Ansible setup for trustroots server. This currently does not configure the whole server, just selected things we've added in. It's an incremental project.
You will need:
- a modern ansible installation (probably >=2.8)
- an account on the trustroots server with sudo
- the vault password (ask nick over a secure channel)
You can put the put the password into a file named vault-password in the root directory, but preferable use a password manager with a CLI interface and write an executable script such as:
#!/bin/sh
pass trustroots/vault(I would actually like to use the passwordstore module, but not everyone is using pass yet...)
When running commands, it'll need your user password for sudo access. There are two approaches:
- use
-Koption when runningansible-playbookand it'll ask you each time you run for the password - create a local configuration file with a method to retrieve the password, see example below
For my setup I create local.yml with the following contents:
ansible_become_pass: "{{ lookup('passwordstore', 'trustroots/server/nick') }}"This let's me then run:
ansible-playbook server.yml -e @local.yml
It also supports other password stores, e.g. lastpass, OSX keyring, 1password, ... see eengstrom.github.io/musings/ansible-sudo-var for more details.
It tries to follow the ansible best practises guide for directory layout and other conventions.
Use the --step option to run through one step at a time, with interactive confirmation at each step.
This sets up any basic stuff on the server. It's not much for now.
You can run it with:
ansible-playbook server.yml
(...and your choice of sudo password method, see above)
This sets up an instance of mailtrain.
It uses the development branch, which is the v2 beta. We should change it to a stable branch or tag if one becomes availaible.
See mailtrain.yml for the configuration options and values.
You can run it with:
ansible-playbook mailtrain.yml
(...and your choice of sudo password method, see above)