opnxng
/
vps-set-up-playbook
mirror of https://git.opnxng.com/opnxng/vps-set-up-playbook.git
1
0
Fork 0
Code

Updated README.md and inventory

This commit is contained in:
Opnxng 2023-11-11 05:36:40 +08:00
parent 894613d795
commit a4c15380fa
3 changed files with 40 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
README.md
View File

@ -1,16 +1,42 @@
# Ansible playbook to set up VPSs
An Ansible playbook to set up VPSs (for Opnxng). It applies to Debian-based servers in any arch.
An Ansible playbook to set up VPSs (for Opnxng). It applies to Debian-based servers in any architecture.
## Oracle Cloud
## Before running
To install Debian on Oracle Cloud, refer to [this documentation](ORACLECLOUD.md)
To install Debian on Oracle Cloud, refer to [this documentation](ORACLECLOUD.md).
On a fresh Debian system, replace the default `debian` user:
```
# Give root account a password
sudo passwd root
# Configurate SSHD to temporarily allow root login with password
sudo nano /etc/ssh/sshd_config.d/sshd.conf
# Login as root, add new user and delete debian user
su root
sudo groupmod -n [user] debian
sudo usermod -l [user] debian
sudo usermod -d /home/[user] -m [user]
sudo passwd [user]
sudo userdel debian
sudo rm -r /home/debian
# Switched [user]
su [user]
sudo passwd -dl root
# Configurate SSHD again to allow [user] login and to set a custom port
sudo nano /etc/ssh/sshd_config.d/sshd.conf
```
## Configurations
You can modify the [packages to be installed](set-up.yml) and the [UFW rules](roles/ufw/tasks/main.yml).
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](/opnxng/opnxng-set-up-playbook).
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml).
## Contact
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.

21
production → staging
View File

@ -2,47 +2,28 @@ oracle:
hosts:
oracle1:
ansible_host: [REDACTED]
wireguard_ip: 10.123.0.1
oracle2:
ansible_host: [REDACTED]
wireguard_ip: 10.123.0.2
oracle3:
ansible_host: [REDACTED]
wireguard_ip: 10.123.0.3
oracle4:
ansible_host: [REDACTED]
wireguard_ip: 10.123.0.4
vars:
ansible_ssh_private_key_file: [REDACTED]
ansible_user: [REDACTED]
ansible_ssh_port: [REDACTED]
pipelining: true
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
ansible_python_interpreter: /usr/bin/python3
TZ: Asia/Singapore
wireguard_mask_bits: 24
wireguard_port: [REDACTED]
# ----------------------------------------------------------------------------------------------------
cloudcompute:
hosts:
vultr:
ansible_host: [REDACTED]
wireguard_ip: 10.123.0.5
vars:
ansible_ssh_private_key_file: [REDACTED]
ansible_user: [REDACTED]
ansible_ssh_port: [REDACTED]
pipelining: true
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
ansible_python_interpreter: /usr/bin/python3
TZ: Asia/Singapore
wireguard_mask_bits: 24
wireguard_port: [REDACTED]
TZ: Asia/Singapore

9
vars/secrets.example.yml Normal file
View File

@ -0,0 +1,9 @@
user:
ssh_port:
docker_dir:
oracle_ipv4_cidr_block:
wireguard_mesh_subnet:
wireguard_mesh_control_host:
wireguard_port: