jeet/kube_build
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
madereddy
2023-12-12 15:03:36 -05:00
parent 25854076bd
commit 2b60153e0f
3 changed files with 23 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+23 -15
View File
@@ -1,18 +1,18 @@
# Simplifying Homelab Management: Automate with Ansible
# Simplifying OCI Buildout: Automated with Ansible
This repo serves to work with my blog post on using Ansible to automate your homelab. Instructions to use are as follows and the blog post is below
### NOTE: This was built against an ubuntu install. RHEL9 doesn't officially support docker so the docker install playbook currently doesn't work on RHEL machines
This repo serves to build out or restore the currently running OCI instance.
### Pre Requisites
- You must have an OCI instance spun up and accessible
- You must have the target machines setup and have ssh key based authentication setup. If you don't have that completed yet you can follow along with the blog post below.
- You must have ansible installed on your local machine. You do not need Ansible installed on the target hosts.
### To Use These Playbooks
Simply clone this repository and follow the blog post below to get started
Simply clone this repository and follow the readme below.
### File structure:
@@ -21,6 +21,10 @@ Simply clone this repository and follow the blog post below to get started
├── inventory.yml
└── playbooks
├── vault
├── caddy
└── Caddyfile
├── compose
└── docker-compose.yml
└── restic
└── restic.yml
├── docker_status.yml
@@ -39,21 +43,29 @@ Simply clone this repository and follow the blog post below to get started
#### ansible.cfg
This is the ansible configuration file. It tells ansible basic information about where to find certain files and how to run
#### inventory.yml
This file contains the inventory for all of our hosts and information about those hosts. We will go into detail later.
This file contains the inventory for all of our hosts and information about those hosts.
#### playbooks
This directory contains all of our plalybooks, which we will touch on later in the blog post when we get to them.
#### vault
This contains encrypted files and variables to be used with the playbooks.
## Introduction
Welcome back to our Homelab posts! Today, we're venturing into the realm of automation with Ansible. Ansible is an open-source automation tool that makes it easier to configure and manage computers and servers. It uses a simple, human-readable language to automate the setup and management of your systems, eliminating repetitive tasks and ensuring consistency across your environment. Whether you're managing a few machines or a large-scale network, Ansible's versatility allows for efficient scaling and control, making it an indispensable tool in any homelab setup.
This repo has been built to jump start or rebuild my remote homelab. It contains the following containers
In this post, we dive into Ansible to simplify and streamline your homelab operations. We'll begin by discussing the basics of setting up SSH key-based authentication and creating an Ansible inventory file. From there, we'll progress through various playbooks, covering everything from OS family discovery to Docker container management. By automating these essential tasks, your homelab will become more efficient, secure, and easier to maintain.
Vaultwarden
Caddy
UptimeKuma
Syncthing
Watchtower
Cloudflare-ddns
Webhook
To get started, clone the github repo that goes along with this post:
`git clone http://192.168.1.157:3000/jeet/OCI_Build.git`
`cd ansible-homelab`
`cd OCI_Build`
## Section 1: Setting Up SSH Key-Based Authentication
@@ -89,7 +101,7 @@ If you have hosts already running docker, you will want to add them to the `inve
If you don't have any hosts running docker, pick a host that you just ran the fresh install script on and add it to the `Docker` group in your `inventory.yml`. Then execute the `deploy` playbook which will stand up your first Docker container.
`ansible-playbook playbooks/deploy.yml`
`ansible-playbook playbooks/deploy.yml --ask-vault-pass`
You can now run `docker_status.yml` against your docker hosts to check the status of your containers. This playbook will return all green if your containers are all good, and it will fail if any container is in status "exited"
@@ -119,8 +131,4 @@ To update your containers this playbook brings your containers down, deletes the
**YOU MUST HAVE PERSISTANT STORAGE SETUP! IF YOU DON'T THEN THIS PLAYBOOK WILL <u>DELETE ALL OF YOUR DATA FROM YOUR CONTAINERS**</u> - consider yourself warned.
`ansible-playbook playbooks/docker_update_containers.yml`
## Conclusion:
Throughout this post, we've explored a series of Ansible playbooks designed to automate various aspects of your homelab. From initial setup with SSH key-based authentication and inventory creation to managing and updating Docker containers, these playbooks are the building blocks for a highly efficient homelab environment. Remember, Ansible's flexibility allows you to expand and customize these automations to suit your specific needs. Dive in, experiment, and watch your homelab thrive with the power of automation!
