From d1afa569cceb5ce43c0918cfa254275dfd989d01 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Tue, 25 Jun 2024 14:22:54 -0400 Subject: [PATCH] remove orange --- README.md | 21 ++++++--- ansible/inventory.yaml | 16 ++----- dns/duconet-wg.txt | 104 ----------------------------------------- dns/ipv4.txt | 2 - dns/ipv6.txt | 4 -- dns/reeseapps.json | 3 -- dns/reeselink.json | 39 ---------------- k3s/orange_yellow.md | 22 --------- mesh/README.md | 6 +-- mesh/peers.yaml | 4 ++ mesh/vars.yaml | 6 --- nginx/vars.yaml | 20 -------- podman/README.md | 6 ++- shell/README.md | 31 ++++++++++++ 14 files changed, 60 insertions(+), 224 deletions(-) delete mode 100644 dns/duconet-wg.txt delete mode 100644 k3s/orange_yellow.md create mode 100644 shell/README.md diff --git a/README.md b/README.md index e04a3fb..c550122 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ A project to store homelab stuff. - [Reverse Proxy](#reverse-proxy) - [Service Mesh](#service-mesh) - [Data Storage](#data-storage) - - [Order of Operations](#order-of-operations) + - [Adding a new host](#adding-a-new-host) - [Components](#components) - [CoreDNS](#coredns) - [Metal LB](#metal-lb) @@ -76,12 +76,21 @@ to the wireguard-assigned IP addresses. All servers will use ISCSI. -## Order of Operations +## Adding a new host -1. Establish DNS records (`dns/`, `aws/`, `ddns/`) -2. Create reverse proxy(s) (`nginx/`) -3. Create service mesh (`mesh/`) -4. Install services +1. Set static IP in Unifi +2. Add to .ssh/config +3. Add to ansible inventory (`ansible/`) +4. Establish DNS records (`dns/`) + 1. Both `-wg` records and `reeselink` records +5. Create reverse proxy(s) (`nginx/`) + 1. (If removing) Delete any unused certs with `certbot delete` + 2. Run the ansible certbot and nginx role +6. Create service mesh (`mesh/`) + 1. Make sure to edit both `peers` and `ip` in `vars.yaml` + 2. If you need to delete unused peers, add them to the `peers.yaml` delete job +7. Install services +8. Set up port forwarding in Unifi if applicable ## Components diff --git a/ansible/inventory.yaml b/ansible/inventory.yaml index 5096c80..73a3f33 100644 --- a/ansible/inventory.yaml +++ b/ansible/inventory.yaml @@ -9,20 +9,10 @@ kubernetes: colors: hosts: - orange: yellow: nextcloud-aio: unifi-external: - -hardware: - hosts: - gamebox: - -hass: - hosts: - homeassistant: - -truenas: - hosts: - driveripper: +gamebox: +homeassistant: +driveripper: diff --git a/dns/duconet-wg.txt b/dns/duconet-wg.txt deleted file mode 100644 index ddbf3fe..0000000 --- a/dns/duconet-wg.txt +++ /dev/null @@ -1,104 +0,0 @@ - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "yellow-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::1" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "orange-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::2" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "node1-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::3" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "node2-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::4" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "node3-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::5" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "driveripper-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::6" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "unifi-external-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::7" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "nextcloud-aio-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::8" - } - ] - } - }, diff --git a/dns/ipv4.txt b/dns/ipv4.txt index ef7148d..ee35270 100644 --- a/dns/ipv4.txt +++ b/dns/ipv4.txt @@ -4,8 +4,6 @@ driveripper.reeselink.com 10.1.2.10 yellow.reeselink.com 10.1.203.197 -orange.reeselink.com -10.1.200.253 node1.reeselink.com 10.1.2.13 node2.reeselink.com diff --git a/dns/ipv6.txt b/dns/ipv6.txt index 7168c04..bb09f4b 100644 --- a/dns/ipv6.txt +++ b/dns/ipv6.txt @@ -4,8 +4,6 @@ driveripper.reeselink.com 2600:1700:1e6c:a81f:94bb:b8ff:fe9f:1c63 yellow.reeselink.com 2600:1700:1e6c:a81f:793d:7abf:e94d:9bc4 -orange.reeselink.com -2600:1700:1e6c:a81f:153e:9c35:8ff3:fa3 node1.reeselink.com 2600:1700:1e6c:a81f:2a0:98ff:fe6c:eca7 node2.reeselink.com @@ -22,8 +20,6 @@ e3s1plus.reeselink.com 2600:1700:1e6c:a81f:19a4:37de:9672:1f76 yellow-wg.reeselink.com fd00:fd41:d0f1:1010::1 -orange-wg.reeselink.com -fd00:fd41:d0f1:1010::2 node1-wg.reeselink.com fd00:fd41:d0f1:1010::3 node2-wg.reeselink.com diff --git a/dns/reeseapps.json b/dns/reeseapps.json index eaf419c..1e8dc37 100644 --- a/dns/reeseapps.json +++ b/dns/reeseapps.json @@ -10,9 +10,6 @@ "ResourceRecords": [ { "Value": "2600:1700:1e6c:a81f:793d:7abf:e94d:9bc4" - }, - { - "Value": "2600:1700:1e6c:a81f:153e:9c35:8ff3:fa3" } ] } diff --git a/dns/reeselink.json b/dns/reeselink.json index 74623ab..b848f26 100644 --- a/dns/reeselink.json +++ b/dns/reeselink.json @@ -79,32 +79,6 @@ ] } }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "orange.