Sysadmin
Continuing on the path towards all my stuff being managed by Ansible, I’ve figured out a method of managing the reverse DNS entries for subnets on the Hetzner Dedicated Server.
There’s a bunch of Ansible modules for handling Hetzner Cloud, but these servers are managed in Robot which the Cloud API doesn’t cover. Instead, you need to use the Robot Webservice.
Ansible does have a module for doing pretty arbitrary things with web APIs though, so using that I’ve got the following playbook figured out to keep the reverse DNS entries in sync:
I’ve been doing a lot of consolidation and simplification in an effort to reduce the amount of brain I have to expend on various tasks and responsibilities. I think it’s working.
Last week I wrote about Ansible for Tor Metrics. I’ve also been working on Ansible for my own stuff. Some of the things I’ve been working on include:
consistent user account setup and synchronised SSH public keys consistent privilege escalation (doas on OpenBSD, sudo on Debian) all hosts are backed up via BackupPC all hosts are monitored in Nagios If you want to check out this stuff as it evolves, I’ve pushed it to git.
I never finished this blog post, but I'm hitting publish anyway, maybe something in here is useful. If you were looking for a complete guide then this isn't going to be what you wanted. I am one person, but I have many roles. I’m starting to find that I’m getting too much information from too many directions. I’m also finding that I don’t have access to certain information when I need it due to operational security issues.