rgoncalves.se ~~ ansible ======================== Peronal infrastructure, network mess and homelab. Every critical node such as routers and hypervisor are/will be powered by BSD systems. For now, the principal hypervisor is `bhyve` on FreeBSD, and the domain controller is a mix of `pf`, `relayd` and `wireguard` on OpenBSD latest. development guidelines ---------------------- - OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD instance first. Because we also need a fallback system, AlpineLinux is the next system to be targeted. technology stack ---------------- - domain controller : `httpd`, `relayd`, `pf` and `wireguard`. Checkout https://bsd.plumbing for the first two components. `acme-client` is also needed for providing https. Note: https is provided from the domain controller level. The traffic from the domain controller host and source host is http only, but secured via the wireguard tunnel. naming scheme ------------- - ws: workstation - dc: domain controller - st: stack server - sw: switch - rt: router - st[x][role][number]: virtual machine inventory --------- - dc0 : OPENBSD domain-controller wireguard server, znc - rt0 : DDWRT router - stack0 : FREEBSD hypervisor bhyve, nfs - st0dev0 : OPENBSD development git, cgit, gitdaemon, jenkins - st0cld0 : OPENBSD cloud nextcloud, miniflux, grafana, logstash - st0gme0 : ALPINE games minecraft, factorio, stationeers, - ST0SBX-0 : OPENBSD - ST0SBX-1 : ALPINE - ST0SBX-2 : 9FRONT userland -------- A subdirectory in `roles` for workstations setup. It targets development machine where these playbooks are launched. It currently supports bootstrapping for: - archlinux - openbsd - voidlinux (referred as `void` by ansible) It setups main user, development packages, power scripts, services, system wide configuration files. good to know ------------ In various roles, the term `httpd` is used. For this particular infrastructure, it is NOT the apache web server, but instead the OpenBSD web server implementation.