GitHub - Mareo/infrastructure

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 1,726 Commits
authentik		authentik
discord		discord
gitlab		gitlab
group_vars		group_vars
host_vars		host_vars
k8s		k8s
playbooks		playbooks
proxmox		proxmox
roles		roles
scripts		scripts
secrets		secrets
vault		vault
.ansible-lint		.ansible-lint
.envrc		.envrc
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
.pre-commit-config.yaml		.pre-commit-config.yaml
.yamllint		.yamllint
LICENSE		LICENSE
README		README
TODO		TODO
ansible.cfg		ansible.cfg
config.yml		config.yml
flake.lock		flake.lock
flake.nix		flake.nix
hosts		hosts
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
renovate.json		renovate.json
requirements.yml		requirements.yml

Repository files navigation

# Operator setup

    $ poetry install
    $ poetry run ansible-galaxy install -r requirements.yml
    $ poetry run ansible-playbook playbooks/main.yml -t secrets  # skip on first install

# Hypervisor setup

    $ poetry run ansible-playbook -l proxmox playbooks/main.yml

## ACME configuration

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> ACME
* Create a new account
* Add a new challenge plugin:
    Plugin Id:       mikros
    DNS API:         nsupdate (RFC 2136)
    NSUPDATE_KEY:    /etc/nsupdate.key
    NSUPDATE_SERVER: mikros.mareo.fr
    NSUPDATE_ZONE:   mareo.fr
* Go to ouranos -> System -> Certificates
* Add a new certificate:
    Challenge type: DNS
    Plugin:         mikros
    Domain:         ouranos.mareo.fr
* Click "Order certificate now"

## CephFS setup

* Visit https://ouranos.mareo.fr:8006

* Go to ouranos -> Ceph -> CephFS
* Create a new metadata server
    Host:     ouranos
    Extra ID: None
* Create a new CephFS:
    Name:             cephfs
    Placement Groups: 64
    Add as Storage:   yes

## Terraform Token

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> Permissions -> API Tokens
* Create a new token:
    User:                 root@pam
    Token ID:             terraform
    Expire:               never
    Privilege separation: no
* Put the token in `secrets/proxmox_token`

## Pool

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> Permissions -> Pools
* Create a new pool:
    Name: ouranos

# Terraform setup

    $ poetry run ./scripts/terraform-setup.sh

# VMs setup
    $ cd proxmox/
    $ terraform apply
    $ cd ..
    $ poetry run ansible-playbook -l proxmox_vm playbooks/main.yml

# Vault setup
    $ cd vault/
    $ poetry run ../scripts/vault-init.sh
    $ poetry run ../scripts/vault-unseal.sh
    $ poetry run ../scripts/vault-login-as-root.sh
    $ terraform apply

# Authentik setup
    $ cd authentik/
    $ terraform apply

# Discord setup
    $ cd discord/
    $ terraform init

# GitLab setup
    $ poetry run scripts/gitlab-login-as-root.sh
    $ cd gitlab/
    $ terraform apply