# Legal Notice This is part of A13Labs project, any unauthorized copy is no allowed. If you got access to this code DELETE immediately. We have been warned. # Updating Nextcloud ``` # Enable maintenance /bin/occ maintenance:mode --on # Update config.tf # Apply # Run maintenance operations ./bin/occ upgrade ./bin/occ db:add-missing-columns ./bin/occ db:add-missing-indices ./bin/occ db:add-missing-primary-keys # Disable maintenance ./bin/occ maintenance:mode --off ``` # Contabo CLI Download latest version from [here](https://github.com/contabo/cntb/releases). Setup: ``` sectool exec cntb get instances --oauth2-clientid="$CONTABO_CLIENT_ID" --oauth2-client-secret="$CONTABO_CLIENT_SECRET" --oauth2-user="$CONTABO_API_USER" --oauth2-password="$CONTABO_API_PASSWORD" ``` # Windows ## Create a Dedicated “Ansible” User (One-Time Setup) — Linux ``` # Create the provision user (Debian/Ubuntu) sudo useradd -m -s /bin/bash -G sudo provision sudo passwd provision # OR (RHEL/CentOS/Fedora) sudo useradd -m -s /bin/bash -G wheel provision sudo passwd provision ``` ``` # Allow passwordless sudo for the provision user (recommended for Ansible) echo 'provision ALL=(ALL) NOPASSWD:ALL' | sudo tee /etc/sudoers.d/provision sudo chmod 440 /etc/sudoers.d/provision # Or edit safely: sudo visudo -f /etc/sudoers.d/provision # and add: # provision ALL=(ALL) NOPASSWD:ALL ``` ``` # Install SSH authorized key for the provision user (recommended over passwords) sudo -u provision mkdir -p /home/provision/.ssh sudo -u provision chmod 700 /home/provision/.ssh echo "" | sudo -u provision tee /home/provision/.ssh/authorized_keys sudo -u provision chmod 600 /home/provision/.ssh/authorized_keys ``` Notes: - Replace with the actual public key. - Use a strong password if you must set one; prefer SSH keys. - For tighter security, restrict the sudoers entry to only the commands Ansible requires instead of ALL. - Validate sudoers syntax with visudo to avoid lockout. ## Configure windows to allow Ansible to connect via WinRM Copy the script located in scripts "ConfigureRemotingForAnsible.ps1" and run it on the target machine. ``` Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass .\ConfigureRemotingForAnsible.ps1 ``` # Using MSYS2 Upgrade your system: ``` pacman -Syu ``` Install the following packages: ``` mingw-w64-ucrt-x86_64-go mingw-w64-ucrt-x86_64-make mingw-w64-ucrt-x86_64-python ucrt-w64-ucrt-x86_64-gcc mingw-w64-ucrt-x86_64-python-cryptography mingw-w64-ucrt-x86_64-python-paramiko mingw-w64-ucrt-x86_64-python-rpds-py python-lxml mingw-w64-ucrt-x86_64-python-ruamel-yaml mingw-w64-ucrt-x86_64-python-sspilib unzip ``` Create a python environment use: ``` python -m venv .venv --system-site-packages ``` # macOS Dev Station Use the repository hybrid flow: bootstrap once with shell script, then manage day-2 changes with Ansible. ## 1) Bootstrap prerequisites on the Mac ``` ./scripts/setup-dev-station.sh ``` This installs only prerequisites (Homebrew, base tools, Ansible) and avoids persistent shell side effects. ## 2) Configure the Mac with Ansible 1. Add or adjust the host in `inventory/hosts` under `[darwin_dev]`. 2. Configure host vars in `ansible/host_vars/mac-01.lab.alexpires.me.yml`. 3. Run: ``` cd ansible sectool exec ansible-playbook playbook_macos_dev_station.yml --limit darwin_dev ``` The macOS role configures tools, tmux, code-server and opencode as system launchd daemons running under a dedicated service user. This allows services to start at boot without requiring an interactive login. OpenCode server auth is injected from environment variables. Ensure `OPENCODE_SERVER_USERNAME` and `OPENCODE_SERVER_PASSWORD` are available through `ansible/sectool.env` values before running the playbook. code-server password auth is also env-backed. Ensure `CODE_SERVER_PASSWORD` is available through `ansible/sectool.env` values before running the playbook. Hard mode (system daemons + dedicated service user) also requires sudo rights. Use passwordless sudo for your ansible user or set `ANSIBLE_BECOME_PASSWORD` through `ansible/sectool.env` values before running the playbook. ## 3) Optional DNS entry in dev-01 CoreDNS From `terraform/apps/dev-01`, you can inject an optional DNS record for the Mac dev station: ``` export TF_VAR_mac_dev_station_dns_name="mac-mini" export TF_VAR_mac_dev_station_dns_type="A" export TF_VAR_mac_dev_station_dns_target="10.19.4.250" sectool -f ../../../sectool.json exec tofu validate sectool -f ../../../sectool.json exec tofu plan sectool -f ../../../sectool.json exec tofu apply -auto-approve ``` Use `CNAME` + hostname target instead of `A` when you want an alias.