2022-11-18 07:51:49 +00:00
|
|
|
# Free I.T. Athen's Infrastructure
|
|
|
|
|
This project is used to develop Ansible for deploying and maintaining websites
|
2022-11-19 10:02:28 +00:00
|
|
|
and services operated by Free I.T. Athens (FRITA).
|
2019-01-02 05:04:01 +00:00
|
|
|
|
2022-11-19 10:02:28 +00:00
|
|
|
- Requires GNU Make, Ansible, and Vagrant on the host
|
2019-01-02 05:04:01 +00:00
|
|
|
|
2022-11-18 07:51:49 +00:00
|
|
|
## Quick Start
|
|
|
|
|
1. Clone this project
|
2022-11-19 10:02:28 +00:00
|
|
|
2. Run `make` to provision a Debian 11 base box
|
|
|
|
|
3. Go to
|
|
|
|
|
- [Traefik Dashboard](https://traefik.local.freeitathens.org:8443/dashboard/#/)
|
|
|
|
|
- [WordPress](https://www.local.freeitathens.org)
|
2022-11-24 07:00:52 +00:00
|
|
|
- [Nextcloud](https://cloud.local.freeitathens.org)
|
2022-11-19 10:02:28 +00:00
|
|
|
4. Click through the HTTPS security warning
|
2019-01-02 05:04:01 +00:00
|
|
|
|
2022-11-20 01:58:07 +00:00
|
|
|
## Production
|
|
|
|
|
1. Clone [production-env](https://github.com/freeitathens/production-env/) to `./environments`
|
2022-11-20 10:06:20 +00:00
|
|
|
|
|
|
|
|
```
|
|
|
|
|
mkdir -p environments
|
|
|
|
|
git clone git@github.com:freeitathens/production-env.git ./environments
|
|
|
|
|
```
|
|
|
|
|
|
2022-11-20 01:58:07 +00:00
|
|
|
2. Run `./scripts/vault-key.sh` from the root of the project to obtain the Ansible Vault password
|
|
|
|
|
3. Enter the Bitwarden Master Password
|
|
|
|
|
4. Run `ansible-playbook` against the production servers, e.g.,
|
2022-11-20 10:06:20 +00:00
|
|
|
|
2022-11-20 01:58:07 +00:00
|
|
|
```
|
2023-10-04 00:45:15 +00:00
|
|
|
ansible-playbook -u root -i environments/production --vault-pass-file ./.ansible_vault webserver.yml --diff --check
|
2022-11-20 01:58:07 +00:00
|
|
|
```
|
2022-11-20 10:06:20 +00:00
|
|
|
|
2022-11-20 01:58:07 +00:00
|
|
|
5. Delete the `.ansible_vault` file when you are done
|
|
|
|
|
|
2022-11-25 05:57:02 +00:00
|
|
|
### Using Ansible Vault to add or rotate values
|
|
|
|
|
Do not submit ciphertext into Ansible Vault with the indention formatting.<br />
|
|
|
|
|
To submit, press `CTRL+d` twice.
|
|
|
|
|
|
|
|
|
|
- Decrypt Ansible Vault values
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
ansible-vault decrypt --vault-pass-file .ansible_vault
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- Encrypt new Ansible Vault values
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
ansible-vault encrypt --vault-pass-file .ansible_vault
|
|
|
|
|
```
|
2022-11-25 06:02:13 +00:00
|
|
|
- e.g., `pwgen -s 100 1 | ansible-vault encrypt --vault-pass-file .ansible_vault`
|
2022-11-25 05:57:02 +00:00
|
|
|
|
2019-01-02 05:04:01 +00:00
|
|
|
## Authors
|
2022-11-19 10:02:28 +00:00
|
|
|
* **Kris Lamoureux** - *Project Founder* - [@krislamo](https://github.com/krislamo)
|
2019-01-02 05:04:01 +00:00
|
|
|
|
|
|
|
|
## Copyrights and Licenses
|
2022-11-18 07:51:49 +00:00
|
|
|
Copyright (C) 2019, 2020, 2022 Free I.T. Athens
|
2019-01-02 05:04:01 +00:00
|
|
|
|
2022-11-18 07:51:49 +00:00
|
|
|
This program is free software: you can redistribute it and/or modify it under
|
|
|
|
|
the terms of the GNU General Public License as published by the Free Software
|
|
|
|
|
Foundation, version 3 of the License.
|
2019-01-02 05:04:01 +00:00
|
|
|
|
2022-11-18 07:51:49 +00:00
|
|
|
This program is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
|
|
|
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
2019-01-02 05:04:01 +00:00
|
|
|
|
2022-11-18 07:51:49 +00:00
|
|
|
You should have received a copy of the GNU General Public License along with
|
|
|
|
|
this program. If not, see <https://www.gnu.org/licenses/>.
|
