davrot/overleaf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
David Rotermund 2024-07-13 15:44:22 +02:00 committed by GitHub
parent c1463170e5
commit 1041573c62
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 35 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

77
README.md
View file

@ -1,46 +1,39 @@
I based the installation on Fedora 39 Server Edition.
* Ansible will not work as long as SE Linux is active. Use the cockpit localhost:9090 to disable it for duration you need it to be tured off.
* Don't forget to configure the firewalls correctly. Again, use cockpit.
* Portainer is exported to port 9443. You should use it for coordinating the docker chaos.
You need to scroll though the files and change the values to your setup.
# How make a computer ready for ansible
``` ```
dnf -y install ansible mc net-tools openssh-server openssh-clients passwdqc cracklib-dicts shadow-utils apt update
apt upgrade
systemctl enable sshd apt install git pkg-config libssl-dev curl mc argon2 ca-certificates net-tools
systemctl start sshd
useradd -b /specialusers ansibleuser install -m 0755 -d /etc/apt/keyrings
passwd_value="PUT_A_PASSWORD_HERE"
echo ansibleuser:$passwd_value | chpasswd curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
echo "ansibleuser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible
``` chmod a+r /etc/apt/keyrings/docker.asc
# How to make the server ready echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
Once: $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
``` sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
dnf -y install ansible mc net-tools openssh-server openssh-clients passwdqc cracklib-dicts shadow-utils sshpass
apt-get update
ssh-keygen
``` apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
And then for every computer: echo "{" > /etc/docker/daemon.json
echo ' "iptables": false' >> /etc/docker/daemon.json
``` echo "}" >> /etc/docker/daemon.json
passwd_value="PUT_A_PASSWORD_HERE"
sshpass -p "$passwd_value" ssh-copy-id -o "StrictHostKeyChecking accept-new" ansibleuser@COMPUTERNAME systemctl restart docker
```
# Overleaf yaml file ufw allow in on docker0
ufw route allow in on docker0
For the smtp relay we need to set the email password and email user. You can provide it via command line parameter or yaml file to ansible-playbook. ufw route allow out on docker0
``` ufw allow 22
--- ufw allow 443
EUSER: "SOME EMAIL USER" ufw enable
EPASS: "SOME PASSWORD"
ufw status verbose
docker run hello-world
``` ```