`ansible-playbook playbooks/docker_update_containers.yml`
docker/caddy/Caddyfile
-90
View File
@@ -1,90 +0,0 @@
{
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
#servers {
# trusted_proxies cloudflare {
# interval 12h
# timeout 15s
# }
# client_ip_headers Cf-Connecting-Ip
#}
}
outsideuptimedev.madereddy.com {
reverse_proxy uptime:3001
}
oracledev.madereddy.com {
log {
level INFO
output file "/data/oracleaccess.log" {
roll_size 10MB
roll_keep 10
}
}
reverse_proxy syncthing:8384 {
transport http {
tls_insecure_skip_verify
}
}
route /hook* {
rewrite /hook/ /
reverse_proxy webhook:8080
}
}
bitwardenhome.madereddy.com {
log {
level INFO
output file "/data/access.log" {
roll_size 10MB
roll_keep 10
}
}
# Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL).
#tls {
# dns cloudflare "KOVqE-q6TxjLRofG1rDVRR3KoI0SLVxLyA8QefHZ"
#}
# Or uncomment this if you're providing your own cert. You would also use this option
# if you're running behind Cloudflare.
# tls {$SSL_CERT_PATH} {$SSL_KEY_PATH}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Uncomment to improve security (WARNING: only use if you understand the implications!)
# header {
# # Enable HTTP Strict Transport Security (HSTS)
# Strict-Transport-Security "max-age=31536000;"
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
# X-XSS-Protection "1; mode=block"
# # Disallow the site to be rendered within a frame (clickjacking protection)
# X-Frame-Options "DENY"
# # Prevent search engines from indexing (optional)
# X-Robots-Tag "none"
# # Server name removing
# -Server
# }
# Uncomment to allow access to the admin interface only from local networks
# @insecureadmin {
# not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
# path /admin*
# }
# redir @insecureadmin /
# Proxy everything else to Rocket
reverse_proxy bitwarden:8080 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {http.request.header.CF-Connecting-IP}
}
}
foundrydev.madereddy.com {
reverse_proxy foundry-dr:30000
}
docker/docker-compose.yaml
-92
View File
@@ -1,92 +0,0 @@
version: "3"
volumes:
vw-logs:
f2b-data:
services:
uptime-kuma:
image: louislam/uptime-kuma:latest
container_name: uptime
restart: unless-stopped
ports:
- "3001:3001"
volumes:
- ./uptime:/app/data
caddy:
image: caddy:latest
container_name: caddy
cap_add:
- NET_ADMIN
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy:/config
- ./caddy:/data
restart: unless-stopped
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_SCHEDULE= 0 0 4 * * * #At 04:00 AM, only on Friday Change to suit
restart: unless-stopped
vaultwarden:
image: vaultwarden/server:latest
container_name: bitwarden
environment:
- SIGNUPS_ALLOWED=false #use true if needing to create account
- DOMAIN=https://bitwarden.madereddy.com
- "YUBICO_CLIENT_ID=47188"
- "YUBICO_SECRET_KEY=VBO1BoGv47JwFudR4SaiwZ9gwG4="
- LOG_FILE=/data/vaultwarden.log
- ROCKET_PORT=8080
- PUSH_ENABLED=true
- "PUSH_INSTALLATION_ID=caf6a736-022d-442e-a37b-b06f0125aa9c"
- "PUSH_INSTALLATION_KEY=A20fZMOjId4OENWSvyEw"
- "ADMIN_TOKEN=8qwvHlTb1nC2KmTwYFfgfTvRdJF0CWL3x5eCpIksMCmQ9mVHEeYdbpeQo53a2lkC"
volumes:
- ./bitwarden:/data
- vw-logs:/var/log/vw-logs
restart: unless-stopped
cloudflare-ddns:
image: timothyjmiller/cloudflare-ddns:latest
container_name: cloudflare-ddns
security_opt:
- no-new-privileges:true
environment:
- PUID=1001
- PGID=1001
volumes:
- ./ddns/config.json:/config.json
restart: unless-stopped
syncthing:
image: lscr.io/linuxserver/syncthing:latest
container_name: syncthing
environment:
- PUID=1001
- PGID=1001
- TZ=Etc/UTC
volumes:
- ./syncthing/config:/config
- ./:/data1
ports:
- 8384:8384
- 22000:22000/tcp
- 22000:22000/udp
- 21027:21027/udp
restart: unless-stopped
webhook:
image: ncarlier/webhookd:edge-distrib
container_name: webhook
user: 1001:999
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./webhook:/scripts/hook
ports:
- 8080:8080
environment:
- WHD_HOOK_TIMEOUT=600
restart: unless-stopped