Giters

pezhore / yolonix

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Yolonix++ - Ansible managed YOLO Arch and Digital Ocean Wireguard VPN

This project contains the Ansible and Terraform code to manage a freshly installed Arch Linux laptop and a separate Digital Ocean droplet.

Requirements

  • YOLO laptop (i.e. Laptop that doesn't really matter and can get wiped at any time)
  • Digital Ocean account
  • Cloudflare account (optional, but helpful)
  • Hashicorp Vault (for storing sensitive data)
  • Access credentials/tokens in environment variables for Terraform and Ansible

Usage

  1. Run the main.tf Terraform file to create the Digital Ocean droplet/Cloudflare DNS record
  2. Run the wireguard_svc.yml playbook to configure the Wireguard VPN
  3. Install Arch on the YOLO laptop (encrypting the drives if desired), and install/configure SSH server
  4. Update the inventory.ini file with the IP address/username for the YOLO laptop
  5. Run the main.yml playbook (with --ask-become-pass if needed)
  6. ???
  7. Profit

Directory Structure

.
├── ansible                             # Ansible Code
│   ├── inventory.ini                   # Inventory file for yolonix and vpn
│   ├── wg_clients                      # Yolonix config folder
│   │   ├── main.yml                    # Playbook to configure Wireguard client and basic programs
│   │   └── templates
│   │       └── wg0_peers.conf.j2       # Template for Wireguard client config
│   ├── wg_server                       # VPN config folder
│   │   ├── templates
│   │   │   └── wg0_server.conf.j2      # Template for Wireguard server config
│   │   └── wireguard_svc.yml           # Playbook to configure Wireguard server
│   └── wg_server_vars.yml              # Variables for Wireguard server (generated by wg_server playbook)
├── config.yml                          # Project Config file (used by Terraform and Ansible)
├── main.tf                             # Terraform code to create Digital Ocean droplet
└── README.md                           # This file

Yolonix Deeper Dive

I have a Lenovo u430 touch - a 10 year old laptop for my YOLO laptop. It comes with a standard SATA drive (upgraded to Samsung SSD), but there's an undocumented m.2 SATA slot that fits a 2242 drive. I've installed Arch on both - encrypted with a 30+ char passphrase and a secondary decryption key based on a Yubikey challenge/response slot. One drive is for security conferences, the other is for travel usage.

Depending on which OS is booted, I wanted to be able to provision different software configuration. To help achieve this goal, I placed a flag file ~/.keyid with the contents either airport or conference to indicate which OS is booted. This file is used by the wg_clients main.yml playbook to determine what to do.

If you don't have a similar layout, feel free to make appropriate changes to main.yml.

Yolonix Installed Packages

  • Various Hashicorp packages (Vault, Terraform, Vagrant, etc)
  • Virtualization tools (podman, virtualbox)
  • Yubikey tools and helpers
  • Developer tools and libraries
  • Network tools, including VPN clients
  • Obsidian notes

About

Languages

Language:HCL 41.5%Language:Jinja 40.8%Language:Shell 17.7%