4.2 KiB
Infrastructure Setup Scripts
This directory contains automated setup scripts for each layer of the infrastructure.
Overview
Each script handles a complete layer of the infrastructure setup:
- Prompts for required variables
- Validates prerequisites
- Creates configuration files
- Executes playbooks
- Verifies completion
Usage
Run scripts in order, completing one layer before moving to the next:
Layer 0: Foundation Setup
./scripts/setup_layer_0.sh
Sets up Ansible control node on your laptop.
Layer 1A: VPS Basic Setup
source venv/bin/activate
./scripts/setup_layer_1a_vps.sh
Configures users, SSH, firewall, and fail2ban on VPS machines (vipy, watchtower, spacey). Runs independently - no Nodito required.
Layer 1B: Nodito (Proxmox) Setup
source venv/bin/activate
./scripts/setup_layer_1b_nodito.sh
Configures Nodito Proxmox server: bootstrap, community repos, optional ZFS. Runs independently - no VPS required.
Layer 2: General Infrastructure Tools
source venv/bin/activate
./scripts/setup_layer_2.sh
Installs rsync and docker on hosts that need them.
- rsync: For backup operations (vipy, watchtower, lapy recommended)
- docker: For containerized services (vipy, watchtower recommended)
- Interactive: Choose which hosts get which tools
Layer 3: Reverse Proxy (Caddy)
source venv/bin/activate
./scripts/setup_layer_3_caddy.sh
Deploys Caddy reverse proxy on VPS machines (vipy, watchtower, spacey).
- Critical: All web services depend on Caddy
- Automatic HTTPS with Let's Encrypt
- Opens firewall ports 80/443
- Creates sites-enabled directory structure
Layer 4: Core Monitoring & Notifications
source venv/bin/activate
./scripts/setup_layer_4_monitoring.sh
Deploys ntfy and Uptime Kuma on watchtower.
- ntfy: Notification service for alerts
- Uptime Kuma: Monitoring platform for all services
- Critical: All infrastructure monitoring depends on these
- Sets up backups (optional)
- Post-deploy: Create Uptime Kuma admin user and update infra_secrets.yml
Layer 5: VPN Infrastructure (Headscale)
source venv/bin/activate
./scripts/setup_layer_5_headscale.sh
Deploys Headscale VPN mesh networking on spacey.
- OPTIONAL - Skip to Layer 6 if you don't need VPN
- Secure mesh networking between all machines
- Magic DNS for hostname resolution
- NAT traversal support
- Can join machines automatically or manually
- Post-deploy: Configure ACL policies for machine communication
Layer 6: Infrastructure Monitoring
source venv/bin/activate
./scripts/setup_layer_6_infra_monitoring.sh
Deploys automated monitoring for infrastructure.
- Requires: Uptime Kuma credentials in infra_secrets.yml (Layer 4)
- Disk usage monitoring with auto-created push monitors
- System healthcheck (heartbeat) monitoring
- CPU temperature monitoring (nodito only)
- Interactive selection of which hosts to monitor
- All monitors organized by host groups
Layer 7: Core Services
source venv/bin/activate
./scripts/setup_layer_7_services.sh
Deploys core services on vipy: Vaultwarden, Forgejo, LNBits.
- Password manager (Vaultwarden) with /alive endpoint
- Git server (Forgejo) with /api/healthz endpoint
- Lightning wallet (LNBits) with /api/v1/health endpoint
- Automatic: Creates Uptime Kuma monitors in "services" group
- Requires: Uptime Kuma credentials in infra_secrets.yml
- Optional: Configure backups to lapy
Layer 8+
More scripts will be added as we build out each layer.
Important Notes
-
Centralized Configuration:
- All service subdomains are configured in
ansible/services_config.yml - Edit this ONE file instead of multiple vars files
- Created automatically in Layer 0
- DNS records must match the subdomains you configure
- All service subdomains are configured in
-
Always activate the venv first (except for Layer 0):
source venv/bin/activate -
Complete each layer fully before moving to the next
-
Scripts are idempotent - safe to run multiple times
-
Review changes before confirming actions
Getting Started
- Read
../human_script.mdfor the complete guide - Start with Layer 0
- Follow the prompts
- Proceed layer by layer