diff options
| author | Roman Ilin <me@romanilin.is> | 2026-06-15 12:59:09 +0300 |
|---|---|---|
| committer | Roman Ilin <me@romanilin.is> | 2026-06-15 22:04:41 +0300 |
| commit | 5e4bf1268c266e63d0e92e845ad910a2103b86ff (patch) | |
| tree | 532c01a9658a05048ef1ba76d4f30fca84005643 /README.md | |
| download | infrastructure-main.tar.gz | |
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..96a3680 --- /dev/null +++ b/README.md @@ -0,0 +1,30 @@ +# Infrastructure + +## Prerequisites + +Before running the playbook for the first time, ensure `certbot` is installed and you have generated a wildcard Let's Encrypt certificate for the main domain on the host machine. (If the certificate doesn't exist yet, Ansible will generate a temporary self-signed certificate so HAProxy can start). + +```bash +sudo dnf install -y epel-release certbot +# Run certbot dns challenge to get wildcard certs +sudo certbot certonly --manual --preferred-challenges dns -d "*.romanilin.is" -d "romanilin.is" +``` + +## Deployment + +```bash +sudo dnf install -y ansible-core git +ansible-galaxy collection install ansible.posix community.general +git clone <your-git-repo> +cd infrastructure + +# Run the playbook +ansible-playbook site.yaml --ask-vault-pass --ask-become-pass +``` + +## Reading Secrets + +```bash +# Example: read the DKIM key from the mail container +sudo machinectl shell mail /bin/cat /etc/opendkim/keys/romanilin.is/default.txt +``` |