1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
rgoncalves.se ~~ ansible
========================
Peronal infrastructure, network mess and homelab. Every critical node such as
routers and hypervisor are/will be powered by BSD systems.
For now, the principal hypervisor is `bhyve` on FreeBSD, and the domain
controller is a mix of `pf`, `relayd` and `wireguard` on OpenBSD latest.
development guidelines
----------------------
- OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD
instance first. Because we also need a fallback system, AlpineLinux is the
next system to be targeted.
technology stack
----------------
- domain controller : `httpd`, `relayd`, `pf` and `wireguard`. Checkout
https://bsd.plumbing for the first two components. `acme-client` is also
needed for providing https.
Note: https is provided from the domain controller level. The traffic from
the domain controller host and source host is http only, but secured via
the wireguard tunnel.
naming scheme
-------------
- ws: workstation
- dc: domain controller
- st: stack server
- sw: switch
- rt: router
- st[x][role][number]: virtual machine
inventory
---------
- DC0 : domain controller (OPENBSD)
- RT0 : local router (DDWRT)
- STACK0 : freebed hypervisor, test (FREEBSD)
- ST0DEV-0 : git, cgit, gitdaemon, jenkins (OPENBSD)
- ST0CLD-0 : nextcloud, grafana, logstash (OPENBSD)
- ST0GME-0 : minecraft, (OPENBSD)
- ST0GME-1 : stationeers, ksplmp, factorio (ALPINE)
- ST0SBX-0 : sandbox server (OPENBSD)
- ST0SBX-1 : sandbox server (ALPINE)
- ST0SBX-2 : sandbox server (CENTOS/ROCKYLINUX?)
good to know
------------
In various roles, the term `httpd` is used. For this particular infrastructure,
it is NOT the apache web server, but instead the OpenBSD web server
implementation.
|
