dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
Ansible configuration policy for the private network/home lab of Dustin C. Hatch http://dustin.hatch.name/
544 Commits
14 Branches
0 Tags
7.3 MiB
Jinja 86.3%
Python 6.7%
Shell 4.5%
Groovy 2.5%
 
 
 
 
Go to file
Dustin e3b5b4d5ff r/bitwarden_rs: Migrate to podman 
Docker is effectively deprecated by Fedora/Red Hat.  It is a pain in the
ass to work with anyway.  Podman integrates better with systemd, and is
in general more aligned with how I prefer to deploy and manage
applications.

I am following the same pattern here that I have used for Home
Assistant, ZWaveJS2MQTT, etc.  The systemd service starts the container
with `podman`, passing the necessary arguments for UID/GID mapping, etc.
Note that, by default, Vaultwarden expects to be able to bind to port
80; since the container is unprivileged, we have to configure it (or
rather, its embedded HTTP server [Rocket](https://rocket.rs)) to listen
on a different port.  We also configure it to listen only on the
loopback, since it is being proxied by Apache to the outside network.

To migrate the data from the Docker volume, we just have to copy the
files and fix their ownership.

The *bitwarden_rs* project was recently renamed to *Vaultwarden*, so I
took this opportunity to update the name in most places within the
*bitwarden_rs* role.
 		2021-11-06 19:33:33 -05:00
.certs@654b52b608 websites/darkchestofwonders.us: Use Lego cert 2020-03-17 08:45:34 -05:00
certs hosts: Add dc2.p.b 2021-10-16 21:53:02 -05:00
ci ci: homeassistant: Remove hassdb playbook 2021-10-16 10:20:01 -05:00
group_vars nut: Add playbook for NUT 2021-10-31 14:28:27 -05:00
host_vars hosts: vmhost1: Switch to systemd-networkd 2021-10-31 01:12:25 -05:00
passwords/kojiweb_secret hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
roles r/bitwarden_rs: Migrate to podman 2021-11-06 19:33:33 -05:00
vars ci: Fix remount r/o stage name 2021-11-06 18:15:02 -05:00
vault hosts: Add zezere0.p.b 2021-07-05 09:34:25 -05:00
.gitignore Protect vault secret with GPG 2018-01-29 15:11:07 -06:00
.gitmodules certs: Add certificates submodule 2020-02-22 16:28:06 -06:00
.vault-secret.sh Protect vault secret with GPG 2018-01-29 15:11:07 -06:00
ansible.cfg ansible.cfg: Disable stupid group name warning 2019-09-19 19:50:35 -05:00
ansible.yml ansible: Install Ansible 2018-04-08 12:20:03 -05:00
aria2.yml aria2: Deploy aria2 download manager 2018-08-19 14:17:48 -05:00
base.yml base: Enable serial console on KVM VMs 2021-10-16 14:34:51 -05:00
bitwarden_rs.yml bitwarden_rs: Deploy Bitwarden_rs using Docker 2019-09-19 19:27:29 -05:00
burp-client.yml burp-client: Apply the cronie role 2019-09-19 19:27:30 -05:00
burp-server.yml burp-{client,server}: PBs to deploy BURP 2018-08-08 20:14:25 -05:00
certbot.yml certbot: Playbook to deploy certbot 2018-06-13 22:23:27 -05:00
collectd.yml r/collectd-version: Add OS version plugin 2021-10-30 16:50:37 -05:00
dch-gw.yml dch-gw: Initial commit 2018-03-27 20:44:43 -05:00
dch-proxy.yml dch-proxy: PB to deploy HAProxy 2018-07-01 15:19:20 -05:00
dch-root-ca.crt pyrocufflink: Trust DCH Root CA 2018-06-04 20:03:55 -05:00
dch-vpn.yml Move VPN server to dedicated VM 2018-10-07 21:42:18 -05:00
dhcpcd.yml dhcpcd: Install and configure dhcpcd 2018-03-13 23:19:50 -05:00
dhcpd.yml dhcpd: Install and configure ISC DHCPD 2018-03-27 20:44:43 -05:00
