cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-05 20:03:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:master
Branches Tags
cwchristerw:master
..
compare: cwchristerw:cabe83288bb943ab1d17b3ac7436b329024af01e
Branches Tags
cwchristerw:master

1 Commits
master ... cabe83288b

Author SHA1 Message Date
Christer Warén
cabe83288b Fix typo in Yggdrasil configuration 2025-09-01 09:14:37 +03:00
9 changed files with 84 additions and 152 deletions
Expand all files Collapse all files

21
INSTRUCTIONS.md
View File

@@ -2,27 +2,6 @@
## PVJJK 1.VOS Niinisalo ## PVJJK 1.VOS Niinisalo
### Ylläpitäjän ohjeet ### Ylläpitäjän ohjeet
**Työaseman asennus**
1. Asenna Windows Subsystem for Linux vaihtoehtoisista järjestelmäominaisuuksista.
2. Käynnistä työasema uudelleen
3. Asenna Debian käyttöjärjestelmä
1. Avaa Powershell järjestelmänvalvojana
2. Suorita asennuskomento `wsl --install -d Debian`
3. Aseta käyttäjätunnukseksi `asentaja` ja salasanaksi sama kuin työaseman Windows käyttäjän salasana.
4. Vaihda isännän nimi
1. Lisää Network kohtaan tai luo Network kohta `echo "[network]" > /etc/wsl.conf`
2. Lisää isännän nimi `echo "hostname = argo.aito.tjas" > /etc/wsl.conf`
3. Lisää Hosts tiedoston generointi `echo "generateHosts = true" > /etc/wsl.conf`
5. Sulje ikkuna
4. Aseta Debian oletusarvoiseksi käyttöjärjestelmäksi ja käynnistä se uudelleen
1. Avaa Powershell järjestelmänvalvojana
2. Vaihda oletusarvoinen käyttöjärjestelmä `wsl --set-default Debian`
3. Käynnistä uudelleen käyttöjärjestelmä `wsl -t Debian`
4. Sulje ikkuna
6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
7. Asenna curl-paketti käyttämällä APT-paketinhallintaa `sudo apt update && sudo apt install curl`
8. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
**Palvelimen asennus** **Palvelimen asennus**
1. Asenna Debian-käyttöjärjestelmä 1. Asenna Debian-käyttöjärjestelmä
2. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl` 2. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl`

1
files/yggdrasil/config.conf
View File

@@ -14,6 +14,7 @@
#{{ peer.name }} #{{ peer.name }}
"{{ peer.address }}"{% if not loop.last %},{% endif %} "{{ peer.address }}"{% if not loop.last %},{% endif %}
{% endif %} {% endif %}
{% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}

61
init.sh
View File

@@ -4,74 +4,63 @@ if [ ! "$BASH_VERSION" ] ; then
exit 1 exit 1
fi fi
underline=`tput smul`
nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
ti-header(){ ti-header(){
echo ${bold}$1${normal} echo $(tput bold)$1$(tput sgr0)
} }
echo "${bold}"
echo " echo "
.-') _ ('-. .-') ==============================
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_) PVJJK 1.VOS TJAS - Infra
|'--...__) .-')| ,| | \-. \ / _ | Init Script
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.) ------------------------------
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
" "
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
INIT SCRIPT
"
echo -n "${normal}"
stop () { stop () {
echo "
==============================
"
exit 1 exit 1
} }
ti-header "Haetaan pakettien tiedot..." ti-header "Haetaan pakettien tiedot..."
sudo apt update apt update
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..." ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..."
sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n" echo -e "\n\n"
mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null mkdir -p /root/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]] if [[ ! -f /root/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
then then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..." ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn) ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..." ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
python3 -m venv $HOME/.venv/ansible python3 -m venv /root/.venv/ansible
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansiblen riippuvuudet..." ti-header "Asennetaan Ansiblen riippuvuudet..."
$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect /root/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansible..." ti-header "Asennetaan Ansible..."
$HOME/.venv/ansible/bin/pip3 install ansible /root/.venv/ansible/bin/pip3 install ansible
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansible kokoelmat..." ti-header "Asennetaan Ansible kokoelmat..."
$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade /root/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
echo -e "\n\n" echo -e "\n\n"
ti-header "Lisää SSH-avain Infra-repon käyttöön..." ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub cat /root/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]" echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]] while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -80,8 +69,8 @@ do
done done
echo -e "\n\n" echo -e "\n\n"
mkdir -p $HOME/.ansible/vault &> /dev/null mkdir -p /root/.ansible/vault &> /dev/null
if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]] if [[ ! -f /root/.ansible/vault/pvjjk-1vos-niinisalo ]]
then then
ti-header "Syötä Ansible Vaultin salasana..." ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: " echo -n "Salasana: "
@@ -91,14 +80,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]] if [[ ! -z $VAULT_PASSWORD ]]
then then
echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-niinisalo
fi fi
done done
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Suoritetaan Infran asennus..." ti-header "Suoritetaan Infran asennus..."
$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer /root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
echo -e "\n\n" echo -e "\n\n"
echo " echo "

