- raspberry 2b, 3b, 3b+, 4b-4gb, 4b-8gb, Lenovo Thinkpad T580, Intel Nuc
- fedora 32, 33, 34
- ansible & ansible-vault
| fed127 | fed130 | fed143 | fed149 | fed157 | fed159 | fed160 | fed168 | fed171 | fed178 | openvpn | pihole | | rpi4b8g | rpi4b8g | rpi4b4g | rpi4b4g | rpi3b+ | rpi2b | rpi4b8g | rpi4b8g | rpi2b | rpi2b | rpi3b | rpi3b | | nvme128 | nvme128 | nvme512 | nvme1024 | | | nvme128 | | | | | |
f34 | f34 | f34 | f34 | f34 | f34 | f34 | |||||
---|---|---|---|---|---|---|---|---|---|---|---|
jenkins | gitea | build-images | piaware | haproxy | alert manager | awx | haproxy | piaware | openvpn | pihole | |
httpd | get-images | dump1090exporter | keepalived | blackbox | linkding | keepalived | dump1090exporter | openvpnexporter | |||
letsencrypt | nfsserver | grafana | openldap | ||||||||
postgres | openldap | karma | |||||||||
registry | prometheus | ||||||||||
snmpexporter | |||||||||||
playbooks | description |
---|---|
provision.yaml | all roles -- full stack deployment |
baseline.yaml | baseline features |
gitea.yaml | git server deployment |
httpd.yaml | apache server deployment |
pihole.yaml | pihole server deployment |
postgres.yaml | postgres db deployment |
rocketchat.yaml | rocketchat server deployment |
inventory files and directories | decription |
---|---|
inventory/all | main group |
inventory/host_vars/ | host files |
inventory/group_vars/ | group files |
To decrypt ansible encrypted variables, store the password in file and add environment variable to .bashrc:
$ ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt
create encrypted variable
$ ansible-vault encrypt_string 'SECRET' --name '_slack_webhook_secret'
show encrypted variable
$ ansible -i "localhost," all -m debug -a 'msg="{{ _slack_webhook_secret }}"' -e@roles/alertmanager/defaults/main.yml
$ ansible-galaxy collection install community.general
$ ansible-galaxy collection install containers.podman
$ sudo dnf install python3-pip
$ sudo pip3 install virtualenv
$ virtualenv ansible
$ source ansible/bin/activate # deactivate to exit
$ pip install ansible
firewall ports
port | service | scope |
---|---|---|
22 | ssh | all hosts |
53 | dns pihole | |
80 | http | pihole |
443 | https | pihole |
2222 | gitea ssh | gitea |
3000 | gitea | gitea |
5432 | postgres default | inside podman network |
30080 | apache httpd http | on host fed143 |
30443 | apache httpd https | on host fed143 |
31080 | apache httpd http | on host fed143 |
31433 | apache httpd https | on host fed143 |
users and groups
uid | user | guid | group |
---|---|---|---|
1000 | tedsluis | 1000 | tedsluis |
1000 | pi | 1000 | pi |
1001 | ansible | 1001 | ansible |
1033 | gitea | 1033 | gitea |
1034 | httpd | 1034 | httpd |
1035 | letsencrypt | 1035 | letsencrypt |
1036 | postgres | 1036 | postgres |
Boot with raspios image and perform a full-upgrade. Specificy beta, critical or stable in the file below:
pi@raspberrypi:~ $ sudo vi /etc/default/rpi-eeprom-update
Check for updates:
pi@raspberrypi:i~ $ sudo rpi-eeprom-update
BCM2711 detected
VL805 firmware in bootloader EEPROM
*** UPDATE AVAILABLE ***
BOOTLOADER: update available
CURRENT: Thu 3 Sep 12:11:43 UTC 2020 (1599135103)
LATEST: Wed 28 Oct 17:32:40 UTC 2020 (1603906360)
FW DIR: /lib/firmware/raspberrypi/bootloader/beta
VL805: up-to-date
CURRENT: 000138a1
LATEST: 000138a1
Apply update:
pi@raspberrypi:/lib/firmware/raspberrypi/bootloader/beta $ sudo rpi-eeprom-update -a
BCM2711 detected
VL805 firmware in bootloader EEPROM
*** INSTALLING EEPROM UPDATES ***
BOOTLOADER: update available
CURRENT: Thu 3 Sep 12:11:43 UTC 2020 (1599135103)
LATEST: Wed 28 Oct 17:32:40 UTC 2020 (1603906360)
FW DIR: /lib/firmware/raspberrypi/bootloader/beta
VL805: up-to-date
CURRENT: 000138a1
LATEST: 000138a1
BOOTFS /boot
EEPROM updates pending. Please reboot to apply the update.
