scottmuc / infrastructure Goto Github PK
View Code? Open in Web Editor NEWDocumentation / Automation for personal third-party infrastructure
License: The Unlicense
Documentation / Automation for personal third-party infrastructure
License: The Unlicense
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
backup stuff if you think you need it.
prepare USB device with a Windows installer.
Here's my primary influence.
Windows update
Install Box Starter
Install my Box Starter Package
Thanks Rich Turner for your excellent example!
Launch Powershell with elevated privileges:
Set-ExecutionPolicy Unrestricted
. { iwr -useb https://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/master/boxstarter.txt
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Reboot laptop and press F12
to load the boot selection menu
Install the OS
bootstrap
with a password bootstrap
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create USB stick with latest macOS
Format a USB (> 16GB) stick and name it UNTITLED
Fetch the latest version of macos from the App Store
Run the following
$ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
Password:
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
Making disk bootable...
Install media now available at "/Volumes/Install macOS Big Sur"
Create credentials for the rebuild
Run create-repave-secrets
with an argument that follows the naming convention of:
machine.<month name>.air
Backup anything worth keeping
Generally, this means look at the following directories for things that I might want to carry over to the fresh
install or possibly consider saving to a cloud service:
Desktop
Documents
Downloads
Reboot to load installer
Hold down the Option key to trigger the boot selection menu.
Install git, clone this repo, and run coalese_this_machine
git # this will trigger the XCode installer which brings git along with it
mkdir ~/workspace
git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
note to speed things up, some of the steps above can be done while coalese_this_machine
is running.
Make a tiny DNS change and run terraform
# Initialize and log into the 1 Password CLI
initialize-1password
eval $(op signin)
# Unlock the repo in order to access values in ./secrets dir
cd ~/workspace/infrastructure
./scripts/locksmith unlock
# Initialize Terraform and apply
cd dns
terraform init
./terraform_apply
Make a signed commit mentioning this issue (exercises gpg_op
)
# Initialize and log into the 1 Password CLI
initialize-1password
eval $(op signin)
gpg_op restore -e "[email protected]"
ssh_op_agent
)As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create SD card with the latest Raspberry Pi OS
Preferrably with a secondary SD Card to keep the current Pi running.
Shut down the PI (to prevent DHCP conflicts)
Enable DHCP on the router and remove port mapping
Enable SSHD via rasp-config
Obtain machine IP via ip a
Ensure a working ansible enviroment
Not much to say except use virtualenv
. I don't have a consistent way to set this up because
my macbook might be my controller, or my windows WSL host will be.
Copy ssh key using ssh-copy-id pi@<pi ip>
Bootstrap with Ansible
ansible-playbook -i 192.168.2.10, --become --ask-become-pass ./bootstrap-playbook.yml
Complete full configuration
./ansible.sh <pi ip>
Disable DHCP on the router
Reboot PI
Add port mapping on the router
Make this template slightly better
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Run repave script from windows host
As an admin, run:
Set-ExecutionPolicy -ExectionPolicy RemoteSigned
Then run:
~/workspace/infrastructure/homedirs/windows/Repave-WSLInstance.ps
Clone and run coalesce script
mkdir ~/workspace && cd ~/workspace
git clone https://github.com/scottmuc/infrastructure.git
cd infrastructure/homedirs/wsl
./coalesce_this_machine
Reboot WSL Instance
In order for /etc/wsl.conf
to take effect we need to restart the
WSL instance.
wsl --shutdown Ubuntu
Initalize 1Password
inialized-1password
Load GPG Keys
opauth
keys
gpg-op restore -e scottATscottmuc.com
Decrypt Repository
./scripts/locksmith unlock
Attempt DNS Change
cd dns
terraform init
# add TXT record to graffiti.scottmuc.com
./terraform_apply
Configure PI (tests ansible)
Make this template slightly better
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create USB stick with latest macOS
Format a USB (> 16GB) stick and name it UNTITLED
Fetch the latest version of macos from the App Store
Run the following
$ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
Password:
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
Making disk bootable...
Install media now available at "/Volumes/Install macOS Big Sur"
Create credentials for the rebuild
Run create-repave-secrets
with an argument that follows the naming convention of:
machine.<month name>.air
Backup anything worth keeping
Generally, this means look at the following directories for things that I might want to carry over to the fresh
install or possibly consider saving to a cloud service:
Desktop
Documents
Downloads
Reboot to load installer
Hold down the Option key to trigger the boot selection menu.
