doc rocky setup

provision-pinky/.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-    "ansible.python.interpreterPath": "/usr/bin/python"
-}

provision-pinky/firecracker.yml

@@ -1,57 +0,0 @@
-# Setup Firecracker for VMs
-- name: Firecracker
-  hosts: servers
-  become_method: ansible.builtin.sudo
-  become: true
-  tasks:
-    - name: Get firecracker
-      become: false
-      ansible.builtin.get_url:
-        url: https://github.com/firecracker-microvm/firecracker/releases/download/v1.7.0/firecracker-v1.7.0-aarch64.tgz
-        dest: ~ralsina/firecracker.tgz
-        mode: '0644'
-    - name: Get kernel
-      become: false
-      ansible.builtin.get_url:
-        url: https://s3.amazonaws.com/spec.ccfc.min/img/quickstart_guide/aarch64/kernels/vmlinux.bin
-        dest: ~ralsina/vmlinux.bin
-        mode: '0644'
-    - name: Get root image
-      become: false
-      ansible.builtin.get_url:
-        url: https://s3.amazonaws.com/spec.ccfc.min/img/quickstart_guide/aarch64/rootfs/bionic.rootfs.ext4
-        dest: ~ralsina/bionic.rootfs.ext4
-        mode: '0644'
-    - name: Unpack firecracker
-      become: false
-      ansible.builtin.unarchive:
-        src: ~ralsina/firecracker.tgz
-        dest: ~ralsina
-        remote_src: true
-    - name: Install firecracker
-      become: true
-      ansible.builtin.command:
-        cmd: mv /home/ralsina/release-v1.7.0-aarch64/firecracker-v1.7.0-aarch64 /usr/bin/firecracker
-        creates: /usr/bin/firecracker
-    - name: Setup systemd unit for firecracker
-      become: true
-      ansible.builtin.copy:
-        dest: /etc/systemd/system/firecracker.service
-        content: |
-          [Unit]
-          Description=Firecracker VM Manager
-
-          [Service]
-          Type=simple
-          ExecStart=/usr/bin/firecracker --api-sock /tmp/firecracker.socket
-          Restart=always
-
-          [Install]
-          WantedBy=default.target
-        mode: '0644'
-    - name: Start and enable service
-      become: true
-      ansible.builtin.service:
-        name: firecracker
-        state: started
-        enabled: true

provision-pinky/hosts

@@ -1,16 +0,0 @@
-[servers]
-pinky 
-rocky
-
-[faas]
-lawn
-
-[interactive]
-pinky
-rocky
-lawn
-
-[all:vars]
-ansible_user=ralsina
-ansible_connection=ssh
-ansible_python_interpreter=/usr/bin/python3

provision-pinky/server.yml

@@ -1,54 +0,0 @@
-# Setup basic server stuff
-- name: Basic Server Setup
-  hosts: servers
-  become_method: ansible.builtin.sudo
-  tasks:
-    - name: Install some packages
-      become: true
-      ansible.builtin.package:
-        name:
-          - docker
-          - docker-compose
-          - btrfs-progs
-          - qemu-system-arm
-          - qemu-utils
-        state: present
-    - name: Install Debian-specific packages
-      become: true
-      when: ansible_os_family == 'Debian'
-      ansible.builtin.apt:
-        name:
-          - qemu-efi-aarch64
-          - net-tools
-        state: present
-    - name: Start and enable service docker
-      become: true
-      ansible.builtin.service:
-        name: docker
-        state: started
-        enabled: true
-    - name: Add ralsina to docker group
-      become: true
-      ansible.builtin.user:
-        name: ralsina
-        groups: docker
-        append: true
-    - name: Configure Docker
-      become: true
-      ansible.builtin.copy:
-        dest: /etc/docker/daemon.json
-        mode: '0644'
-        content: |
-          {
-            "data-root": "/data/docker"
-          }
-      notify:
-        - Restart Docker
-
-  handlers:
-    - name: Restart Docker
-      become: true
-      ansible.builtin.service:
-        name: docker
-        state: restarted
- 

provision-pinky/setup_user.yml

@@ -1,68 +0,0 @@
-# Setup my user with some QoL packages and settings
-- name: Basic Setup
-  hosts: interactive
-  become_method: ansible.builtin.sudo
-  tasks:
-    - name: Install some packages
-      become: true
-      ansible.builtin.package:
-        name:
-          - git
-          - vim
-          - htop
-          - fish
-          - rsync
-          - restic
-          - vim
-        state: present
-    - name: Install Debian-specific packages
-      become: true
-      when: ansible_os_family == 'Debian'
-      ansible.builtin.apt:
-        name:
-          - ncurses-term
-        state: present
-        update_cache: true
-    - name: Add the user ralsina
-      become: true
-      ansible.builtin.user:
-        name: ralsina
-        create_home: true
-        password_lock: true
-        shell: /usr/bin/fish
-    - name: Authorize ssh
-      become: true
-      ansible.posix.authorized_key:
-        user: ralsina
-        state: present
-        key: "{{ lookup('file', '/home/ralsina/.ssh/id_rsa.pub') }}"
-    - name: Make ralsina a sudoer
-      become: true
-      community.general.sudoers:
-        name: ralsina
-        user: ralsina
-        state: present
-        commands: ALL
-        nopassword: true
-    - name: Create fish config directory
-      ansible.builtin.file:
-        path: /home/ralsina/.config/fish/conf.d
-        recurse: true
-        state: directory
-        mode: '0755'
-    - name: Get starship installer
-      ansible.builtin.get_url:
-        url: https://starship.rs/install.sh
-        dest: /tmp/starship.sh
-        mode: '0755'
-    - name: Install starship
-      become: true
-      ansible.builtin.command:
-        cmd: sh /tmp/starship.sh -y
-        creates: /usr/local/bin/starship
-    - name: Enable starship
-      ansible.builtin.copy:
-        dest: /home/ralsina/.config/fish/conf.d/starship.fish
-        mode: '0644'
-        content: |
-          starship init fish | source

rocky/README.md

@@ -0,0 +1,17 @@
+# Rocky server setup
+
+* Download latest debian image for the server
+* Burn SD, put `before.txt` in `config/`
+* Copy all this to `/root`
+* Fix ts key (see below)
+
+Boot server, reboot.
+
+* Run setup.sh
+
+
+Every 90 days the tailscale auth key will expire and you need to set a new one as
+a secret.
+
+* Create the new one at https://login.tailscale.com/admin/settings/keys (MAKE IT REUSABLE)
+* Put it in the setup.sh in the server