10
inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo
View File

@@ -1,6 +1,6 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo $ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30383633646132396336336135366264386137643166376336666261316465346632353333616361 35323232396533626563393062376434363734626535356339376137346336383837306231323764
3134623361333633653666313035633536396662613234320a386239373636623061383331663438 3436303332323432393833653133383732343662646563620a626139323064393265663932306534
64366431613763376239613036633365346266643163396331653237313662346231623731373530 62353538313636313433383561326130313634663837356233393833363934313565386339383262
6630653939373762380a363939383862623336666361303032653431356139383766663331656335 3861333963316362390a333833366133333734393636343237336465366535303563393363626530
3438 3134

6
inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas
View File

@@ -1,6 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
37353031396164353032396635313539613734613432323435383137303835383439663439363337
6230323066313361383061633932616230363465326239640a333739323064653263336337633639
64343833623362323734363239653866383037313331613738653133636364623237326637313232
3462636261386230380a313634313965343733616137663532623965393835306562633635633831
3166

95
inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas
View File

@@ -1,51 +1,46 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo $ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30386163316331336461633036653363613064366361653938616138353736366463643664393933 38616439366630313466616136336162626137383265363162653261346531646663373330363362
6533383232616130626431353164663738346630616465300a393062663634356566656562646137 6665666534356566303531373634393435346537323838310a333938393936353839363464326633
36623535313932316262663064366535616565386436653761336463323163646439656563303262 66383063636133653961626664633065643739613963633736326634303737643066623237313235
6531373030393264310a623933386234306532643664363335386231626664643531656433323731 6433663837353231360a333235383830623066663936393930373435306366623938616231613736
30373237626531336431343965313239616339356162383262313363363262613463303236643734 66333336623539333232353331633462336561336463376236393566633338313437313031653637
62303636646232383235316137393634626235386662616339343231626661376331396138343361 64663731613365373034386566623264343531636261336533613930313332633234383665386336
31663630306431653532666463326536636365663163663162643136366363333638333930373234 34373834303138343839626232613038353138623331643162623061633239613630323635633065
36306166366533636562363063336436333465393231316363343864373335646437373561353538 61343063656165333339363664303738343263333438383638643132633562366339323762303836
31613162643664633435363831326230373635313165633566323135303263323034636265393163 35373434653666333662303639636439663435623963373364626137616363613365323539663732
62373234613334393261356464643262616132343963383165303534346335373634396161383532 66306463633166313564383861313033386539383939346535613262653034366262336235366231
31623330373935613866336135323038343030353865373863633562303134613662353762376134 35343036653031363931663734643836613666336261376165326464663738643632656463663262
61653035313965316134666534366435663333386235636266376164663731646365626135613166 66653534613334343134393761613863613961666332303730346265633130633231333730303334
39333934653563623966366466613436313635313537363337386133356433356336303938333366 62316338346661333135616534613338613037393832666664323931666532633734343963393463
66653735636462383666396332656333666234333435333062356338383034656637323438316134 65353838333766326463333562613665633364363238663637313438386264636536356533656535
62386136663962336232623663666438333931376561303964636563306664313134373338303339 38633065626561356565303231393138333066393236353762616561336562303738303866363261
32313635643136396365383834343438633463366262366330653034333332653038356331346566 35383762613962613433356665663835363333343964643033616330613464306263336437386334
30336164393136383434646636376239656162643734643735306436303961326565346566333461 38646234623630393034633138303137663433626232326339333433353338613132376134356437
33383861356537656262646131386134303165636632343134383264353466316633663732396334 61373566646437643639356536386631636333323235643430336437646235356361633662663839
33373664633239396234366534636365346631643063373836666233626565626234363433313866 66343135626631386465336132336363373062343062313537626438356139303531333634633066
