You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Bastiaan Stroosnijder 0866ed928d remove redirect 3 months ago
roles update configs 4 months ago
vars updates 4 months ago
.gitignore make clean work? 5 months ago
README.md hostname 3 months ago
amberlake.yml disable stuff temp 3 months ago
ansible.cfg galaxy install 5 months ago
basberry.yml remove redirect 3 months ago
strootje-vps.yml update configs 4 months ago

README.md

PiLab Ansible

TODO

https://github.com/alegrey91/systemd-service-hardening https://lincolnloop.com/blog/sandboxing-services-systemd/

Preparation of SD card

Debian Download: https://raspi.debian.net/

Debian Install: xzcat ./Downloads/raspi_4_bullseye.img.xz | sudo dd of=/dev/sdb bs=64k oflag=dsync status=progress

Update Systemd default.target: ln -sf /lib/systemd/system/multi-user.target /run/media/bastiaan/RASPIROOT/etc/systemd/system/default.target

/config.txt

See https://www.raspberrypi.org/documentation/computers/config_txt.html

arm_64bit=1
arm_boost=1

enable_uart=1
upstream_kernel=1
disable_splash=1
hdmi_force_hotplug=1

/sysconf.txt

See https://raspi.debian.net/defaults-and-settings/

hostname=...

Setup Networking:

# /etc/network/interfaces.d/wlan0
allow-hotplug wlan0
iface wlan0 inet static
	wpa-ssid StrooWebs
	wpa-psk visophetdroge
	address 10.0.0.138/24
	netmask 255.255.255.0
	gateway 10.0.0.1

# /etc/resolv.conf
nameserver 10.0.0.1

# /etc/hosts
127.0.0.1	... localhost ...
::1			... localhost ...

Prepare the System

# Update System
apt update && apt upgrade \
&& apt install -y sudo git ansible

# Setup non-root user
useradd --create-home --groups sudo bastiaan \
&& chsh --shell /usr/bin/bash bastiaan \
&& passwd bastiaan \
&& mv ~/.ssh /home/bastiaan/.ssh \
&& chown -R bastiaan:bastiaan /home/bastiaan/.ssh

# Ansible dependencies
ansible-galaxy collection install community.general containers.podman

# Custom ansible-pull script
rm -rf ./pilab-ansible \
&& git clone https://git.strooweb.nl/strootje/pilab-ansible.git \
&& ansible-galaxy install --roles-path ./pilab-ansible/roles --role-file ./pilab-ansible/roles/requirements.yml \
&& ansible-playbook -K "./pilab-ansible/$(hostname).yml"

podman run --rm -d --name pilab-unbound -p 5153:5053/tcp -p 5153:5053/udp docker.io/klutchell/unbound:latest

podman run --rm -d --name pilab-pihole -p 5053:53/tcp -p 5053:53/udp -p 9000:80/tcp -e PIHOLE_DNS_=10.0.0.126#5153 -e WEBPASSWORD=test123 docker.io/pihole/pihole:latest