homelab/ansible-collection
0
0
Fork 0
Code Issues 1 Pull requests 1 Releases 159 Activity Actions
ansible-collection/roles/common/README.md
GregoryDosh b24a51083d
Some checks failed
Create Release / Create Release (push) Failing after 6s
Details
Update Version / Update Version (push) Successful in 6s
Details
ci: adjust ci to use more license information & sha for tracing
2024-12-10 20:40:44 -06:00

54 lines
3.6 KiB
Markdown
Raw Permalink Blame History

<!--
Ansible Roles for managing Auengun.net Infrastructure & Testing/Learning.
Source available at git.auengun.net/homelab/ansible-collection
Copyright (C) 2023 GregoryDosh
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
SPDX-License-Identifier: AGPL-3.0-or-later
SPDX-FileCopyrightText: 2023 GregoryDosh
-->
# Ansible Role `auengun.homelab.common`
This role includes a lot of common taks required to get physical and virtual (VM/LXC) hosts ready for use. Trusting the [Homelab Certificate Authority](https://git.auengun.net/homelab/host-ca), setting timezone & language, auto-renewing SSL certificates for Web & SSH traffic, and so on.
It's likely this role isn't something you'd run directly as it's highly tailored to this environment but it is here for inspiration and example use.
## Installation
Read the [Homelab Collection README.md](../../README.md) for installation instructions.
### Ansible Configuration
This Ansible role uses quite a few [`vars`](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html) but only a few most used are below. See [`./defaults/main.yml`](./defaults/main.yml) for everything.
| Ansible `vars:` Name | Description | Required | Default |
| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | ----------------------------------------------------------------------------------------------------- |
| `CERT_SAN` | An array of strings used for PKI SAN(s) certificates. | ❌ | `[ "{{ inventory_hostname_short }}.auengun.net", "{{ inventory_hostname_short }}.virt.auengun.net" ]` |
| `CERT_RENEWAL_RESTART_SYSTEMD_SERVICES` | After the ACME/SSH certificate is renewed, which systemd services to restart? | ❌ | `["sshd"]` |
| `LXC_SSH_TUNEUP` | For some LXC containers the `/var/run/sshd` directory goes missing due to `ssh.socket` and `ssh.service` clashes. This disables `ssh.socket` while keeping `ssh.service` alive. | ❌ | `false` |
## Examples
### Additional SAN Principals for ACME/SSH Certificates
```yaml
- ansible.builtin.include_role:
name: auengun.homelab.common
vars:
CERT_SAN:
- example.auengun.net
- example.subdomain.auengun.net
```
Reference in a new issue View git blame Copy permalink