Base Service Configuration

This Repository will be handle the base configuration of Public Services, like Minecraft Server or Personal S3 Storage, a try dont get any Snowflake Server. Mostly hosted at hetzner.cloud, and created with Terraform.

Features

• harder sshd

  • configure fail2ban

• install restic

• base logrotate configuration

• install python3

• configure system ntp for time handling

• configure docker (optional)

• Security Scans

  • execute open-scap-scan

  • root kit analyse with rkhunter

  • configure aide (planed)

Supported Distributions

Out of Scope

• Provide any Infrastructure (see nolte/terraform-infrastructure-modules)

• Install any Services, like Minecraft (nolte/minecraft-infrastructure), or MinIO (nolte/personal-storage-infrastructure).

Usage

Prepare Python Env

virtualenv -p python3 ~/venvs/develop-ansible_role-vagrant
source ~/venvs/develop-ansible_role-vagrant/bin/activate
pip install -r requirements.txt
pre-commit install
ansible-galaxy install -r requirements.yml

Start SSH Agent

pass private/keyfiles/ssh/ansible_rollout/passphrase -c
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/ansible_id_ed25519

Playbooks

playbook	ansible_group	description
master-configure-system.yml		master playbook for combine the base and docker playbook.
playbook-base-configureation.yml	all	Configure the base system.
playbook-docker-configureation.yml	dockerbased	Prepare the System for docker Usage

export ANSIBLE_INVENTORY=$(pwd)/prod
export HCLOUD_TOKEN=$(pass .../token)

ansible-playbook master-configure-system.yml

Development

For Locally automatical testing we use a Combination of Molecule and Vagrant

virtualenv -p python3 ~/venvs/ansible-vagrant/
source ~/venvs/ansible-vagrant/bin/activate
pip install -r requirements.txt
pre-commit install

Testing

running the tests:

molecule test

Infrastructure Tests

pytest --connection=ansible --hosts=all test/*

Reusing and Sharing

For reusing and sharing you can create own vagrant box with the Packer /packer.

First Build the CentOS Base (WIP)

Releasing

Must be executed from the develop branch.

pre-commit uninstall \
    && bump2version --tag release --commit \
    && git checkout master && git merge develop && git checkout develop \
    && bump2version --no-tag patch --commit \
    && git push origin master --tags \
    && git push origin develop \
    && pre-commit install

Setup Local Env

asdf plugin-add packer https://github.com/Banno/asdf-hashicorp.git
asdf plugin-add terraform https://github.com/Banno/asdf-hashicorp.git
asdf plugin-add python
asdf plugin-test act https://github.com/grimoh/asdf-act --asdf-tool-version latest

python -m venv env
source env/bin/activate
pip install -r requirements.txt