Ansible roles for deploying my home computers and servers.
Generally these playbooks require that the target physical or virtual machine has:
- Fedora or Fedora Server installed
- Has a user for ansible to use
- The user is in the wheel group
- IP address has been set up
- openssh has been enabled and allowed through the firewall
- SSH keys have been set up for the ansible controller to SSH to the host
- Set your git email and user name in inventories/group_vars/developer.yml
---
git_config_email: <your git email here>
git_config_user_name: "<your name here>"
- Create or edit a vault for each host which needs the git certificate and key
ansible-vault create host_vars/myhost/vault.yml
OR
ansible-vault edit host_vars/myhost/vault.yml
- Add the certificate and private keys as variables:
---
git_certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
git_private_key: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
ansible-playbook -i inventories/network_home.ini -l chris_linux_computer -K playbooks/setup-desktop.yml
ansible-playbook -i inventories/network_home.ini -l fileserver.network.home -K playbooks/setup-server.yml
ansible-playbook -i inventories/network_home.ini -l homeassistant.network.home -K playbooks/setup-server.yml
ansible-playbook -i inventories/network_home.ini -l homeassistant.network.home -K playbooks/setup-podman-and-services.yml
ansible-playbook -i inventories/network_home.ini -l chris_linux_computer -K playbooks/setup-podman-and-services.yml
Check the service file that was generated and check that podman is being called correctly:
cat .config/systemd/user/homeassistant-container.service
Show the output of a user container:
journalctl -f
OR
podman logs -f gitlab
Start, stop, or check the status a user container:
systemctl --user start/stop/status homeassistant-container
Check the groups that a user is in (Note: dialout for access to /dev/ttyUSB0 or /dev/ttyACM0):
$ groups
homeassistant wheel dialout
Show the output of a user service:
journalctl --user -f -u homeassistant-container
Debugging Home Assistant configuration changes:
systemctl --user restart homeassistant-container
tail -F srv/homeassistant/config/home-assistant.log
When upgrading the version or changing the settings of a container you can just run the playbooks/setup-podman-and-services.yml
playbook, but I prefer to stop the container manually and perform a backup before redeploying it, for example:
ssh vaultwarden@<ip>
$ systemctl --user stop vaultwarden-container
$ (cd srv && zip -r vaultwarden20231104.zip ./vaultwarden)
Now you can run the playbooks/setup-podman-and-services.yml
playbook to upgrade the version or update the settings.
When the admin page is enabled you can log in here to change the configuration:
https://vaultwarden.network.home:4443/admin
Get the initial root (Administrator) user password for the gitlab web interface (As the gitlab container user):
$ podman exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
Password: e3bvA0wciJup5epRQKX31pDE+H6hp3dZBY8llbpF3bY=
NOTE: When updating the gitlab version remember to upgrade between the official upgrade paths as documented in roles/podman_gitlab/defaults/main.yml
Reset Home Assistant user password by execing into the container, changing the password, exiting and restarting the container:
podman exec -ti homeassistant /bin/bash
$ hass --script auth --config /config change_password chris mytemporarypassword
$ exit
systemctl --user restart homeassistant-container
Then log in via the web interface and change it to a real password (This ensures that the real password is not added to the bash history, even temporarily).