become process.
bootstrap.yaml bootstrap A play which will bootstrap any host listed under the bootstrap group, and is normally used for both physical nodes as well as virtual machines.
baseline.yaml baseline A play which will configure physical and virtual machines to baselined settings.
upgrade.yaml upgrade A play which will run an update and upgrade of all Arch Linux packages of using pacman.
users.yaml users A play which will run an create or update of all the users and groups on a system.
libvirtd.yaml libvirtd A play which will update the configuration of libvirtd on a system and prepare the Storage Pools.
cache.yaml cache A play which will update the configuration of caching proxies.
netdata.yaml netdata A play which will update the configuration of Netdata on both parent and child nodes.
vault.yaml vault A play which will update the configuration of Hashicorp Vault in each of the environments of the Lab.
testing.yaml testing A play which will update the configuration of test Kubernetes clusters using k3s.

All Ansible plays run via task can be configured with limit overrides using limit= appended after the task:

$ task bootstrap limit=node-01.s.cym-south-1.kub3.uk
task: [bootstrap] ansible-playbook \
  --syntax-check plays/bootstrap.yaml
...

Roles

Role Description
filesystems A role to configure physical partitions and filesystems, as well as physical volumes, volume groups, and logical volumes under LVM too, with support for encrypted physical filesystems with cryptsetup.
bootstrap A role to bootstrap an Arch Linux installation under a configured mount point, usually set up with filesystems above.
issue A role to configure /etc/issue on the system to describe the host and display an access warning message.
ca A role to install the n3t.uk Root Certificate Authoritiy certificate into the the trusted store on each system, allowing tools and utilities to trust certificates issued under it.
secure_boot A role to set up the keys and UEFI firmware to support Secure Boot on physical hosts, allowing locally-built kernels to be signed for booting.
kernels A role to install selected Linux kernels and configure them for booting on this system.
systemd A role to update the local configuration for systemd on this system, including systemd itself, systemd-oomd, and systemd-timesyncd for NTP support.
systemd_networkd A role to enable systemd-networkd and install the required configuration for the local ethernet port, as well as any VLANs and Bridges required for virtual machine access to the network.
systemd_resolved A role to enable systemd-resolved for local DNS resolution, including setting up the stub resolver, and configuring the DNS settings for this system.
starship A role to install and configure starship as a command-line prompt management utility, and allow it to clearly define the use and purpose of the system in both file and bash.
fish A role to install and configure fish with some basic settings and to run starship for users.
bash A role to install and configure bash with some basic settings and to run starship for users.
sudo A role to install and configure sudo on this system with standadised defaults and limited access based on groups.
ssh A role to install and configure the ssh service on this system to enable secure defaults and remote access for configured and supported users.
pacman A role to install and configure the pacman utility on this system to additional Arch Linux repositories and custom settings.
users A role to install and configure the users and groups on the system, including the root user.
libvirtd A role to install and configure libvirtd for the system and prepare the Storage Pools for Virtual Machines.
machines A role to configure all the virtual machines to run on a node, alongside the storage and any other devices required by that machine.
nginx A role to configure nginx on a system with standard settings, but not to configure any virtual hosts which it may serve.
cache A role to configure a caching proxy virtual host in nginx which will proxy and cache Arch Linux repositories and packages.
logrotate A role to configure logrotate with sensible defaults to support the rotation and compression of historical log files.
netdata A role to configure netdata either as a parent node for centralised storage and processing, or a child to collect data and stream it to a parent node.
vault A role to install and configure Hashicorp Vault along with associated proxies, certificates, and firewall rules.
k3s A role to install and configure k3s nodes to build and run Kubernetes clusters in different setups, including single-node as well as server/agent setups.