Infrastructure Docs Startpage

Infrastructure repository with configs and docs for my local workstations, my homelab with tool server and RasPi nodes and my public cloud-hosted website.

Github Badge Github Badge

Requirements Overview

paradigms.drawio

  1. Centrally manage all my infrastructure components.

Quality Goals

  1. Run test, scans and validations automatically with Github Actions

    1. Everything inside this repo is linted and validated

    2. Docker builds are tested regularly

    3. Container images are scanned for vulerabilities

  2. Encapsulate as much as possible inside Docker Containers and/or Vagrantboxes to ensure (broken) updates can easily be rolled back and the setup is portable in case I have to reset my workstation or have to switch to another workstation.

    1. Add or update packages without any risk → avoid having to repair broken installations (dumping the broken setup and reverting to a working one is preferred).

    2. Instead of using e.g. apt-get install, use Docker Containers and create a Symlink in /usr/bin to a wrapper-script which delegates commands to a Docker container.

Technologies used in this project

The following technologies are the big building blocks of this project. Other technologies and helpers like several linters although being useful and essential as well don’t qualify as building block technologies and are not listed here.

Technology Purpose Website

Ansible

Provisioning and configuration for server nodes (physical, virtual and RasPi) on my homelab

https://www.ansible.com/

Asciidoc & Antora

Docs as Code for this project

https://asciidoc.org & https://antora.org

Bash scripts

Automate installations, wrap commands into repeatable scripts, utilities, etc.

-

Docker & Docker Compose

Run containers on on my local workstation and in Vagrantboxes

https://www.docker.com & https://hub.docker.com

Terraform

Provision Cloud Infrastructure and local services on my toolserver

https://www.terraform.io

Vagrant

Virtual machines on my toolserver

https://www.vagrantup.com

Github Settings

Protect main branch by checking "Require status checks to pass before merging" and "Require branches to be up to date before merging" in Settings > Branches > main for each repo.

Gitpod Settings

Configure envorinment variables for all Gitpod worpspaces at https://gitpod.io/variables.

Variable Value Scope Info

LOG_DONE

[\e[32mDONE\e[0m]

/*/

Log level (used for console outputs)

LOG_ERROR

[\e[1;31mERROR\e[0m]

/*/

Log level (used for console outputs)

LOG_INFO

[\e[34mINFO\e[0m]

/*/

Log level (used for console outputs)

LOG_WARN

[\e[93mWARN\e[0m]

/*/

Log level (used for console outputs)

Y

\e[93m

/*/

Yellow text

P

\e[35m

/*/

Pink text

D

\e[0m

/*/

Text in default color (white)

DockerHub Settings

  1. Go to "hub.docker.com → Account Settings → Security" and set up an Access Token to use with Github Actions.

  2. Go to "repository "infrastructure" on github.com → Settings → Secrets → Actions and add two secrets to log in to DockerHub from a Github Actions pipeline

    1. DOCKERHUB_USER = sommerfeldio

    2. DOCKERHUB_USER = <THE_TOKEN_FROM_DOCKERHUB>

Container Scanning with Snyk

In order to use the Snyk Action you will need to have a Snyk API token. More details in https://github.com/snyk/actions#getting-your-snyk-token or you can signup for free at https://snyk.io/login.

  1. Create a SNYK_TOKEN secret in Github the same way you created the DockerHub secrets.

Snyk can be used to break the build when it detects vulnerabilities. In this case we want to continue-on-error: true to upload the issues to GitHub Code Scanning.

Integrate Slack with Github Actions

Some pipelines send their build status and sometimes other messages to slack.

  1. For custom messsages use action slack-send → Technique 2: Slack App.This creates (among other things) the SLACK_BOT_TOKEN secret.

    1. Direct Link to Slack App Management Console = https://api.slack.com/apps

  2. For build status messages use https://github.com/marketplace/actions/post-workflow-status-to-slack.