From 5e4bf1268c266e63d0e92e845ad910a2103b86ff Mon Sep 17 00:00:00 2001
From: Roman Ilin <me@romanilin.is>
Date: Mon, 15 Jun 2026 12:59:09 +0300
Subject:

---
 README.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 README.md

(limited to 'README.md')

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..96a3680
--- /dev/null
+++ b/README.md
@@ -0,0 +1,30 @@
+# Infrastructure
+
+## Prerequisites
+
+Before running the playbook for the first time, ensure `certbot` is installed and you have generated a wildcard Let's Encrypt certificate for the main domain on the host machine. (If the certificate doesn't exist yet, Ansible will generate a temporary self-signed certificate so HAProxy can start).
+
+```bash
+sudo dnf install -y epel-release certbot
+# Run certbot dns challenge to get wildcard certs
+sudo certbot certonly --manual --preferred-challenges dns -d "*.romanilin.is" -d "romanilin.is"
+```
+
+## Deployment
+
+```bash
+sudo dnf install -y ansible-core git
+ansible-galaxy collection install ansible.posix community.general
+git clone <your-git-repo>
+cd infrastructure
+
+# Run the playbook
+ansible-playbook site.yaml --ask-vault-pass --ask-become-pass
+```
+
+## Reading Secrets
+
+```bash
+# Example: read the DKIM key from the mail container
+sudo machinectl shell mail /bin/cat /etc/opendkim/keys/romanilin.is/default.txt
+```
-- 
cgit