Rebuild Raspbery PI - First repave

[scottmuc]

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing all the previous repave issues. Have fun!

Things to do with the existing build

• [x] Create SD card with the latest Raspberry Pi OS

  Instructions

  Preferrably with a secondary SD Card to keep the current Pi running.

  installer download

• [x] Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because my macbook might be my controller, or my windows WSL host will be.

Post OS install steps

• [x] Ensure machine IP is 192.168.2.10

• [x] Copy ssh key using ssh-copy-id

• [x] Bootstrap with Ansible

  Instructions

  ansible-playbook -i 192.168.2.10, --become --ask-become-pass ./bootstrap-playbook.yml

• [x] Complete full configuration

  Instructions

  ansible-playbook -i 192.168.2.10, --become ./main-playbook.yml

• [x] Make this template slightly better

[scottmuc]

This is going to be messy since it's my first repave of this machine in 2 years! Some notes already:

• shut down the kea dhcp serrvice
• enable DHCP on my Telekom router

This should limit any service disruption.

[scottmuc]

OS installed and some of the preliminary manual network stuff is done:

pi@raspberrypi:~ $ uname -a
Linux raspberrypi 5.10.17-v7+ #1414 SMP Fri Apr 30 13:18:35 BST 2021 armv7l GNU/Linux

[scottmuc]

After installing ansible in WSL I was able to run the following:

ansible-playbook -i 192.168.2.10, --become --ask-become-pass ./bootstrap-playbook.yml

[scottmuc]

The playbook has unbound successfully installed, but unfortunately the unbound blocklist is no longer maintained and isn't in the syntax that unbound (v1.9.0) needs.

[scottmuc]

Need git-crypt installed and terraform (https://learn.hashicorp.com/tutorials/terraform/install-cli)

[scottmuc]

After repaving, the port forwarding from my router stopped working. It worked again after deleting and recreating the port forward. Might need to check if I should delete the port forward before the repave, and re-add it back afterwards.

This was discovered during the certbot certification verification process (which I'll need a few more repaves to iron out the kinks).

[scottmuc]

Thankfully setting up navidrome using the script (https://github.com/scottmuc/infrastructure/blob/main/pi/navidrome.sh) went without a hitch! I'll turn it into ansible for the next repave.

[scottmuc]

Calling this repave "complete". I haven't setup and installed Samba or the DHCP server. I'm feeling like a lot has already changed with the setup already, and I'm happy that I got things to a working state with nginx, unbound, and navidrome.

There's a lot I need to update in this template. So I'll conclude this repave when those updates happen and plan another repave soon. Given that all the ansible code went from zero to what is there now, I'm crossing my fingers that I can get to a good state in an hour (otherwise I have some kinks to work out).