This project will discover and provide orchestration and instruction to the various servers in the AniNIX ecosystem. It's named after the S'Jet carrier Kapisi from the game "Homeworld: Deserts of Kharak".
Go to file
2024-04-04 13:15:38 -05:00
bin Moving VMs to Host cpu emulation 2024-04-04 13:15:38 -05:00
examples AniNIX/Wiki#21 -- effecting renames for policy 2024-04-01 00:44:23 -05:00
playbooks AniNIX/Wiki#21 -- effecting renames for policy 2024-04-01 00:44:23 -05:00
precommit-hooks Adding enforcement exit code 2024-01-18 12:04:30 -06:00
roles Moving VMs to Host cpu emulation 2024-04-04 13:15:38 -05:00
.gitignore AniNIX/Wiki#21 -- effecting renames for policy 2024-04-01 00:44:23 -05:00
LICENSE Initial commit 2019-12-06 13:57:27 -06:00
Makefile Hooks catch-up 2023-11-30 02:44:01 -06:00
PKGBUILD Virtualizing Core host as Yggdrasil VM 2023-12-07 13:28:54 -06:00
README.md Update for automated response around poorly behaving archlinux-keyring weekly timer; rename Sora role to Password 2024-03-07 12:27:21 -06:00
requirements.txt Updating Ubiqtorate 2020-10-08 16:33:19 -05:00

This project is our Infrastructure-as-Code solution, detailing the deployment & some repeatable operational tasks of the AniNIX.

Etymology

It is named after flagship carrier Kapisi from the game Homeworld: Deserts of Kharak. The carrier was the command and production center of Operation Khadiim, an expedition to understand an anomaly on their world & escape the fanaticism of their Gaalsien rivals. The S'jet were able to succeed in this mission not only due to the military efficacy of their forces but also through the research and production capabilities available to the Kapisi.

This project seeks to give other admins and engineers to launch their own infrastructures and break out of any strangleholds that may have entangled them, whether that is tribalism, vendor lock, or stigma.

Relevant Files and Software

This project expects that you use an Ansible vault for credentials. Create one and add this to your .bashrc.

export ANSIBLE_VAULT_PASSWORD_FILE=$HOME/password-store/${organization}.vault.password
export ANSIBLE_VAULT_FILE=$HOME/password-store/${organization}.vault

Take a look at examples/msn0.yml as an example inventory -- make sure you populate one of your own. The scripts here expect inventories to have layers of groups -- the top group under all must be managed vs. unmanaged. The rest of the scripts use YAMLPath to sort out the rest of the groups.

Once you have your vault and inventory, use AniNIX/ShadowArch with your hypervisor to provision the base image for your machines, or Raspbian.

Then, use the SSH key playbook to copy your key and the deploy playbook to set things up.

ansible-playbook -i your-inventory.yml playbooks/sshkey.yml
ansible-playbook -i your-inventory.yml playbooks/deploy.yml

We've also added two scripts in ./bin to make your life easier:

  • full-deploy: This is the general role. If you are creating an AniNIX replica, once you have your inventory and vault populated, then you can run this script to push everything. This is also optimal when rotating vault secrets or other global tasks. This is effectively standardizing invocation of our overall deployment playbook.
  • deploy-role: When you are updating a specific role, use this script to push that role to your group. Ideally, this should only be used to push a role that you have been working on to a target group in your inventory that's already tagged for the role in the deployment playbook.

Happy hacking!

Etymology

The Ubiqtorate was a far-reaching security orchestration entity within Palpatine's Empire. It was mean to collect and act on intelligence to improve the security posture of the regime. We use this project similarly -- Ubiqtorate is the Infrastructure-as-Code behind the throne, making changes and ensuring services stay in line.

Relevant Files and Software

This project is mostly built on Ansible. You will need to understand inventories, playbooks, and vaults at the minimum.

Available Clients

None -- this project is used to describe actions for other services to take.

Equivalents or Competition

Similar tools include Puppet, chef, salty, Ansible Tower, Terraform, etc. We have chosen to go the raw Ansible route, so that we don't have to maintain the build infrastructure separately and to make our responses more agile.

Exceptions

Some services, such as AniNIX/Sharingan and AniNIX/Geth, store their configuration in internal datastructures and databases such that we cannot easily export our build for others to use. We will document what we have done for each of these as best we can in the README.md files for others to replicate. Backups of these services into AniNIX/Aether are therefore dumps of these databases and not available to share.