Install git, clone this repo, and run coalese_this_machine
git # this will trigger the XCode installer which brings git along with it
mkdir ~/workspace
git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
note to speed things up, some of the steps above can be done while coalese_this_machine
is running.
Make a tiny DNS change and run terraform
# Initialize and log into the 1 Password CLI
initialize-1password
eval $(op signin my)
# Unlock the repo in order to access values in ./secrets dir
cd ~/workspace/infrastructure
./scripts/locksmith unlock
# Initialize Terraform and apply
./scripts/terraform init dns
./scripts/terraform_apply
Make a signed commit mentioning this issue (exercises gpg_op
)
# Initialize and log into the 1 Password CLI
initialize-1password
eval $(op signin my)
gpg_op restore -e "[email protected]"
ssh_op_agent
)As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
backup stuff if you think you need it.
prepare USB device with a Windows installer.
Here's the latest documentation I followed to make a USB installer.
boot to the USB.
F12
while machine is rebooting to load boot menu.Install Chocolatey
Install BoxStarter
choco install Boxstarter
Install my Box Starter Package
Thanks Rich Turner for your excellent example!
Launch Powershell with elevated privileges:
Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/master/homedirs/windows/boxstarter.ps1
Windows update
Configure Brave
Do the following:
Install and configure Google Drive
Setup Radeon Software
I'm not sure what to do here. Here are a couple helpful links:
Run Novabench
Score should be around:
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create USB stick with latest macOS
Format a USB (> 16GB) stick and name it UNTITLED
Fetch the latest version of macos from the App Store
Run the following
$ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
Password:
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
Making disk bootable...
Install media now available at "/Volumes/Install macOS Big Sur"
Create credentials for the rebuild
Run create-repave-secrets
with an argument that follows the naming convention of:
machine.<month name>.air
Backup anything worth keeping
Generally, this means look at the following directories for things that I might want to carry over to the fresh
install or possibly consider saving to a cloud service:
Desktop
Documents
Downloads
Reboot to load installer
Hold down the Option key to trigger the boot selection menu.
Install git, clone this repo, and run coalese_this_machine
git # this will trigger the XCode installer which brings git along with it
mkdir ~/workspace
git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
note to speed things up, some of the steps above can be done while coalese_this_machine
is running.
Make a tiny DNS change and run terraform
# Initialize and log into the 1 Password CLI
initialize-1password
eval $(op signin my)
# Unlock the repo in order to access values in ./secrets dir
cd ~/workspace/infrastructure
./scripts/locksmith unlock
# Initialize Terraform and apply
./scripts/terraform init dns
./scripts/terraform_apply
Make a signed commit mentioning this issue (exercises gpg_op
)
# Initialize and log into the 1 Password CLI
initialize-1password
eval $(op signin my)
gpg_op restore -e "[email protected]"
ssh_op_agent
)As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
backup stuff if you think you need it.
prepare USB device with a Windows installer.
Here's the latest documentation I followed to make a USB installer.
boot to the USB.
F12
while machine is rebooting to load boot menu.Set machine hostname
This can come in handy for all services that have recorded the machines
hostname for security verification. The timestamp in the name and other
metadata can make future auditing a bit easier.
The convention is YYYYMMDD-something meta.
Test if this can be done in powershell.
Install Chocolatey
Install BoxStarter
choco install Boxstarter
Install Boostrap BoxStarter Package
Thanks Rich Turner for your excellent example!
Launch Powershell with elevated privileges:
Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/main/homedirs/windows/boxstarter.bootstrap.ps1
Windows update
Install Main BoxStarter Package
Thanks Rich Turner for your excellent example!
Launch Powershell with elevated privileges:
Install-BoxstarterPackage -DisableReboots -PackageName $(Join-Path -Path $Env:USERPROFILE -ChildPath "workspace/infrastructure/main/homedirs/windows/boxstarter.ps1")
Configure Brave
Do the following:
Install and configure Google Drive
Turn off all Windows notification sounds
Setup Radeon Software
I'm not sure what to do here. Here are a couple helpful links:
Install and configure Samsung Magician
Download the installer and run it. Enable the performance profile.
Run Novabench
Score should be around:
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create USB stick with latest macOS
Format a USB (> 16GB) stick and name it UNTITLED
Fetch the latest version of macos from the App Store
Run the following
$ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
Password:
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
Making disk bootable...
