Skip to content

adaptivekind/lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

103 Commits
collections
collections
 
 
meta
meta
 
 
playbooks
playbooks
 
 
plugins
plugins
 
 
roles
roles
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
DEV.md
DEV.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECRETS.md
SECRETS.md
 
 
galaxy.yml
galaxy.yml
 
 

Repository files navigation

Ansible Collection - adaptivekind.lab

Collection of resources to build a research lab environment hosted by Raspberry Pis. This bootstraps a system with:

  • Caddy for front door routing and SSL certificate generation
  • Pi-hole for DNS resolution and ad blocking
  • WireGuard for VPN
  • Git repository hosting
  • NFS
  • k3s and ArgoCD referencing an app of apps repository to run other services

An output of this is Kubernetes cluster with the ArgoCD driven from an app of apps repository.

Usage

Create an Ansible playbook repository that will use this collection. Useful to source control this repository, e.g. manage as a git repository.

Create roles/requirements.yaml file containing:

collections:
  - name: [email protected]:adaptivekind/lab.git
    type: git
    version: main

Install collection

ansible-galaxy install -r roles/requirements.yaml

Crete inventory.yaml, e.g.

prime:
  hosts:
    a1:
  vars:
k3s_cluster:
  children:
    server:
      hosts:
        a2:
    agent:
      hosts:
        a3:

Collection Variables

Key variables that probably need to customised are described below. Other variables are documented in the specific roles where used.

Variable Default Purpose
cloudflare_api_key none Domain verification for certificate generation
crypt_passphrase none Passphrase for encrypted disk
grafana_password
lab_domain .local Domain naming and certificate generation
pihole_hashed_password
token none k3s cluster token

Secrets can be managed in an Ansible vault. See [./SECRETS.md](managing secrets) on how this can be set this up.

Cloudflare API token should have Zone.Zone:Read and Zone.DNS:Edit permissions for the lab domain. See Cloudflare module for Caddy

Run playbook with

Run playbook with

ansible-playbook -i inventory.yaml adaptivekind.lab.site

Run specific playbook, e.g. cluster install

ansible-playbook -i inventory.yaml adaptivekind.lab.cluster

Or run just specifically tagged roles in a specific playbook

ansible-playbook -i inventory.yaml adaptivekind.lab.prime --tags pihole

Set Argo CD password

To access the Argo CD console, the password need to be retrieved and preferably updated.

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | 
  base64 -d | pbcopy
argocd login argocd.<use lab_domain value> --grpc-web
argocd account update-password

Troubleshooting

Reset ArgoCD admin password

https://medium.com/@dulanjanalakmal/securing-argocd-a-step-by-step-guide-to-resetting-admin-passwords-bb5236208a64

About

Ansible collection for research lab

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages