blob: 5bed9421a0c45c3aa6e9d1e320032b519f2cb8a0 (
plain) (
tree)
|
|
rgoncalves.se ~~ ansible
========================
Peronal infrastructure, network mess and homelab. Every critical node such as
routers and hypervisor are/will be powered by BSD systems.
For now, the principal hypervisor is `bhyve` on FreeBSD, and the domain
controller is a mix of `pf`, `relayd` and `wireguard` on OpenBSD latest.
development guidelines
----------------------
- OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD
instance first. Because we also need a fallback system, AlpineLinux is the
next system to be targeted.
technology stack
----------------
- domain controller : `httpd`, `relayd`, `pf` and `wireguard`. Checkout
https://bsd.plumbing for the first two components. `acme-client` is also
needed for providing https.
Note: https is provided from the domain controller level. The traffic from
the domain controller host and source host is http only, but secured via
the wireguard tunnel.
naming scheme
-------------
- ws: workstation
- dc: domain controller
- st: stack server
- sw: switch
- rt: router
- st[x][role][number]: virtual machine
inventory
---------
- dc0 : OPENBSD domain-controller
- wireguard (exit-node)
- relayd
- pf
- znc
- rt0 : DDWRT router
- stack0 : FREEBSD hypervisor
- bhyve
- nfsd
- st0dev0 : OPENBSD development
- git
- cgit
- __gitdaemon__
- __jenkins__
- st0cld0 : OPENBSD cloud
- nextcloud
- miniflux
- __grafana__
- __logstash__
- st0gme0 : ALPINE games
- minecraft
- factorio
- stationeers
- ST0SBX-0 : OPENBSD
- ST0SBX-1 : ALPINE
- ST0SBX-2 : 9FRONT
userland
--------
A subdirectory in `roles` for workstations setup. It targets development
machine where these playbooks are launched.
It currently supports bootstrapping for:
- archlinux
- openbsd
- voidlinux (referred as `void` by ansible)
It setups main user, development packages, power scripts, services, system wide
configuration files.
good to know
------------
In various roles, the term `httpd` is used. For this particular infrastructure,
it is NOT the apache web server, but instead the OpenBSD web server
implementation.
|