Install media now available at "/Volumes/Install macOS Big Sur"
Create credentials for the rebuild
Run create-repave-secrets
with an argument that follows the naming convention of:
machine.<month name>.air
Backup anything worth keeping
Generally, this means look at the following directories for things that I might want to carry over to the fresh
install or possibly consider saving to a cloud service:
Desktop
Documents
Downloads
Install git, clone this repo, and run coalese_this_machine
git # this will trigger the XCode installer which brings git along with it
mkdir ~/workspace
git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
note to speed things up, some of the steps above can be done while coalese_this_machine
is running.
Make a tiny DNS change and run terraform
# Initialize and log into the 1 Password CLI
initialize-1password
eval $(op signin my)
# Unlock the repo in order to access values in ./secrets dir
cd ~/workspace/infrastructure
./scripts/locksmith unlock
# Initialize Terraform and apply
./scripts/terraform init dns
./scripts/terraform_apply
Make a signed commit mentioning this issue (exercises gpg_op
)
# Initialize and log into the 1 Password CLI
initialize-1password
eval $(op signin my)
gpg_op restore -e "[email protected]"
ssh_op_agent
)As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create SD card with the latest Raspberry Pi OS
Preferrably with a secondary SD Card to keep the current Pi running.
Ensure a working ansible enviroment
Not much to say except use virtualenv
. I don't have a consistent way to set this up because
my macbook might be my controller, or my windows WSL host will be.
Ensure machine IP is 192.168.2.10
Copy ssh key using ssh-copy-id
Bootstrap with Ansible
ansible-playbook -i 192.168.2.10, --become --ask-become-pass ./bootstrap-playbook.yml
Complete full configuration
ansible-playbook -i 192.168.2.10, --become ./main-playbook.yml
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Delete previous WSL instance if applicable
Ensure WSL2 is being used
Install latest Ubuntu
Clone and run coalesce script
Attempt DNS Change
Initalize 1Password
Configure PI (tests ansible)
Make this template slightly better
coalesce_this_machine
gpg_op
)ssh_op_agent
)As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create USB stick with latest macOS
Format a USB (> 16GB) stick and name it UNTITLED
Fetch the latest version of macos from the App Store
Run the following
$ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
Password:
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
Making disk bootable...
Install media now available at "/Volumes/Install macOS Big Sur"
Create credentials for the rebuild
Run create-repave-secrets
with an argument that follows the naming convention of:
machine.<month name>.air
Backup anything worth keeping
Generally, this means look at the following directories for things that I might want to carry over to the fresh
install or possibly consider saving to a cloud service:
Desktop
Documents
Downloads
Install git, clone this repo, and run coalese_this_machine
git # this will trigger the XCode installer which brings git along with it
mkdir ~/workspace
git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
note to speed things up, some of the steps above can be done while coalese_this_machine
is running.
gpg_op
)ssh_op_agent
)As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Disable DHCP on the PI
Ensure that when we renew our DCHP lease, it comes from our router.
sudo systemctl stop dnsmasq
Enable DHCP on the router and remove port mapping and release/renew IP address
Windows: ipconfig /release
and then ipconfig /renew
Shutdown PI
Make sure the USB drive has spun down before doing any work.
sudo shutdown -h now
Create SD card with the latest Raspberry Pi OS
Using the SD card in the now powered down PI.
The new installer has options to enable SSH and create a user.
note check if the underlying Debian distribution is changing as this might result
in some issues in the playbook execution.
The Bullseye 64-bit lite image seems to work for now.
Ensure a working ansible enviroment
Not much to say except use virtualenv
. I don't have a consistent way to set this up because
my macbook might be my controller, or my windows WSL host will be.
Turn on the PI and note the IP obtained from the Router
Transfer local public ssh key to PI
In order to avoid the use of sshpass
, copy the current sessions public ssh key to
to ./ssh/authorized_keys
of the pi
user on the PI. This user is only necessary to
run the bootstrap playbook (which creates an admin ansible
user) and will be subsequently
cleaned up.
ssh-copy-id pi@<pi ip>
Bootstrap with Ansible
./ansible.sh bootstrap -i <pi ip>
Add the PI port forwarding
Needed for the certbot
ACME challenge in the next step.
