rgoncalves.se ~~ ansible
========================

Peronal infrastructure, network mess and homelab. Every critical node such as
routers and hypervisor are/will be powered by BSD systems.

For now, the principal hypervisor is `bhyve` on FreeBSD, and the domain
controller is a mix of `pf`, `relayd` and `wireguard` on OpenBSD latest.


development guidelines
----------------------

- OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD
  instance first. Because we also need a fallback system, AlpineLinux is the
  next system to be targeted.


technology stack
----------------

- domain controller : `httpd`, `relayd`, `pf` and `wireguard`. Checkout
  https://bsd.plumbing for the first two components. `acme-client` is also
  needed for providing https.
  Note: https is provided from the domain controller level. The traffic from
  the domain controller host and source host is http only, but secured via
  the wireguard tunnel.

naming scheme
-------------

- ws:  workstation
- dc:  domain controller
- st:  stack server
- sw:  switch
- rt:  router
- st[x][role][number]:  virtual machine


inventory
---------

- DC0 : domain controller                  (OPENBSD)
- RT0 : local router                       (DDWRT)
- STACK0 : freebed hypervisor, test        (FREEBSD)
- ST0DEV-0 : git, cgit, gitdaemon, jenkins (OPENBSD)
- ST0CLD-0 : nextcloud, grafana, logstash  (OPENBSD)
- ST0GME-0 : minecraft,                    (OPENBSD)
- ST0GME-1 : stationeers, ksplmp, factorio (ALPINE)

- ST0SBX-0 : sandbox server                (OPENBSD)
- ST0SBX-1 : sandbox server                (ALPINE)
- ST0SBX-2 : sandbox server                (CENTOS/ROCKYLINUX?)

 
good to know
------------

In various roles, the term `httpd` is used. For this particular infrastructure,
it is NOT the apache web server, but instead the OpenBSD web server
implementation.