Skip to content
Branch: master
Go to file


Failed to load latest commit information.
Latest commit message
Commit time

#! Admin Tools

Ansible playbooks and other admin tools/docs for maintaining the #! network.


  • Recent version of Ansible
  • Local #! pass database
  • User with sudo access on all servers

Git configuration

You might also want to use the following snippet in ~/.gitconfig:

[diff "gpg"]
	textconv = gpg --no-tty --decrypt
	cachetextconv = false
[diff "ansible-vault"]
	textconv = ansible-vault view
	cachetextconv = false

SSH configuration

All the “service servers” (as opposed to shell servers) listen for SSH on port 8993 (ASCII-encoding of #!), and the user is core, with the following exceptions:

  • and do not yet follow that convention;
  • is a service hosted on which uses port 22.

This is expressed in the following .ssh/config snippet:

     User your_nick

     User git

     User core

Host *
     User core
     Port 8993


There are several playbooks present here:

  • shell.yml is used to synchronise the configuration (incl. installed packages) across the shell servers.

  • credentials.yml is used to deploy the admin's SSH keys across all servers:

    • admins can login as root on the shell servers;
    • they can login as core on the CoreOS servers.
  • coreos.yml performs CoreOS-specific tasks. Currently, it only bootstraps the Ansible agent's dependencies.

  • mail.yml deploy the mail aliases and Postfix configuration.

  • irc.yml deploys static and templated configuration to the IRC servers, including oper blocks for users defined in group_vars/all/users.yml.

  • ldap_ban.yml disables user accounts in LDAP and terminates their sessions on the shell servers; it requires python-ldap installed. Invoke as follows:

      ansible-playbook ldap_ban.yml

    For scripting purposes, the script accepts a comma-separated list of users, (users), and a Boolean determining if the homedirs should be deleted (delete).


Install a package

See doc/

Making a configuration change

  1. Prepare your change for shell-etc, test it locally.
  2. Create a pull-request for it on Github, wait for a review.
  3. Perform a signed merge into master: git merge -S --no-ff branch
    Only merge into master things that you will deploy immediately. Do not merge if you aren't in a position to follow-up with a deploy.
  4. Run the shell.yml playbook, see below.

Sync packages & configuration across all shell servers

Simply run the appropriate Ansible playbook:

ansible-playbook shell.yml


Ansible playbooks and other admin tools used to administrate #! servers




No releases published
You can’t perform that action at this time.