Complete full configuration
./ansible.sh apply -i <pi ip>
Reboot PI
Re-add port mapping to the static IP
Disable DHCP on the router
Deploy goodenoughmoney.com
Create pi
Samba user
Run the following on the PI
sudo smbpasswd -a smbrw
https://www.goodenoughmoney.com/ displays stuff
https://home.scottmuc.com/music/ loads navidrome and the music is playable
https://home.scottmuc.com/prometheus/ loads and has data
https://home.scottmuc.com/grafana/ loads and has data
Z:\ on my Windows PC works
ipconfig /release
and then ipconfig /renew
works
nslookup analytics.google.com
is refused
Print out newly repaved machine details
cat /etc/os-release && uname -a
My local DNS server is only listening on IPv4. At the moment, my Windows PC prefers IPv6 so it ends up using my routers DNS server instead.
This looks straightforward enough with powershell: https://giritharan.com/disable-ipv6/
A comment in that article links to Microsoft's recommendation to not disable IPv6 but to lower its priority: https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users
I really don't know too much about IPv6 except that one of the things it is trying to solve the scarcity of IPv4 addresses. It appears that it's bringing a lot more features and changes that I believe one needs to understand before implementing it in their home: https://www.youtube.com/watch?v=z7Al3P8ShM8. Some admin perspectives are discussed here: https://2.5admins.com/2-5-admins-05/
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Delete previous WSL instance if applicable
Ensure WSL2 is being used
Install latest Ubuntu
Clone and run coalesce script
Initalize 1Password
Attempt DNS Change
Configure PI (tests ansible)
Make this template slightly better
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
backup stuff if you think you need it.
prepare USB device with a Windows installer.
Here's the latest documentation I followed to make a USB installer.
boot to the USB.
F12
while machine is rebooting to load boot menu.Set machine hostname
This can come in handy for all services that have recorded the machines
hostname for security verification. The timestamp in the name and other
metadata can make future auditing a bit easier.
The convention is YYYYMMDD-something meta.
Test if this can be done in powershell.
Install Chocolatey
Install BoxStarter
choco install Boxstarter
Install my Box Starter Package
Thanks Rich Turner for your excellent example!
Launch Powershell with elevated privileges:
Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/master/homedirs/windows/boxstarter.ps1
Windows update
Configure Brave
Do the following:
Install and configure Google Drive
Turn off all Windows notification sounds
Setup Radeon Software
I'm not sure what to do here. Here are a couple helpful links:
Install and configure Samsung Magician
Download the installer and run it. Enable the performance profile.
Run Novabench
Score should be around:
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Delete previous WSL instance if applicable
Ensure WSL2 is being used
Install latest Ubuntu
Clone and run coalesce script
Initalize 1Password
Attempt DNS Change
Configure PI (tests ansible)
Make this template slightly better
A chat with some friends started with a post about monospace font selection: https://www.tbray.org/ongoing/When/202x/2023/02/09/Monospace
Given all the workstation automation I have, I can't say I'm satisfied with my devx (development experience). It's ok, but it's got some issues that I'd like to improve.
Objectives:
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Reboot laptop and press F12
to load the boot selection menu
Install the OS
bootstrap
with a password bootstrap
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Disable DHCP on the PI
Ensure that when we renew our DCHP lease, it comes from our router.
sudo systemctl stop kea-dhcp4-server
Enable DHCP on the router and remove port mapping and release/renew IP address
Windows: ipconfig /release
and then ipconfig /renew
Shutdown PI
Make sure the USB drive has spun down before doing any work.
sudo shutdown -h now
Create SD card with the latest Raspberry Pi OS
Using the SD card in the now powered down PI.
The new installer has [options][installer-options] to enable SSH and create a user.
Ensure a working ansible enviroment
Not much to say except use virtualenv
. I don't have a consistent way to set this up because
my macbook might be my controller, or my windows WSL host will be.
Turn on the PI and note the IP obtained from the Router
Transfer local public ssh key to PI
In order to avoid the use of sshpass
, copy the current sessions public ssh key to
to ./ssh/authorized_keys
of the pi
user on the PI. This user is only necessary to
run the bootstrap playbook (which creates an admin ansible
user) and will be subsequently
cleaned up.
ssh-copy-id pi@<pi ip>
Bootstrap with Ansible
./ansible.sh bootstrap -i <pi ip>
Add the PI port forwardi
Needed for the certbot
ACME challenge in the next step.
