bsdnix/README.md

## Ansible roles and playbook to maintain bsdnix.de

### Basics

In order to be able to deploy freebsd vps' on Hetzner cloud you need to do:

- first create a vps with debian
- from there install freebsd using mfs method (uncle google will tell you)
- update the freebsd system
- install python and https://github.com/paulc/hcloud-freebsd
- enable hcloud-freebsd
- `/etc/rc.conf` shall not contain a hostname or ip config, hcloud-freebsd will
  add it. Even ipv6 only works, since the script grabs the server vars from
  169.254.169.254, which will be reachable even if the server has no public ipv4 ip
- cleanup history, logs, etc
- shutdown the vps
- create a snapshot, name it visely, I name mine like: `FreeBSD-14.1-RELEASE-hcloud-init`
- delete the builder vps

Then you can deploy new freebsd vps' using this snapshot. They'll come
up, configure themselves to be reachable.

The `deploy.yaml` playbook will then use the hetzner cloud dynamic
inventory to discover your vps. So, you have to call `make deploy`
twice: once to deploy a new vps and second time to configure
it. Subsequent calls only configure of course.

### Setup ansible

- Create `group_vars/all/vars.yaml` with this content:
  ```yaml
  hetzner_cloud_token: <YOUR-HETZNER-HCLOUD-TOKEN>
  ```
- Create a file containing some generated password:
  `pwgen -ys 32 1 > ~/.config/ansible/hcloud.secret`
  
- Encrypt the vars file:
  `ansible-vault encrypt --vault-password-file
  ~/.config/ansible/hcloud.secret group_vars/all/vars.yaml`
  
Now the hetzner ansible plugin is able to call hcloud with the
appropriate token, no need to enter it manually anymore. Also, while
the yaml file containing the token might be part of your public repo,
it is a ansible vauld, properly encrypted and the key stays local on
your work machine.

The token is then being used as an environment variable setup in the Makefile.

### To use

- `make`: create a new VPS and configure it

- `make create`: create a new VPS and auxillary services

- `make deploy`: configure the VPS
   
- `make clean`: remove the shell VPC. Do not do this with the production instance!


To make the output more verbose,  add `verbose=N` to the target, e.g.:
`make depoy verbose=2` where N is the verbosity level (0-4)

If you want to execute only a subset of a playbook, remove the `active` tag from it.
added creating new vps, fine tuned inventories (now using 2), + doc 2024-11-11 19:28:55 +01:00			`## Ansible roles and playbook to maintain bsdnix.de`

			`### Basics`

			`In order to be able to deploy freebsd vps' on Hetzner cloud you need to do:`

			`- first create a vps with debian`
			`- from there install freebsd using mfs method (uncle google will tell you)`
			`- update the freebsd system`
			`- install python and https://github.com/paulc/hcloud-freebsd`
			`- enable hcloud-freebsd`
			- `/etc/rc.conf` shall not contain a hostname or ip config, hcloud-freebsd will
			`add it. Even ipv6 only works, since the script grabs the server vars from`
			`169.254.169.254, which will be reachable even if the server has no public ipv4 ip`
			`- cleanup history, logs, etc`
			`- shutdown the vps`
			- create a snapshot, name it visely, I name mine like: `FreeBSD-14.1-RELEASE-hcloud-init`
			`- delete the builder vps`

			`Then you can deploy new freebsd vps' using this snapshot. They'll come`
			`up, configure themselves to be reachable.`

			The `deploy.yaml` playbook will then use the hetzner cloud dynamic
			inventory to discover your vps. So, you have to call `make deploy`
			`twice: once to deploy a new vps and second time to configure`
			`it. Subsequent calls only configure of course.`

			`### Setup ansible`

			- Create `group_vars/all/vars.yaml` with this content:
			```yaml
			`hetzner_cloud_token: <YOUR-HETZNER-HCLOUD-TOKEN>`
			```
			`- Create a file containing some generated password:`
			`pwgen -ys 32 1 > ~/.config/ansible/hcloud.secret`

			`- Encrypt the vars file:`
			`ansible-vault encrypt --vault-password-file
			~/.config/ansible/hcloud.secret group_vars/all/vars.yaml`

			`Now the hetzner ansible plugin is able to call hcloud with the`
			`appropriate token, no need to enter it manually anymore. Also, while`
			`the yaml file containing the token might be part of your public repo,`
			`it is a ansible vauld, properly encrypted and the key stays local on`
			`your work machine.`

updated README, added tags, fixed knownhosts, added cron mount 2024-11-17 16:34:32 +01:00			`The token is then being used as an environment variable setup in the Makefile.`

added creating new vps, fine tuned inventories (now using 2), + doc 2024-11-11 19:28:55 +01:00			`### To use`

updated README, added tags, fixed knownhosts, added cron mount 2024-11-17 16:34:32 +01:00			- `make`: create a new VPS and configure it

			- `make create`: create a new VPS and auxillary services

			- `make deploy`: configure the VPS
added creating new vps, fine tuned inventories (now using 2), + doc 2024-11-11 19:28:55 +01:00
			- `make clean`: remove the shell VPC. Do not do this with the production instance!


updated README, added tags, fixed knownhosts, added cron mount 2024-11-17 16:34:32 +01:00			To make the output more verbose, add `verbose=N` to the target, e.g.:
			`make depoy verbose=2` where N is the verbosity level (0-4)

			If you want to execute only a subset of a playbook, remove the `active` tag from it.