This is the documentation of w4tsn’s Infrastructure, which is the infrastructure for openalchem.ist (my personal infrastructure) and darmstadt.social (a semi-public infrastructure for the city of Darmstadt I live in).
The following pages describe how this whole Ansible infrastructure thing works. This is a highly opinionated setup and depends heavily on the infrastructure of shivering-isles.com for dependency management, CI/CD and container builds.
My infrastructures are version controlled with git and rolled out with a tool called Ansible. Ansible is a declarative configuration management and deployment tool. The state of servers is written down in “simple” YAML files. The “inventory”, a list of all machines Ansible controls, is composed as text file at the root of the repository. Secrets are stored in an encrypted so called
ansible-vault, which are a bunch of more files in the repository and decrypted at rollout. Ansible is agent-less, which means that it only runs when told so and is only installed on machines doing the rollout.
A rollout is done through Ansible playbooks - more declarative YAML files on a higher level of abstraction - which are either executed locally by me or by a bot on my behalf through a continuous-integration pipeline (magic).
Disaster recovery instructions help backup administrators to recover data in case I’m not available.