Phil
68f0276ac0
This comprehensive update improves maintainability and removes unused services: ## Major Changes - Remove 5 unused services (beaver, grist, stirlingpdf, tasksmd, redlib) - Convert remaining static compose files to Jinja2 templates - Clean up Caddyfile removing orphaned proxy configurations - Align DNS records with active services ## Service Cleanup - Remove habits.thesatelliteoflove.com DNS record (beaver service) - Add missing DNS records for active services: - post.thesatelliteoflove.com (Postiz) - files.thesatelliteoflove.com (Pingvin Share) - bookmarks.thesatelliteoflove.com (Hoarder) ## Template Standardization - Convert caddy-compose.yml to template - Convert dockge-compose.yml to template - Convert hoarder-compose.yml to template - All services now use consistent template-driven approach ## Documentation Updates - Update CLAUDE.md with new service organization - Update README.md files with category-based deployment examples - Update todo.md with completed work summary - Service count updated to 22+ active services Infrastructure is now fully organized, cleaned up, and ready for future enhancements. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
5.1 KiB
5.1 KiB
Personal Infrastructure Ansible Playbook
This Ansible playbook automates the setup and management of a personal self-hosted infrastructure running Docker containers for various services.
Overview
The playbook manages two main environments:
- Bootstrap server (
netcup): Initial server setup with Tailscale VPN - Docker server (
docker-01): Main application server running containerized services
Services Deployed
The Docker role deploys and manages 22+ self-hosted services organized into logical categories:
Infrastructure
- Caddy (Reverse proxy with automatic HTTPS)
- Authentik (SSO/Identity Provider)
- Dockge (Container management)
Development
- Gitea (Git repository hosting)
- Code Server (VS Code in browser)
- Matrix Conduit (Communication/chat)
Media
- Audiobookshelf (Audiobook server)
- Calibre (E-book management)
- Ghost (Blog platform)
- Pinchflat (Media downloader)
- Pinry (Pinterest-like board)
- Hoarder (Bookmark manager)
- Manyfold (3D model organizer)
Productivity
- Paperless-NGX (Document management)
- MMDL (Task management)
- Baikal (CalDAV/CardDAV server)
- Syncthing (File synchronization)
- HeyForm (Form builder)
- Dawarich (Location tracking)
- Pingvin Share (File sharing)
Communication
- GoToSocial (Fediverse/Mastodon)
- Postiz (Social media management)
Monitoring
- Changedetection (Website change monitoring)
- Glance (Dashboard)
- AppriseAPI (Notification service)
Structure
├── site.yml # Main playbook
├── bootstrap.yml # Server bootstrap playbook
├── dns.yml # AWS Route53 DNS management
├── hosts.yml # Inventory file
├── requirements.yml # External role dependencies
└── roles/
├── bootstrap/ # Initial server setup
├── common/ # Common server configuration
├── cron/ # Scheduled tasks
└── docker/ # Docker services deployment
Roles Documentation
Each role has detailed documentation in its respective directory:
Bootstrap Role
Performs initial server setup and hardening:
- Creates user accounts with SSH key authentication
- Configures passwordless sudo and security hardening
- Installs essential packages and configures UFW firewall
- Sets up Tailscale VPN for secure network access
Common Role
Provides shared configuration for all servers:
- Installs common packages (aptitude)
- Enables UFW firewall with default deny policy
- Ensures consistent base configuration across infrastructure
Cron Role
Manages scheduled tasks and automation:
- Warhammer RSS Feed Updater: Daily job that generates and updates RSS feeds
- Integrates with Docker services for content generation
- Supports easy addition of new scheduled tasks
Docker Role
The most comprehensive role, deploying 22+ containerized services organized into logical categories:
- Infrastructure: Caddy reverse proxy, Authentik SSO, Dockge management
- Development: Gitea, Code Server, Matrix communication
- Media: Audiobookshelf, Calibre, Ghost blog, Pinchflat, and more
- Productivity: Paperless-NGX, MMDL task management, Baikal calendar
- Communication: GoToSocial, Postiz social media management
- Monitoring: Glance dashboard, Changedetection, AppriseAPI notifications
- Template-Driven: All services use Jinja2 templates for consistent configuration
- Category-Based Deployment: Deploy services by category using Ansible tags
Usage
Prerequisites
-
Install Ansible and required collections:
ansible-galaxy install -r requirements.yml -
Configure your inventory in
hosts.ymlwith your server details
Bootstrap a New Server
ansible-playbook bootstrap.yml -i hosts.yml
This will:
- Create a user account
- Install and configure Tailscale VPN
- Set up basic security
Deploy Docker Services
ansible-playbook site.yml -i hosts.yml
Deploy specific services using tags:
# Deploy by service category
ansible-playbook site.yml -i hosts.yml --tags infrastructure
ansible-playbook site.yml -i hosts.yml --tags media,productivity
# Deploy individual services
ansible-playbook site.yml -i hosts.yml --tags caddy
ansible-playbook site.yml -i hosts.yml --tags authentik
ansible-playbook site.yml -i hosts.yml --tags mmdl
Manage DNS Records
ansible-playbook dns.yml -i hosts.yml
Updates AWS Route53 DNS records for configured domains (thesatelliteoflove.com and nerder.land).
Configuration
- Service configurations are templated in
roles/docker/templates/ - Environment variables and secrets should be managed through Ansible Vault
- Docker Compose files are generated from Jinja2 templates
Security Notes
- Uses Tailscale for secure network access
- Caddy provides automatic HTTPS with Let's Encrypt
- Services are containerized for isolation
- UFW firewall rules are managed via Docker integration