Complete full configuration
./ansible.sh apply -i <pi ip>
Reboot PI
Re-add port mapping to the static IP
Disable DHCP on the router
Deploy goodenoughmoney.com
Create pi
Samba user
Run the following on the PI
sudo smbpasswd -a smbrw
Deploy navidrome
run navidrome.sh
as root
on the PI
https://www.goodenoughmoney.com/ displays stuff
https://home.scottmuc.com/music/ loads navidrome and the music is playable
Z:\ on my Windows PC works
ipconfig /release
and then ipconfig /renew
works
nslookup analytics.google.com
is refused
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Run repave script from windows host
As an admin, run:
Set-ExecutionPolicy -ExectionPolicy RemoteSigned
Then run:
~/workspace/infrastructure/homedirs/windows/Repave-WSLInstance.ps
Clone and run coalesce script
mkdir ~/workspace && cd ~/workspace
git clone https://github.com/scottmuc/infrastructure.git
cd infrastructure/homedirs/wsl
./coalesce_this_machine
Initalize 1Password
As an admin, run:
Set-ExecutionPolicy -ExectionPolicy RemoteSigned
Then run:
~/workspace/infrastructure/homedirs/windows/Repave-WSLInstance.ps
Attempt DNS Change
Configure PI (tests ansible)
Make this template slightly better
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Disable DHCP on the PI
Ensure that when we renew our DCHP lease, it comes from our router.
sudo systemctl stop kea-dhcp4-server
Enable DHCP on the router and remove port mapping and release/renew IP address
Windows: ipconfig /release
and then ipconfig /renew
Shutdown PI
Make sure the USB drive has spun down before doing any work.
sudo shutdown -h now
Create SD card with the latest Raspberry Pi OS
Touch ssh
on the boot volume of the SD Card
See this handy post for details. This requires disconnecting the SD card and
plugging it back in so it gets mounted in Windows.
Ensure a working ansible enviroment
Not much to say except use virtualenv
. I don't have a consistent way to set this up because
my macbook might be my controller, or my windows WSL host will be.
Turn on the IP and note the IP obtained from the Router
Transfer local public ssh key to PI
In order to avoid the use of sshpass
, copy the current sessions public ssh key to
to ./ssh/authorized_keys
of the pi
user on the PI. This user is only necessary to
run the bootstrap playbook (which creates an admin ansible
user) and will be subsequently
cleaned up.
ssh-copy-id pi@<pi ip>
Bootstrap with Ansible
./ansible.sh bootstrap -i <pi ip>
Add the PI port forwardi
Needed for the certbot
ACME challenge in the next step.
Complete full configuration
./ansible.sh apply -i <pi ip>
Reboot PI
Re-add port mapping to the static IP
Disable DHCP on the router
Deploy goodenoughmoney.com
Create pi
Samba user
Run the following on the PI
sudo smbpasswd -a pi
Deploy navidrome
run navidrome.sh
as root
on the PI
https://www.goodenoughmoney.com/ displays stuff
https://home.scottmuc.com/music/ loads navidrome and the music is playable
Z:\ on my Windows PC works
ipconfig /release
and then ipconfig /renew
works
nslookup analytics.google.com
is refused
This pipeline should run and work:
jobs:
- name: job-hello-world
public: true
plan:
- task: hello-world
config:
platform: linux
image_resource:
type: docker-image
source: {repository: busybox}
run:
path: echo
args: [hello world]
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for home.scottmuc.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (home.scottmuc.com) from /etc/letsencrypt/renewal/home.scottmuc.com.conf produced an unexpected error: Failed authorization procedure. home.scottmuc.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://home.scottmuc.com/.well-known/acme-challenge/33uZzzmjw2SNBd19IpQ2bK_UgSoIl9jF1iL644fpBsg [79.244.147.235]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.goodenoughmoney.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.goodenoughmoney.com
Cleaning up challenges
Attempting to renew cert (www.goodenoughmoney.com) from /etc/letsencrypt/renewal/www.goodenoughmoney.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for www.goodenoughmoney.com:. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/home.scottmuc.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.goodenoughmoney.com/fullchain.pem (failure)
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Enable DHCP on the router and remove port mapping and release/renew IP address
Create SD card with the latest Raspberry Pi OS
Preferrably with a secondary SD Card to keep the current Pi running.
ssh
on the boot volume of the SD CardEnsure a working ansible enviroment
Not much to say except use virtualenv
. I don't have a consistent way to set this up because
my macbook might be my controller, or my windows WSL host will be.
