Phil
7fdb52e91b
- Add main README with infrastructure overview and usage instructions - Document bootstrap role for server initialization and security hardening - Document common role for shared server configuration - Document cron role for scheduled tasks and automation - Document docker role with detailed service descriptions and deployment patterns - Include MMDL service documentation with setup requirements - Add troubleshooting guides and security considerations 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
41 lines
1.2 KiB
Markdown
41 lines
1.2 KiB
Markdown
# Bootstrap Role
|
|
|
|
## Purpose
|
|
Performs initial server setup and hardening for new Ubuntu/Debian servers.
|
|
|
|
## What It Does
|
|
|
|
### User Management
|
|
- Creates a new user account with sudo privileges (specified by `created_username` variable)
|
|
- Configures passwordless sudo for the sudo group
|
|
- Sets up SSH key authentication using your local `~/.ssh/id_ed25519.pub` key
|
|
- Disables root password authentication
|
|
|
|
### System Packages
|
|
- Installs `aptitude` for better package management
|
|
- Installs essential packages:
|
|
- `curl` - HTTP client
|
|
- `vim` - Text editor
|
|
- `git` - Version control
|
|
- `ufw` - Uncomplicated Firewall
|
|
|
|
### Security Configuration
|
|
- Configures UFW firewall to:
|
|
- Allow SSH connections
|
|
- Enable firewall with default deny policy
|
|
- Hardens SSH configuration
|
|
|
|
## Variables Required
|
|
- `created_username`: The username to create (typically set in bootstrap.yml)
|
|
- `tailscale_key`: Tailscale authentication key (prompted during playbook run)
|
|
|
|
## Dependencies
|
|
- Requires the `artis3n.tailscale` role for VPN setup
|
|
- Requires your SSH public key at `~/.ssh/id_ed25519.pub`
|
|
|
|
## Usage
|
|
```bash
|
|
ansible-playbook bootstrap.yml -i hosts.yml
|
|
```
|
|
|
|
This role is designed to be run once on a fresh server before deploying other services. |