1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
rgoncalves.se ~~ ansible
========================
Peronal infrastructure, network mess and homelab. Every critical node such as
routers and hypervisor are/will be powered by BSD systems.
For now, the principal hypervisor is `bhyve` on FreeBSD, and the domain
controller is a mix of `pf`, `relayd` and `wireguard` on OpenBSD latest.
development guidelines
----------------------
- OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD
instance first. Because we also need a fallback system, AlpineLinux is the
next system to be targeted.
technology stack
----------------
- domain controller : `httpd`, `relayd`, `pf` and `wireguard`. Checkout
https://bsd.plumbing for the first two components. `acme-client` is also
needed for providing https.
Note: https is provided from the domain controller level. The traffic from
the domain controller host and source host is http only, but secured via
the wireguard tunnel.
naming scheme
-------------
- ws: workstation
- dc: domain controller
- st: stack server
- sw: switch
- rt: router
- st[x][role][number]: virtual machine
inventory
---------
- dc0 : OPENBSD domain-controller
- wireguard (exit-node)
- relayd
- pf
- znc
- rt0 : DDWRT router
- stack0 : FREEBSD hypervisor
- bhyve
- nfsd
- st0dev0 : OPENBSD development
- git
- cgit
- __gitdaemon__
- __jenkins__
- st0cld0 : OPENBSD cloud
- nextcloud
- miniflux
- __grafana__
- __logstash__
- st0gme0 : ALPINE games
- minecraft
- factorio
- stationeers
- ST0SBX-0 : OPENBSD
- ST0SBX-1 : ALPINE
- ST0SBX-2 : 9FRONT
userland
--------
A subdirectory in `roles` for workstations setup. It targets development
machine where these playbooks are launched.
It currently supports bootstrapping for:
- archlinux
- openbsd
- voidlinux (referred as `void` by ansible)
It setups main user, development packages, power scripts, services, system wide
configuration files.
good to know
------------
In various roles, the term `httpd` is used. For this particular infrastructure,
it is NOT the apache web server, but instead the OpenBSD web server
implementation.
|
