WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: updated README.md

Browse source
This commit is contained in:
NaeiKinDus 2024-01-06 00:00:00 +00:00
parent da45c7c409
commit 742be4fd8d
Signed by: WoodSmellParticle
GPG key ID: 8E52ADFF7CA8AE56
1 changed files with 13 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
README.md
View file

@ -15,6 +15,7 @@ thoroughly reviewed it, especially the system hardening and security tweaks that
- ***gaming***: gaming on linux, e.g. Steam and Heroic Games Launcher.
- ***security***: security-related softwares and tweaks, e.g. applying custom system limits, installing an antivirus.
- ***server***: common tooling for servers, e.g. monitoring, altering, firewall rules.
- ***workstation***: tooling and configuration for an X11 graphical workstation.
# Usage
## Prerequisites
@ -84,8 +85,6 @@ Execute a command using the Python wrapper that activates the virtualenv, e.g. `
#### docker
*build*: build all docker images available in `/images`, e.g. `task docker:build`
*push*: push built images to docker hub, e.g. `task docker:push`
#### module:<module_name>
Directly execute a Python module located in `collections/ansible_collections/nullified/infrastructure/plugins/modules` with its default configuration
(typically the path to a test YAML file). Used only for debugging purpose.
@ -98,6 +97,9 @@ Useful to ensure playbooks behave as expected using a Docker container.
#### test:modules
Run Ansible's sanity tests on each collections declared in `collections/ansible_collections`.
#### nosey
Run `noseyparker`, a tool that aims to find potential data leak such as passwords and security token.
### Examples
```shell
# encrypt vault
@ -119,70 +121,16 @@ cd nullified/infrastructure/roles
task venv -- ansible-galaxy collection init tooling
```
---
## Advanced Configuration
### Global variables
Global variables are defined in `inventory/group_vars/all/vars.yml` and are used in multiple roles and playbooks.
`dns.type`: what type of DNS configuration should be performed; also works as a selector for type related parameters;
`dns.default`: default type of DNS configuration to setup; will use the corresponding `dns.<type>` dictionary retrieve corresponding data;
`dns.udp`: IP addresses for basic DNS configuration;
`dns.dot`: IP addresses for DNS-over-TLS configuration;
`dns.doh`: IP addresses and HTTPS addresses for DNS-over-HTTPS configuration;
## Cheatsheet
### Ansible usage
```shell
# validate files
ansible-playbook --syntax-check <file>
# gather facts of a docker container
ansible <target> -m setup
```
```yaml
# handlers
# invoked by a task through `notify`, executed only if caller triggered a state change; runs at the end of the play in the order they are declared;
# -> force handlers to run:
- name: execute all handlers
meta: flush_handlers
```
***runtime grouping***
```yaml
name: coin
hosts: all
gather_facts: true
tasks:
- name: group by OS
group_by:
key: "{{ ansible_facts.distribution }}"
```
***builtin vars***
- hostvars: {hostname => kvp_vars, ...},
- inventory_hostname(_short)?: name of current host,
- group_names: list of groups assigned to current host,
- groups: {groupname => [hostX, ...], ...},
- ansible_check_mode: isRunningInCheckMode ?,
- ansible_play_batch: list inventory hostnames active in current batch,
- ansibble_play_hosts: ist inventory hostnames active in current play,
### Python modules
***argument options***
> *NOTE*
> Ansible Up and Running, page 503
- *default*: default value if arg is required,
- *choices*: list of possible values for an array arg,
- *deprecated_aliases*: deprecate aliases; `dict(name, version, date, collection_name)`,
- *aliases*: aliases for given argument,
- *type*: arg type,
- *elements*: set type of list elements if arg is array,
- *fallback*: tuple of a lookup function and a list to pass to it,
- *no_log*: mask arg value in logs for sensitive data,
- *options*: complex args; create list of suboptions,
- *mutually_exclusive*: list of mutually exclusive suboptions,
- *required_together*: list of names of sub options,
- *required_one_of*: list of required mutually exclusive suboptions,
- *required_if*: sequence of sequences,
- *required_by*: dic mapping option names to seqs of option names
---
### Notes / Todo
## Notes
***dir layout***
- collections: ansible root dir for all collections to reside in;
- images: docker images, mostly used for ansible-test / molecule;