# Personal Infrastructure Ansible Playbook

This Ansible playbook automates the setup and management of a personal self-hosted infrastructure running Docker containers for various services.

## Overview

The playbook manages two main environments:
- **Bootstrap server** (`netcup`): Initial server setup with Tailscale VPN
- **Docker server** (`docker-01`): Main application server running containerized services

## Services Deployed

The Docker role deploys and manages 22+ self-hosted services organized into logical categories:

### Infrastructure
- **Caddy** (Reverse proxy with automatic HTTPS)
- **Authentik** (SSO/Identity Provider)
- **Dockge** (Container management)

### Development
- **Gitea** (Git repository hosting)
- **Code Server** (VS Code in browser)
- **Matrix Conduit** (Communication/chat)

### Media
- **Audiobookshelf** (Audiobook server)
- **Calibre** (E-book management)
- **Ghost** (Blog platform)
- **Pinchflat** (Media downloader)
- **Pinry** (Pinterest-like board)
- **Karakeep** (Bookmark manager)
- **Manyfold** (3D model organizer)

### Productivity
- **Paperless-NGX** (Document management)
- **MMDL** (Task management)
- **Baikal** (CalDAV/CardDAV server)
- **Syncthing** (File synchronization)
- **HeyForm** (Form builder)
- **Dawarich** (Location tracking)
- **Pingvin Share** (File sharing)

### Communication
- **GoToSocial** (Fediverse/Mastodon)
- **Postiz** (Social media management)

### Monitoring
- **Changedetection** (Website change monitoring)
- **Glance** (Dashboard)
- **AppriseAPI** (Notification service)

## Structure

```
├── site.yml           # Main playbook
├── bootstrap.yml      # Server bootstrap playbook
├── dns.yml           # AWS Route53 DNS management
├── hosts.yml         # Inventory file
├── requirements.yml  # External role dependencies
└── roles/
    ├── bootstrap/    # Initial server setup
    ├── common/       # Common server configuration
    ├── cron/         # Scheduled tasks
    └── docker/       # Docker services deployment
```

## Roles Documentation

Each role has detailed documentation in its respective directory:

### [Bootstrap Role](roles/bootstrap/README.md)
Performs initial server setup and hardening:
- Creates user accounts with SSH key authentication
- Configures passwordless sudo and security hardening
- Installs essential packages and configures UFW firewall
- Sets up Tailscale VPN for secure network access

### [Common Role](roles/common/README.md)
Provides shared configuration for all servers:
- Installs common packages (aptitude)
- Enables UFW firewall with default deny policy
- Ensures consistent base configuration across infrastructure

### [Cron Role](roles/cron/README.md)
Manages scheduled tasks and automation:
- **Warhammer RSS Feed Updater**: Daily job that generates and updates RSS feeds
- Integrates with Docker services for content generation
- Supports easy addition of new scheduled tasks

### [Docker Role](roles/docker/README.md)
The most comprehensive role, deploying 22+ containerized services organized into logical categories:
- **Infrastructure**: Caddy reverse proxy, Authentik SSO, Dockge management
- **Development**: Gitea, Code Server, Matrix communication
- **Media**: Audiobookshelf, Calibre, Ghost blog, Pinchflat, and more
- **Productivity**: Paperless-NGX, MMDL task management, Baikal calendar
- **Communication**: GoToSocial, Postiz social media management
- **Monitoring**: Glance dashboard, Changedetection, AppriseAPI notifications
- **Template-Driven**: All services use Jinja2 templates for consistent configuration
- **Category-Based Deployment**: Deploy services by category using Ansible tags

## Usage

### Prerequisites

1. Install Ansible and required collections:
   ```bash
   ansible-galaxy install -r requirements.yml
   ```

2. Configure your inventory in `hosts.yml` with your server details

### Bootstrap a New Server

```bash
ansible-playbook bootstrap.yml -i hosts.yml
```

This will:
- Create a user account
- Install and configure Tailscale VPN
- Set up basic security

### Deploy Docker Services

```bash
ansible-playbook site.yml -i hosts.yml
```

Deploy specific services using tags:
```bash
# Deploy by service category
ansible-playbook site.yml -i hosts.yml --tags infrastructure
ansible-playbook site.yml -i hosts.yml --tags media,productivity

# Deploy individual services
ansible-playbook site.yml -i hosts.yml --tags caddy
ansible-playbook site.yml -i hosts.yml --tags authentik
ansible-playbook site.yml -i hosts.yml --tags mmdl
```

### Manage DNS Records

```bash
ansible-playbook dns.yml -i hosts.yml
```

Updates AWS Route53 DNS records for configured domains (`thesatelliteoflove.com` and `nerder.land`).

## Configuration

- Service configurations are templated in `roles/docker/templates/`
- Environment variables and secrets should be managed through Ansible Vault
- Docker Compose files are generated from Jinja2 templates

## Security Notes

- Uses Tailscale for secure network access
- Caddy provides automatic HTTPS with Let's Encrypt
- Services are containerized for isolation
- UFW firewall rules are managed via Docker integration