Skip to content

Mareo/infrastructure

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5,981 Commits
.gitlab/agents/kubernetes-agent
.gitlab/agents/kubernetes-agent
 
 
authentik
authentik
 
 
discord
discord
 
 
gitlab
gitlab
 
 
group_vars
group_vars
 
 
host_vars
host_vars
 
 
k8s
k8s
 
 
playbooks
playbooks
 
 
proxmox
proxmox
 
 
roles
roles
 
 
scripts
scripts
 
 
secrets
secrets
 
 
vault
vault
 
 
.ansible-lint
.ansible-lint
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.yamllint
.yamllint
 
 
LICENSE
LICENSE
 
 
README
README
 
 
TODO
TODO
 
 
ansible.cfg
ansible.cfg
 
 
config.yml
config.yml
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
hosts
hosts
 
 
kargo.nix
kargo.nix
 
 
pyproject.toml
pyproject.toml
 
 
renovate.json5
renovate.json5
 
 
requirements.yml
requirements.yml
 
 
uv.lock
uv.lock
 
 

Repository files navigation

# Operator setup

    $ uv sync
    $ uv run pre-commit install
    $ uv run ansible-galaxy install -r requirements.yml
    $ uv run ansible-playbook playbooks/main.yml -t secrets  # skip on first install

# Hypervisor setup

    $ uv run ansible-playbook -l proxmox playbooks/main.yml

## ACME configuration

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> ACME
* Create a new account
* Add a new challenge plugin:
    Plugin Id:       mikros
    DNS API:         nsupdate (RFC 2136)
    NSUPDATE_KEY:    /etc/nsupdate.key
    NSUPDATE_SERVER: mikros.mareo.fr
    NSUPDATE_ZONE:   mareo.fr
* Go to ouranos -> System -> Certificates
* Add a new certificate:
    Challenge type: DNS
    Plugin:         mikros
    Domain:         ouranos.mareo.fr
* Click "Order certificate now"

## CephFS setup

* Visit https://ouranos.mareo.fr:8006

* Go to ouranos -> Ceph -> CephFS
* Create a new metadata server
    Host:     ouranos
    Extra ID: None
* Create a new CephFS:
    Name:             cephfs
    Placement Groups: 64
    Add as Storage:   yes

## Terraform Token

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> Permissions -> API Tokens
* Create a new token:
    User:                 root@pam
    Token ID:             terraform
    Expire:               never
    Privilege separation: no
* Put the token in `secrets/proxmox_token`

## Pool

* Visit https://ouranos.mareo.fr:8006
* Go to Datacenter -> Permissions -> Pools
* Create a new pool:
    Name: ouranos

# Terraform setup

    $ uv run ./scripts/terraform-setup.sh

# VMs setup
    $ cd proxmox/
    $ terraform apply
    $ cd ..
    $ uv run ansible-playbook -l proxmox_vm playbooks/main.yml

# Vault setup
    $ cd vault/
    $ uv run ../scripts/vault-init.sh
    $ uv run ../scripts/vault-unseal.sh
    $ uv run ../scripts/vault-login-as-root.sh
    $ terraform apply

# Authentik setup
    $ cd authentik/
    $ terraform apply

# Discord setup
    $ cd discord/
    $ terraform init

# GitLab setup
    $ uv run scripts/gitlab-login-as-root.sh
    $ cd gitlab/
    $ terraform apply

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

12 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages