vps/README.md

48 lines
1.4 KiB
Markdown
Raw Normal View History

2024-02-17 19:01:04 +01:00
# vps
This repository contains all the files I use to manage services hosted on [viyurz.fr](https://viyurz.fr).
## Requirements
2024-03-16 13:49:47 +01:00
### Ansible
Install Ansible:
2024-02-17 19:01:04 +01:00
```
sudo apt install -y ansible
```
2024-03-16 13:49:47 +01:00
### SSL certificates
Install Certbot:
2024-02-17 19:01:04 +01:00
```
2024-03-16 13:49:47 +01:00
sudo apt install -y certbot python3-certbot-dns-ovh python3-certbot-nginx
```
Request certificates:
```
# For the NGINX reverse proxy
sudo certbot certonly --nginx -d viyurz.fr,*.viyurz.fr
# For Coturn
bash <(wget -q -O - https://github.com/zerossl/zerossl-bot/raw/master/get-zerosslbot.sh)
sudo zerossl-bot certonly --nginx -m viyurz@viyurz.fr -d turn.viyurz.fr
# For the mailserver
sudo certbot certonly --nginx -d mail.viyurz.fr
2024-02-17 19:01:04 +01:00
```
## Secrets
Copy the existing `secrets.yml.example` to `secrets.yml`, run `ansible-vault encrypt secrets.yml` to encrypt the file with a password, and finally edit the newly encrypted file with `ansible-vault edit secrets.yml`.
If you want to change the vault password run `ansible-vault rekey secrets.yml`.
## Backups
Run the `backup-services.yml` playbook once to setup the passphrase file.
After that, you can create a root cronjob to run this playbook without requiring interactivity:
```
2024-02-23 09:46:48 +01:00
0 4 * * * export ANSIBLE_ROLES_PATH=/home/viyurz/vps/roles/; /usr/bin/ansible-playbook /home/viyurz/vps/playbooks/backup-services.yml -e include_secrets=false -e selected_projects=''
```
Here we leave `selected_projects` empty to backup all projects.