- Install ansible.
- Install playbook dependencies:
ansible-galaxy install -r requirements.yml
. - Get the Ansible Vault password and paste it into
.vault_pass
. - Read the Digital Ocean tutorial to get to know Ansible.
The following tutorials are used to prepare the servers.
- Initial Redan user - Cloud-init and manual
- Disk Encryption for dedicated machines with Hetzner and OVHCloud.
Run default stag environment:
ansible-playbook playbooks/jump_server.yml
Run prod environment. MAKE SURE YOU KNOW WHAT YOUR ARE DOING!
ansible-playbook playbooks/jump_server.yml -i environments/prod
The local environment is in gitignore and therefore not checked in on git. It is a environment that you can play around with as you wish. Just create a hosts.yml, add your servers and you are good to go.
Every environment has its own secrets file at environments/xxx/group_vars/all/secrets.yml.
You can only decrypt the secrets and therefore use the playbooks when you set the .vault_pass
file in the
project root and write the password in there. The password can be found on bitwarden.redan.ch.
Edit secrets (replace xxx):
ansible-vault edit environments/xxx/group_vars/all/secrets.yml
- Ubuntu 22.04
- Debian 11
Important: Do not use Ubuntu 20.04. SSH has a bug.