Note the IP the PI obtained from the Router
Bootstrap with Ansible
./ansible.sh bootstrap -i <pi ip>
Add the PI port forwarding
Complete full configuration
./ansible.sh apply -i <pi ip>
Reboot PI
Re-add port mapping to the static IP
Disable DHCP on the router
Deploy goodenoughmoney.com
Create pi
Samba user
Run the following on the PI
sudo smbpasswd -a pi
Deploy navidrome
run navidrome.sh
as root
on the PI
https://www.goodenoughmoney.com/ displays stuff
https://home.scottmuc.com/music/ loads navidrome and the music is playable
Z:\ on my Windows PC works
ipconfig /release
and then ipconfig /renew
works
nslookup analytics.google.com
is refused
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create SD card with the latest Raspberry Pi OS
Preferrably with a secondary SD Card to keep the current Pi running.
Note the IP assigned to the PI during the OS install
Enable SSHD via rasp-config
Ensure a working ansible enviroment
Not much to say except use virtualenv
. I don't have a consistent way to set this up because
my macbook might be my controller, or my windows WSL host will be.
Copy ssh key using ssh-copy-id pi@<pi ip>
Bootstrap with Ansible
./ansible.sh bootstrap -i <pi ip>
Complete full configuration
./ansible.sh apply -i <pi ip>
Reboot PI
Add port mapping on the router
Disable DHCP on the router
Make this template slightly better
In #41. there were issues installing kea-dhcp-server
on the new Raspian image. dnsmasq
has the features I need and it's installable.
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
backup stuff if you think you need it.
prepare USB device with a Windows installer.
Here's my primary influence.
boot to the USB.
F12
while machine is rebooting to load boot menu.Install Chocolatey
Install BoxStarter
choco install Boxstarter
Install my Box Starter Package
Thanks Rich Turner for your excellent example!
Launch Powershell with elevated privileges:
Install-BoxstarterPackage -DisableReboots -PackageName https://github.com/scottmuc/infrastructure/blob/master/homedirs/windows/boxstarter.ps1
The data stored after the attempted sync looks like the following:
~/workspace/infrastructure/homedirs/osx/bin ? cat ~/.config/deep-pockets/data.json
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: SII91F3ePlSLaTlOoaEuER7cr3hpJpbQx-AHsXuNING_YAROCzUepw==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>%
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Create USB stick with latest macOS
Format a USB (> 16GB) stick and name it UNTITLED
Fetch the latest version of macos from the App Store
Run the following
$ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
Password:
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
Making disk bootable...
Install media now available at "/Volumes/Install macOS Big Sur"
Create credentials for the rebuild
Run create-repave-secrets
with an argument that follows the naming convention of:
machine.<month name>.air
Backup anything worth keeping
Generally, this means look at the following directories for things that I might want to carry over to the fresh
install or possibly consider saving to a cloud service:
Desktop
Documents
Downloads
Install git, clone this repo, and run coalese_this_machine
git # this will trigger the XCode installer which brings git along with it
mkdir ~/workspace
git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
note to speed things up, some of the steps above can be done while coalese_this_machine
is running.
gpg_op
)ssh_op_agent
)coalesce_this_machine
gpg_op
)ssh_op_agent
)coalesce_this_machine
gpg_op
)ssh_op_agent
)backup stuff if you think you need it.
I'm starting to grow some machine specific configuration management setup that is creating a spread of Not Invented Here (NIH) installers. Rather than having a language version manager for every language, asdf
can be the one to rule them all. My bias is usually for language specific things, but I feel this might be a good level of abstraction.
Things I want to see if asdf
can manage for me are:
I much prefer project level scope tool declaration over machine level.
asdf
project page: https://asdf-vm.com/
coalesce_this_machine
gpg_op
)ssh_op_agent
)I want to repurpose my macbook Airr which means I won't have a stable unix-terminal to perform my routine administration of my home network.
This must be easily replicated upon re-pave.
I can update my DNS records via my existing unix tool-chain.
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Disable DHCP on the PI
Ensure that when we renew our DCHP lease, it comes from our router.
sudo systemctl stop kea-dhcp4-server
Enable DHCP on the router and remove port mapping and release/renew IP address
Windows: ipconfig /release
and then ipconfig /renew
Shutdown PI
Make sure the USB drive has spun down before doing any work.
sudo shutdown -h now
Create SD card with the latest Raspberry Pi OS
Using the SD card in the now powered down PI.
