Go to file

Phil 8d686c2aa5 feat: update GoToSocial to 0.19.1 and add Wazero cache

- Update image from latest to 0.19.1 (latest release from Codeberg)
- Add GTS_WAZERO_COMPILATION_CACHE for improved performance
- Use full docker.io registry path as per reference configuration

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-06 14:46:28 -06:00

roles

feat: update GoToSocial to 0.19.1 and add Wazero cache

2025-06-06 14:46:28 -06:00

.gitignore

add DEPLOYMENT_LEARNINGS.md to gitignore

2025-06-06 10:56:31 -06:00

bootstrap.yml

initial commit

2024-08-13 20:18:11 -06:00

CLAUDE.md

feat: update Dawarich to 0.27.3 and align with production configuration

2025-06-06 14:40:13 -06:00

dns.yml

feat: complete infrastructure cleanup and optimization

2025-06-06 12:16:44 -06:00

hosts.yml

initial commit

2024-08-13 20:18:11 -06:00

README.md

feat: migrate Hoarder to Karakeep bookmark manager

2025-06-06 14:15:36 -06:00

requirements.yml

initial commit

2024-08-13 20:18:11 -06:00

site.yml

added new cron role with job to update warhammer rss feed nightly

2024-11-12 12:48:04 -07:00

todo.md

feat: complete infrastructure cleanup and optimization

2025-06-06 12:16:44 -06:00

README.md

Personal Infrastructure Ansible Playbook

This Ansible playbook automates the setup and management of a personal self-hosted infrastructure running Docker containers for various services.

Overview

The playbook manages two main environments:

Bootstrap server (netcup): Initial server setup with Tailscale VPN
Docker server (docker-01): Main application server running containerized services

Services Deployed

The Docker role deploys and manages 22+ self-hosted services organized into logical categories:

Infrastructure

Caddy (Reverse proxy with automatic HTTPS)
Authentik (SSO/Identity Provider)
Dockge (Container management)

Development

Gitea (Git repository hosting)
Code Server (VS Code in browser)
Matrix Conduit (Communication/chat)

Media

Audiobookshelf (Audiobook server)
Calibre (E-book management)
Ghost (Blog platform)
Pinchflat (Media downloader)
Pinry (Pinterest-like board)
Karakeep (Bookmark manager)
Manyfold (3D model organizer)

Productivity

Paperless-NGX (Document management)
MMDL (Task management)
Baikal (CalDAV/CardDAV server)
Syncthing (File synchronization)
HeyForm (Form builder)
Dawarich (Location tracking)
Pingvin Share (File sharing)

Communication

GoToSocial (Fediverse/Mastodon)
Postiz (Social media management)

Monitoring

Changedetection (Website change monitoring)
Glance (Dashboard)
AppriseAPI (Notification service)

Structure

├── site.yml           # Main playbook
├── bootstrap.yml      # Server bootstrap playbook
├── dns.yml           # AWS Route53 DNS management
├── hosts.yml         # Inventory file
├── requirements.yml  # External role dependencies
└── roles/
    ├── bootstrap/    # Initial server setup
    ├── common/       # Common server configuration
    ├── cron/         # Scheduled tasks
    └── docker/       # Docker services deployment

Roles Documentation

Each role has detailed documentation in its respective directory:

Bootstrap Role

Performs initial server setup and hardening:

Creates user accounts with SSH key authentication
Configures passwordless sudo and security hardening
Installs essential packages and configures UFW firewall
Sets up Tailscale VPN for secure network access

Common Role

Provides shared configuration for all servers:

Installs common packages (aptitude)
Enables UFW firewall with default deny policy
Ensures consistent base configuration across infrastructure

Cron Role

Manages scheduled tasks and automation:

Warhammer RSS Feed Updater: Daily job that generates and updates RSS feeds
Integrates with Docker services for content generation
Supports easy addition of new scheduled tasks

Docker Role

The most comprehensive role, deploying 22+ containerized services organized into logical categories:

Infrastructure: Caddy reverse proxy, Authentik SSO, Dockge management
Development: Gitea, Code Server, Matrix communication
Media: Audiobookshelf, Calibre, Ghost blog, Pinchflat, and more
Productivity: Paperless-NGX, MMDL task management, Baikal calendar
Communication: GoToSocial, Postiz social media management
Monitoring: Glance dashboard, Changedetection, AppriseAPI notifications
Template-Driven: All services use Jinja2 templates for consistent configuration
Category-Based Deployment: Deploy services by category using Ansible tags

Usage

Prerequisites

Install Ansible and required collections:

ansible-galaxy install -r requirements.yml

Configure your inventory in hosts.yml with your server details

Bootstrap a New Server

ansible-playbook bootstrap.yml -i hosts.yml

This will:

Create a user account
Install and configure Tailscale VPN
Set up basic security

Deploy Docker Services

ansible-playbook site.yml -i hosts.yml

Deploy specific services using tags:

# Deploy by service category
ansible-playbook site.yml -i hosts.yml --tags infrastructure
ansible-playbook site.yml -i hosts.yml --tags media,productivity

# Deploy individual services
ansible-playbook site.yml -i hosts.yml --tags caddy
ansible-playbook site.yml -i hosts.yml --tags authentik
ansible-playbook site.yml -i hosts.yml --tags mmdl

Manage DNS Records

ansible-playbook dns.yml -i hosts.yml

Updates AWS Route53 DNS records for configured domains (thesatelliteoflove.com and nerder.land).

Configuration

Service configurations are templated in roles/docker/templates/
Environment variables and secrets should be managed through Ansible Vault
Docker Compose files are generated from Jinja2 templates

Security Notes

Uses Tailscale for secure network access
Caddy provides automatic HTTPS with Let's Encrypt
Services are containerized for isolation
UFW firewall rules are managed via Docker integration