You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Moritz Marquardt ca0a9dbc81 Fix ctop download from #1 3 months ago
data-backup Update to the (still unfinished) version currently deployed to my server 7 months ago
docker Fix ctop download from #1 3 months ago
essentials Fix authentication issue after restarting sssd 6 months ago
iptables Fix syntax error from 5741cf9 3 months ago
sssd Fix file path for sudoers file 6 months ago
user/tasks Update to the (still unfinished) version currently deployed to my server 7 months ago
README.md Update README to reflect recent changes 3 months ago

README.md

ansible-roles

This repository contains all Ansible roles to set up a Debian 9 server for comfortable administration using Docker Compose.

Example Playbook

- name: Set up everything
  hosts: all
  roles:
    - role: essentials
      tags: [essentials]
      vars:
        permit_root_login: "no"
    - role: user
      tags: [essentials, user]
      vars:
        username: "..."
        password: "..." # mkpasswd --method=sha-512
        authorized_keys: |
          ssh-ed25519 ...
    - role: iptables
      tags: [essentials, iptables]
    - role: docker
      tags: [docker]

You can run this with the following commands:

# clone ansible-roles
git clone https://codeberg.org/momar/ansible-roles.git roles
# edit the hosts file
vi hosts
# run the playbook
ansible-playbook -i hosts <filename.yml> -Kbu <username-or-root>

Roles

essentials

Install packages for easier administration of the system, including fancy tools like micro and hexyl, and a comfortable zshrc environment.

WARNING: This disables password authentication for SSH, so you better make sure that you have a key set up.

If you’re also creating a user, use the following to disable root login via SSH:

roles:
- role: essentials
    vars:
      permit_root_login: no

user

Create a user with sudo rights, an SSH key and an authorized_keys file:

roles:
- role: user
    vars:
      username: "..."
      password: "..." # mkpasswd --method=sha-512
      authorized_keys: |
        ssh-ed25519 ...

iptables

Create a default iptables configuration and use /data/firewall.rules for additional service rules.

docker

Install Docker and Docker Compose, and create a /data folder for all docker projects. You should use Traefik to easily expose web servers.

data-backup

Backup /data with restic to an offsite location. Includes db-backup. Example:

roles:
- role: data-backup
    vars:
      restic: |
        export RESTIC_REPOSITORY='b2:somewhere:{{ ansible_facts['nodename'] }}'
        export RESTIC_PASSWORD='...'
        export B2_ACCOUNT_ID='...'
        export B2_ACCOUNT_KEY='...'

TODO: