projects/arvandor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
arvandor/docs/getting-started.md
Damien Coles 0c77379ab3 public-ready-init
2026-01-26 00:44:31 -05:00

198 lines
4.1 KiB
Markdown
Raw Permalink Blame History

# Getting Started
This guide walks through setting up Arvandor from scratch.
## Prerequisites
### Proxmox Host
- Proxmox VE 7.x or 8.x
- Two network bridges:
- `vmbr0` - Public interface
- `vmbr1` - Internal VM network (192.168.100.0/24)
- IP forwarding enabled
### VM Template
Create an Arch Linux template (VMID 9000):
1. Download Arch Linux ISO
2. Create VM, install Arch with basic setup
3. Install `openssh`, `python` (for Ansible)
4. Enable cloud-init or configure static user
5. Convert to template
### Local Tools
```bash
# Terraform
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform
# Ansible
pip install ansible
# Nebula
wget https://github.com/slackhq/nebula/releases/download/v1.9.0/nebula-linux-amd64.tar.gz
tar xzf nebula-linux-amd64.tar.gz
sudo mv nebula nebula-cert /usr/local/bin/
```
## Step 1: Configure Terraform
```bash
cd terraform
# Copy example configuration
cp terraform.tfvars.example terraform.tfvars
# Edit with your values
vim terraform.tfvars
```
Required variables:
- `proxmox_endpoint` - Your Proxmox API URL
- `proxmox_api_token_id` - API token ID
- `proxmox_api_token_secret` - API token secret
- `proxmox_node` - Node name (e.g., "pve")
- `username` - Default VM username
- `password` - Default VM password
- `ssh_key_path` - Path to your SSH public key
## Step 2: Create Proxmox API Token
In Proxmox:
1. Datacenter → Permissions → API Tokens
2. Add token for a user with `PVEAdmin` or `Administrator` role
3. Copy the token ID and secret
## Step 3: Generate Nebula CA
```bash
cd nebula
# Generate Certificate Authority
nebula-cert ca -name "Arvandor CA" -duration 87600h
# This creates:
# - ca.crt (share with all hosts)
# - ca.key (keep secure!)
```
## Step 4: Provision VMs
```bash
cd terraform
terraform init
terraform plan
terraform apply
```
This creates all VMs defined in the .tf files.
## Step 5: Generate Nebula Certificates
For each VM, generate a certificate:
```bash
cd nebula
# DNS server
nebula-cert sign -ca-crt ca.crt -ca-key ca.key \
-name "dns" -networks "10.10.10.11/24" -groups "infrastructure" \
-out-crt configs/1001/dns/dns.crt \
-out-key configs/1001/dns/dns.key
# Repeat for all VMs...
```
## Step 6: Configure Ansible Inventory
```bash
cd ansible
cp inventory.ini.example inventory.ini
vim inventory.ini
```
Update:
- VM hostnames and IPs
- SSH jump host configuration
- Infrastructure variables
## Step 7: Bootstrap VMs
Run playbooks in order:
```bash
# Update packages, reboot if kernel changed
ansible-playbook -i inventory.ini playbooks/bootstrap.yml
# Configure iptables and fail2ban
ansible-playbook -i inventory.ini playbooks/security.yml
# Join Nebula overlay network
ansible-playbook -i inventory.ini playbooks/nebula.yml
```
## Step 8: Deploy Core Services
```bash
# DNS (required for hostname resolution)
ansible-playbook -i inventory.ini playbooks/dns.yml
ansible-playbook -i inventory.ini playbooks/dns-client.yml
# PostgreSQL HA cluster
ansible-playbook -i inventory.ini playbooks/postgres-ha.yml
# Valkey with Sentinel
ansible-playbook -i inventory.ini playbooks/valkey-sentinel.yml
# Garage S3 storage
ansible-playbook -i inventory.ini playbooks/garage.yml
```
## Step 9: Configure Host Port Forwarding
On the Proxmox host:
```bash
# Copy and configure the script
cp network/port-forward.sh.example /root/network/port-forward.sh
chmod +x /root/network/port-forward.sh
vim /root/network/port-forward.sh
# Test
./port-forward.sh --dry-run
# Apply
./port-forward.sh
```
## Verification
Test connectivity:
```bash
# SSH to VM via Nebula
ssh admin@10.10.10.11
# Test DNS resolution
dig @10.10.10.11 vault-01.nebula
# Test PostgreSQL
psql -h 10.10.10.30 -U postgres -c "SELECT 1"
# Test Valkey
valkey-cli -h 10.10.10.33 PING
```
## Next Steps
- Add your application VMs to `terraform/workloads.tf`
- Create services in `ansible/services.yml`
- Provision app credentials with `data-service.yml`
Reference in New Issue View Git Blame Copy Permalink