Free as in Freedom: Codeberg.org. Create your repos!
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Phillipp Engelke 46061dc855 Install ctop with essentials 1 week ago
data-backup Update to the (still unfinished) version currently deployed to my server 4 months ago
db-backup Docker IPv6 support, use badboys instead of a custom backup script, fix some more stuff 3 months ago
docker Remove docker-hosts 2 months ago
essentials Install ctop with essentials 1 week ago
iptables Remove traefik from docker role, add some aliases to zshrc and load /etc/profile 3 months ago
sssd Fix file path for sudoers file 3 months ago
user/tasks Update to the (still unfinished) version currently deployed to my server 4 months ago
README.md Update to the (still unfinished) version currently deployed to my server 4 months ago

README.md

ansible-roles

This repository contains all Ansible roles to set up a Debian 9 server for comfortable administration using Docker Compose.

Example Playbook

- name: Set up everything
  hosts: all
  roles:
    - role: essentials
      tags: [essentials]
      vars:
        permit_root_login: "no"
    - role: user
      tags: [essentials, user]
      vars:
        username: "..."
        password: "..." # mkpasswd --method=sha-512
        authorized_keys: |
          ssh-ed25519 ...
    - role: iptables
      tags: [essentials, iptables]
    - role: docker
      tags: [docker]
    - role: data-backup
      tags: [backup]
      vars:
        restic: |
          export RESTIC_REPOSITORY='b2:somewhere:{{ ansible_facts['nodename'] }}'
          export RESTIC_PASSWORD='...'
          export B2_ACCOUNT_ID='...'
          export B2_ACCOUNT_KEY='...'

You can run this with the following commands:

# clone ansible-roles
git clone https://codeberg.org/momar/ansible-roles.git roles
# edit the hosts file
vi hosts
# run the playbook
ansible-playbook -i hosts <filename.yml> -Kbu <username-or-root>

Roles

essentials

Install packages for easier administration of the system, including fancy tools like micro and hexyl, and a comfortable zshrc environment.

WARNING: This disables password authentication for SSH, so you better make sure that you have a key set up.

If you’re also creating a user, use the following to disable root login via SSH:

roles:
- role: essentials
    vars:
      permit_root_login: no

user

Create a user with sudo rights, an SSH key and an authorized_keys file:

roles:
- role: user
    vars:
      username: "..."
      password: "..." # mkpasswd --method=sha-512
      authorized_keys: |
        ssh-ed25519 ...

iptables

Create a default iptables configuration and use /data/@$HOSTNAME/services.rules for additional rules.

docker

Install Docker and Docker Compose, make containers reachable via containername.docker using /etc/hosts, and set up Traefik with its configuration in /data/@$HOSTNAME/traefik.toml.

After changing /data/@$HOSTNAME/traefik.toml, you can run sudo docker restart traefik" to apply the new configuration. After changing/data/@$HOSTNAME/traefik.env, you need to runsudo docker rm --force traefikto remove the traefik container, and runansible-playbook -i hosts -Kbu -t docker` on your local machine to re-apply the playbook.

db-backup

Backup databases defined in /data/*/database-backup/databases every 6 hours, keep backups for 7 days.

Full backup logs can be requested with sudo journalctl -u data-backup.

data-backup

Backup /data with restic to an offsite location. Includes db-backup. Example:

roles:
- role: data-backup
    vars:
      restic: |
        export RESTIC_REPOSITORY='b2:somewhere:{{ ansible_facts['nodename'] }}'
        export RESTIC_PASSWORD='...'
        export B2_ACCOUNT_ID='...'
        export B2_ACCOUNT_KEY='...'

TODO: