# Infrastructure Setup Scripts This directory contains automated setup scripts for each layer of the infrastructure. ## Overview Each script handles a complete layer of the infrastructure setup: - Prompts for required variables - Validates prerequisites - Creates configuration files - Executes playbooks - Verifies completion ## Usage Run scripts in order, completing one layer before moving to the next: ### Layer 0: Foundation Setup ```bash ./scripts/setup_layer_0.sh ``` Sets up Ansible control node on your laptop. ### Layer 1A: VPS Basic Setup ```bash source venv/bin/activate ./scripts/setup_layer_1a_vps.sh ``` Configures users, SSH, firewall, and fail2ban on VPS machines (vipy, watchtower, spacey). **Runs independently** - no Nodito required. ### Layer 1B: Nodito (Proxmox) Setup ```bash source venv/bin/activate ./scripts/setup_layer_1b_nodito.sh ``` Configures Nodito Proxmox server: bootstrap, community repos, optional ZFS. **Runs independently** - no VPS required. ### Layer 2: General Infrastructure Tools ```bash source venv/bin/activate ./scripts/setup_layer_2.sh ``` Installs rsync and docker on hosts that need them. - **rsync:** For backup operations (vipy, watchtower, lapy recommended) - **docker:** For containerized services (vipy, watchtower recommended) - Interactive: Choose which hosts get which tools ### Layer 3: Reverse Proxy (Caddy) ```bash source venv/bin/activate ./scripts/setup_layer_3_caddy.sh ``` Deploys Caddy reverse proxy on VPS machines (vipy, watchtower, spacey). - **Critical:** All web services depend on Caddy - Automatic HTTPS with Let's Encrypt - Opens firewall ports 80/443 - Creates sites-enabled directory structure ### Layer 4: Core Monitoring & Notifications ```bash source venv/bin/activate ./scripts/setup_layer_4_monitoring.sh ``` Deploys ntfy and Uptime Kuma on watchtower. - **ntfy:** Notification service for alerts - **Uptime Kuma:** Monitoring platform for all services - **Critical:** All infrastructure monitoring depends on these - Sets up backups (optional) - **Post-deploy:** Create Uptime Kuma admin user and update infra_secrets.yml ### Layer 5: VPN Infrastructure (Headscale) ```bash source venv/bin/activate ./scripts/setup_layer_5_headscale.sh ``` Deploys Headscale VPN mesh networking on spacey. - **OPTIONAL** - Skip to Layer 6 if you don't need VPN - Secure mesh networking between all machines - Magic DNS for hostname resolution - NAT traversal support - Can join machines automatically or manually - Post-deploy: Configure ACL policies for machine communication ### Layer 6: Infrastructure Monitoring ```bash source venv/bin/activate ./scripts/setup_layer_6_infra_monitoring.sh ``` Deploys automated monitoring for infrastructure. - **Requires:** Uptime Kuma credentials in infra_secrets.yml (Layer 4) - Disk usage monitoring with auto-created push monitors - System healthcheck (heartbeat) monitoring - CPU temperature monitoring (nodito only) - Interactive selection of which hosts to monitor - All monitors organized by host groups ### Layer 7: Core Services ```bash source venv/bin/activate ./scripts/setup_layer_7_services.sh ``` Deploys core services on vipy: Vaultwarden, Forgejo, LNBits. - Password manager (Vaultwarden) with /alive endpoint - Git server (Forgejo) with /api/healthz endpoint - Lightning wallet (LNBits) with /api/v1/health endpoint - **Automatic:** Creates Uptime Kuma monitors in "services" group - **Requires:** Uptime Kuma credentials in infra_secrets.yml - Optional: Configure backups to lapy ### Layer 8+ More scripts will be added as we build out each layer. ## Important Notes 1. **Centralized Configuration:** - All service subdomains are configured in `ansible/services_config.yml` - Edit this ONE file instead of multiple vars files - Created automatically in Layer 0 - DNS records must match the subdomains you configure 2. **Always activate the venv first** (except for Layer 0): ```bash source venv/bin/activate ``` 3. **Complete each layer fully** before moving to the next 4. **Scripts are idempotent** - safe to run multiple times 5. **Review changes** before confirming actions ## Getting Started 1. Read `../human_script.md` for the complete guide 2. Start with Layer 0 3. Follow the prompts 4. Proceed layer by layer