Light

cjxgm / infra Goto Github PK

View Code? Open in Web Editor NEW

1.0 3.0 0.0 54 KB

Arch Linux servers automation infrastructure

Home Page: https://cjprods.org

Makefile 14.02% Shell 85.98%

automation server archlinux systemd pkgbuild makepkg repository github-releases

infra's Introduction

infra: Arch Linux servers automation infrastructure for cjprods.org

The goal is to automate the configuration of Arch Linux servers at cjprods.org.

Utilize systemd to its full potential.
- Socket activation
- Generators (dynamic unit files and drop-ins)
- Compartmentization (security sandboxing, DynamicUser, etc.)
- Only requires a Stateless System
Utilize pacman (alpm, Arch Linux Package Manager) to its full potential.
- alpm hooks
Use GitHub Release as an Arch Linux repository.
Support for hiding secrets for certain situations (like passwords and keys).
Reusable: Everyone can setup their own automation based on this project.
- Keep as most things in plaintext as possible. Only sensitive parts (passwords, open ports, etc.) are encrypted.
- Every encrypted file secret-* has a corresponding example plaintext file example-secret-*.

Setup pacman for local access

# /etc/pacman.conf
[infra]
SigLevel = Optional TrustAll
Server = https://cjprods.org/infra-repo

Setup a new server

Setup pacman for packages

# /etc/pacman.conf
[infra]
SigLevel = Optional TrustAll
Server = https://github.com/cjxgm/infra/releases/download/latest

Prepare private key

Put the private key as secret.pem, then package the private key:

make makepkg-private-key

Upload and install the private key package build/repo/infra-private-key-*.pkg.tar.xz manually.

Now, pacman -Syu, then install any wanted packages. All packages provided by this repo has a prefix of infra-.

Setup git for accessing secrets

Put the private key in secret.pem.
Run make setup.
After editing secret-* files, it's better (for now) to run make unsetup to cancel the effect so that rebasing won't conflict that much.

About various keys

The private key is used for encrypting the decryption key.
The encrypted decryption key is secret.key.
The decryption key (with the private key) is used to decrypting secrets.

infra's People

Contributors

Stargazers

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.