infra/README.md

# BIJ1 ansible infrastructure

## usage

### Prerequisites

- [git-crypt](https://www.agwa.name/projects/git-crypt/)
- [Python](https://python.org/) 3
- [Poetry](https://python-poetry.org/)
- target servers: best tested with Debian GNU/Linux 11 (bullseye)

### Install packages

```bash
poetry install
```

### Secrets

To unlock secrets when you want to use this repo:

```bash
git crypt unlock
```

To lock them again after you finish:

```bash
git crypt lock
```

### Bootstapping servers

Add any hosts to bootstap to the `ansible/inventory/hosts` file.

Then, to bootstrap the server `$HOST_NAME` run:

```bash
poetry run debops run bootstrap -l $HOST_NAME -e 'ansible_user=root netbase__hostname_config_enabled=false'
poetry run debops run common -l $HOST_NAME -e 'netbase__hostname_config_enabled=false'
```

After bootstrapping, you can run:

```bash
poetry run debops run common -l $HOST_NAME
poetry run debops run net -l $HOST_NAME
poetry run debops run site -l $HOST_NAME
```

If you'd like to rerun a single service,
e.g. `python` for a log mention of `debops.debops.python`,
run:

```bash
poetry run debops run service/$SERVICE -l $HOST_NAME
```

To get the node on the internal network, on the node in question run:

```bash
sudo rm -rf /etc/network/interfaces.d/old-interfaces
sudo cp /etc/network/interfaces.config.d/* /etc/network/interfaces.d/
sudo reboot
```

## scope

Ansible - debops wordt nu gebruikt voor het regelen van o.a.:

- message of the day (`motd`) die je in de terminal ziet bij het inloggen
- server root wachtwoorden
- firewall gaten
- package updates

nog niet de gehele setups zijn reproducible.
wat ook nog handmatig kan:

- packages installeren
- user accounts
- sudo rechten
- ssh keys