phil/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/README.md
Phil 06a7889024 feat: migrate Hoarder to Karakeep bookmark manager 
Complete migration from discontinued Hoarder to actively maintained Karakeep:

## Service Updates
- Update Docker image: ghcr.io/hoarder-app/hoarder → ghcr.io/karakeep-app/karakeep
- Update environment variables: HOARDER_VERSION → KARAKEEP_VERSION
- Upgrade Meilisearch: v1.6 → v1.13.3 for better search performance
- Update Glance labels and service references to Karakeep

## Data Preservation
- Maintain same domain: bookmarks.thesatelliteoflove.com
- Preserve volume structure: data and meilisearch volumes unchanged
- Keep directory structure: /opt/stacks/hoarder/ for continuity
- Maintain container naming for Caddyfile compatibility

## Meilisearch Migration
- Resolved database version incompatibility (v1.6.2 → v1.13.3)
- Backed up old database and created fresh v1.13.3 compatible database
- Manual reindex required via Admin Settings > Background Jobs

## Documentation Updates
- Update all service references from Hoarder to Karakeep
- Add both 'hoarder' and 'karakeep' tags for deployment flexibility
- Maintain backwards compatibility for existing automation

## Benefits
- Access to latest Karakeep features and security updates
- Continued development support (Hoarder discontinued)
- Improved search performance with Meilisearch v1.13.3
- Zero data loss during migration

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-06 14:15:36 -06:00

160 lines
5.1 KiB
Markdown
Raw Blame History

# Personal Infrastructure Ansible Playbook
This Ansible playbook automates the setup and management of a personal self-hosted infrastructure running Docker containers for various services.
## Overview
The playbook manages two main environments:
- **Bootstrap server** (`netcup`): Initial server setup with Tailscale VPN
- **Docker server** (`docker-01`): Main application server running containerized services
## Services Deployed
The Docker role deploys and manages 22+ self-hosted services organized into logical categories:
### Infrastructure
- **Caddy** (Reverse proxy with automatic HTTPS)
- **Authentik** (SSO/Identity Provider)
- **Dockge** (Container management)
### Development
- **Gitea** (Git repository hosting)
- **Code Server** (VS Code in browser)
- **Matrix Conduit** (Communication/chat)
### Media
- **Audiobookshelf** (Audiobook server)
- **Calibre** (E-book management)
- **Ghost** (Blog platform)
- **Pinchflat** (Media downloader)
- **Pinry** (Pinterest-like board)
- **Karakeep** (Bookmark manager)
- **Manyfold** (3D model organizer)
### Productivity
- **Paperless-NGX** (Document management)
- **MMDL** (Task management)
- **Baikal** (CalDAV/CardDAV server)
- **Syncthing** (File synchronization)
- **HeyForm** (Form builder)
- **Dawarich** (Location tracking)
- **Pingvin Share** (File sharing)
### Communication
- **GoToSocial** (Fediverse/Mastodon)
- **Postiz** (Social media management)
### Monitoring
- **Changedetection** (Website change monitoring)
- **Glance** (Dashboard)
- **AppriseAPI** (Notification service)
## Structure
```
├── site.yml # Main playbook
├── bootstrap.yml # Server bootstrap playbook
├── dns.yml # AWS Route53 DNS management
├── hosts.yml # Inventory file
├── requirements.yml # External role dependencies
└── roles/
├── bootstrap/ # Initial server setup
├── common/ # Common server configuration
├── cron/ # Scheduled tasks
└── docker/ # Docker services deployment
```
## Roles Documentation
Each role has detailed documentation in its respective directory:
### [Bootstrap Role](roles/bootstrap/README.md)
Performs initial server setup and hardening:
- Creates user accounts with SSH key authentication
- Configures passwordless sudo and security hardening
- Installs essential packages and configures UFW firewall
- Sets up Tailscale VPN for secure network access
### [Common Role](roles/common/README.md)
Provides shared configuration for all servers:
- Installs common packages (aptitude)
- Enables UFW firewall with default deny policy
- Ensures consistent base configuration across infrastructure
### [Cron Role](roles/cron/README.md)
Manages scheduled tasks and automation:
- **Warhammer RSS Feed Updater**: Daily job that generates and updates RSS feeds
- Integrates with Docker services for content generation
- Supports easy addition of new scheduled tasks
### [Docker Role](roles/docker/README.md)
The most comprehensive role, deploying 22+ containerized services organized into logical categories:
- **Infrastructure**: Caddy reverse proxy, Authentik SSO, Dockge management
- **Development**: Gitea, Code Server, Matrix communication
- **Media**: Audiobookshelf, Calibre, Ghost blog, Pinchflat, and more
- **Productivity**: Paperless-NGX, MMDL task management, Baikal calendar
- **Communication**: GoToSocial, Postiz social media management
- **Monitoring**: Glance dashboard, Changedetection, AppriseAPI notifications
- **Template-Driven**: All services use Jinja2 templates for consistent configuration
- **Category-Based Deployment**: Deploy services by category using Ansible tags
## Usage
### Prerequisites
1. Install Ansible and required collections:
```bash
ansible-galaxy install -r requirements.yml
```
2. Configure your inventory in `hosts.yml` with your server details
### Bootstrap a New Server
```bash
ansible-playbook bootstrap.yml -i hosts.yml
```
This will:
- Create a user account
- Install and configure Tailscale VPN
- Set up basic security
### Deploy Docker Services
```bash
ansible-playbook site.yml -i hosts.yml
```
Deploy specific services using tags:
```bash
# Deploy by service category
ansible-playbook site.yml -i hosts.yml --tags infrastructure
ansible-playbook site.yml -i hosts.yml --tags media,productivity
# Deploy individual services
ansible-playbook site.yml -i hosts.yml --tags caddy
ansible-playbook site.yml -i hosts.yml --tags authentik
ansible-playbook site.yml -i hosts.yml --tags mmdl
```
### Manage DNS Records
```bash
ansible-playbook dns.yml -i hosts.yml
```
Updates AWS Route53 DNS records for configured domains (`thesatelliteoflove.com` and `nerder.land`).
## Configuration
- Service configurations are templated in `roles/docker/templates/`
- Environment variables and secrets should be managed through Ansible Vault
- Docker Compose files are generated from Jinja2 templates
## Security Notes
- Uses Tailscale for secure network access
- Caddy provides automatic HTTPS with Let's Encrypt
- Services are containerized for isolation
- UFW firewall rules are managed via Docker integration
Reference in New Issue View Git Blame Copy Permalink