rgoncalves.se ~~ ansible
Peronal infrastructure, network mess and homelab. Every critical node such as routers and hypervisor are/will be powered by BSD systems.
For now, the principal hypervisor is bhyve on FreeBSD, and the domain
controller is a mix of pf, relayd and wireguard on OpenBSD latest.
development guidelines
- OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD instance first. Because we also need a fallback system, AlpineLinux is the next system to be targeted.
technology stack
- domain controller :
httpd,relayd,pfandwireguard. Checkout https://bsd.plumbing for the first two components.acme-clientis also needed for providing https. Note: https is provided from the domain controller level. The traffic from the domain controller host and source host is http only, but secured via the wireguard tunnel.
naming scheme
- ws: workstation
- dc: domain controller
- st: stack server
- sw: switch
- rt: router
- st[x][role][number]: virtual machine
inventory
dc0 : OPENBSD domain-controller
- wireguard (exit-node)
- relayd
- pf
- znc
rt0 : DDWRT router
stack0 : FREEBSD hypervisor
- bhyve
- nfsd
st0dev0 : OPENBSD development
- git
- cgit
- gitdaemon
- jenkins
st0cld0 : OPENBSD cloud
- nextcloud
- miniflux
- grafana
- logstash
st0gme0 : ALPINE games
- minecraft
- factorio
- stationeers
ST0SBX-0 : OPENBSD
ST0SBX-1 : ALPINE
ST0SBX-2 : 9FRONT
userland
A subdirectory in roles for workstations setup. It targets development
machine where these playbooks are launched.
It currently supports bootstrapping for:
- archlinux
- openbsd
- voidlinux (referred as
voidby ansible)
It setups main user, development packages, power scripts, services, system wide configuration files.
good to know
In various roles, the term httpd is used. For this particular infrastructure,
it is NOT the apache web server, but instead the OpenBSD web server
implementation.