strootje
/
strooware-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
289 Commits
3 Branches
0 Tags
1.1 MiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Bastiaan Stroosnijder 7dafbc8be8
haproxy, pass networks 		1 month ago
roles haproxy, pass networks 1 month ago
vars public ip binding fix 1 month ago
README.md simple haproxy setup 3 months ago
amberlake.yml added amberlake with only wireguard connection 2 months ago
ansible.cfg vault secrets 2 months ago
rhoberry.yml cross-origin frame fix 1 month ago
strootje-vps.yml test with networks 1 month ago

README.md

PiLab Ansible

TODO

https://github.com/alegrey91/systemd-service-hardening https://lincolnloop.com/blog/sandboxing-services-systemd/

Preparation of SD card

Debian Download: https://raspi.debian.net/

Debian Install: xzcat ./Downloads/raspi_4_bullseye.img.xz | sudo dd of=/dev/sdb bs=64k oflag=dsync status=progress

Update Systemd default.target: sudo ln -sf /lib/systemd/system/multi-user.target /run/media/bastiaan/RASPIROOT/etc/systemd/system/default.target

/config.txt

See https://www.raspberrypi.org/documentation/computers/config_txt.html

arm_64bit=1
arm_boost=1

enable_uart=1
upstream_kernel=1
disable_splash=1
hdmi_force_hotplug=1

/sysconf.txt

See https://raspi.debian.net/defaults-and-settings/

hostname=...

Setup Networking:

# sudo nano /run/media/bastiaan/RASPIROOT/etc/network/interfaces.d/wlan0
allow-hotplug wlan0
iface wlan0 inet static
	wpa-ssid StrooWebs
	wpa-psk visophetdroge
	address 10.0.0.138/24
	netmask 255.255.255.0
	gateway 10.0.0.1

# sudo nano /run/media/bastiaan/RASPIROOT/etc/resolv.conf
nameserver 10.0.0.1

# sudo nano /run/media/bastiaan/RASPIROOT/etc/hosts
127.0.0.1	... localhost ...
::1			... localhost ...

Prepare the System

# Update System
apt update && apt upgrade \
&& apt install -y sudo git ansible

# Setup non-root user
useradd --create-home --groups sudo bastiaan \
&& chsh --shell /usr/bin/bash bastiaan \
&& passwd bastiaan && mv ~/.ssh /home/bastiaan/.ssh \
&& chown -R bastiaan:bastiaan /home/bastiaan/.ssh

# Ansible dependencies
ansible-galaxy collection install community.general containers.podman

# Custom ansible-pull script
git clone https://git.strooweb.nl/strootje/strooware-config.git .ansible/pull \
&& cd .ansible/pull && ansible-playbook -K $(hostname).yml

# Update
git pull --ff-only && ansible-playbook -K $(hostname).yml

podman run --rm -d --name pilab-unbound -p 5153:5053/tcp -p 5153:5053/udp docker.io/klutchell/unbound:latest

podman run --rm -d --name pilab-pihole -p 5053:53/tcp -p 5053:53/udp -p 9000:80/tcp -e PIHOLE_DNS_=10.0.0.126#5153 -e WEBPASSWORD=test123 docker.io/pihole/pihole:latest