restarting on new branch
- fix wireguaed tunnel for ipv6
- make nginx reverse proxy config for web gui services
- link terraform and ansible using inventory.yml(working need to fix hostvars and laptop)
- make a single source of truth for varibles used throughout the project in terraform
- setup and configure shadowsocks proxy
- add wireguard-oci to logging stack securely(mtls or wireguard tunnel)
- redo grafana logging stack(helpful names and better configs)
- tidy and reformat "legacy" code(remove secret sprawl throughout the project and rotate any keys)
- remove expectation about subnet
- transistion to ipv6 where possible
(this project expects to be in the subnet 192.168.0.0/24)
- place proxmox and oci credentials in terraform/secrets_override.tf
- (place inventory in inventory.yml) 3, place seret varibles in secrets.yml
- run tofu/terraform init paln apply in /terraform
- run ansible-playbook ./playbook.yml in project root
- should all be there
example secrets.yml
---
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
32353233383463343538313561633230396461613933333639616133383232306665616538376235
3962626262313163346131626661373466326262323035360a643830653933623161323838313366
66393539663461373963613264343138663631613263343634653934303236353466343634313830
3633343966363364340a313930646232343135383663643365393433616431313663646563393938
3038
duckdns_token: blah blah blah
grafana_security:
admin_user: olivia
admin_password: 1234