31663464346264393731623364373035616134376430333764383836353132386339636537326637 33363162656436323236313034316466353835656638633830343563653338636238653733353036
36366662333336373633653330353939396239623037653862393932373932353834373339373934 62633632646433396664313762303538303933643030323734396634333537363762313765613661
61663338666164663235653337336238626462653336313532643131383638336535376232303465 66626261333465356537303631313030366264333262626331303431663434326435373834643232
64363530393065383639663731383036613338343436313937663162643434323835353363653738 61393433316633656337303332323434333936356639396432313362633566346136623665336438
62613139343934656135313832323532623263653038353166313531643036303538613436323664 63633839656264623435383231626134373930663964353363316232613330643061616236313662
33356434623633643462326564383263323833376165366536633264656366353137316265653534 30366136376638636234633836333639656165626536326339323962383933396130333636353536
36656561353634626330636363636133356265306336623737643961663061343630383330386538 31366136363931333865663635643563313336343530373866616333633131356163343166653963
63636434303066646261636338323563373663323835386563393539616663636139356536393462 61643263653033336431626266663832643661343464363439313437376131653864313963616634
37363766356138616232333162666562333261626661646538613862306264336636396562313665 65653035316166396437643733303035393131633731623636313733346630653438633137353439
35373266366134623263663363376630343263623335666663396438663238636534393130623134 39303235613936333336653332623132643736333231353831393765396337303635633932386666
36653465383763646563386361636530393366323538336532393661306362346333353661303334 32623266326130323234626134613036363632613437333562656536363330323464373461623266
32633966303964383861653365626332316135373731393935313262383164346233353765396561 64383039666134623237313334643036636330313936366332623863633266393366376239333335
33323864306336353732623937386235646366663764653965633764643864366331666262386639 66636330356238333737303330373065643936386237323039373432663862373661633338316136
66326335326562646630346435663533313335373034663565333839323961383366643263356133 62646265383336373134646161343164303336633239316339666361383631336533643465303166
64303030366263356231343530343566623935306431653866613165393633643835653330666436 61393164333966363630383339656665613831613332343066636261313238343265383831366430
38663535373666333763386436646337656133303262396237663931323864336630646466306462 39616263386165636663336233373036366532343966343063623861393766353636306261326234
65656536336533343065316637613034626333343837616363376263636635363866383638393234 65643138333666643161666239653263393939336665353266343234346135633934333237323563
39373030663230383865396131363638376537363362666439636235626461303930396464313532 62613432336331313934346466326164313237626462356665303131386663383662323130636165
63306136613265636438333764646465306565333435666233656534656538646465636263363433 35313463396538323936623462303230643531313464333232303231343535383062646434636236
37356131353530363665336564386264616235613564363065356234336537363561313666653637 38336162323838333163653664613961316563663138656136616461333033346230316562646531
35336638623730633735643465316164323739316636353762653965633831626561313532626139 66383839333831633463386233353734346565353035653563353039663136336165333661326138
62303933376637376334666362306133383035376561333361326338663762363230303533363632 61646661396331653965346233313931346139366163613866383963346338386435363163326232
62383539626263363636636164366139306666333165636130323765643532363338656261396135 65633534643035393466323764313664323338376436303733653130363534383330373035306662
36336664656335383561643637383066653531303236323765356666343765616134343036313538 37643839373461343764393838373366313738366137386230623433333232323866393032393164
34623935616531323536383565313238333564613635343332303238626534613337353430303864 35613366363733333762343937363531636266343966323936636665656435323634343131353232
30383131346163636335363563656465316263316439646530663665386636393261386536306265 39613132366265383231653464363065366461656133313364316532323330313164
34656230643662653665383730396335646562306161663233353835666131633730663237336434
62643631653738633638366133396364623837343138613765616362633262333333646639396637
36386533386439623866346335376164336439366133643266663938643333383836346538636536
35376335306435616236323163616163656366366630656535393233643966313166346530383365
3630646439643335393964313862363134396566636661643666