docker.yml roles/docker: Install and set up Docker daemon 2019-09-19 19:27:12 -05:00
domain-controller.yml domain-controller: Configure local AD authentication 2018-03-11 18:16:17 -05:00
dyngroups.yml base: Enable serial console on KVM VMs 2021-10-16 14:34:51 -05:00
fileserver.yml fileserver: Configure Apache ~user directories 2019-01-04 20:52:23 -06:00
firewalld.yml firewalld: Playbook to bootstrap firewalld 2018-01-29 15:11:07 -06:00
frigate.yml r/frigate: Add role to deploy Frigate 2021-08-21 17:16:58 -05:00
gitea.yml gitea: Restrict SSH configuration 2018-06-06 21:45:36 -05:00
grafana.yml roles/grafana: Deploy Grafana 2021-07-02 21:47:33 -05:00
graylog.yml graylog: Add PB to deploy Graylog server 2019-10-28 18:47:09 -05:00
hassdb.yml hassdb: Fix playbook 2020-08-29 14:22:17 -05:00
homeassistant.yml homeassistant: Apply hass-dhcp role 2021-07-24 18:34:50 -05:00
hostname.yml hostname: Also write /etc/hosts 2018-04-08 10:11:43 -05:00
hosts nut: Add playbook for NUT 2021-10-31 14:28:27 -05:00
hosts.offline hosts: Set up collectd/Prometheus on vmhosts 2021-10-31 01:13:50 -05:00
jenkins-slave.yml jenkins-slave: Apply ssh-hostkeys role 2018-04-08 12:32:02 -05:00
koji-builder.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji-hub.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji-web.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
motioneye.yml motioneye: Deploy motionEye camera software 2020-10-03 11:29:39 -05:00
named-server.yml named-server: Playbook to deploy BIND 2018-01-29 15:10:04 -06:00
net-ifaces.yml net-ifaces: PB to apply net-ifaces role 2018-07-23 17:35:10 -05:00
network.yml network: Playbook to configure networking 2018-03-27 20:44:43 -05:00
nextcloud.yml roles/cert: Add handler topic notification 2020-12-26 10:38:17 -06:00
ntp.yml ntp: Initial PB and role to set up ntpd 2018-04-22 11:19:22 -05:00
nut.yml nut: Add playbook for NUT 2021-10-31 14:28:27 -05:00
postgresql.yml postgresql: PB to deploy PostgreSQL server 2018-04-14 15:28:46 -05:00
protonvpn.yml pyrocufflink-dns: Cloudflare over ProtonVPN 2020-09-06 11:06:58 -05:00
pyrocufflink.yml pyrocufflink: Trust DCH Root CA 2018-06-04 20:03:55 -05:00
radius.yml radius: PB to configure RADIUS servers 2018-05-06 13:09:18 -05:00
radvd.yml radvd: Install and configure radvd 2018-03-27 20:44:43 -05:00
remount.yml remount: Only remount if needed 2021-10-30 16:41:58 -05:00
rngd.yml rngd: PB to set up rngd 2018-08-13 20:25:22 -05:00
samba-dc.yml samba-dc: Configure samba4 winbind 2018-03-11 18:16:17 -05:00
smtp-relay.yml smtp-relay: PB to deploy Postfix SMTP relay 2018-04-15 11:38:51 -05:00
squid.yml squid: Add role and PB to deploy Squid 2018-08-12 16:00:32 -05:00
synapse.yml roles/synapse: Add cert role dependency 2021-01-31 15:38:18 -06:00
systemd-networkd.yml r/systemd-networkd: Role to configure networkd 2021-10-10 16:09:15 -05:00
taiga.yml taiga: Add playbook for Taiga 2019-09-19 19:51:45 -05:00
vmhost.yml r/vmhost: mount shared filesystems 2021-10-10 16:09:15 -05:00
websites.yml website: Deploy Tabitha's website 2021-07-24 18:36:13 -05:00
wheelhost.yml wheelhost: Publish wheels built by Jenkins 2019-03-22 10:19:27 -05:00
zabbix-agent.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
zabbix-server.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
zabbix.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
zezere.yml zezere: role/playbook to deploy Zezere 2021-07-05 09:34:25 -05:00