lots of stuff man
This commit is contained in:
parent
3b88e6c5e8
commit
c8754e1bdc
GPG key ID:
883EDBAA726BD96C
43 changed files with 7310 additions and 121 deletions
140
scripts/README.md
Normal file
140
scripts/README.md
Normal file
|
|
@ -0,0 +1,140 @@
|
|||
# Infrastructure Setup Scripts
|
||||
|
||||
This directory contains automated setup scripts for each layer of the infrastructure.
|
||||
|
||||
## Overview
|
||||
|
||||
Each script handles a complete layer of the infrastructure setup:
|
||||
- Prompts for required variables
|
||||
- Validates prerequisites
|
||||
- Creates configuration files
|
||||
- Executes playbooks
|
||||
- Verifies completion
|
||||
|
||||
## Usage
|
||||
|
||||
Run scripts in order, completing one layer before moving to the next:
|
||||
|
||||
### Layer 0: Foundation Setup
|
||||
```bash
|
||||
./scripts/setup_layer_0.sh
|
||||
```
|
||||
Sets up Ansible control node on your laptop.
|
||||
|
||||
### Layer 1A: VPS Basic Setup
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
./scripts/setup_layer_1a_vps.sh
|
||||
```
|
||||
Configures users, SSH, firewall, and fail2ban on VPS machines (vipy, watchtower, spacey).
|
||||
**Runs independently** - no Nodito required.
|
||||
|
||||
### Layer 1B: Nodito (Proxmox) Setup
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
./scripts/setup_layer_1b_nodito.sh
|
||||
```
|
||||
Configures Nodito Proxmox server: bootstrap, community repos, optional ZFS.
|
||||
**Runs independently** - no VPS required.
|
||||
|
||||
### Layer 2: General Infrastructure Tools
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
./scripts/setup_layer_2.sh
|
||||
```
|
||||
Installs rsync and docker on hosts that need them.
|
||||
- **rsync:** For backup operations (vipy, watchtower, lapy recommended)
|
||||
- **docker:** For containerized services (vipy, watchtower recommended)
|
||||
- Interactive: Choose which hosts get which tools
|
||||
|
||||
### Layer 3: Reverse Proxy (Caddy)
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
./scripts/setup_layer_3_caddy.sh
|
||||
```
|
||||
Deploys Caddy reverse proxy on VPS machines (vipy, watchtower, spacey).
|
||||
- **Critical:** All web services depend on Caddy
|
||||
- Automatic HTTPS with Let's Encrypt
|
||||
- Opens firewall ports 80/443
|
||||
- Creates sites-enabled directory structure
|
||||
|
||||
### Layer 4: Core Monitoring & Notifications
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
./scripts/setup_layer_4_monitoring.sh
|
||||
```
|
||||
Deploys ntfy and Uptime Kuma on watchtower.
|
||||
- **ntfy:** Notification service for alerts
|
||||
- **Uptime Kuma:** Monitoring platform for all services
|
||||
- **Critical:** All infrastructure monitoring depends on these
|
||||
- Sets up backups (optional)
|
||||
- **Post-deploy:** Create Uptime Kuma admin user and update infra_secrets.yml
|
||||
|
||||
### Layer 5: VPN Infrastructure (Headscale)
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
./scripts/setup_layer_5_headscale.sh
|
||||
```
|
||||
Deploys Headscale VPN mesh networking on spacey.
|
||||
- **OPTIONAL** - Skip to Layer 6 if you don't need VPN
|
||||
- Secure mesh networking between all machines
|
||||
- Magic DNS for hostname resolution
|
||||
- NAT traversal support
|
||||
- Can join machines automatically or manually
|
||||
- Post-deploy: Configure ACL policies for machine communication
|
||||
|
||||
### Layer 6: Infrastructure Monitoring
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
./scripts/setup_layer_6_infra_monitoring.sh
|
||||
```
|
||||
Deploys automated monitoring for infrastructure.
|
||||
- **Requires:** Uptime Kuma credentials in infra_secrets.yml (Layer 4)
|
||||
- Disk usage monitoring with auto-created push monitors
|
||||
- System healthcheck (heartbeat) monitoring
|
||||
- CPU temperature monitoring (nodito only)
|
||||
- Interactive selection of which hosts to monitor
|
||||
- All monitors organized by host groups
|
||||
|
||||
### Layer 7: Core Services
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
./scripts/setup_layer_7_services.sh
|
||||
```
|
||||
Deploys core services on vipy: Vaultwarden, Forgejo, LNBits.
|
||||
- Password manager (Vaultwarden) with /alive endpoint
|
||||
- Git server (Forgejo) with /api/healthz endpoint
|
||||
- Lightning wallet (LNBits) with /api/v1/health endpoint
|
||||
- **Automatic:** Creates Uptime Kuma monitors in "services" group
|
||||
- **Requires:** Uptime Kuma credentials in infra_secrets.yml
|
||||
- Optional: Configure backups to lapy
|
||||
|
||||
### Layer 8+
|
||||
More scripts will be added as we build out each layer.
|
||||
|
||||
## Important Notes
|
||||
|
||||
1. **Centralized Configuration:**
|
||||
- All service subdomains are configured in `ansible/services_config.yml`
|
||||
- Edit this ONE file instead of multiple vars files
|
||||
- Created automatically in Layer 0
|
||||
- DNS records must match the subdomains you configure
|
||||
|
||||
2. **Always activate the venv first** (except for Layer 0):
|
||||
```bash
|
||||
source venv/bin/activate
|
||||
```
|
||||
|
||||
3. **Complete each layer fully** before moving to the next
|
||||
|
||||
4. **Scripts are idempotent** - safe to run multiple times
|
||||
|
||||
5. **Review changes** before confirming actions
|
||||
|
||||
## Getting Started
|
||||
|
||||
1. Read `../human_script.md` for the complete guide
|
||||
2. Start with Layer 0
|
||||
3. Follow the prompts
|
||||
4. Proceed layer by layer
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue