docs, config and ansible stuff for the "Erstaufnahmeeinrichtung Am Deutschen Platz"
migriert zu https://gitlab.dezentrale.space/freifunk-leipzig/eae-am-deutschen-platz
a9429b661a
only issue a sysupgrade if the desired garet version and profile specified in the inventory does not match the firmware running on the device. Because we do not put the firmware files into this git, simply clone the garet repo, checkout the desired commit, build the needed profile and then put the firmware file into firmware/garet_${profile}-${version}.bin |
||
---|---|---|
ansible-environment | ||
documentation | ||
files | ||
password-store | ||
templates | ||
.gitignore | ||
README.md | ||
ansible-environment.txt | ||
ansible-inventory | ||
ansible.cfg | ||
environment | ||
playbook_create_ssh_config.yml | ||
playbook_distribute_authorized_keys.yml | ||
playbook_provision_accesspoints.yml | ||
playbook_provision_backbone.yml | ||
playbook_provision_eap-adp-jump01.yml | ||
playbook_provision_gateway.yml | ||
playbook_provision_hypervisor.yml | ||
playbook_provision_monitoring.yml | ||
playbook_sysupgrade.yml |
README.md
Freifunk Leipzig - Erstaufnahme Einrichtung - Am Deutschen Platz
This repo contains the config and documentation for our installation at the "Erstaufnahme Einrichtung - Am Deutschen Platz"
this is a work in progress
Quick Links
Usage
Requirements
pass
(password manager)pandoc
(offline documentation generation)python3
(ansible)python3-venv
(ansible)rsync
(ansible)
Initial Setup
- install requirements
- clone repo and change directory:
git clone https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp
- create python3 virtual enviroment:
python3 -m venv ansible-environment
- enter python3 virtual environment:
. ansible-environment/bin/activate
- install ansible and dependencies:
pip3 install -r ansible-environment.txt
- import all gpg keys for
pass
:gpg --import files/gpg/*
- trust all imported gpg keys:
gpg --edit-key <id>
withtrust
and5
for every key - create
ssh_config
with all hosts:ansible-playbook playbook_create_ssh_config.yml
(use-e jumphost=eae-adp-jump01
to configure ssh to useeae-adp-jump01
as the jump host) - leave python3 virtual environment:
deactivate
Daily Usage
Before doing enything you need to enter the environment: . environment
After using playbook_create_ssh_config.yml
you can call ssh
simply with the name of the machine (ie. ssh gw-core01
).
The ssh_config
file is generated from the ansible-inventory
.
Should something in the inventory change or you want to use/change the jumphost simply reexecute the playbook.
Passwords managed using pass
. Simply call pass
after sourcing the environment.
Descriptions
environment
: configure environment (path topass
store, http(s) socks proxy and python venv for ansible)playbook_create_ssh_config.yml
: playbook to create an additionalssh_config
file (.ssh/ffl_eae_adp_config
) that get's included in the defaultssh_config
playbook_distribute_authorized_keys.yml
: deployfiles/authorized_keys
on all machinesplaybook_provision_accesspoints.yml
: configure accesspointsplaybook_provision_backbone.yml
: configure wg tunnel and ospf link betweengw-core01
andeae-adp-jump01
playbook_provision_eap-adp-jump01.yml
: general system configuration foreae-adp-jump01
(monitoring, routing, ...)playbook_provision_hyper01.yml
: general system configuration forhyper01
and create vms/containersplaybook_provision_monitoring.yml
: configure and install prometheus and grafana onmonitoring01