The new installer has options to enable SSH and create a user.
note check if the underlying Debian distribution is changing as this might result
in some issues in the playbook execution.
Ensure a working ansible enviroment
Not much to say except use virtualenv
. I don't have a consistent way to set this up because
my macbook might be my controller, or my windows WSL host will be.
Turn on the PI and note the IP obtained from the Router
Transfer local public ssh key to PI
In order to avoid the use of sshpass
, copy the current sessions public ssh key to
to ./ssh/authorized_keys
of the pi
user on the PI. This user is only necessary to
run the bootstrap playbook (which creates an admin ansible
user) and will be subsequently
cleaned up.
ssh-copy-id pi@<pi ip>
Bootstrap with Ansible
./ansible.sh bootstrap -i <pi ip>
Add the PI port forwarding
Needed for the certbot
ACME challenge in the next step.
Complete full configuration
./ansible.sh apply -i <pi ip>
Reboot PI
Re-add port mapping to the static IP
Disable DHCP on the router
Deploy goodenoughmoney.com
Create pi
Samba user
Run the following on the PI
sudo smbpasswd -a smbrw
https://www.goodenoughmoney.com/ displays stuff
https://home.scottmuc.com/music/ loads navidrome and the music is playable
https://home.scottmuc.com/prometheus/ loads and has data
https://home.scottmuc.com/grafana/ loads and has data
Z:\ on my Windows PC works
ipconfig /release
and then ipconfig /renew
works
nslookup analytics.google.com
is refused
Print out newly repaved machine details
cat /etc/os-release && uname -a
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
backup stuff if you think you need it.
prepare USB device with a Windows installer.
Here's the latest documentation I followed to make a USB installer.
boot to the USB.
F12
while machine is rebooting to load boot menu.Set machine hostname
This can come in handy for all services that have recorded the machines
hostname for security verification. The timestamp in the name and other
metadata can make future auditing a bit easier.
The convention is YYYYMMDD-something meta.
Test if this can be done in powershell.
Install Chocolatey
Install BoxStarter
choco install Boxstarter
Install my Box Starter Package
Thanks Rich Turner for your excellent example!
Launch Powershell with elevated privileges:
Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/master/homedirs/windows/boxstarter.ps1
Windows update
Configure Brave
Do the following:
Install and configure Google Drive
Turn off all Windows notification sounds
Setup Radeon Software
I'm not sure what to do here. Here are a couple helpful links:
Install and configure Samsung Magician
Download the installer and run it. Enable the performance profile.
Run Novabench
Score should be around:
Run WSL
At the moment, navidrome
is launched as follows:
cd /opt/navidrome
sudo -u navidrome nohup ./run.sh &> /mnt/usb/navidrome/logs/navidrome.log &
It's time to integrate this with systemd
now. There's some good instructions on how to do this.
Issue documented here: go-gandi/terraform-provider-gandi#39
As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!
Run repave script from windows host
As an admin, run:
Set-ExecutionPolicy -ExectionPolicy RemoteSigned
Then run:
~/workspace/infrastructure/homedirs/windows/Repave-WSLInstance.ps
Clone and run coalesce script
mkdir ~/workspace && cd ~/workspace
git clone https://github.com/scottmuc/infrastructure.git
cd infrastructure/homedirs/wsl
./coalesce_this_machine
Reboot WSL Instance
In order for /etc/wsl.conf
to take effect we need to restart the
WSL instance.
wsl --shutdown Ubuntu
Initalize 1Password
inialized-1password
Load GPG Keys
opauth
keys
gpg-op restore -e scottATscottmuc.com
Decrypt Repository
./scripts/locksmith unlock
Attempt DNS Change
cd dns
terraform init
# add TXT record to graffiti.scottmuc.com
./terraform_apply
Configure PI (tests ansible)
Clone all the repos (mr checkout
)
Ensure tldr
works
Ensure deploy.sh
of goodenoughmoney.com works
Make this template slightly better
I haven't done much journalling when doing Windows repaves. That's going to change now!
To ensure good browser experiences for everyone (some browsers I believe will add www. by default)
Setup CNAME for domain to point to www.
which will be the A record.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.