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2600:1700:1e6c:a81f:153e:9c35:8ff3:fa3" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "orange.reeselink.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "10.1.200.253" - } - ] - } - }, { "Action": "UPSERT", "ResourceRecordSet": { @@ -313,19 +287,6 @@ ] } }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "orange-wg.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "fd00:fd41:d0f1:1010::2" - } - ] - } - }, { "Action": "UPSERT", "ResourceRecordSet": { diff --git a/k3s/orange_yellow.md b/k3s/orange_yellow.md deleted file mode 100644 index eee6ee1..0000000 --- a/k3s/orange_yellow.md +++ /dev/null @@ -1,22 +0,0 @@ -# Orange and Yellow Servers - -## Services - -1. Both servers run all quadlets in `podman/` -2. Both servers run the same nginx config in `nginx/` - -## VMs - -1. Orange runs unifi-external -2. Yellow runs nextcloud-aio - -## Pihole - -- Orange is ad-blocking -- Yellow is caching - -## Load Balancing - -- Orange handles all traffic from outside the network -- Yellow handles all internal traffic -- Both are capable of handling all traffic, port forwarding rule determines which is up diff --git a/mesh/README.md b/mesh/README.md index b6d3348..623fcae 100644 --- a/mesh/README.md +++ b/mesh/README.md @@ -7,9 +7,9 @@ ## Ansible ```bash -ansible-playbook -i ansible/inventory.yaml wireguard/keys.yaml -ansible-playbook -i ansible/inventory.yaml wireguard/wireguard.yaml -ansible-playbook -i ansible/inventory.yaml wireguard/peers.yaml +ansible-playbook -i ansible/inventory.yaml mesh/keys.yaml +ansible-playbook -i ansible/inventory.yaml mesh/interface.yaml +ansible-playbook -i ansible/inventory.yaml mesh/peers.yaml ``` ## DNS Records diff --git a/mesh/peers.yaml b/mesh/peers.yaml index 7e0cd0d..603115a 100644 --- a/mesh/peers.yaml +++ b/mesh/peers.yaml @@ -11,6 +11,10 @@ vars_files: - vars.yaml tasks: + - name: delete unused peers + shell: wg set duconet-wg peer {{ item }} remove + loop: + - "CQxNsdPgfzjvOszjn/UZHFdAY3k+D9J+vI8qKUjCYV0=" - name: wg set peers shell: > wg set duconet-wg diff --git a/mesh/vars.yaml b/mesh/vars.yaml index 17d6072..f4753a9 100644 --- a/mesh/vars.yaml +++ b/mesh/vars.yaml @@ -6,9 +6,6 @@ peers: - name: yellow public_key: kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw= endpoint: yellow.reeselink.com:51821 - - name: orange - public_key: CQxNsdPgfzjvOszjn/UZHFdAY3k+D9J+vI8qKUjCYV0= - endpoint: orange.reeselink.com:51821 - name: node1 public_key: 1K3CszRSSnUSWpgL7q57+LTgOEbIt8TonSK1gV/JnXE= endpoint: node1.reeselink.com:51821 @@ -31,9 +28,6 @@ ip: yellow: address: fd00:fd41:d0f1:1010::1 hostname: yellow - orange: - address: fd00:fd41:d0f1:1010::2 - hostname: orange node1: address: fd00:fd41:d0f1:1010::3 hostname: node1 diff --git a/nginx/vars.yaml b/nginx/vars.yaml index e6f7646..a8b080f 100644 --- a/nginx/vars.yaml +++ b/nginx/vars.yaml @@ -57,16 +57,6 @@ http: port: 9090 protocol: https - - external: - domain: orange - restricted: true - extra_http_ports: [] - extra_https_ports: [] - internal: - ip: "10.1.200.253" - port: 9090 - protocol: https - - external: domain: node1 restricted: true @@ -142,16 +132,6 @@ http: port: 8081 protocol: http - - external: - domain: pihole-orange - restricted: true - extra_http_ports: [] - extra_https_ports: [] - internal: - ip: "10.1.200.253" - port: 8081 - protocol: http - - external: domain: attmodem restricted: true diff --git a/podman/README.md b/podman/README.md index 04575db..44baff6 100644 --- a/podman/README.md +++ b/podman/README.md @@ -7,7 +7,7 @@ - [pihole](#pihole) - [Cloudflared](#cloudflared) - [WG Easy (Deprecated - use Unifi)](#wg-easy-deprecated---use-unifi) - - [Update yellow/orange](#update-yelloworange) + - [Update yellow quadlets](#update-yellow-quadlets) ## Notes @@ -87,6 +87,8 @@ podman run \ ### WG Easy (Deprecated - use Unifi) +PASSWORD and PASSWORD_HASH env vars didn't work. + Note, to create PASSWORD_HASH run: @@ -121,7 +123,7 @@ podman run \ ghcr.io/wg-easy/wg-easy:nightly ``` -## Update yellow/orange +## Update yellow quadlets ```bash ansible-playbook -i ./ansible/inventory.yaml podman/update-quadlets.yaml diff --git a/shell/README.md b/shell/README.md new file mode 100644 index 0000000..16ba11f --- /dev/null +++ b/shell/README.md @@ -0,0 +1,31 @@ +# Shell + +## ZSH + +```bash +# Install git before running +sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" +``` + +Available prompt colors are red, blue, green, cyan, yellow, magenta, black, & white. + +~/.zshrc + +```bash +cat << EOF > ~/.zshrc +export ZSH="\$HOME/.oh-my-zsh" +plugins=(git) +source \$ZSH/oh-my-zsh.sh + +autoload bashcompinit && bashcompinit +autoload -U compinit; compinit + +autoload -Uz promptinit +promptinit +prompt fade +EOF +``` + +```bash +chsh -s $(which zsh) && chsh -s $(which zsh) ducoterra +```