Summary

Clone URL:

git Use ID

Description:

This repo contains our anisble configurations files for our network

Trending files:

Download:

Download as zip With subrepos

Latest Changes

x	3b48e1424308	17 months ago	fix: ansible errors in issue_cert
x	2dc24f376af8	17 months ago	fix: acme.sh installation now works
x	5874f5c8524e	17 months ago	fix: conditions are and not &
x	cb4d70871ad9	17 months ago	fix: bogus cert is required before nginx restart
x	9d7bd94a3661	17 months ago	fix: nginx, server_config is already in path
x	97abce3d5e10	17 months ago	fix: symlink website + ansible lint stuff
x	eff5e9720cff	17 months ago	fix: become when root perms are necessary
x	a0a703d97fe6	17 months ago	fix: assign api permissions properly
x	c148b8df5743	17 months ago	docs: initial sever setup
x	8cf2c6766e78	17 months ago	feat: reload sshd before adding new users (avoid vuln.)

README.md

fflux Ansible Configuration

This repo contains Ansible configs for the Freifunk Lëtzebuerg infra.

Files

hosts: contains all of the machines.
Careful: a wrongly defined machine can lead to major problems.
authorized_keys: fflux user pubkey

Directories

files: templates for various playbooks
initial_server_setup: initial server setup
gateway: Set up a fflux gateway
api: api.freifunk.lu
firmware: firmware.freifunk.lu

Guide

Initial Server Setup

First, add the machine to hosts at the top of the file:

machine-name-here ansible_host=10.20.30.40

Note that machine-name-here will be the machine's hostname.

Then, put the machine under the [initial] group:

[initial]
machine-name-here ansible_user=root

Finally, change the default private SSH key under [all:vars] if necessary:

ansible_ssh_private_key_file=/home/myuser/.ssh/id_ed25519

You can now run the playbook:

fflux@fflux:~/repos/Ansible-Configuration$ ansible-playbook -i hosts initial_server_setup/initial_setup.yml

Note that the placement of the repositories might impact the playbook's behaviour, particularly for more advanced setups, incl. web server.

Install Website (freifunk, www, api)

First, make sure the machine is still configured properly at the top of the hosts file. (see initial server setup)

Then, put the machine under the [website-web] group:

perso-test

Note that if you are not running this on the fflux management server as the fflux user, you might want to check the remote authorized_keys (that one of your keys is allowed) and append ansible_user=fflux to that line, similarly to the initial server setup.

Do not forget to set the DNS records properly, so that the machine is reachable via the domain names. (at the time of writing freifunk.lu, www.freifunk.lu and api.freifunk.lu, but you can simply check the playblook)

On top of that, make sure that the fflux user has a ssh keypair (for git) which is configured properly on projects.c3l.lu. That way, it can clone the website and api repositories.

Finally, run the playbook:

fflux@fflux:~/repos/Ansible-Configuration$ ansible-playbook -v -i hosts web/install_website.yml