blob: 96a3680576c3dcc64315c99cea39e0a297e85edb (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
# Infrastructure
## Prerequisites
Before running the playbook for the first time, ensure `certbot` is installed and you have generated a wildcard Let's Encrypt certificate for the main domain on the host machine. (If the certificate doesn't exist yet, Ansible will generate a temporary self-signed certificate so HAProxy can start).
```bash
sudo dnf install -y epel-release certbot
# Run certbot dns challenge to get wildcard certs
sudo certbot certonly --manual --preferred-challenges dns -d "*.romanilin.is" -d "romanilin.is"
```
## Deployment
```bash
sudo dnf install -y ansible-core git
ansible-galaxy collection install ansible.posix community.general
git clone <your-git-repo>
cd infrastructure
# Run the playbook
ansible-playbook site.yaml --ask-vault-pass --ask-become-pass
```
## Reading Secrets
```bash
# Example: read the DKIM key from the mail container
sudo machinectl shell mail /bin/cat /etc/opendkim/keys/romanilin.is/default.txt
```
|