Reboot en login again.
Select a eeprom version:
pi@raspberrypi:~ $ cp /lib/firmware/raspberrypi/bootloader/critical/pieeprom-2020-09-03.bin .
Or download one from github:
pi@raspberry:~ $ wget https://github.com/raspberrypi/rpi-eeprom/raw/master/firmware/beta/pieeprom-2020-10-28.bin
List versions:
pi@raspberrypi:~ $ ls -l
total 1540
-rw-r--r-- 1 pi pi 524288 Oct 30 15:22 pieeprom-2020-09-03.bin
-rw-r--r-- 1 pi pi 524288 Oct 30 10:49 pieeprom-2020-10-28.bin
Get boot config settings from eeprom:
pi@raspberrypi:~ $ rpi-eeprom-config pieeprom-2020-09-03.bin > bootconf.txt
Show boot config settings:
pi@raspberrypi:~ $ cat bootconf.txt
[all]
BOOT_UART=0
WAKE_ON_GPIO=1
POWER_OFF_ON_HALT=0
DHCP_TIMEOUT=45000
DHCP_REQ_TIMEOUT=4000
TFTP_FILE_TIMEOUT=30000
ENABLE_SELF_UPDATE=1
DISABLE_HDMI=0
BOOT_ORDER=0xf41
Edit boot config settings:
pi@raspberrypi:~ $ vi bootconf.txt
Create new eeprom with boot config settings:
pi@raspberrypi:~ $ rpi-eeprom-config --out pieeprom-new.bin --config bootconf.txt pieeprom-2020-09-03.bin
Show new eeprom + boot settings:
pi@raspberrypi:~ $ ls -l
total 1540
-rw-r--r-- 1 pi pi 278 Oct 30 15:21 bootconf.txt
-rw-r--r-- 1 pi pi 524288 Oct 30 15:22 pieeprom-2020-09-03.bin
-rw-r--r-- 1 pi pi 524288 Oct 30 10:49 pieeprom-2020-10-28.bin
-rw-r--r-- 1 pi pi 524288 Oct 30 14:45 pieeprom-new.bin
Apply eeprom + boot settings:
pi@raspberrypi:~ $ sudo rpi-eeprom-update -d -f ./pieeprom-new.bin
BCM2711 detected
VL805 firmware in bootloader EEPROM
*** INSTALLING ./pieeprom-new.bin ***
BOOTFS /boot
EEPROM update pending. Please reboot to apply the update.
Reboot raspberry to apply update and login again.
Show new boot config settings:
pi@raspberrypi:~ $ vcgencmd bootloader_config
[all]
BOOT_UART=0
WAKE_ON_GPIO=1
POWER_OFF_ON_HALT=0
DHCP_TIMEOUT=45000
DHCP_REQ_TIMEOUT=4000
TFTP_FILE_TIMEOUT=30000
TFTP_IP=
TFTP_PREFIX=0
BOOT_ORDER=0xf41 <------ boot order is sdcard, usb mass storage
SD_BOOT_MAX_RETRIES=3
NET_BOOT_MAX_RETRIES=5
USB_MSD_PWR_OFF_TIME=0
USB_MSD_DISCOVER_TIMEOUT=20
[none]
FREEZE_VERSION=0
https://github.com/dysosmus/ansible-completion
$ git clone git@github.com:dysosmus/ansible-completion.git
$ cd ansible-completion
$ sudo cp *.bash /etc/bash_completion.d/
Reload shell: source ~/.bashrc or source ~/.profile
https://github.com/junegunn/vim-plug
$ mkdir -p ~/.vim/autoload
$ curl -fLo ~/.vim/autoload/plug.vim --create-dirs \
https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
https://github.com/pearofducks/ansible-vim
$ cat <<EOT >> ~/.vimrc
" Plugins will be downloaded under the specified directory.
call plug#begin('~/.vim/plugged')
" Declare the list of plugins.
Plug 'pearofducks/ansible-vim'
" List ends here. Plugins become visible to Vim after this call.
call plug#end()
EOT
To update the plug-ins, use :PlugUpdate in VIM.