aboutsummaryrefslogblamecommitdiffstats
path: root/README
blob: 5bed9421a0c45c3aa6e9d1e320032b519f2cb8a0 (plain) (tree) 
6757966



c7a1a46







159f7c2


















6757966



35f8bba

6757966




c7a1a46

6757966





dc511c3

d4baac2




dc511c3




d4baac2


dc511c3


d4baac2




dc511c3


d4baac2




dc511c3


d4baac2



dc511c3




c7a1a46

5381598













c7a1a46







1
2
3

4
5
6
7
8
9
10

11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

29
30
31

32

33
34
35
36

37

38
39
40
41
42

43

44
45
46
47

48
49
50
51

52
53

54
55

56
57
58
59

60
61

62
63
64
65

66
67

68
69
70

71
72
73
74

75

76
77
78
79
80
81
82
83
84
85
86
87
88

89
90
91
92
93
94
95



                        






                                                                             

















                                                                               


             
                  



                        
                                       




         
                                 



                               



                             

               

                               



                       

                         



                      

                        


                     



                    
 












                                                                               






                                                                               
rgoncalves.se ~~ ansible
========================

Peronal infrastructure, network mess and homelab. Every critical node such as
routers and hypervisor are/will be powered by BSD systems.

For now, the principal hypervisor is `bhyve` on FreeBSD, and the domain
controller is a mix of `pf`, `relayd` and `wireguard` on OpenBSD latest.


development guidelines
----------------------

- OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD
  instance first. Because we also need a fallback system, AlpineLinux is the
  next system to be targeted.


technology stack
----------------

- domain controller : `httpd`, `relayd`, `pf` and `wireguard`. Checkout
  https://bsd.plumbing for the first two components. `acme-client` is also
  needed for providing https.
  Note: https is provided from the domain controller level. The traffic from
  the domain controller host and source host is http only, but secured via
  the wireguard tunnel.

naming scheme
-------------

- ws:  workstation
- dc:  domain controller
- st:  stack server
- sw:  switch
- rt:  router
- st[x][role][number]:  virtual machine


inventory
---------

- dc0 : OPENBSD domain-controller
	- wireguard (exit-node)
	- relayd
	- pf
	- znc

- rt0 : DDWRT router

- stack0 : FREEBSD hypervisor
	- bhyve
	- nfsd

- st0dev0 : OPENBSD development
	- git
	- cgit
	- __gitdaemon__
	- __jenkins__

- st0cld0 : OPENBSD cloud
	- nextcloud
	- miniflux
	- __grafana__
	- __logstash__

- st0gme0 : ALPINE games
	- minecraft
	- factorio
	- stationeers

- ST0SBX-0 : OPENBSD
- ST0SBX-1 : ALPINE
- ST0SBX-2 : 9FRONT

userland
--------

A subdirectory in `roles` for workstations setup. It targets development
machine where these playbooks are launched.
It currently supports bootstrapping for:

- archlinux
- openbsd
- voidlinux (referred as `void` by ansible)

It setups main user, development packages, power scripts, services, system wide
configuration files.
 
good to know
------------

In various roles, the term `httpd` is used. For this particular infrastructure,
it is NOT the apache web server, but instead the OpenBSD web server
implementation.
remember that computers suck.