GregoryDosh
ec8ad4311a
All checks were successful
Update Version / Update Version (push) Successful in 7s
|
||
|---|---|---|
| .. | ||
| defaults | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| README.md | ||
Ansible Role auengun.homelab.common
This role includes a lot of common taks required to get physical and virtual (VM/LXC) hosts ready for use. Trusting the Homelab Certificate Authority, setting timezone & language, auto-renewing SSL certificates for Web & SSH traffic, and so on.
It's likely this role isn't something you'd run directly as it's highly tailored to this environment but it is here for inspiration and example use.
Installation
Read the Homelab Collection README.md for installation instructions.
Ansible Configuration
This Ansible role uses quite a few vars but only a few most used are below. See ./defaults/main.yml for everything.
Ansible vars: Name |
Description | Required | Default |
|---|---|---|---|
CERT_SAN |
An array of strings used for PKI SAN(s) certificates. | ❌ | [ "{{ inventory_hostname_short }}.auengun.net", "{{ inventory_hostname_short }}.virt.auengun.net" ] |
CERT_RENEWAL_RESTART_SYSTEMD_SERVICES |
After the ACME/SSH certificate is renewed, which systemd services to restart? | ❌ | ["sshd"] |
LXC_SSH_TUNEUP |
For some LXC containers the /var/run/sshd directory goes missing due to ssh.socket and ssh.service clashes. This disables ssh.socket while keeping ssh.service alive. |
❌ | false |
Examples
Additional SAN Principals for ACME/SSH Certificates
- ansible.builtin.include_role:
name: auengun.homelab.common
vars:
CERT_SAN:
- example.auengun.net
- example.subdomain.auengun.net