GitHub - Mareo/infrastructure

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 4,358 Commits
.gitlab/agents/kubernetes-agent		.gitlab/agents/kubernetes-agent
authentik		authentik
discord		discord
gitlab		gitlab
group_vars		group_vars
host_vars		host_vars
k8s		k8s
playbooks		playbooks
proxmox		proxmox
roles		roles
scripts		scripts
secrets		secrets
vault		vault
.ansible-lint		.ansible-lint
.envrc		.envrc
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
.pre-commit-config.yaml		.pre-commit-config.yaml
.yamllint		.yamllint
LICENSE		LICENSE
README		README
TODO		TODO
ansible.cfg		ansible.cfg
config.yml		config.yml
flake.lock		flake.lock
flake.nix		flake.nix
hosts		hosts
kargo.nix		kargo.nix
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
renovate.json5		renovate.json5
requirements.yml		requirements.yml

Repository files navigation

# Operator setup

    $ poetry install --dev
    $ poetry run pre-commit install
    $ poetry run ansible-galaxy install -r requirements.yml
    $ poetry run ansible-playbook playbooks/main.yml -t secrets  # skip on first install

# Hypervisor setup

    $ poetry run ansible-playbook -l proxmox playbooks/main.yml

## ACME configuration

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> ACME
* Create a new account
* Add a new challenge plugin:
    Plugin Id:       mikros
    DNS API:         nsupdate (RFC 2136)
    NSUPDATE_KEY:    /etc/nsupdate.key
    NSUPDATE_SERVER: mikros.mareo.fr
    NSUPDATE_ZONE:   mareo.fr
* Go to ouranos -> System -> Certificates
* Add a new certificate:
    Challenge type: DNS
    Plugin:         mikros
    Domain:         ouranos.mareo.fr
* Click "Order certificate now"

## CephFS setup

* Visit https://ouranos.mareo.fr:8006

* Go to ouranos -> Ceph -> CephFS
* Create a new metadata server
    Host:     ouranos
    Extra ID: None
* Create a new CephFS:
    Name:             cephfs
    Placement Groups: 64
    Add as Storage:   yes

## Terraform Token

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> Permissions -> API Tokens
* Create a new token:
    User:                 root@pam
    Token ID:             terraform
    Expire:               never
    Privilege separation: no
* Put the token in `secrets/proxmox_token`

## Pool

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> Permissions -> Pools
* Create a new pool:
    Name: ouranos

# Terraform setup

    $ poetry run ./scripts/terraform-setup.sh

# VMs setup
    $ cd proxmox/
    $ terraform apply
    $ cd ..
    $ poetry run ansible-playbook -l proxmox_vm playbooks/main.yml

# Vault setup
    $ cd vault/
    $ poetry run ../scripts/vault-init.sh
    $ poetry run ../scripts/vault-unseal.sh
    $ poetry run ../scripts/vault-login-as-root.sh
    $ terraform apply

# Authentik setup
    $ cd authentik/
    $ terraform apply

# Discord setup
    $ cd discord/
    $ terraform init

# GitLab setup
    $ poetry run scripts/gitlab-login-as-root.sh
    $ cd gitlab/
    $ terraform apply