1
inventories/pvjjk-1vos-niinisalo/hosts.yml
View File

@@ -1,7 +1,6 @@
--- ---
pvjjk_1vos_niinisalo: pvjjk_1vos_niinisalo:
hosts: hosts:
argo.aito.tjas:
olympus.juva.tjas: olympus.juva.tjas:
vars: vars:
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3

35
protect.sh
View File

@@ -5,35 +5,21 @@ nounderline=`tput rmul`
bold=$(tput bold) bold=$(tput bold)
normal=$(tput sgr0) normal=$(tput sgr0)
echo "${bold}" echo "${bold}PVJJK 1.VOS Niinisalo / TJAS Infra / Protect${normal}"
echo "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
PROTECT SCRIPT
"
echo -n "${normal}"
action=$1 action=$1
encrypt() { encrypt() {
echo "${underline}Encrypting...${nounderline}"
execute "ansible-vault encrypt --vault-id $1@vault/$1" $1 execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
} }
decrypt() { decrypt() {
echo "${underline}Decrypting...${nounderline}"
execute "ansible-vault decrypt --vault-id $1@vault/$1" $1 execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
} }
list() { list() {
echo "${underline}Listing...${nounderline}"
i=0 i=0
for file in inventories/$1/group_vars/* inventories/$1/host_vars/*; for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
do do
@@ -55,23 +41,18 @@ for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
case $action in case $action in
encrypt) encrypt)
echo "${underline}Encrypting...${nounderline}"
encrypt pvjjk-1vos-niinisalo encrypt pvjjk-1vos-niinisalo
;; ;;
decrypt) decrypt)
echo "${underline}Decrypting...${nounderline}"
decrypt pvjjk-1vos-niinisalo decrypt pvjjk-1vos-niinisalo
;; ;;
list) list)
echo "${underline}Listing...${nounderline}"
list pvjjk-1vos-niinisalo list pvjjk-1vos-niinisalo
;; ;;
help)
echo "encrypt, decrypt, list"
;;
*) *)
echo "${underline}HELP${nounderline}" echo "..."
echo "encrypt - Encrypt Files"
echo "decrypt - Decrypt Files"
echo "list - List Files"
;; ;;
esac esac
echo -e "\n\n\n"

6
tasks.yml
View File

@@ -10,8 +10,6 @@
import_tasks: tasks/installer.yml import_tasks: tasks/installer.yml
vars: vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3" ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags: tags:
- installer - installer
- never - never
@@ -20,8 +18,6 @@
import_tasks: tasks/maintenance.yml import_tasks: tasks/maintenance.yml
vars: vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3" ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags: tags:
- maintenance - maintenance
- never - never
@@ -30,8 +26,6 @@
import_tasks: tasks/deployer.yml import_tasks: tasks/deployer.yml
vars: vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3" ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags: tags:
- deployer - deployer
- never - never