PHiAX/Raspberry-Pi-IaC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Fork of https://github.com/Kleinendorst/Raspberry-Pi-IaC for my own use.
107 commits 1 branch 0 tags 306 KiB
Find a file
Thomas Kleinendorst 5794ef6625
Merge pull request #1 from Kleinendorst/reinstall 
Reinstall the Raspberry Pi by using Docker instead of Podman
2024-11-21 16:17:25 +01:00
.vscode Create generic rule for simple nginx reverse proxy 2024-04-28 15:13:05 +02:00
images Add user creation for ddns script 2024-04-10 20:09:34 +02:00
inventory Deduplicate Podman container logic with new role 2024-06-05 12:57:41 +02:00
roles Add Grafana deployment 2024-11-21 16:07:26 +01:00
.gitignore Improve some minor parts of the code 2024-04-11 11:13:29 +02:00
ansible.cfg Add ansible.cfg with vault functionality 2024-04-10 16:08:08 +02:00
LICENSE Initial commit 2024-04-07 12:37:40 +02:00
playbook.yml Add Grafana deployment 2024-11-21 16:07:26 +01:00
README.md Add passlib dependency 2024-11-19 13:32:27 +01:00
requirements.yml Update required roles and collections 2024-11-19 12:58:46 +01:00
vault.yml Add certbot installation with root cert renew 2024-04-12 11:49:45 +02:00

README.md

Raspberry Pi IaC

Contains the Infrastructure as Code files which are used for provisioning my in house Raspberry Pi.

Prerequisites

The files within this repository should be run on a computer with Ansible installed which is only supported on MacOS and Linux systems. For Windows it can be run within a WSL distro (see this guide on how to set this up, make sure the repository is checked out on the WSL distribution itself).

Ansible control node prerequisites

  1. Install Ansible (see instructions).

  2. Install Ansible Galaxy content:

    ansible-galaxy install -r requirements.yml

  3. Enter the vault password in the .vault_pass file. This is included in .gitignore so it shouldn't end up in the repository:

    # Notice the space at the beginning, this prevents the shell from saving this command in its history.
 echo '[ -- enter vault pass here -- ]' > .vault_pass

  4. Install the Python3 passlib library (used internally in the user role);

    sudo apt install python3-passlib

Environment prerequisites

The Raspberry Pi IaC code contained within this repository provisions the Raspberry Pi itself but doesn't provision all surrounding infrastructure which is presumed to be managed by hand. The following relevant configuration is assumed:

  1. A prepared Raspberry Pi.
  2. Cloudflare should be setup for managing the domain records of kleinendorst.info.

Raspberry Pi preperation

The Raspberry Pi should be installed and running with reachable SSH from the network.

  1. Setup its MicroSD card using the Raspberry Pi Imager (download). For CHOOSE OS select the : Raspberry Pi OS (other) > Raspberry Pi OS Lite (64-bit) option.
  2. When asked: Would you like to apply OS customisation settings? select EDIT SETTINGS. Select and fill in the following settings:
    1. Set username and password
    2. Set locale settings
    3. Enable SSH > Allow public-key authentication only and enter your computer's public key.
    4. Disable Eject media when finished (probably not really important but I heard it could prevent problems on Windows).
  3. Start the Raspberry Pi with an ethernet cable attached.
  4. Find the assigned IP of the Raspberry Pi in the router and configure DHCP to statically asign this address to the Raspberry Pi.
  5. Add the new Raspberry Pi to the hosts file using the internal IP if it isn't there already.
  6. Test if the Raspberry Pi is correctly configured by opening an SSH session to it (using its IP address).

Provisioning

Provision the Raspberry Pi by running:

ansible-playbook playbook.yml

Overview of installed software

SSH with ZSH

It's possible to connect to the Raspberry Pi from the internal network via either its FQDN or IP address using a public key only setup as part of the Raspberry Pi preperation. When logged in the user will be prompted with the zsh configured with Oh My Zsh and Starhip prompts.

zsh

Other

Reinstalling the Pi

It can be handy to reinstall the Pi. First shutdown the pi by running sudo shutdown from SSH. Next take out the memory card and follow all steps in Raspberry Pi preperation. For the next step remove the current known_hosts entry with: ssh-keygen -R '192.168.50.27' for all PCs that had SSH access to the Pi.

Removing Raspberry Pi as DNS provider for local network

In the router settings the Raspberry Pi is configured as the primary DNS server. When reinstalling the Pi this breaks the network. When reinstalling the Pi revert to the default DNS provider in the router by navigating to it's website and clearing the DNS Server 1 field and applying these settings.

Also make sure to alter the inventory/hosts file to allow Ansible to connect using the Raspberry Pi's IP address rather than it's hostname (which isn't reachable at this point).

After installing the Raspberry Pi it can be added again.

Debugging users other than the main user

The user role included in this repository makes it possible to create new users which will also have a fully configured ZSH environment. They can't be accessed via SSH because no SSH keys are added for them and password logins are disabled. Logging into the new user's account can be done as follows (for testing and debugging):

# Enter both the username and password
sudo login

This is verified to be working:

new users